pixel

Q: If the attorney at my office reads (Outlook) emails, where is he reading them from, an archive? Will he have access to sent email if both parties permanently delete it right away?

A: The issue is a bit deeper than may initially appear.

Assuming this is company email, it has been determined by the US court system that it is the property of the company, not the employee. This means the company has full ownership over not only the mail system, but anything and everything that you may send/receive via this system. They also have the right, and in many cases, the responsibility, to audit how the system is being used. This includes reading both sent and received email and attachments.

This is not typically done by the company attorney, but someone in the IT department. Often the Chief Information and Security Officer or one of their assistants.

If the email system is implemented well, even when you have deleted an email, it is only deleted from your eyes. The administrator will have full access to any deleted email. This is a legal requirement in HIPAA covered entities (healthcare providers) and SEC covered businesses (financial organizations). This is not from an archive, but a security vault that is built into the email system.

As an aside, the same is true for everything you do and store on your computer.

It is a wise practice to only do business on business computers and network. I recommend to my clients that even employee personal phones not be allowed on the company network. This is a security precaution, as there is no way to know the integrity of the personal mobile device. If it has become compromised, it can easily harvest data from the company network, and transmit this data to the penetrator.