There are many questions regarding former Secretary of State Hillary Clinton's use of her private email to conduct official business. A leading one is whether the department's IT managers did anything to question or stop it.
Clinton, who was secretary of state under President Obama from 2009 to 2013, used her personal email account with its own domain, clintonemail.com, to conduct official correspondence. The State Department contends there was no prohibition in using a non-State.gov account for official business as long as the emails were preserved. Clinton was following what had been the practice of previous secretaries, the agency said, noting that Secretary of State John Kerry is the first to rely primarily on a state.gov account.
Clinton's ability to routinely use a private email account for official business is not a practice that is sanctioned in the private sector.
"It is the rare company that would endorse their employees using personal email accounts to conduct business," said Jackie Ford, an employment law and privacy attorney at Vorys, Sater, Seymour and Pease LLP. "Most have policies specifically prohibiting that," she said.
These emails are records that may be subject to document retention requirements and subject to discovery in litigation, Ford said. Employees may believe they are being clever in circumventing email policies, but as Clinton illustrates, "most of the time this is going to backfire."
Government policies recognize that sometimes business will be conducted through a personal email account, and when this happens a copy should be sent to an official account to preserve the record. But Clinton appears to have used a private account for most of her official business, and when asked by the State Department for her records, she provided some 55,000 pages.
There was no immediate answer from the State Department as to whether its CIO, or anyone in IT security, raised concerns about Clinton's practices. A former State Department CIO during part of Clinton's tenure, Susan Swart, who is now in a similar post at the International Monetary Fund, deferred questions to the State Department.
Even if the department's IT managers raised questions about Clinton's email practices, or were even aware of them, they may have been powerless to stop them.
"The private sector uses private emails on a regular basis for work," said Robert Hansen, vice president of WhiteHat Labs at WhiteHat Security.
"I see it most frequently in sales, where the salesperson intends to take their contacts, customers and leads to the next job," he said.
What these workers want is "portability," Hansen said. "Many people don't trust their employer not to read their email, and they don't trust the email to be available to them after they depart the company."
Sign up for CIO Asia eNewsletters.