{"id":32782,"date":"2026-07-10T17:43:12","date_gmt":"2026-07-10T15:43:12","guid":{"rendered":"https:\/\/it.andersen.com\/?p=32782"},"modified":"2026-07-10T17:51:16","modified_gmt":"2026-07-10T15:51:16","slug":"how-to-use-corporate-email-properly-and-why-its-so-important","status":"publish","type":"post","link":"https:\/\/it.andersen.com\/en\/how-to-use-corporate-email-properly-and-why-its-so-important\/","title":{"rendered":"How to use corporate email properly and why it&#8217;s so important"},"content":{"rendered":"<p>Improper use of corporate email can lead to cybersecurity risks, legal &amp; compliance violations, and liability, as well as legal, financial, and reputational consequences. In this edition of the <strong>Compliance &amp; Risk Management<\/strong> Newsletter, professionals from Andersen\u2019s <strong>231\/Privacy<\/strong> Service Line have explored <strong>the risks associated with the use of corporate email<\/strong> in order to highlight the ever-increasing importance of adopting appropriate technical and organizational measures capable of mitigating these risks, thereby improving an organization\u2019s <strong>governance<\/strong> and <strong>resilience<\/strong>.<\/p>\n<h2>Cases in which monitoring an employee\u2019s emails may constitute a predicate offense under Legislative Decree 231\/2001<\/h2>\n<p>In certain circumstances, the way in which a company monitors an employee\u2019s email may constitute actual offences relevant to the <strong>liability of the organisation<\/strong> under Legislative Decree 231\/2001.<\/p>\n<p>The risk arises when a manager, without authorisation,<strong> accesses<\/strong> <strong>an employee\u2019s email<\/strong>, <strong>uses login details<\/strong> that are known or have been obtained without consent, <strong>retains access<\/strong> to the account after the employment relationship has ended, <strong>monitors<\/strong> emails systematically or <strong>acquires<\/strong> the content of emails without meeting the conditions laid down by law.<\/p>\n<p>Such conduct may constitute the offences of unauthorised access to a computer system or the unlawful interception of computer communications, both of which are included amongst the offences that may give rise to <strong>the organisation\u2019s liability under Article 24-bis of Legislative Decree 231\/2001<\/strong>.<\/p>\n<p>Unclear monitoring procedures, a lack of shortcomings in IT protocols can turn an internal audit into a significant 231 risk: prevention relies on <strong>clear policies, documented authorisations and targeted training<\/strong>.<\/p>\n<h2>The necessity of a procedure for GDPR-compliant use of corporate email<\/h2>\n<p>Many companies forget that e-mail actually contain large amounts of personal data (including sensitive data) relating to employees, customers and suppliers. Without specific internal regulations, the <strong>risk of non-compliance with privacy regulations <\/strong>is very high for any business, regardless of its size.<\/p>\n<p>The Data Protection Authority has repeatedly emphasised that employers must never indiscriminately monitor employees\u2019 correspondence. Even after the employment relationship has ended, the email account cannot remain active indefinitely, nor can emails be systematically and automatically forwarded to a line manager. Such practices, in fact, do not comply with the <strong>principles of<\/strong> <strong>data minimisation, transparency and storage limitation<\/strong> set out in the European Regulation.<\/p>\n<p>To prevent security incidents as well as to avoid litigation or penalties, every organisation must adopt a specific <strong>procedure for the use of email. <\/strong>Implementing an internal procedure reduces legal risks and turns compliance into a tangible competitive advantage in the market.<\/p>\n<h2>How to identify and mitigate the risks of cyber-attacks delivered via e-mail<\/h2>\n<p>Email remains one of the primary vectors for cyber-attacks. Phishing campaigns and malware distribution increasingly exploit the <strong>human factor<\/strong>, persuading users to disclose confidential information, compromise their credentials, or authorise fraudulent transactions, often through nothing more than a single \u201cclick\u201d on an email attachment or embedded link.<\/p>\n<p>Managing this risk cannot rely solely on technological safeguards. It requires a <strong>governance<\/strong> framework that integrates technical, organisational and procedural measures, based on prior <strong>risk assessment<\/strong> and a clear allocation of roles and responsibilities. Ongoing staff <strong>awareness and training<\/strong>, procedures for verifying unusual requests, well-defined incident <strong>response protocols<\/strong>, and the periodic review of implemented safeguards are all essential components of an effective and resilient <strong>security <\/strong>framework.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Improper use of corporate email can lead to cybersecurity risks, legal &amp; compliance violations, and liability, as well as legal, financial, and reputational consequences. In this edition of the Compliance &amp; Risk Management Newsletter, professionals from Andersen\u2019s 231\/Privacy Service Line have explored the risks associated with the use of corporate email in order to highlight [&hellip;]<\/p>\n","protected":false},"author":146,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[50],"tags":[],"class_list":["post-32782","post","type-post","status-publish","format-standard","hentry","category-insights"],"acf":[],"_links":{"self":[{"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/posts\/32782","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/users\/146"}],"replies":[{"embeddable":true,"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/comments?post=32782"}],"version-history":[{"count":2,"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/posts\/32782\/revisions"}],"predecessor-version":[{"id":32786,"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/posts\/32782\/revisions\/32786"}],"wp:attachment":[{"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/media?parent=32782"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/categories?post=32782"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/tags?post=32782"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}