SBA rule aims to protect employee e-mail

Managers at the Small Business Administration now must have several levels of approval before accessing an employee’s e-mail inbox.

On Dec. 21, SBA officials approved the rules regarding when managers can look at SBA employee e-mail messages after a report from the agency’s inspector general showed SBA had no clear policy about accessing e-mail messages without authorization. Now managers must have written authorization from the chief information security officer before looking at e-mail messages, the notice said.

They must give written justification to a senior official explaining why access is necessary. Managers may have legitimate reasons for looking at or monitoring messages. For example, they may need to keep e-mails from an employee who has left SBA or get e-mails when conducting a fact-finding inquiry.

Then the senior official and the CISO must review and approve the request. Finally, the CISO has to get clearance from the general counsel and the chief human capital officer.

Once approved, the CISO will decide who will have access, for how long and how much, the notice said.

The policy expires in December, but SBA said it would be incorporated into permanent policy before then.

The notice comes after a report from SBA’s inspector general, which was released in October. The IG said managers looked at an employee’s e-mail inbox after that employee gave testimony anonymously to the IG and the Senate Small Business and Entrepreneurial Committee. It also said there were instances of accessing employees’ e-mail. In response, one manager said no rules were broke because there were no rules covering the situation.

Sen. John Kerry (D-Mass.), the committee’s chairman, in a letter sent to SBA last week, said when the managers looked at the employee's e-mail they may have hindered oversight. He said whistleblowers won’t talk to IGs and congressional committees about misconduct if they have doubts about their confidentiality.

About the Author

Matthew Weigelt is a freelance journalist who writes about acquisition and procurement.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.