Proofpoint, based in Cupertino, California, suggests that companies have good reason to worry: more than half investigated an email leak of confidential or proprietary information and almost 40% investigated a violation of privacy or data protection regulations in the past year.
Additional key findings from the survey, which was fielded by Forrester Consulting, include:
Louise Townsend, a data protection specialist with Pinsent Masons, the law firm behind OUT-LAW.COM, said employers must ensure that their monitoring activities are legal.
"The Regulation of Investigatory Powers Act, the Lawful Business Practice Regulations, the Data Protection Act and the Human Rights Act all impact in this area depending on the nature of the activities being undertaken," she said. "While it is encouraging that so many companies have policies in place, what is more important is that these policies comply with the law, are put into practice consistently and are enforced."
Townsend warned that "reading the personal emails of staff without lawful justification could land employers in trouble."
The study also found that other communications channels, such as blogs and message boards, are emerging as sources of risk for companies:
Nearly half of companies are very concerned or concerned about web-based email as a conduit for exposure of confidential or proprietary information. Respondents are also very concerned about FTP, instant messaging, peer-to-peer networks, blogs and message boards.
More than one in five companies (20.5%) has disciplined an employee for violating blog or message board policies in the last year. Almost four percent of companies fired an employee for such infractions. Thirteen percent of public companies investigated the exposure of material financial information via a blog or message board posting in the past year.