Your boss reads your instant messages

Originally appeared on canadianbusiness.com

In most major scandals, compromising emails are used as one of the main, supporting sources of evidence.

The LIBOR scandal is no different. But, investigators wrapping up the case have added yet another type of proof to the pile: Instant messages.

It seems traders involved in the scandal were fond of chat apps, such as MSN messenger, Gmail chat, and Facebook chat. These apps are often separate from corporate e-mail accounts and—many employees assume—less likely to be policed.

Read: Stop, look, edit…send

Before you divulge your darkest secrets to your co-workers, though, think twice; it turns out anything typed on a screen is completely traceable, regardless of whether it’s encrypted, sent directly from BlackBerry PIN to BlackBerry PIN, or even deleted afterward.

And most financial companies have policies that allow management to sneak a peak at what their employees are typing, whether there’s a reason to or not.

“Instant messaging is definitely not any safer to use than e-mail,” says D’Arcy Davis, director of forensics and e-discovery for Toronto security firm Digital Wyzdom. “Everything is cached somewhere, and it’s a matter of how long that evidence stays on the computer before it gets overwritten or purged.”

Consider this: every single e-mail or IM goes to a server, and that server gets backed up every night. In essence, says Davis, “you could end up having 40 copies of one message archived in all those different places.”

Read: Juicing your email

And while they may not admit it, chances are the vast majority of professionals have probably spent some time doing something they’re not supposed to on a work computer or device, such as visiting personal social sites or wasting time watching videos on Youtube.

The question is: How much of this common activity is punishable? And should employees also have a private place to share information?

“There are obvious limits to this [concept]—confidential information has to stay confidential, and people can’t be making negative comments that create a poisoned work environment or denigrate their employer,” says Carla Nassar, a labour lawyer with Filion Wakely Thorup Angeletti.

Tools have been designed to provide this kind of privacy; Google has recently introduced a feature in its Gmail chat client called “off the record,” which allows two people to IM one another without any of the message history being saved, for example. These tools, though, don’t always work for heavily regulated sectors and people using desktop computers—certain software and programs can still record chat history and override the program.

“Financial services are particularly regulated when it comes to all these behaviours,” says Kirstin Grant, a Toronto-based HR consultant, “because their actions can have a huge impact if things start to go wrong, security levels are exponentially higher.”

Grant keeps all of her work and private e-mail accounts separate, and recommends the same for anyone who deals with other people’s money or intellectual property.

Nassar agrees. “Everything we do on the Internet is essentially public.”

If you have something private to share with a co-worker, Davis suggests an age-old practice: gathering around the water cooler. Or, barring that, try picking up the phone.

Read: Privacy Matters: Wealthy clients desire control