After losing their jobs, their health care, and their pensions and retirement fund savings, Enron Corp. employees probably never dreamed things could get worse.
But in March 2003, the Federal Energy Regulatory Commission (FERC) released the private exchanges of Enron employees--more than 1.6 million e-mails and documents by posting them on the Internet in a searchable database (www.ferc.gov/ industries/electric/indus-act/wem/03-26-03-release.asp) for the world to read.
The agency gathered the e-mails, which included messages sent and received from 2000 through 2002, as part of materials collected for its investigation of Enron's alleged energy market manipulation. Via the database, individuals can peruse the e-mail of 176 current and former Enron executives and employees, most of whom were involved in the company's power-trading operations. But what has angered the employees as well as privacy advocates is the fact that the names of the e-mails' senders and recipients were not removed or edited, nor were e-mails containing bank records and Social Security numbers.
The FERC told The Wall Street Journal that the purpose of the online database is to help the public better understand whether Enron helped to create--and then profit from--an energy shortage in California during 2000 and 2001. In this vein, the database contains technical e-mails between power traders discussing "price curves" and "hub contracts." But it also includes personal e-mails regarding employees' finances, children, and relationships.
In an interview with The Wall Street Journal, FERC spokesman Kevin Cadden said the agency had given Enron three weeks' notice that it would be releasing the data collected in its investigation but Enron did not respond. Two days after the e-mails were posted online, however, Enron petitioned the FERC to get some of them removed. Employees inundated Enron with angry messages demanding that certain documents be removed from the database. The agency removed a few of the most sensitive e-mails, including a payroll document that listed the Social Security number of every employee.
Following a U.S. Court of Appeals order early last April, the database was disabled for 10 days, during which time Enron was allowed to identify every e-mail it wanted removed. About 100 employee volunteers combed through hundreds of thousands of messages and filtered out sensitive personal information.
The FERC eventually removed about 8 percent of the database, or 141,379 documents. But Enron employees still believe that too much personal material remains on public display. As of August 8, the agency had spent 350 hours reviewing about 17,185 documents for which confidentiality had been requested. Of those, the FERC said only 5,128 documents--mainly those containing Social Security numbers and employee performance evaluation information--would be withheld permanently.
Although many Enron employees undoubtedly believe that too much personal material still remains online for the public to view, their situation has taught employees everywhere a valuable lesson: Be careful how you use your business e-mail. You never know where your electronic messages may end up or who may be reading them, especially if the company you work for is sued or comes under investigation.
The Business Records Loop Hole
Internet service providers (ISPs) such as America Online and Yahoo! cannot release electronic communications to law enforcement or other parties without a warrant. But once an e-mail has been read or has remained opened for 180 days, it reverts to the unprotected "business records" category and is up for grabs by law enforcement, regulators, and lawyers, making it potentially dangerous to its author.
Weaknesses in existing laws protecting business records, including information stored with ISPs, open the door to widespread government data mining, legal experts said at a recent conference on Internet surveillance law. …