companies incentivizing returning to work, shaking your hair out in a meeting, and more

It’s five answers to five questions. Here we go…

1. Companies incentivizing vaccines and returning to work

My company is providing a return-to-office incentive to pay for office supplies if you’re staying home or wardrobe updates if you’re headed back to work. No receipts need to be submitted. It is $1,000, which is not a small amount. Have you heard of any other companies doing a similar incentives?

We were also given a $200 vaccine incentive earlier in the year which is now being upped to $500 and if we qualified for the $200, we are being given the difference.

This seems incredibly generous. Being shrewd, I am guessing the company is attempting to minimize any abrasion from the return to office. Any other thoughts on the reasoning behind the generosity?

Yeah, a lot of companies are incentivizing the vaccine because it’s in their best interest to have a vaccinated workforce that isn’t dying or killing others. Your company is probably giving people who previously got the lower vaccine incentive the difference with this new one because they want to be fair/don’t want complaints/don’t want people holding out for the possibility of an even bigger incentive later. Legally they could simply require vaccination (with the usual medical and religious exceptions), but some companies figure they can get it done with less strife this way.

They’re using the clothing allowance to ease the way for people returning to work because it’s great for morale; it’s something no one would feel entitled to but which will be hugely appreciated, and that builds loyalty and generally makes people feel better about a transition that might be difficult.

The payment for office supplies if you’re staying home is just a good thing to do — employees shouldn’t have to pay for business expenses, and a lot of employers have been far too content to let people working from home shoulder some of the business’s costs this past year (from printer ink to mailing costs to physical work set-ups that encroach on limited space in people’s homes). Your company sounds like it’s getting this right (even if it should have come earlier!).

2. Letting your hair down in a meeting (literally)

I am a cis woman blessed with a prodigious amount of hair — so much so that I shave the bottom half of my head just to stay sane. I have shoulder-length hair and always pull it back at work because otherwise I shed SO MUCH hair over my clothes, workspace, paperwork, food, etc. (My doctor has assured me I don’t have a medical condition, just a LOT of hair.)

My issue is that the weight of said hair on my scalp becomes unbearable after about 30 minutes no matter whether it is down, pulled back, braided, and so on. There is no comfortable position for my hair. (I have cut it short before, but that neither suits me nor solves the shedding issue.) I often find myself having to let my hair out of its bun or ponytail in the middle of a meeting just to relieve the scalp ache. However, I feel like touching one’s hair is a weird, intimate thing to do in the workplace, and the image of a woman letting her hair down has long been sexualized. Am I overthinking this, or is it generally considered unprofessional to touch your hair in front of colleagues? Any tips for dealing with awkward hair adjustments at work?

As long as you let it down in a quick motion of a few seconds and aren’t following up by raking your fingers through your hair, shaking it out, or suddenly being accompanied by a dramatic wind, you should be okay. You have hair, you need to move it so you’re not uncomfortable, it’s fine!

3. Employee listens to a religious service in a common area

I recently started a new job, working for a state agency. I started remotely and we are now transitioning back into the office. Our office is set up as a mixture of offices, cubes, and shared common space, including a cafe where the microwaves, fridge, sink, and seating areas for lunch are. It seems like there is a culture of some people eating in their offices and some eating in the common area.

I’ve noticed that one of our staff members uses their lunch hour to listen to a religious service on their phone, without headphones, in the common area. The audio is fairly loud and it is easy to hear the sound of the service, even if people are chatting. This feels uncomfortable to me, especially as I notice that some folks seem comfortable ignoring it and some people (who are newer to the office) seem to feel like they have to whisper, especially during the prayer part. I think they are trying to be respectful, which is kind but shouldn’t be necessary since they should feel comfortable talking at a conversational volume in the lunchroom.

I’m in a supervisor role, but don’t oversee the person listening to the services. Nobody has complained to me about it but I think it’s inappropriate in the common space. The person who listens to the service does not have a private office and them listening to it at their work station would be more disruptive because they are public facing.

Should I bring this up to HR? Would requesting/requiring them to use headphones be appropriate? I’m still trying to figure out our office culture and the person doing the listening is a long-time employee, so there is a chance this issue has come up before.

Your agency could run into trouble if they try to create one set of rules for religious stuff and another for non-religious things (like allowing someone to watch a music video or sports game without headphones, but not if it’s a religious service) — but that’s easily solvable because no one in a common area should be listening to anything on their phone without headphones. I’d approach it with HR from that angle — it’s disruptive and, yes, in this case it happens to be religious, which raises a whole separate set of issues about people being made to listen to religious content at work, but really what’s needed to be respectful of everyone and keep that space more peaceful is a headphones mandate across the board.

4. Company is eliminating work email addresses and we have to set up personal email accounts instead

I work for a contract agency, and I provide services to both schools and health care agencies. My company has had a long-standing policy of 24-hour turnaround for emails, and I’ve never had a problem with this. However, as our management is changing, a decision has been made that employees having company email addresses is a security liability for the company, and we’re all losing our work emails. We’ve been told to use gmail or other free services to create our own personally owned “work” email addresses.

I’m bristling at the idea that I’m expected to use email for communication and check it regularly as a requirement of my work, but am not provided with that resource. Plus, I work with and handle protected health information *a lot* and many of my work email communications, both internal to the company and with our contracts, are governed by either FERPA or HIPAA. I have concerns about the legality and liability of using gmail for these communications.

I’ve pushed back with my bosses, who seem understanding and are sending these concerns up the chain, but I’m receiving no updates and the email turn-off is imminent. There has been some group pushback, but most of my coworkers don’t use email the way I do (they work almost entirely in the main office, and I mostly work in the field), and don’t seem concerned about this.

What else can I do? I’m thinking about refusing to create a personal email address for work, but that would have negative impacts on my work, both from a practical standpoint and from a perspective of maintaining a positive relationship with the new management.

In what universe are personal email accounts more secure for the company than business accounts they control? This is … the exact opposite of how it should work. And they’ll lose access to those accounts when you leave! Why why why? This is infuriating in how nonsensical it is.

If you haven’t documented the specific ways this would violate terms in your contracts, you should do that — and if your company has a legal department, you might try taking that documentation to them. You could also try building a case for why you need to maintain a work account, rather than trying to alter their whole plan but … I have a feeling they won’t care. They’ll likely argue that you can comply with FERPA and HIPAA from a personally-owned email account as long as it’s subject to the same restrictions; I don’t know enough about FERPA to know if that’s true, but either way they’ll be missing the larger point that they need to own their business email. (And how will they ensure you follow those restrictions with the account’s contents once you no longer work for them? Agggh this is ridiculous.) If they won’t budge after that, there might not be more you can do, other than to take this as a serious mark about your new management’s sense. But yeah, I wouldn’t flatly refuse to do it.

Read an update to this letter here

5. Interviewing people on a rolling basis vs. waiting for an application deadline

I was curious about your take on doing interviews on a rolling basis while the job application is open vs. waiting until all resumes have been submitted and narrowing it down from the total pool of candidates. Do you think employers should be up-front about what method they’re using in a job posting?

I strongly believe in at least looking through resumes as they’re coming in, not leaving the review until some later deadline weeks away — because otherwise you risk missing strong candidates who might have accepted another job while you waited. There might be stellar people in your applicant pool who you’d miss out on altogether if you don’t start talking to them more quickly. [That said, to do this well, you need a very clear idea of what the bar is and what “exceptional” looks like, so that (a) you’re not spending time on early interviews with candidates who won’t look as exceptional once the whole pool is assembled (although there can be still be value to that, including helping to define your bar) and (b) you’re assessing “exceptional” based on objective metrics and not “this person reminds me of me” or “they know my neighbor.”]

You don’t need to disclose to candidates whether you’re talking to people on a rolling basis or not, but it’s smart to do because otherwise some candidates will assume they have until the very end of the application period to apply — and you might miss out on them if you end up making a hire sooner. I like including something like, “We’re interviewing candidates on a rolling basis, so if you’re interested, we encourage you to apply as soon as possible.”

{ 546 comments… read them below }

  1. albe*

    OP4 Oh my god. NOOOOOOO.

    You cannot handle work related confidential material on a personal email. That is not how these things work. That is a huge liability issue. What if your password is hacked? What if you quit? How do they cut you off from the sensitive information? And prove you weren’t using it for your own reasons?

    People go to jail for this kind of thing. It is the single worse idea I’ve heard in a long time.

    1. Eye roll*

      I’m screaming. A lawyer in this state would at least get censured if they were caught trying to send confidential emails through a completely open and unencrypted “gmail” type email without further precautions. What is your company thinking? Are you yourself covered if they insist you proceed with this insanity?

        1. Tiger Snake*

          Not… exactly.

          Gmail uses TLS. That’s an encryption-in-transit algorithm. That doesn’t cover encryption at rest, and it doesn’t guarantee sufficient encryption. Google doesn’t promise that the latest version of TLS will always be used, and the older versions can be broken.

          Beyond that, Gmail explicitly does not offer end-to-end encryption. They wouldn’t even want to! Gmail is set up to allow google to have access to your email on purpose; its part of their data collection.

          Gmail offers some protection from an arbitrary third party. Some.
          It doesn’t protect against Google itself – who have no business getting a client’s personal information – and it doesn’t guarantee safety of the email address. From either an attacker, or because you just happen to share your personal email box with someone else.

          1. Keymaster of Gozer*

            I maintain our PGP systems at work. The idea of people using gmail for our company stuff…well I read this post out loud to my GDPR regulations and they got up and ran out of the room and were last seeing flying out of Gatwick.

            1. Akcipitrokulo*

              Assuming that US health data laws are similar to GDPR… iirc from my training, doing this would specifically be in breach of the keeping data secure sections.

