CNBC managed to get its hands on an internal document from Goldman Sachs that detailed its process for reading employee emails.
Keep in mind that any employee, especially in a public company, and especially a public company in the finance sector, has no right or expectation of privacy while using company equipment. But it's interesting to see exactly what the bank thinks are red flags that warrant further investigation from the compliance department.
They stem from emotional statements, like "I am not a happy camper" and "you are a piece of sh*t," to words that indicate obligation ("I promise this time") or dispute ("where did my money go"). Swearing—outlawed in company emails in 2010—also drops a flag on the play, as does the zip code of the SEC (for the record, it's 20549).
Companies have been doing this for a long time, and it's safe to say that if you work a corporate job with a corporate email account, your messages are likely being monitored. Today employers have more tools available for snooping, whether it's monitoring computer keystrokes, looking at Slack messages, or having bots automatically scan email. (Spyware isn't just for criminals.)
But according to industry watchers, the Goldman leak is a new development. "This is the first time to my knowledge anyone’s gotten their hands on the keywords," says Lewis Maltby, president of National Workrights Institute, an organization that promotes employee rights.
Despite the seemingly innocuous nature of many of the phrases on the list—including "for internal use in the offices of" and "I don't understand"—the purpose of the monitoring is "for concerns about what people are doing that could be harmful," Maltby says. The process for most firms is not comprehensive, but IT departments do open email flagged by keyword lists. (Alarmingly, Maltby adds, many companies don't have a policy for monitoring the monitors.)
A spokesman for Goldman Sachs told CNBC, "We deploy cutting-edge technology and exercise the utmost care to protect confidential information, secure data and provide high-end client service. The firm's monitoring efforts reflect our commitment to upholding the highest standards of professionalism and integrity."
If you're curious as to whether your email and computer activities are monitored, the default answer is probably yes if you work for a company that is in any way "corporate." Generally employers don't go out of their way to explicitly tell employees, but the policy is usually there if you look for it. In fact, Maltby says, when you log in to your company computer, there's often a small message somewhere stating that you have no right to privacy. The information may be in your HR manual too.
So does this mean you should never go on your personal Gmail at work? You're employer likely doesn't care about your grocery lists, as long as you don't spend your day on Gchat. But it's good to remember that anything that passes through company servers isn't 100% private.
Here's the entire list of Goldman Sachs flagged terms, via CNBC.