Confidentiality Notice

December 30, 2008 By: erik Category: Complaining, Geeky, Internet, Politics 1,765 views

Rate this post:
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...Loading...

Reading This Sign Is Strictly ProhibitedWhen I worked for a government institution twelve years ago, I recall that there were some bigwigs that worked there that had their secretaries print out every email they received and place it on their desk as if letters had arrived. I presume they would dictate responses. I was always amazed at such a fundamental misunderstanding of what electronic mail is about. But it was 1996 and every web page still used the <center> tag, so I forgive them.

One practice that blows my mind and continues to this day is the so called “confidentiality notice”. I’m sure you know what I’m talking about, but just in case, I’m going to blatantly and ironically break the law and reproduce one I got in an email today:

CONFIDENTIALITY NOTICE: This message and any included attachments are confidential and are intended only for the addressee(s). The information contained herein may be confidential under the attorney/client privilege the quality assurance and peer review privilege. Unauthorized review, forwarding, printing, copying or using such information is strictly prohibited and may be unlawful. If you receive this message in error, or if you have reason to believe you are not authorized to receive it, please promptly notify the sender by e-mail or telephone, and delete the message.

This seems like complete and total tautological nonsense to me. It also seems to be based on the same fundamental misunderstanding that RIAA copyright nazis have; they don’t understand that by its very nature it’s impossible to move or view or do anything with digital information without copying it. I can’t prohibit you from making copies of this blog post because, if you’re reading this, there’s already a copy of it on your computer!

I would also suspect that, unless I specifically state “Send this to all your friends!” in an email I send, that the contents of my email are “intended only for the addressee(s)”. Is this not true? Can I not prosecute you for forwarding an email of mine unless I have one of these notices saying that you can’t? Could I then?

Also, I would like to point out that the phrase “Unauthorized ______ is prohibited” is a redundant tautology and therefore meaningless.

Lastly, I find it hard to believe that my government, through legislation and law enforcement, can prohibit me from printing absolutely anything that I have on my computer. Is this really true?

I understand that, if you are one of the millions of people that have an email signature like this, chances are you are forced to have it by your employer and it’s not your fault. But it sure seems to me like wasting half a kibibyte of mail server disk space for every single email in your organization is pretty ridiculous. Surely none of this is ever enforced and upheld in a court of law.

My father is somewhat of an expert at the game of Hungry Hungry HIPPA, so maybe he has some insight.

Annoyed and confused.

 
  • http://www.hillbillyplease.com/blog/ jane

    We have a variation on this where I work. I feel exactly the same way you do about it.

  • Paul

    Right on, except for spelling HIPAA wrong. Unlike Jane’s avatar, the law has one P and two As. Don’t feel badly though. Every year I quickly dispose of email and literature from people claiming to be “HIPPA” experts. Sad but true.

    HIPAA doesn’t require the email disclaimer message. HIPAA only requires that you implement reasonable controls, and that you have a trained risk management structure in place to decide what “reasonable” means. Both private and government agencies which must comply with HIPAA frequently take the cop-out position of developing policies and procedures which require the use of disclaimer messages. My own 20,000 person Department requires it, but I didn’t implement it at my 1,000 staff location, although a half dozen of my users have, on their own, figured out how to put a disclaimer into their Outlook signature line, and have done so. If I were to ask the Department for permission to not implement the disclaimer, that permission would be denied. Yet somehow, despite dozens of emails sent daily between staff at my facility and the mucky-mucks in the State capital, nobody has ever said anything. Apparently, nobody has noticed. Whenever I reply to a message from someone who ended their email with a disclaimer, I never fail to delete their damn disclaimer from what I send back to them.