            2. Observer*

              they got up and ran out of the room and were last seeing flying out of Gatwick.

              I can imagine. But it’s not just that they are using Gmail. They could be using ProtonMail (which is supposedly end to end encrypted) and they would STILL be running away.

              These folks are simply out of their minds and have no idea what security actually means.

              1. Keymaster of Gozer*

                I don’t trust any encryption system that I don’t at least know the guts of – which means I’m fine with our one at work (we have really classified info here) because it’s multi layered and there’s severe repercussions if you even attempt to get around it.

                Using a third party to send confidential information via email and trying to claim it’s ‘better this way’ would be instant dismissal here (even in the UK – you violate our security you are out the door)

            3. Empress Matilda*

              I’m a records manager, and this gives me absolute hives. It’s literally the exact opposite of how I’ve been telling my colleagues to manage their emails for the last two decades.

              1. JustaTech*

                Exactly! Aren’t there laws (in the US) about businesses needing to keep email records for a specific number of years (after the Enron scandal)?
                How the heck would you do that with dozens of unrelated gmail accounts?

                1. Observer*

                  You don’t.

                  If you read the OP’s comments, it seems pretty clear that that’s actually part of the point. The “security” issue they are thinking about is the presence of emails that could embarrass them or worse.

          2. Pants*

            Does this apply to paid Google Workspace service as well? It appears that basic business accounts including email yadda yadda are max $20/mo but don’t state encryption as part of the service. Enterprise accounts offer encryption but you have to call sales for the pricing, which I imagine is much higher than $20. Since my company is giant, worldwide, and full of confidential info, I’d hope we have full encryption rights. It’s certainly a … “process” to get access to most things when onboarding. (That said, I adore where I work. It’s a very weird sensation.)

            1. Tiger Snake*

              That’s actually a really hard question to answer. Most people would write an entire blog post on it.

              The short answer is: Not for my purposes.
              Google has deliberately avoided getting the security certifications (independent audits and verifications) that I would need to trust that they’ve secured my information to prevent Google’s own access or use or to be confident that their security whitepaper is fully accurate.

              (Which itself basically means “Google says a lot of nice things, but refuses to prove it in a way that I can trust”)

              1. Pants*

                That last sentence wraps up Google better than anything I’ve seen recently. I remember their in-house slogan used to be “Don’t be evil” but that was a long time ago. It’s rather laughable now.

                Google: We keep your information safe from bad people!
                People: Do you have access to it?
                Google: We keep it from bad people!
                People: Yes, but do YOU have access to it?
                Google: Bad Pe–
                People: So you have access to it.
                Google: ….

                May the odds be ever in our favour.

        2. Observer*

          Yes and no. One I can tell you for sure – and Google will tell you the same thing – you CANNOT use a standard Gmail account “as is” if you need real data security. You NEED some extra layer of encryption. It needs to be end-to-end, which Gmail isn’t.

          Gmail security is good, and it does have a lot of security certifications. But that’s not sufficient to the situation. The same thing is true of Exchange email, whether on premises or hosted by Microsoft. If you are using these services “as is” you are asking for trouble.

          1. CJ*

            Yep. I’m not sure of all the backend shenanigans, but I do know that Gmail and Gmail for Education, and likewise Outlook and Outlook for Ed, have different backend setups specifically because of FERPA implications. (One of the big ones is keeping the search bots our of the student data. Can you even imagine?)

        3. Fed*

          Gmail is also not secure AND Google has access to read EVERY email!!! There are ongoing issues with using it for legal work.

        4. llamalemon*

          R1 university employee here (who is HIPAA and FERPA certified): No part of the off-the-shelf Google Suite is suitable for personally identifiable health or student information. My university won’t allow us to store research data on our enterprise Google Drive; they’d have an aneurysm if that data was going out via personal Gmail addresses. I deeply respect Alison’s advice, but I would put my foot down and refuse to comply, to an extent–set up the email, sure, but DO NOT send anything out that violates protocol. Even if the company is demanding it, you’d be on the hook for breaking HIPAA/FERPA, especially since you know better. OP, maybe you need a short term work around that’s way less efficient to really drive home for them what a bad idea this is. Could you turn those emails into phone calls or field visits instead? Or could you petition your company to pony up for a secure server to share sensitive documents (which would be better than an encrypted email anyway)?

      1. pleaset cheap rolls*

        The issue is not just about encryption – people could set up a secure personal email. The issue is that it’ll be hard to tell who is actually who. People will be more easily about to misrepresent themselves at the company and wary recipients of emails may not believe they are actually from the company.

        If someone at a business wrote to me with a domain in their email address – whether (very insecure) or (much better) – not matching the company domain I’d be reluctant to believe it’s legit.

        1. pleaset cheap rolls*

          My point is, beyond the technical insecurity, this just invited insecurity with human causes.

        2. Metadata minion*

          Same here! I expect to get a non-branded domain email from a business with four employees where I’m confirming when I can go pick up my new llama stand or whatever. I’m going to be deeply suspicious of either the email itself or the business’s security practices if I get an email with a generic gmail address from anyone I’m supposed to share confidential information with or who I can assume has a budget to get their own dang domain name.

      2. Pants*

        A friend of mine works at a hospital in CA doing a lot of research involving patient records. The scanners were all (ALL!) broken last week and he really needed an electric copy of a record for his latest paper. I suggested a photo-to-pdf app for his phone. He told me he’d be instantly fired for that. (I hadn’t even thought about it when I suggested it.) I can’t imagine just deciding that private medical information be transmitted through a personal email account.

        Meanwhile, I’m in a huge state (ahem) to the east/south that has a really crappy governor who would probably allow this to spite any federal legislation because Murica and red baseball caps.

    2. Dusk*

      Yeah how on earth did the company come up with this? How could a personal email possibly be less of a liability than *already existing* company emails (which, if not on their own server, presumably have centrally dictated security settings etc.)?

      I’m not in the USA, but if you can’t find existing documentation, is there some kind of body that you can speak to about your concerns that this could breach privacy laws/HIPAA/FERPA? That conversation might be helpful with pushing back further with management, HR, or the company legal department, depending on what you have.

      1. Tau*

        Cynic time: Is it possible upper management is under the impression that doing it this way shifts the liability to the employees instead of the company? Just in case, OP, I’d definitely try to dig up some information as to how any fines etc. from breaching laws would still fall on the company.

        (I spend way too much time with GDPR stuff and this whole idea makes my head explode. How are you going to enforce data deletion once a customer’s PII is no longer needed if said PII is in an e-mail account belonging to an employee who’s left the company, huh?)

        1. Bilateralrope*

          How long does it take between hitting delete on an email and that email being deleted from all backups ?

          Then there is the matter of the archive button in Gmail. Which I’ve seen some people think is a delete button.

          This will end in lawsuits if the company continues down this path.

          1. DJ Abbott*

            On my iPhone the Archive button is the delete button. There is no GMail delete button in the iphone app.

            1. Librarian1*

              Yes, but in the gmail app for iphone the archive button and the delete button do different things. I don’t use the iphone mail app because I don’t like and I assume other people are the same.

        2. Tiger Snake*

          I wish we knew the place this LW is from, because I’m really eager for a lawyer-reader to weigh in if that transfer of liability is even possible.

          1. FashionablyEvil*

            If they’re covered by HIPAA and FERPA, definitely the US. There may be additional state law that governs the privacy and security of health and education records.

          2. Observer*

            I’d be willing to be that it CANNOT be shifted. But, OP, one thing you SHOULD check is what would be your liability if you went along with it and someone breached your account?

            I don’t think that your company could escape liability this way because they have a responsibility to make sure that staff are handling data responsibly. But it’s possible that you would be facing ADDITIONAL liability.

        3. GammaGirl1908*

          Re shifting the liability burden to employees: that was exactly my assumption. “It won’t be more secure, but the beauty of the plan is that at least WE won’t take the hit if there’s a problem.” Not much thought given to the entity that will take the hit.

          Side note: any time some uses an odious phrase like, “That’s the beauty of the plan!” it usually means someone else is about to get screwed over.

          1. Akcipitrokulo*

            But it wouldn’t?

            (Not in US… but surely employer is still on the hook because they told workers to do this?)

          2. Bilateralrope*

            The real beauty they missed is that whoever gave this order also transferred liability to themselves.

          3. Snow Globe*

            The OP states that they work for a contracting agency, so I wonder if the OP being an independent contractor can make a difference in who is liable.

            1. EPLawyer*

              The contracting agency is making the change. She is a contractor to the companies that the agency contracts with. So the agency would still be on the hook.

              I am betting they don’t have in-house IT but outsource it. The IT company didn’t say anything because for all they know the agency is just switching providers. If they had in-house, this idea would not have gotten out of the meeting room. In-house would have to know about it to switch off the emails. So they don’t know.

              This was probably not run past legal either because even non-IT legal people know this is a SPECTACULARLY stupid and bad idea.

              OP rather than pass things up the chain of command, go directly to legal/HR. Now. Do not wait to gather more information. You have all the information you need. Hopefully someone with a brain will finally see this and figure out how SPECTACULARLY stupid and bad this is.

              1. Tryinghard*

                The contract IT services part is key. Many agencies see IT as the first place to cut expenses and without someone who is technical minded, you are this kind of stuff. Next up will be no more MS Office because using Google docs doesn’t cost anything in a free account. Cash strapped agencies have been known to think that way.

                1. PeanutButter*

                  >Many agencies see IT as the first place to cut expenses

                  My immediate thought is that the company is about to go belly-up and they’re trying to slash budgets so paychecks don’t start bouncing.

