I read an interesting article the other day that posed the dilemma of a hosting company that accessed a customer’s database in order to troubleshoot a problem, but did so before their client could give them permission. It made me think, I wonder what customer’s expectations are when they have emails hosted on a managed server. Does the hosting company have a right to access private information stored on a server that they own?
The issue is two-fold…
1. Hosting companies have a legal right to view ANY information that resides in a server that they own, and
2. A customer has a reasonable expectation that their private data cannot be accessed by anyone without authority to do so.
The two appear to be mutually exclusive.. If a hosting company is legally allowed (and in some cases, legally or morally obliged) to monitor emails and databases, in order to ensure that customers are not doing anything on the server that may be illegal or a breach of terms and conditions, then how can a customer have a reasonable expectation that his or her privacy is protected? After all, in some cases, a hosting company may have to report to a regulatory or government body (not protected by privacy), they may have to provide access to the server to a third party for maintenance purposes, or they may have a reason to believe that a customer is breaching their terms of service, in which case the Hosting company has a right to defend it’s reputation.
My point of view is this:
1. A hosting company does have obligations to not only itself and it’s business interests, but also to the customer AND society at large. If the hosting company has just cause to believe that a customer is doing something illegal or that breaches it’s terms and conditions, the hosting company has a right to investigate to the fullest extent of the law. But, and I must make it clear, such access to private data should ONLY occur where there is just cause (such as a complaint, something that is public and known, or by a filtering mechanism that is automated and thus does not display private details to a real person unless a flag has been raised).
2. Customers have a right to privacy. This is not only a legal right, but a moral obligation. Although the hosting company owns the server, a customer places data on the server with the expectation that the information is secure.
If you suspect that a hosting company is accessing your data without your consent, then the best method is to confront them. Consider putting some form of tracking in your emails (talk to a web developer about this) to collect the ip addresses of people who have read your emails. Also consider asking your hosting company to confirm that they will not access data without either your permission or a court order.
You have a right to privacy, but the hosting company has a right to protect it’s server. Come to an understanding with your hosting company and at least you will know where you stand.
And if you are concerned about a hosting company scanning your emails for porn, relax. If it’s legal, they really don’t care!