Approximately 10 percent of non-spam business emails are spymail – email containing hidden tracking code that relays details about the recipient’s interactions with the email back to the sender.
These details may include such information as when and where the email was opened and forwarded. In the wrong hands, this kind of intelligence can expose any business to a range of legal, privacy and security risks. However for legal departments it can be especially damaging.
By design, spymail is hidden from the recipient. Using concealed tracking code, it can even reveal the identity of the device that opened the email, and the physical location of the device when it was opened.
The onus falls on legal department leaders, in conjunction with IT managers, to make sure attorneys are trained in email security practices and vigilant in guarding against the dangers email can pose.
Spymail can have a direct effect on litigation efforts, industry compliance, and client relationships. If, for instance, an adverse party sees where one of its emails was forwarded, it may be able to use that information to determine who clients or witnesses are, what documents to request for discovery, who to request them from and who to depose or add as additional defendants.
This not only gives the opposition the upper hand in negotiations and litigation, it jeopardizes client trust. It may also make organizations vulnerable to reputational damage, a malpractice suit, and in some situations potentially a class action lawsuit.