                2. PT*

                  Yeah, a lot of the cheap-on-IT places I worked had similar issues regarding part-time employees whose job required occasional but not primary computer use. So the Front Desk staff who handled all the registration and payment for Llama Grooming and Llama Training and Llama Riding classes would have company emails, because they spent their entire shift in front of a computer handling registrations and payments, but the Llama Groomers and Llama Trainers and Llama Riding Instructors wouldn’t, because their primary job was working with llamas.

                  But of course, the company had to contact back and forth with the Llama department staff, and sometimes the Llama department staff had to directly contact with customers, especially if they’d arranged packages of premium services where the customers expected to have that sort of 1:1 access to their groomer/trainer/instructor, and then they were doing it with their Gmails and their Yahoos and their .edus from the local college and their AOL emails from 1998.

              2. Rach*

                I (engineer) just completed my yearly Information Safety course at work (large tech company) and… I’m speechless the company thinks this is okay! We don’t even deal with HIPPA or FERPA and I know this is a bad idea.

            2. somanyquestions*

              I thought that at first too, but the more I think about it the more it seems likely “contract agency’ means they provide contracted services, not that they are individual independent contractors.

            3. LW4 (He/Him)*

              I work for a contracting agency. I am not an individual contractor.

              There are many differences, the most important of which is that I’m a W-2 employee of another company, not a 1099 employee. My paychecks come from only one company.

              That contracting company then assigns me to different contract sites, all of which need the services I provide, but not from full-time employees.

              (If I was an independent contractor, then I *could* reasonably be expected to maintain my own IT and work e-mail address, because I own the “business”, so to speak.)

              1. Pilcrow*

                I worked in the exact same position as you for 16 years (W-2 contractor doing staff supplementation) and have had assignments at clients in regulated industries – medical equipment and finance. The client has *always* provided the email addresses and IT resources needed for the job.

                The financial client actively restricted any outside email clients on their network and installed wi-fi dampers for data security (they processed transactions and had access to financial accounts). You couldn’t use gmail on the work computers even if you wanted to.

                You may want to also take this to your contracting company; providing the resources to do the job is usually listed in the contract the client signs with the services company. The client could be in breech of contract.

                1. LW4 (He/Him)*

                  The clients have the option of putting us on their e-mail systems, but they aren’t required to.

            4. Observer*

              I wonder if the OP being an independent contractor can make a difference in who is liable.

              The contracting company is liable for whatever tools and instructions they provide. And they most definitely are liable for the security and privacy of the information their staff (whether actual employees or conrtactors) are handling.

          4. Arts Akimbo*

            Yes, I suspect this also. Someone(s) in the new management wants to be able to say, “But WEEE didn’t know about it!!!” whenever they want to blame an employee for something (possibly something arising from one of management’s new policies??).

            That won’t fly in a court of law, but someone up there thinks it will, and worse, is planning for it in advance. Personally, I’d be job hunting over this. I might be paranoid, but to me, this does not seem like a good faith action and it speaks of a culture shift in a truly shady direction.

          5. Observer*

            Re shifting the liability burden to employees: that was exactly my assumption. “It won’t be more secure, but the beauty of the plan is that at least WE won’t take the hit if there’s a problem.”

            Yes, that was undoubtedly at least part of their “thinking” (if you could call it that.) The problem is that they are flat out wrong. I’m not a lawyer, but I have had to get familiar with how these regulations work because our IT security is on my plate. And there is no way that this kind of thing will protect the company.

            The reverse may actually be true, because it removes ANY chance that they could be considered to have been acting in good faith or taking reasonable precautions with the data that they are handling.

        4. MEH Squared*

          That was my first cynical thought as well. It doesn’t pass the sniff test, of course, but nothing abut this mess does.

        5. Anonys*

          I was thinking that this employer is incredibly naive about IT stuff and my first speculation was that they are arguing “well if our company email is hacked, that’s all of our employees emails at once whereas if everyone has their own email on different platforms that’s less likely to happen” Obviously completely misguided reasoning considering how much secure a work email is, especially over gmail, but I could kind of see the reasoning?

          1. NotRealAnonForThis*

            Apparently hasn’t read any US based news in the past couple of years, either. I believe that the “private email” issue has come up, ad nauseum.

          2. Observer*

            It’s technically POSSIBLE that the employer is innocently naive, but it’s not too likely. There has just been waaaay too much in the news over the last couple of years for this to be innocent for a functional adult in the working world.

        6. Lucious*

          It’s also occurred to me the upper management won’t have to pay for hosting services, a work email server or staff to maintain those tools properly.

            1. Charlotte Lucas*

              My thoughts, too! We use special encryption for HIPAA emails at work, & that costs $$$.

              1. Nesprin*

                Encrypted email is one of the many expensive things that’s cheaper than the alternative, namely being in violation of HIPAA.

            2. Cthulhu's Librarian*

              Not efficiently, though. Most email services are less than $10 per month per employee.

              You can save more than that just by pulling coffee from the kitchens.

          1. Observer*

            It’s also occurred to me the upper management won’t have to pay for hosting services, a work email server or staff to maintain those tools properly.

            Well, I hope they are putting every penny they save into a legal fund for the inevitable mess that ensues.

            OP, I wasn’t kidding when I said you should start job hunting if this goes through.

      2. Mimi*

        My best guess is that this has to do with the recent Outlook vulnerabilities (google “exchange server hack news” if you haven’t heard about it), which hit thousands of companies. But the solution to that is to patch your servers (or rely on a cloud provider, which can have its own issues, but on-premise server vulnerabilities isn’t one of them), not distribute a bunch of proprietary company data across random, probably-unencrypted email that the company has no control over.

        1. LW4 (He/Him)*

          I had *not* heard about what’s going on with the Outlook vulnerabilities, and now I’m wondering whether this was a knee-jerk response to that or something New Ownership had already accounted for and they’re asking us to keep up.

          But, as you say, that’s something with a “use something besides Exchange” or “patch the servers” response, not a “take away almost everyone’s work e-mail” response.

          1. Observer*

            LOL. As if putting everyone on personal emails is going to make them safer. **Rolling eyes**

        2. Keymaster of Gozer*

          That’s pretty much why we run different PGP systems alongside Exchange – I’ve worked with Microsoft server applications for decades but I do not trust them.

          What this firm is proposing is, to use an analogy, the same as hearing that a bank account at a bank got drained and deciding therefore it’s better to keep all your money in the street outside.

      3. Momma Bear*

        I just can’t fathom a way this wouldn’t violate several laws. I would frankly refuse to do it, as I would not want to be prosecuted.

    3. Artemesia*

      Wasn’t this a major ‘issue’ whine in a Presidential election. Shouldn’t we all know that personal emails should not be used for sensitive information?

      1. Fierce Jindo*

        That context was that personal email was being used to get around public records laws. That context does not apply here.

        1. Bilateralrope*

          But what about rules about how long certain emails must be preserved vs how long the email provider waits before deleting everything after you stopped logging in ?

          Or getting access to emails in Discovery after the person running it has “forgotten” the password.

          I think the company is trying to hide something.

          1. SnappinTerrapin*

            Those issues were relevant to the case of the office holder who was seeking higher office.

            Public records laws, discovery, and security of sensitive information were all implicated in that case.

        2. PollyQ*

          Are we sure about that? Clients include schools and health care agencies, so there might well be legal requirements for emails that involve them, and I wouldn’t be at all surprised if the Powers That Be are doing this in a vain attempt to get around pertinent laws.

          1. Snark No More!*

            It’s called a litigation hold and if the company is in any kind of litigation, they may violate discovery rules if they cannot preserve/produce relevant emails. But perhaps that’s their point…

            1. CJ*

              As someone who has worked as an adjunct for the better part of a decade, I remember being told to never use my personal email for school content (other than pre-onboarding), because among other reasons, if I became involved in a case, discovery rules did allow for _any_ email account I used to be petitioned – including personal emails. At the best if I was OP, I would immediately set up a trash email on an IP that’s different from where my normal email is and give that to this silly company.

            2. Anne Elliot*

              Then I think you might have scope to ask them how utilizing personal email addresses will comply with HIPAA/HITECH, or what resources they will be providing you to make sure your email communication comply with Federal law.

          2. Stacy*

            I’m not sure what role they’re serving for the education sector, but all employees for public schools are legally required to archive their emails for extended periods of time in case of any records requests, due process suits, etc. Essentially all emails for a public education entity are public record.

          3. Observer*

            Clients include schools and health care agencies, so there might well be legal requirements for emails that involve them

            No question about it – the OP explicitly states that they handle protected health information and that a lot of their communications is governed by HIPAA and FERPA. So, there is no way that this could be ok.

            I wouldn’t be at all surprised if the Powers That Be are doing this in a vain attempt to get around pertinent laws.

            I hadn’t thought of that, but it sound like a real possibility.

        3. Forrest*

          No, but the broader principle of organisations having more oversight and control over emails sent and held on their own servers certainly does.

        4. Observer*

          That context was that personal email was being used to get around public records laws. That context does not apply here

          That was NOT the only context though. Remember, it wasn’t just Hillary Clinton using her server to get around records laws. Although it’s worth keeping in mind that there was a TON of discussion about what else was wrong with the situation.

          But it was also the DNC getting hacked. That was all over the place. If you were paying ANY attention at all you couldn’t miss that one, no matter what you political slant was.

    4. Emma2*

      If OP is going to lose access to their existing account, which sounds likely, I would suggest she forward copies of all communications about this rule to her new personal account (or her existing personal account) – anything the company originally sent her, her objections, their responses, etc. She should have copies of all the evidence about why she is using the personal account. I would do this immediately, while OP still has the work email.

