Web-based e-mail, such as Hotmail and Yahoo, is used for much more than just communicating to friends, according to a survey conducted by quizzing anonymous individuals in the street.

Almost three-quarters of respondents (71 per cent) admitting they used it to send information they didn't want their employers to know about. Many of the respondents admitted that they had used webmail to send themselves confidential company information, which they thought would be useful when moving to a new job.

Examples include customer details, price lists and contact details that users deemed to be of possible use in their new role. While companies must comply with ever-tighter legislation, following both financial scandals such as Enron and the 9/11 attacks, observers have argued that employees are entitled to some privacy and that this phenomenon could be the result of over-draconian corporate email policies, which unlike a more relaxed approach, prohibit personal use of company facilities.

Commissioned by Orchestria, the survey of 130 employees also found that:

  • Half (49 per cent) of respondents had accidentally sent an e-mail to the wrong recipient.
  • Almost a fifth of these accidental e-mails (16 per cent) had consequences, the most extreme including the loss of business customers and formal warnings, the lighter being "sheer entertainment value for the recipient".

  • Over half of the employees surveyed (58 per cent) admitted to using work e-mail rather than personal e-mail to communicate with their friends, though almost a quarter (23 per cent) said that they also used instant messaging.

You'll not be surprised to learn that Orchestria "develops software solutions that provide real-time visibility and control of e-mail, the Web (including Webmail services), instant messaging and other electronic communications. While other products provide means to block users from visiting certain websites, Orchestria's Active Policy Management (APM) solution focuses on the content of information exchanged." In other words, the company commissioning the report sells software that polices users in this situation.

Pete Malcolm, founder and CEO of Orchestria said: "Blocking websites by address is fundamentally flawed, as it requires a list of many thousands of unauthorised sites to be constantly maintained. Even if a company does go down this route, a determined user can easily set up his own website, which is very unlikely to be included in the unauthorised list, because it isn't known. Furthermore, blocking sites by address prevents legitimate activity at those sites - particularly a problem where Webmail is just one of the functions provided by a given site."

According to the company, APM can selectively record user activity on the Web, creating a full audit trail of information sent and received. With detection and warning functionality, the company claims it can determine questionable activity, such as the uploading of a file, or the sending of a message containing confidential information, and warn the user in real-time that his activities may be inappropriate.

The user can then be given the choice of proceeding or not, in the knowledge that if he proceeds, his activity will be recorded. Thus legitimate use, for example to work on files at home, is not prevented, but the user is highly unlikely to proceed with any activity his employer may find questionable, especially given that relevant personnel will be immediately alerted, and able to review it. APM even allows recording of information exchanged via secure links, so the user cannot hide by using clandestine means such as "cloak" or "ghost" sites.

Orchestria claims several of the world's largest banks and financial institutions as its customers, where the new codes of counduct following Enron can mean fines or even imprisonment if companies aren't up to scratch.

Malcolm went on: "We find that we are talking to more and more businesses that are challenged by loss of intellectual property. Additionally, with employees sending and receiving more e-mails and instant messages, there is not only the danger of employees knowingly sending out information they shouldn't, but the danger of accidental communication. To have employees conduct business conversations and transactions in a completely unmonitored way is an unnecessary risk."

The survey was conducted in the City of London by PTL on behalf of Orchestria in June 2004 by street survey. All of the respondents were UK employees that had work and personal e-mail accounts. None of the respondents was required to identify themselves.