    A few years ago I mistakenly received an email from a lawyer at a firm in New York with an unencrypted attachment which covered some points which were going to be addressed at an upcoming trial. I wrote back nicely, and explained that she had sent her email to the wrong Paul Rasmussen. She wrote back promptly and told me that I was required by law, as it stated in her email disclaimer, to destroy all copies. I wrote back to her and respectfully requested that she tell me which statute she was referring to. I told her I understood that her firm was strongly requesting that I destroy what I had been sent, but I did not think there was a law which required this, despite her firm’s email disclaimer message. Oh my! She did NOT like that. She told me that unless I informed her that all copies had been destroyed, she would be obliged to turn herself in to her boss, and turn me over to her firm’s prosecuting arm. After a week of hearing nothing from me, she wrote again to say that she had now turned herself in to her boss, and that I would be hearing more from her firm. Common sense must have kicked in at some level, as that was the end of it.

    Organizations which run email servers that stamp a disclaimer on all outgoing emails are contaminating the internet with their horrendous noise-to-signal ratio.

  • Lance

    If you wanted to design a post that would get me to take time out from a crushing workload to read and comment, this would do.

    they don’t understand that by its very nature it’s impossible to move or view or do anything with digital information without copying it. I can’t prohibit you from making copies of this blog post because, if you’re reading this, there’s already a copy of it on your computer!

    It’s “unauthorized” copying that is prohibited, and I would think you’d have a good argument that when someone sends you an email, they authorize your having a copy on the server, a copy on your local machine, a copy on your blackberry and maybe a copy in your assistant’s printer. There is no implied authorization to bundle up all of your email about secret test X and send it to Newsweek.

    I would also suspect that, unless I specifically state “Send this to all your friends!” in an email I send, that the contents of my email are “intended only for the addressee(s)”. Is this not true?

    Yes, it is not true, and I’d be surprised if you’ve never added a CC or forwarded a chain without first seeking the permission of the original sender. People obviously send email containing information of varying sensitivity, and there’s no harm in a general reminder to think twice before forwarding chain or adding a recipient.

    Also, I would like to point out that the phrase “Unauthorized ______ is prohibited” is a redundant tautology and therefore meaningless.

    No, it isn’t. Consider the “unauthorized cell phone use is prohibited” notices in hospitals. I don’t understand why I can’t use my cell phone in a hospital, but let’s assume there’s a good reason. Our general assumption is that we don’t need anyone’s permission to whip out the phone to make a call. In fact, nearly all of my calls are not authorized by one or more people who are at least indirectly impacted by them. So the hospital notice tells us that the general rule (that unauthorized use is fine) is countermanded, and that’s useful information.

    Lastly, I find it hard to believe that my government, through legislation and law enforcement, can prohibit me from printing absolutely anything that I have on my computer. Is this really true?

    I assume the intent is to let people know that they could be sued for unauthorized copying (which suit would obviously be before, and any judgment enforced by, a court), but not necessarily that there is a law against it. That could be clearer, though.

  • Lance

    Taking a step back, I think you’re assuming the threats in the confidentiality statement will be enforced by Amelia Bedelia. The RIAA doesn’t come off as a bunch of tools because they are trying to prevent piracy. They come off as tools because they define piracy (and act on the definition in court) to include the kind of copies I describe as impliedly authorized and the kind of copies that are otherwise generally socially acceptable.

    If some law office started suing everyone who forwarded or otherwise made an unauthorized copy of an email containing their boilerplate, whether or not any harm to a client’s interests resulted, then it would be fair to call them the RIAA. You could redraft the boilerplate so that it more carefully laid out the kinds of copying that are forbidden, but then it would be 4 times as long and 0.125 times as comprehensible.

    One other thought: the notice might not make as much sense in all emails as it does in an email that may ultimately be read by your client, your client’s employees, your client’s other representatives, officers and employees of a sister company, the other side and their lawyers. I’m sure it wouldn’t be included in all the emails it is in if senders stopped to consider whether inclusion would be advisable before sending each email. But then lawyers, accountants and doctors would cost more than we already do. And we’re not very popular as it is.

  • http://simonlitton.wordpress.com simon

    I just knew that you’d spent time in an institution…
    Also, my boss used to have someone print all his emails, and he was still doing it when I left in early 2007.