      1. LW4 (he/him)*

        I’ve had enough hostile contracts to learn that everything gets backed up and written down, because otherwise a site supervisor who hates you will accuse you of stealing files that they asked you to remove from the building (yes, this happened, and the boss who helped me deal with that is also advocating for us to keep our e-mails, so that history is Known)

      2. Lucy P*

        Not just forward, but forward as an attachment so it has all the info about the originating server (this gets lost doing just a regular forward).

      3. Esmeralda*

        Make a new personal account for the work email. Not just use existing personal account. Keep business and personal separate.

    5. Bilateralrope*

      Don’t some of those free email providers have algorithms reading your emails to target advertising ?

      Which raises questions about who else can read those emails if the email company had a reason to go snooping.

      1. Emma*

        All of them do, yes – which is another reason why this is terrible, LW is being asked to intentionally donate all that health information to data aggregation outfits!

      2. Keymaster of Gozer*

        Yes, yes they do.

        Additionally, having an email from a company contact suddenly go from joe.bloggs at company to joe26.bloggs at gmail as an address would likely shunt it straight into my ‘untrusted’ folder – because that’s a very common phishing tactic.

        Doing this would likely mean few clients even reading anything coming in.

        1. Mimi*

          Oh, yeah, that’s a really good point. It will look INCREDIBLY sketchy from the recipient end.

        2. NotRealAnonForThis*

          Excellent point. I’m automatically suspicious of “contractor name at aye oh ell dot com” which I still sadly see a LOT in my industry. (I guess I should just be happy they submit information at all via email as opposed to fax…or snail mail?)

        3. Observer*

          Yes, this was something that came to mind. SOOOO much wrong with this whole scheme.

          OP, I mentioned talking to a security person. But also, you’re getting a LOT of good specific leads from this whole discussion about what to push back on.

        4. Empress Matilda*

          I mean, seriously. As a client, I would immediately think this was phishing, and the email would go straight to spam.

          1. LB6*

            Even if I found out it wasn’t phishing and was legitimately from a contact, I wouldn’t be their customer any longer.

            I would 100% not want to use a contractor that is having employees share our business’ confidential information through personal email accounts.

    6. CurrentlyBill*

      As a client, I’m not emailing a company on a address unless maybe they are a sole proprietor.

      This just screams to me that someone is going around corporate best practices and possibly trying to scam me somehow.

      1. CurrentlyBill*

        If you want to mess work them set up a Hotmail or aol address. Great company branding there!

        1. LifeBeforeCorona*

          Good point. Is everyone going to use their favorite email provider? I used Gmail, my friends use Yahoo, Hotmail and one still uses AOL. Not having standard work emails seems very unprofessional to me. Hotguysummer@work does not inspire confidence.

          1. CJ*

            > Hotguysummer@work does not inspire confidence.

            I dunno – a summer camp at P-town or Fire Island, I could see it!

      2. Forrest*

        yes, that was one of my thoughts too! Checking for as opposed to is the level of automatic due dilligence most people do without even thinking about it. Unless your customer/client base is a demographic with *very* limited familiarity with internet security and norms, this is going to use you a ton of custom.

        1. NotRealAnonForThis*

          Is anyone else vaguely grossed out that if this IS a demographic with limited familiarity with internet security and norms receiving these emails…it may set a somewhat dangerous mindset to the clientele in that “oh, its completely NORMAL to get this from a gmail account!)

      3. EvilQueenRegina*

        Yes, I’d feel more comfortable dealing with a email address rather than a – I’d be wondering if this company was legit.

    7. Teekanne aus Schokolade*

      Ten cents says someone wants to save money and claimed this was a security thing.. absolutely bonkers.

    8. LW4 (he/him)*

      LW4 here, adding some additional context:

      The specific reason given for taking away most of the work e-mails (which I suspect is secondary to some kind of cost concern about the number of company e-mail addresses maintained) is that too many people aren’t checking their work e-mail addresses – despite a company requirement to do so at least once a day that’s been in place for over a decade – and this exposes the company to IT vulnerabilities somehow.

      It’s… one of a number of red flags to the tune of “person X isn’t doing their job/doesn’t know how to do their job so we’re going to inconvenience the whole company” that has me that has me thinking about leaving a company I’ve been working at for over a decade, including a contract negotiation in which the phrase “the new bosses don’t like writing things down” was used (when I asked for things I was told verbally about benefits and seniority grandfathering to be written down).

      1. Keymaster of Gozer*

        Do you have any kind of IT person or service provider? Because if you do they are (and this is a professional IT person perspective) absolutely off their rocker. People not checking their email doesn’t expose the company to vulnerablilities – if anything it reduces them! Can’t click on malware if you never read it.

        Also, domain name email hosting is frankly one of the cheapest IT running costs we have (okay, excluding the large exchange servers but we have it in house and are a BIG firm). Storage, uptime availability and software licensing are the big ones.

        This ‘approach’ of theirs is like saying ‘well we never have problems so we’ll ditch the entire IT department and just Google what we need’. It might sound good to a few people but it’ll kill the company.

        1. LW4 (he/him)*

          I know our local IT person really well, and I’m planning to ask him some questions when I see him next (possibly today).

          I have a feeling I’m going to have a juicy Holiday Update.

          1. Keymaster of Gozer*

            Definitely interested in hearing what he says! I’ve been in this industry 20+ years and by George this is the most bizarre idea.

            (Okay the one about holding rituals in the server room was probably weirder)

            1. L.H. Puttgrass*

              Rituals in the server room? No, that makes sense to me—the gods of Unscheduled Outages and Inexplicable Glitches must be appeased, after all. Perfectly sane, perfectly logical. I’m surprised more IT shops don’t hold rituals in the server room.

              But getting rid of corporate e-mail and telling employees to use their personal e-mails for work? There’s no logic to that at all.

              1. Cthulhu's Librarian*

                There are IT departments that don’t hold rituals in the server room?

                I mean, even if the ritual is just the Assumption Threatening Kicking Posture, surely we all have some of them that work…

                1. L.H. Puttgrass*

                  Apologies for the OT comment, but I just have to know—does the Library of Cthulhu use the Dewey Decimal system, Library of Congress, or an impenetrably arcane and convoluted classification system of its own?

                2. Cthulhu's Librarian*

                  L.H. Puttgrass – for cataloguing, it is an eldritch mishmash of all three, dependent upon the inscrutable whims and rules of Those Who Catalogue, the precise item that is being catalogued, and the movement of the stars. Initiation into their number so that you may understand their secret knowledge happens only by the fell light of a New Moon, beneath the tail of a comet with an orbital period of greater than 13 years.

                  For actual floor layout and shelving? It uses a bookstore model, but without directional signage. Some of the rooms and their contents are only accessible on certain days of the month or year, and depending on which corner you round, the shelves may be suspended from the ceiling rather than attached to the floor.

              2. calonkat*

                “Saint Vidicon of Cathode pray for us” used to be a common prayer (it’s a wonderful story by Christopher Stasheff)

              3. Your Local Password Resetter*

                Yeah, pacifying the ghosts in the machines by appeasing them with sacrifices and ritual honouring is just sound logic. Worst case scenario you wasted some pocket change and ten minutes of your time.
                Bad business decisions on the other hand, they don’t have the excuse of supernatural shenanigans.

              4. Nesprin*

                All glory to Neumann’s chair (which is at UCSD, and a physical chair, instead of a fancy professorship)

              5. Worldwalker*

                Didn’t you know? Waving a dead chicken over the server is a recognized practice! (a box of McNuggets can work in a pinch)

            2. Sola Lingua Bona Lingua Mortua Est*

              This almost sounds like someone high up in the company doesn’t completely understand/get the “Gmail for Work” product.

            3. Mimi*

              Not quite on this level, but I know where to find video footage of cake and flowers being stored in a server room. (Although I no longer have access to it.)

              1. L.H. Puttgrass*

                Of course! It’s such a convenient temperature-controlled environment! Seems a shame not to use it if it’s there!

            4. fantomina*

              ha, my immediate reaction when reading was “omg I can’t wait to see what Keymaster of Gozer says!!”

              1. Keymaster of Gozer*

                (I literally got told by a manager to stop building Stonehenge in the server room out of computer packaging. I’ll put the full story in an open post if people are interested)

                1. Sola Lingua Bona Lingua Mortua Est*

                  Of course. Clearly.

                  Did she have the same problem with the Temple of Jupiter Feretrius built out of old tower cases?

            5. LW4 (He/Him)*

              OKAY. This will definitely be in a full throated update to Alison, but by coincidence, the day she posted this is the day I finally got to talk to the IT person who’s actually been dealing with both Old Ownership and New Ownership (until we’re fully onboarded, at which point New Ownership IT will take over)

              The short version is: New Ownership asked a slightly incorrect question to Old Ownership, who was not equipped to correctly answer the question. When the results of that answer resulted in action, some staff pushed back against the action for incorrect reasons (think “but I use my work e-mail for my Personal Teapot Club Meetings”), resulting in a blanket answer of “then make a personal e-mail address” even when the pushback was about using the e-mail for work reasons. Then, when the people directly involved had a solution, it had to be approved by a whole bunch of different people who don’t always approve things quickly, but *this* server has to be migrated *right now* because New Ownership is also becoming New Ownership at a number of other locations, and missing the migration date makes a bunch of processes grind to a halt.

              Also the particular conditions that applied to “yes this person still does need a work e-mail” did not apply to literally any other person in Old Company in my role other than me (and only about ten people in *any* role in Old Company), because nobody else was doing what I do *in the field* as opposed to in our facility.

              So the conversation with IT made me less “jump ship as soon as possible”, but the general mentality of “we don’t like writing things down”, which is impacting benefits that weren’t mentioned in the letter, are still causing me to dust off my resume a bit.

