Natalia Merzlyakova - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Clinton's personal email account use raises IT policy questions

Recent reports about Hillary Clinton's personal email use for government work has ignited a discussion among IT pros.

Recent reports of Hillary Clinton using personal email for government work during her tenure as Secretary of State have Exchange admins talking about email policies in the workplace.

A House committee discovered Clinton's reliance on her personal account for official business during its investigation into the attack on the American consulate in Benghazi. It has raised questions about the contents of her email, her server's security and potential law violations.

But the use of personal email accounts for business isn't a new concept in the Exchange Server world. Consultants see this issue come up in many of the businesses they work with.

"It's a special case of shadow IT," said Paul Robichaux, principal architect at Summit 7 Systems, a technology consulting company in Huntsville, Ala.

If end users have problems with their organization's email system -- perhaps it's too slow or it doesn't do something they think is important -- they'll find a way around it, he said.

"People will do what they have to do," Robichaux said.

Some organizations even expect personal email accounts to be used, said Richard Luckett, president of LITSG LLC, a technology consulting company in Round Rock, Texas.

However, many organizations have stringent policies to forbid the use of personal anything for company business. Prohibiting employees from using company systems for personal email "socializes people to say personal should go to personal email and business should go to business email," Robichaux said.

Personal email accounts raise e-discovery, security concerns

One major concern organizations have with using personal email accounts for business is E-discovery. Organizations must provide information if they are subpoenaed for it.

"As soon as data isn't in their systems, they don't have the ability to do that," Luckett said.

If end users use a corporate system on a corporate network, at least it's possible to get to those email systems, Robichaux said.

Another concern is the inability to properly access or secure that data, he added. Those emails aren't included in backups or e-discovery, and they may not be scanned for viruses and malware. If they are, they aren't scanned using the same policies and settings in the corporate environment.

By using personal email for business, data could be outside the secure facilities an organization invests in, Luckett said. And if someone gets physical access, that data is compromised.

"Encrypting data helps, but in terms of accessing the system, physical security is paramount," he said.

Government policy restrictions on personal email accounts 

The government agencies Robichaux has worked with have strict policies requiring the use of government systems for email.

A number of these agencies have policies that comply with the Federal Records Act, which dictates government email use and record maintenance. The EPA and NASA, for example, have language in their policies about preserving email under the Federal Records Act, he said.

In 2014, President Barack Obama signed an amendment to the Federal Records Act banning personal email accounts for government business with specific procedures to follow in case of exceptions. A number of senior government officials had used personal email to conduct government business, prompting Congress to amend the law.

Dig Deeper on Exchange Server setup and troubleshooting

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

How does your organization address the use of personal email accounts for business?

Using personal e-mail instead of using the business is an interesting topic. I work for the goverment in the capacity of IT Specialist and that is not a practice we use in our office.

I am particularly astounded that such an executive figure as Mrs. Clinton is using her personal e-mail to conduct business. Just the mere fact that the information is out of the control and protection of the government is worrying. If hackers have gotten a hold of her account the security of the country could be jeopardized.

In contrast to the article, we have the reverse in which some people use the business address for personal use and that creates a bit of a problem too. The users will have to weed out their personal e-mails in order to maintain good records as required by Federal Records Management policies.

You make interesting points, chesspro. One of the experts I spoke with while writing this article also couldn't believe that no one noticed someone in such a high-ranking government position wasn't using an email system provided by the government.

Did you have a chance to watch Clinton's press conference yesterday as she addressed this issue? What do you think of her saying that the reason she used a personal account was for convenience? 

Hi Toni.
I didn't watch the news conference, but
read some CNN articles. How can the State Department authorize the use of
personal e-mails to conduct business? It's  beyond me.

This practice of allowing
the use of a personal server for business e-mail at such a high level is irresponsible
and shocking to say the least.

How secure was this personal server? Was
the information encrypted? Was it placed in a VPN? There is no justification at

Convenience is not an excuse to lower the standards of security of any network, in our case a mail server. Do we really need to wait until something terrible

Mrs. Clinton should have been advised of
the seriousness of her actions. Hopefully the State Department will stop the
use of personal e-mails and stick to business e-mails.

Education on network security should start
at the top level of the government and businesses. Although it is a national embarrassment,
it also offers an invaluable lesson. The only positive direction to take from
this incident is to begin educating top level officials, government and
corporate America, to have more secure networks.

I can't imagine anyone in my company using personal email accounts to conduct business. Our business email is very easy to access via VPN, so we can all just get business email on our phones or home computers if we like.

I agree with you Carol. I never in my wildest dreams thought of it. Specially in such high level position in the government where there are major national issues at stake.

Would I realize send an e-mail dealing with the Benghazi incident from a personal e-mail account? I just wonder how many other government employees are following this practice.

Our company hasn't specifically addressed the issue of using personal email for business.  Like chesspro mentioned, the focus has been more on the reverse, regarding employees using company equipment/accounts for personal use. 

I do sometimes use my company email account for somewhat personal use, regarding things that may be career related, but not necessarily directly company related. I certainly don't use it for anything I wouldn't want my manager reading, though! 

I think that it was thoughtless of Mrs. Clinton to use her personal email for convenience, but it depends on the nature of the things she was communicating about. I guess it didn't seem like that huge of a deal to me.
I believe whether you work for the government or a corporation your email should be taken seriously because of confidential data incoming or outgoing.