              1. Kal*

                That is quite the chain of communication failure. Combined with “we don’t wanna write things down”, it definitely sounds like a storm brewing for repeated failures of the same calibre, even if there weren’t any malicious actors involved. Combined with the benefits issue, it sounds like dusting off the resume is the right move.

              2. Observer*

                So not quite a bad as what was originally communicated. But still bad enough that I still say you should be looking.

                Firstly, the whole “we don’t like writing things down” bit is concerning. For another this kind of communications breakdown is pretty hair raising. Also, I highly doubt that a rubric that concludes that clinicians don’t need email is highly suspect.

                But at least it doesn’t sound like you’re going to be on the hook for HIPAA violations.

              3. Keymaster of Gozer*

                Your place definitely has communication issues! I can’t say I blame you for dusting off the CV.

        2. Onetime Poster*

          If it *really* is the cost of maintaining more email addresses than are being used regularly, then they can very simply determine those employees who need a work-email account and those that don’t. Still very fishy and not ideal, but to turn off *everyone’s* work email for that reason is illogical.

          Some other have said here they think it’s a cynical view to think the company is trying to shift liability. No, not cynical at all – it’s an unfortunate way some people look at business decisions. It was my immediate thought along with lack of budget to support what could end up costing the company millions just because they don’t invest a little more in proper security. In no way, ever, unless you’re an independent contractor/consultant/freelancer, should the burden of “security” (especially in sensitive-information areas) be on the employee-base.

          1. LW4 (He/Him)*

            They did determine which employees do need a work e-mail and those who don’t; they just decided that clinicians were in the long list of “don’t”.

            1. Observer*

              No they didn’t. Because if they determined that you “don’t need” email, they would not be requiring you to maintain your own email account. In fact they would be FORBIDDING you from communicating by email.

            2. Artemesia*

              anyone who needs to transmit health care information to clients or others obviously needs a secure company Emal for legal reasons. Time to look for a new job.

            3. Emmee*

              Clinicians don’t need email addresses? Please let me tell that to the doctors where I work, they would be absolutely delighted not to be constantly drowning in emails. I’d make their days!

              (Realistically, of course, they would be Utterly Fuming, but it’s nice to dream.)

          2. somanyquestions*

            I agree they’re trying to shift liability, but I don’t think they actually understand the whole concept and are creating far more potential liability for themselves.

      2. Escapee from Corporate Management*

        “the new bosses don’t like writing things down”

        Run, LW4, run! That one line explains this all. Leadership that doesn’t want documentation is doing so for a reason. I expect your legal counsel and accountants are also being told to not document things for all sorts of specious reasons. This does not bode well for ethical behavior at your company.

        Find a new job ASAP!

        1. Ginger Baker*

          Indeed. My first thought, reinforced with that comment, was “are New Bosses actually using this as a front for criminal activity?” Serious question.

      3. L.H. Puttgrass*

        Whoa, whoa, whoa. They’re getting rid of most work e-mails and “the new bosses don’t like writing things down?” That’s not a red flag, that’s a May Day parade. It sounds like someone really doesn’t want…something…documented. Whatever that something is, I wouldn’t want to be around when it eventually gets found out and investigated.

        I am not your lawyer, but if I were in your situation and couldn’t change jobs quickly, here’s what I’d do:

        – I absolutely would not use my own personal e-mail for work. That could get very messy if someone (your employer, a regulator investigating your employer) requires you to produce e-mails later on. It’s much better just to have a separate account so that work and personal e-mails are clearly separate.
        – I’d use Proton Mail or a similar secure e-mail service. It may be more difficult to use to send and receive e-mails from some clients, but in this case, I’d call that a feature.
        – I’d avoid sending anything HIPAA or FERPA-related through e-mail (except possibly through a secure e-mail service) if at all possible. Explain it to your clients as having to do it because of the changes in your workplace e-mail.
        – I’d also document the heck out of all of this.

        What a crazy banana-crackers situation. This is not the action of a healthy, sane company with a competent legal (or data security) department. If they can’t be talked down from this idiocy (and it sure sounds like that), the best thing you can do, short of finding a new employer, is set up the closest thing you can to a secure work-only e-mail system.

        1. OrigCassandra*

          Co-signing the “don’t mix the email streams” advice. If you comply with this ridiculousness, LW4, do it in a brand-new account that you keep completely separate from your personal email.

          These bozos are cruising for one hell of a lawsuit, and you do not want your personal email caught up in it… which can happen if you mix the streams.

          1. JustaTech*

            And if this company falls under the jurisdiction of one of the federal agencies, let’s just say they’ve had an extra-sucky past year and a half and are kind of pissed and not going to let anything slide. Now is not the time to make actively stupid changes that will get the book not just thrown at you but lobbed by a trebuchet.

        2. Observer*

          I agree with all of these recommendations. ESPECIALLY the one to separate the emails and to document your head off.

        3. Artemesia*

          ANYTHING they don’t want written down needs to be put in email and sent back to them to ‘confirm our conversation.’ at minimum. And nothing about health issues should be put into a personal (even work dedicated) gmail. Use Snail mail.

          1. DJ Abbott*

            Sending it back to them in an email could get LW in trouble with management, since they don’t want anything written down. Maybe they would fire him, and in this case that would be a good thing.
            If you do this, LW, be prepared for the consequences.

          1. AES*

            I don’t know how often it comes up that your username is so completely on point for your comment but I’m v. pleased that it is so in this instance.

        4. Free Meerkats*

          Set up a new email address (may I suggest

          Refuse to send any HIPAA or FERPA data over that email if there’s any possible way you could be held personally liable. I suggest you tell your contracting agency that your employer has shut down the corporate email servers and they need to fax the information to maintain confidentiality.

      4. EPLawyer*

        Your company is bonkers and is not going to change. Time to polish up the old resume and GTFO.

        1. Worldwalker*

          Possibly in the reverse order.

          This story has more red flags than a May Day parade in Red Square.

      5. Zephy*

        Your second paragraph set off Kill Bill sirens in my head. You need to find a new job, stat.

      6. Observer*

        The specific reason given for taking away most of the work e-mails (which I suspect is secondary to some kind of cost concern about the number of company e-mail addresses maintained) is that too many people aren’t checking their work e-mail addresses – despite a company requirement to do so at least once a day that’s been in place for over a decade – and this exposes the company to IT vulnerabilities somehow.

        Making like a fish right now. This has to be one of the most insane excuses for such a bonkers idea that I have ever heard. I simply do NOT believe that this is the ACTUAL reason, but even as an excuse to hide the real reason, it’s nuts.

        including a contract negotiation in which the phrase “the new bosses don’t like writing things down” was used

        Oh brother! Run. Run like the wind.

        And, if you needed any proof that the real reason is an attempt to skirt the relevant regulations, well here it is.

        1. Keymaster of Gozer*

          If this is the ‘acceptable to tell staff’ excuse I shudder to think what the real one is. Even off my meds I doubt I could be this bonkers.

          1. Observer*

            Yes, exactly this. I think whoever said that there are “more flags than a Mayday parade in Moscow” got it right.

      7. Empress Matilda*

        too many people aren’t checking their work e-mail addresses – despite a company requirement to do so at least once a day that’s been in place for over a decade

        I mean, obviously this makes no sense, and the whole company sounds even more bananacrackers than the one we talked about yesterday.

        But just for fun, I would love for somebody to ask the decision makers how this is supposed to work. If the problem is that people aren’t checking work email, how is it different if they make a different email address? If you’re going to ignore emails sent to, isn’t it just as easy to also ignore emails sent to What’s the actual difference in this requirement, versus the requirement to check work email?
        What do they expect employees to do differently, and what is management going to do differently?

      8. Pilcrow*

        The specific reason given … is that too many people aren’t checking their work e-mail addresses.

        That excuse is so thin I’d be embarrassed to wear it to the beach.

        I think you need to extract yourself from this client before the backlash lands on you. They want to be unethical and are not even bothered to come up with a good reason to cover it. At best it’s poorly thought out and bad management.

        Also, you mentioned being there for 10 years. It may be a good time to get some new experience. I’ve been long-term at clients (5+ years) myself, but the biggest advantage of being a W-2 contractor is being able to get out and get diverse experience. Even though on paper I only had one employer for 16 years, I had multiple clients that gave me a range of industries and projects for my resume.

        1. LW4 (He/Him)*

          I’m in that same position – dozens of clients in as many years under the same W2 employer. It’s the W2 employer that’s causing the concerns in the letter, sadly.

      9. MassMatt*

        This additional info makes the employer out to be even dumber and more ethically dubious than your original letter, which is quite an accomplishment.

        Eliminating company email for everyone because some employees are not reading it is an extremely stupid non-solution, akin to locking all the doors to the business permanently because some employees were arriving late. At least with company email, you can see who is failing to read email and discipline as needed. Now, the company will have no idea who is or is not reading email, and anyone not reading it can simply say “the provider must have marked it as spam” and what recourse does the employer have? And if people are not reading their work email, what is to say they are or will read their personal email? Especially if they are setting up their own separate account just for work?

        “The new owners don’t want things written down” is perhaps the most disturbing new detail, it indicates either that they know what they are doing is wrong, or don’t want to be held accountable for any promises they make. Or both!

        OP, I know it’s easy for other people to say “get out” when we don’t have the full picture of your workplace and have no idea what the job prospects are for your area/skill set. But please, get out! Your new owners are steering for disaster, and worse, they seem to know this and expect you and the other employees to take the blame.

        1. Sara without an H*

          Yes, OP#4, even if your firm’s legal team can persuade the new management that this is a Very Bad Idea, I wouldn’t build any long-term career plans around this company. I agree with MassMatt that it’s easy for people who don’t know your situation to tell you to start job-hunting, but everything you’ve told us is alarming enough that it’s probably time to begin, even if it takes a while for you to line up something new.

          So read the AAM archives, update your LinkedIn profile, and start working your network. See what’s out there.

          Oh, and document off-site absolutely every transaction about this issue, or any others that look at all sketchy. I have a feeling that this is just the beginning.

        2. Observer*

          Eliminating company email for everyone because some employees are not reading it is an extremely stupid non-solution,

          That’s kinder than it deserves. Even in the TOTALLY unlikely situation where that’s the actual reason. Given the rest, though, what are the odds of this being the case?

      10. Momma Bear*

        I would totally CYA and nope out of there. The excuse that someone didn’t follow the SOP so now you have to do x…you can set up email on people’s phones. You can have people “on call”. Etc. If someone doesn’t like to “write things down” that is shady, shady, shady. Coupled with the email thing I would be leaving as quickly as possible. They don’t want to be held to/accountable for anything. You will get screwed.

      11. Worldwalker*

        The handles for your ejection seat should be located to the left and right. Pull them now.

      12. JB*

        I have a feeling perhaps there’s something saved in the servers of the company email that someone wants to get rid of, without drawing attention to by having that particular thing deleted. They’re probably thinking this way, if it ever comes up (legally or otherwise), ‘we got rid of company email and deleted all that’ will save them.

        I was already thinking along these lines, but ‘management doesn’t like things written down’ is really telling.

      13. LB6*

        From everything you have said, there are a lot of HUGE red flags with the new management.

        I wouldn’t want to be involved in sending confidential health information through a personal email address because what if that opens you up to personal liability under HIPAA? You should check with an attorney about personal liability if you go along with this. I could definitely see this putting you at personal risk (in addition to your company).

        You should start looking for a new job. This may have been a good job for the last decade, but it’s not anymore under the new management. Run away!

    9. LKW*

      I can’t agree more. It is impossible for me to agree more, I’m in that much agreement. This will open the company up to so many potential issues. This sounds like they want to transfer the liability to you so that if you share company data through email and something goes awry, or your personal account is hacked they point their fingers at you. I pick my battles pretty carefully and this is a hill I’d die on.

    10. Anon for this*

      Yeah I’ just sitting here laughing. This is the opposite of secure. Probably someone decided “if their email gets compromised, and it’s a personal email, it won’t compromise other work emails” but that is absolutely not how this works. Also maybe “if their account with high level access is not associated with email, they can’t give away their high level account’s login info” but ah, this is absolutely not how this works. They’re losing their ability to monitor email traffic, which means if their employees are actively being targeted, they won’t notice, they’re losing their ability to ensure emails with protected information are encrypted, they’re losing the ability to send emails as members of their company (in fact, MY company has been flagging anything “official business” y that comes in from gmail or yahoo as malicious for two years now because it looks like scammers doing reconaissance, and we can’t be the only ones doing this) and they’re losing their ability to ensure only approved users can access certain data.

      1. Anon for this*

        Ahhhh and without a standard email domain how are they supposed to monitor breach lists to ensure employees who appear on them get educated to prepare them?

      2. Anon for this*

        And if, by some miracle, their customers all accept this change… what if someone DOES get compromised? It’s a lot easier to read “@random florida” and call random florida business’s support line to say hey, this account’s sending us phishing emails, than it is to do this for random gmail accounts, to the point that while if businesses send us phishing emails we notify them, but we don’t do any such notification for the gmail accounts, as the assumption is they’re one off throwaway accounts create for phishing. This is really shooting themselves in the foot.

      3. Worldwalker*

        I read this to someone who works at a secure site. He was astounded. This is the sort of thing that is covered in the security training with consequences “up to and including termination”. I asked what would happen if someone there actually set up a gmail account for official business. He said that some very grim-looking individuals would show up in their office almost immediately, and it would go downhill from there. Site security has no sense of humor.

    11. Cat Tree*

      It’s also an issue of records retention. I work in a different but highly regulated field, and any communication with certain types of info has to be kept for certain time periods. At my company, our emails get backed up somewhere by the company.

      In OP’s case, the email could be gone forever and the company would be in big trouble. And if OP keeps all emails but leaves the company, I guess the company would need to subpoena their email if they need to see it. That seems like a bigger hassle than just continuing to use the existing work email.

      1. I'm just here for the cats*

        Yup, work with FERPA and HIPPA and we must keep all communications. So even if something is deleted from your mailbox it’s still accessible if there was ann audit or something.

    12. WantonSeedStitch*

      ARGH. This exactly. I also work in a capacity where I have to deal with protected information, and the idea of using our personal e-mail to send work e-mails would absolutely make my ED’s head explode.

    13. Phony Genius*

      If the LW quits, not only how does the company cut them off from the information, but how do they access the information if the LW decides not to allow them access?

      1. Momma Bear*

        Good point. Most companies have an offboarding procedure that cuts people off from network access/email/etc. If a contractor creates and maintains their own account, the company has no control over it in the event of a problem or end of contract. Not to be morbid, but sometimes people die. Then what happens to that data?

      2. Worldwalker*

        The level of risk for the company here is mind-boggling.

        Think of the number of news stories you’ve read about some recently-fired or about-to-be-fired employee going postal and gunning down bosses, co-workers, that dude in shipping he never liked, the occasional random customer, etc., usually before killing himself. What happens when someone is that angry, but doesn’t have to shoot anyone — they just have to post all those emails on Facebook? Or on a blog? Or mail them off to the company’s competitors? Or anyone else who shouldn’t see them? Or all of the above?

        There’s a good reason why, when someone is about to be fired, one of the first things the company does (likely while they’re in that final meeting with their manager/HR), is to lock them out of their company email. The amount of damage a disgruntled employee could cause, now or later, is enormous.

        And this company is *deliberately making that impossible*. While apparently doing this that are likely to cause disgruntlement. (not wanting to actually write down promises about benefits? Yeah, I’m sure employees will meekly roll over and take it when they’re told they won’t get what was promised … not)

        OP, get out now. IMO, it doesn’t matter if you have to stock shelves at Walmart to pay the rent — better that than to be associated with this company when the inevitably crash and burn in spectacular fashion, probably in court. Because that’s where this is going to end up, and you *don’t* want to be part of it when it does. This company isn’t just going to destroy themselves — they are actively trying to take their employees along with them.

    14. Anne Elliot*

      If HIPAA applies to the work LW4 does (which is not clear from the letter), then they need to be looking not just at HIPAA itself, but also at HITECH. Federal requirements under HITECH mandate that protected health information (PHI) that is sent electronically by covered entities, business associates, software developers and/or vendors, must be encrypted. Period.

      If HIPAA/HITECH do not apply, there is still a high chance that state law in the LW’s jurisdiction provides some level of privacy of PHI, which reasonably may include expecting holders of PHI to hold and transmit it responsibly. Plus, even where HIPAA does not technically apply, it is still often considered the business standard for PHI management.

      So this is a super-bad idea, and quite possibly illegal. Your company is charging in the direction of MORE liability exposure, not less, and this is leaving aside other concerns that have been raised, including data management once people leave, and various requirements for records retention.

      I am a lawyer, but I am not your lawyer and this is not legal advice.

      1. LW4 (He/Him)*

        HIPAA definitely applies to my situation (I thought I made it clear in the letter, but maybe it’s not).

    15. Frenchie Too*

      Companies keep looking for ways to reap benefits with minimal investment.
      If you must, get a new email address and call it “”

    16. calonkat*

      As a consumer, I’d never correspond with my health information to a personal email, and I’m going to call my mother now and remind her never to do this. And she’s had home health services multiple times!

      So if you have your own domain you can usually have emails such as Position@domain or fnamelname@domain. If you’re using google, it’s going to be OTJudy783926@gmail. And are they going to have rules about what sort of names? upschittscreek@gmail might be available, but are they ok with that??

      If they don’t want to use email, they should just say that, not make it look like they are too incompetent or cheap to have their own emails (I have my own personal webpage, I’m on the too incompetent end of having my own email).

    17. Damn it, Hardison!*

      Late to the comments on this, but it may be that using personal email accounts will violate the terms of the contract with the client and/or information security policies of the client company that the contractor is working with. Both would be the case at my organization.

      1. Observer*

        If their contracts mean that they are covered by either FERPA or HIPAA, which apparently they are, then there is no way this doesn’t breach their contract.

    18. Abogado Avocado*

      I agree.

      Get thee to thy legal department ASAP! Put your concerns in writing because, if management goes through with this scheme and the unsanitary material hits the HIPAA and FERPA fan, YOU want to be in the position of saying, “I alerted management to this issue and was shut down.” Further, if management goes forward with this plan, do your best to explore encrypted email services and ask your employer to reimburse the cost to you.
      Again, should this scheme attract the attention of state or federal regulators, you want to be in a position of having tried to do your best to protect the protected health information.

      Overall, your new management appears to be trying to shift liability for HIPAA breaches — which in some cases can involve criminal liability — from the company to individual staff. (Methinks there’s an MBA in here somewhere who believes this is a money-saving step.) This is the sort of sharp practice that you do not want to be associated with. Thus, it also is a sign you want to be looking for another job ASAP. This new management is not composed of good people. Good managers do not try to shift legal liability from the company to individual staff.

      1. JustaTech*

        I shudder to think of what an audit of this company would look like if they make this change.

        A friendly, not for-cause audit feels like being put through the wringer. A for-cause audit where they find a violation like this? Somewhere between a steamroller and the Spanish Inquisition.

    19. So they all rolled over and one fell out*

      I actually would flatly refuse to do it. No company email, no work-related emails.

    20. Krabby*

      Yeah, at my work we fired someone last year who was communicating with clients over his personal email. That was the only thing he did wrong and he did NOT get a warning. It escalated immediately to termination. We do house highly confidential data, but his team didn’t even work with it. I can’t imagine if what we handled was something legally protected by HIPA or GDPR or something.

    21. tamarack and fireweed*

      Yup – the more I read it the more my hair rises.

      It’s not “just” confidentiality – which is huge in itself. If LW4 works indirectly or directly for a US state, there are likely to be legal document retention and access requirements that simply cannot be met if every employee manages their email privately. They apply even to internal services or parks and recreation or whatever.

      I mean, if this state administration is really crappy at IT security I could imagine that for the purely security aspect (phishing, protecting their computing infrastructure from say ransomware attacks or access by unauthorized people) Google is better able to handle security, but that’s why Google mail/apps (or Outlook etc) is available for a fee for organizations! (Public bodies, including universities, are a bit notorious for not knowing how to manage IT organizations, but this takes the cake.)

      1. tamarack and fireweed*

        Mean to add: I work for a public university and we were recently required to *remove* all auto-forwarders from our org email accounts so that we *can’t* manage our institutional email from our private accounts!

    22. Aghast Observer*

      This terrible idea increases the company’s security risk exponentially. If an employee’s account is compromised, they won’t have any way of detecting that in a timely manner and won’t be able to do any kind of remediation. They will have no access to the account if an employee leaves, but the former employee will. They will have zero administrative/security control over who accesses the account, how it’s used, whether an adequate password is being used, if MFA is enabled, and so on. As a network security engineer, this is the least secure idea I’ve ever heard, but I guarantee social engineers, scammers, and insider threats will love it.

    23. TardyTardis*

      Noooo….(I was in the Air Force, imagining my CO turning many, many different rainbow colors at the very thought).

  2. talos*

    LW1: My company is doing $1000 for work-from-home supplies (not the computer since that’s provided, but desks, chairs, external monitors, routers, etc). This came in conjunction with them committing to hybrid work (3 days from home) for most of the workforce permanently if we want it.

    1. talos*

      I should note: this is available to everyone, even if they work in person (this is necessary for some employees). Not sure how much use they’ll get out of it, but it is still available to them. They’re not really auditing for how it would be used, so I imagine you could buy something for personal use/very occasional WFH days and they would still approve it. Receipts are required, but they don’t seem to be being that strict about it.

      No vaccine incentive, sadly (we’re multinational enough that most of our workforce probably doesn’t have access anyway).

    2. The Other Dawn*

      We’ve been given the choice of hybrid or full-time in-office. Those who choose hybrid are expected to pay for anything they’d need other than the work computer, as the company isn’t willing to pay for two setups. As far as office supplies, my department went fully paperless as a result of the pandemic so we don’t even need stuff like that anymore, which still seems strange. On the days when I’m in the office I find myself gravitating to my paper notebook.

    3. SweetTooth*

      My company is doing the same as LW1 – like uncannily the same, from the previously $200 bumped up to $500 and extra $1000 for supplies. It absolutely seems like a way to say, hey, we all know that we should be vaccinated, and if you were hesitating, hopefully additional incentives will help persuade you. Also, we know you can WFH, and we are going to let you do so sometimes, but if you need new work pants or an actual desk chair, then you are set and really can’t complain too much.

  3. Dusk*

    Re: #2 I’ve definitely put my hair up and down at work, including in meetings before. I agree with Alison, as long as it’s quick and you’re not drawing attention to yourself with big dramatic hair shakes, people may not even notice. If you’re more concerned, you could do it during a bathroom break which can also give you an opportunity to check your hair in a mirror.

    1. Quoth the Raven*

      I’ve done the same (I have lots of curly hair that is always below my shoulders, at its shortest). As long as you’re not doing an elaborate hairdo or shaking your hair around or brushing it, it isn’t a big deal.

      1. Amaranth*

        Also, it helps to continue to look attentively towards whoever is presenting. If even OP’s focus isn’t on The Hair, and she is just being matter-of-fact, then it more easily fades into the background.

      2. High Score!*

        Even if you ARE being elaborate, enjoy! I’ve seen soooo many men adjust their man parts in meetings, walking down the hall, wherever… without blinking and no one notices THAT.

        1. Not Rapunzel*

          This. I’m a woman and I’ve had long hair all my life, and I’ve always adjusted my hair in professional settings without a second thought. I guess I’ve been blissfully ignorant that some of us worry about adjusting hair. This letter made me feel sad that women’s bodies are so policed and sexualized that some of us can’t do something as minor as letting hair down/putting hair up without worrying how we might be viewed. It’s such an unjust burden of internalized misogyny that no one should be made to bear.

          1. JB*

            Honestly. It’s very odd to me how many people (including Alison!) are saying ‘don’t shake out your hair or run your fingers through it’.

            I don’t have long hair myself, but I’ve seen numerous colleagues with long hair take it down during meetings. They often do run their fingers through it. I’ve never thought ‘wow, that’s attention-grab-y’ or ‘that’s distracting’. I don’t think about it at all in the moment, and my standing assumption was that that’s necessary to either get their hair into order or to ease whatever discomfort led to them taking the hair tie out.

            1. Jess*

              I agree. There’s a difference between shaking out your hair or running fingers through it in a way like you’re playing with it or trying to draw attention (inappropriate), or the perfectly normal low-key resettling or neatening your hair, eg if you’ve just taken it down, it’s caught on your collar, you’ve just taken off a jacket or sweater.

          2. Ann Non*

            I understand this perspective but depending on what the seating arrangement is, someone may get smacked by someone else’s hair. I once had a (male) desk neighbour who would ruffle his hair when he was “thinking hard” and his hair would fly everywhere – in my coffee cup, on my keyboard, on my papers,… It was disgusting. No one should get a colleague’s hair in their personal space!

            1. allathian*

              This should really be the only issue. I’ve had fairly short hair all my professional life. Now it’s down to my mid back when it’s down. I’ve readjusted my hair in plenty of online meetings during this year, with the camera on, and nobody’s reacted to it in any way. If and when we go back to in-person meetings, I’m going to have to be a bit more careful so that other people don’t get my hair in their space or on their stuff, because yeah, that’s gross. Luckily our desks have enough space between them that adjusting my hair when I’m sitting at mine won’t affect anyone else. I and my coworker sit in one office, back to back, with a 5 ft cubicle wall between us.

    2. Glitsy Gus*

      Same. I also have lots of hair that gets uncomfortable and moving the ol’ ponytail around to different parts of my scalp helps keep the headaches at bay. I will try to do it at the beginning or end of a meeting if possible, but if it’s gotta be done, it’s gotta be done. Just be as efficient as you can and don’t make it a production. Oh, and if you’re like me and end up with a few shed strands just from re-doing the ponytail? don’t drop your hair on the table or floor or anything like that. Hang on to it and get it in the trash. LOL

      Most women in my office do something similar at one point or another during the day, so I wouldn’t overthink it too much.

      1. The Starsong Princess*

        You are my people! I have incredibly thick, coarse hair. Everyone in my family has a lot of hair but I (and my niece) got a double dose. When it was long, the two braids were each thicker than my wrist. I eventually had to cut it because of the headaches.

        I finally found a hairdresser who could handle it. Anyway, if LW is concerned about shedding, shorter works better because at least the hairs are smaller. I wear mine in a chin length very layered bob which is very undercut. I also recommend using spray wax to minimize the shedding and help it hold its shape. That stuff is the best!

    3. Keymaster of Gozer*

      I got really thick, really frizzy, hip length hair and I think I’ve taken it in/out of ponytails/messy buns etc. at work so many times. It’s been no more distracting, I think, than my boss’ habit of spinning a pen round her fingers during meetings.

      1. JustaTech*

        Me putting up or taking down my mid-back wavy hair can’t help but be less distracting than when the boss’ fountain pen exploded in a meeting from him fiddling with it.

          1. JustaTech*

            Sadly no, because the rest of us were trying to pay attention to the meeting rather than watch the boss use his fountain pen as a fidget-spinner.

            At least he was new enough to fountain pens that he hadn’t discovered indelible ink yet.

    4. Snow Globe*

      OP mentions the problem of shedding. I wouldn’t be distracted by someone taking down or putting up their hair, but if taking down the hair results in long stray hairs flying everywhere and landing on the conference table, that would distract me. I don’t know what the solution is, but that is something to be mindful of .

    5. lilsheba*

      I’m not even sure why this is a question at all, if your head is hurting and you need to let down your hair, just do it. Comfort is more important.

    6. I've Escaped Cubicle Land*

      I’ve found having the no pull/no break pony tail holders helps. Some brands pull more than others. Also don’t pull your hair up so tight. I tend to favor 2 braids or 1 braid down the back or off to the side. The kids call this the Anna, the Elsa, and the Katniss. Looser braids don’t pull quite as much. When I do a pony tail its at the base of my neck. top of my head ones hurt by the end of the day. I can do a bun as long as I get the hair pins just right but it hits my car sear wrong and drives me insane on longer drives. Hope this helps.

    7. HannahS*

      I agree. I’d also consider who’s in the meeting. If it’s with people whom I don’t know well, I make more of an effort to not adjust my clothes or hair. If it’s my regular team? We’re generally half-asleep, slurping coffee, and fidgeting.

    8. CollegeSupervisor*

      I just have to point out how hilarious Alison’s wording about “suddenly being accompanied by a dramatic wind” was. I definitely cracked up.

  4. Martha Marcy May Marlene*

    I don’t understand why OP #2 can’t just let down her hair before the meeting begins. If it sheds whenever it is down it is going to shed anyways so why does it have to be up or pulled back at the start, only to be let down later.

    1. Not Australian*

      Because it gets uncomfortable after half an hour, and the meetings are clearly longer than half an hour.

      “My issue is that the weight of said hair on my scalp becomes unbearable after about 30 minutes no matter whether it is down, pulled back, braided, and so on. There is no comfortable position for my hair.”

      1. Keymaster of Gozer*

        So feel for the OP: I have exactly the same issue that no matter what I do the sheer weight of hair is uncomfortable and frankly it likes to escape from any position. Just pulling out a hair band and letting the whole mass down or quickly scraping it back is just like my boss spinning her pen for a few seconds- unremarkable.

        I’d not worry.

      2. Disco Janet*

        I’m wondering if OP should get a second opinion to make sure she doesn’t have a scalp condition or something. I also have a lot of hair, but the idea of it hurting me when I’m wearing it down confuses me. When it’s pulled up, sure, the tension can get annoying. But wearing your hair down shouldn’t be painful and require adjusting it every 30 minutes to stop the pain. I realize everyone is different, but maybe try seeing a specialist like a dermatologist or trichologist to make sure there isn’t anything else going on.

        1. Momma Bear*

          I have a cousin with healthy but incredibly thick hair. I think it’s probably just the weight.

          For OP, what about having it up in a clip or something easy and then once switching it? I’ve seen Director-level people quietly adjust a clip without a fuss. I wouldn’t make a big deal of shaking it out but you should certainly be able to put it up in a clip or pull it back into a low ponytail without much fanfare. Or, wait as long as you can and take a quiet break/step out to potentially use the restroom, etc. I think up/down is fine and where I’d draw the line personally (as someone who has long hair, too) is anything that resembles grooming. So no brushes, for example.

        2. Kal*

          My hair is just really thick, and having it down can cause pain from the weight of it. It generally takes longer to hurt that way than it does in a ponytail or bun where the weight is more concentrated, but it can just be a pain no matter what.

          I’ve mostly just found that keeping a limit on the length and doing some significant layering and thinning of the hair keeps it mostly at bay. But some days my scalp is just more sensitive so it still hurts anyway.

    2. Ask a Manager* Post author

      Because she prefers to have it up, and she probably prefers not to be thinking about her hair as much as would be required to take it down before every meeting.

    3. Tiger Snake*

      I would really recommend this to the LW, beyond Alison’s originally advice. There’s an optics component there that I think got overlooked:

      If you let your hair down in a meeting, it does look like you started playing with your hair. That makes it look like you’re not paying attention.

      Having the hair down before the meeting starts just eliminate the perception entirely.

      1. Quoth the Raven*

        I dunno. I admit I’m biased because I’ve put my hair up and down during meetings, I’ve never perceived anyone who quickly arranges their hair as not paying attention anymore than someone who is scratching their arm or taking off their jacket, if I notice at all. They’re just doing something to make themselves more comfortable and it literally takes seconds, unless they’re making a production out of it.

        1. Forrest*

          yes, for me it registers about as much as someone rolling their sleeves up or removing their jacket. We have bodies! Bodies occasionally need stuff!

          1. Keymaster of Gozer*

            Excellent analogy! It’s not really different than a quick adjust to clothing or glasses.

          2. Liz*

            Yup, clothing gets too hot sometimes but we wouldn’t expect sometime to sit sweltering just because they started the meeting in a jacket. Hair is just another body part that can cause discomfort. As others have said though, it could be some of the associations and connotations of “playing with one’s hair” are making the LW uneasy about treating it as such.

            1. Forrest*

              Actually I think there are some places where you would sit in a swelter in a jacket! There are some places where it just wouldn’t be appropriate to remove a jacket or roll your sleeves up– sitting on a stage area in front of an audience; in court; maybe some client meetings in formal environments. Those are the places where I think I would also resist putting my hair up or down even at the cost of some discomfort. But anywhere where that is OK, I think brief hair-re-adjustment comes under the same heading.

              1. lilsheba*

                Actually if I am sweltering, I’m taking off the jacket, I don’t care where I’m at. My comfort (and not getting sick from the heat) is more important than appearances.

                1. JB (not in Houston)*

                  Well, sure, you can do whatever you want whenever you want to–we all can–and I don’t think Forrest is saying any different. It’s always your choice to decide to peel off layers or do your hair or whatever else you want at any time. But relevant to the OP, Forrest is just saying that while generally you should be able to take off a jacket or put your hair up or down in a work meeting, there are places or circumstances where there could be professional consequences for it, or you might be seen as not paying attention/not taking things seriously, whether that’s fair or not.

          3. High Score!*

            Exactly! No one notices when men adjust their crotches anywhere and everywhere and that should be done in the restroom.

            1. Artemesia*

              I spent 50 years in the workplace and rarely saw men publicly adjust their crotches — when they did it was gross and I noticed. Do most men really do this in public?

              1. High Score!*

                Yes. TBF I work in engineering. For the past 30+ years. After awhile, men forget I’m a female, I guess? But yes, I see it all the time. Or rather I make an effort to not see it but unfortunately I have peripheral vision. Yuk.

        2. Falling Diphthong*

          I think gut reactions to this one may reflect whether “rearranging my heavy hair so I don’t get a headache” is what people think of when they see someone adjust their hair. People who have short hair, or very fine hair, or no hair, might not go straight to “discomfort” for someone rearranging their hair because “my hair is uncomfortable” is outside their experience.

          I think there are ways to shift your hair that read as “shifting the tails of my jacket” and if OP hits them this shouldn’t be a big deal. OP is right about this being something that can read as a seductive move, or a bored-kid-in-class move, so the details will matter. (Obviously, don’t do this in front of a fan.)

          1. Liz*

            I am a natural born fidgetter. Adjusting my hair is one of the many things I’ll do without thinking just to help with comfort and focus. If I try and sit still and look like I’m paying attention, my brain will slowly be taken over by thoughts about I need to sit still, or I zone out and stare at a wall in order to quiet my mind. The working world is a lot easier to deal with if people are just allowed to do what their bodies and brains need to do in order to exist in it.

            1. Allypopx*

              Yes! I am not really self conscious about my normal fidgeting during a meeting lol

              On the flip side if I’m not fidgeting I feel like I’m so focused on not fidgeting that I look super serious or zoned out. I think fidgeting is very natural and can actually show more engagement, depending on the person.

          2. cassielfsw*

            As someone with fine hair, I definitely put my hair up/take it down for comfort reasons. I wouldn’t think twice about somebody doing that during a meeting unless they were making some kind of big production out of it.

        3. Book Badger, Attorney-at-Claw*

          I’m one of the few people in my office with very long hair (about average thickness, but down to my waist and very slippery) and I mostly keep it in a bun, but sometimes I can feel the pins or hair stick or whatever I’m using slip out and I need to rearrange it. I just do it without looking embarrassed and with the same matter-of-factness as shifting my posture or scratching my nose. The only time I’m reluctant to do so is if having my hands up would be a bother to other people: blocking someone behind me from seeing something ahead, or being somewhere like the theater or church where any movement is distracting.

      2. nona*

        No – letting your hair down in a meeting does not look like not paying attention. It’s like shifting in your chair to get more comfortable, or because you’ve been on your tailbone too long.

        Someone with long/heavy hair is so used to putting it up or down that they automatically bring the tools (hair binder/clip with them) and can do it without thinking about it. You can tell when someone isn’t paying attention and taking your hair down (or putting it in a bun/ponytail) is not one of them.

        Shoot – people accustomed to doing this to their hair will do it while answering an on topic question.

        OP – this is so common that as long as you don’t make a production of it, I doubt anyone will notice.

        *signed a person who has a hair tie on their wrist 24/7

      3. Observer*

        If you let your hair down in a meeting, it does look like you started playing with your hair. That makes it look like you’re not paying attention.

        Not if it’s just a quick action. So, I’d say that keeping the hairstyle simple is a good idea – it’s easier and quicker to just pull out a holder or single clip than a bunch of bobby pins. But beyond that, no.

      4. Wisteria*

        I am with you. I have a ton of hair as well, and I am currently wearing it long. When one has very thick hair, neither taking it down nor putting it back up takes just a couple seconds. It takes less than one minute, but much longer than shifting one’s jacket.

        Kudos to all the people who perceive letting hair down and putting it back up as no big deal! It is not a big deal, nor is twirling it or fidgeting with it. However, there are many other people who perceive playing with hair as very different from fidgeting with a pen or rolling up one’s sleeves. In fact, touching hair for women was specifically called out as a no-no in a seminar about body language that I recently attended. The reality is that long hair and touching hair is very gendered, and that plays into why arranging or fidgeting with one’s hair is widely (tho’ not universally, obviously) perceived differently from other adjusting or fidgeting behaviors.

        If long hair is down at the beginning of the meeting, relieving the weight can be a quick scalp rub that does not require shaking the hair out of its bun/braid/whatever. Yes, LW does prefer her hair pulled back. I recognize that she would rather not wear it down in a meeting. I prefer to wear pyjamas, but in order to accommodate other people’s perceptions of me, I wear trousers when at work and save the pyjamas for home. Sometimes, you have to compromise your preference to meet expectations and control your image. LW can pull her back when she gets out of the meeting.

      5. JB*

        What an alien perspective. I’ve never in my life assumed that someone took down their hair to play with it to entertain themselves. It’s not like she’s going to then start braiding cute sparkly beads into it or something.

    4. Styles*

      Another thick, curly haired gal here and if I tried to take my hair down in a meeting, it would look horrible. I can’t simply remove the band and it falls beautifully. It needs somewhat shaken out or rearranged- something that would probably be majorly distracting. I also couldn’t easily put it up from being down either. I would have to flip my head over. I can’t imagine having such thick hair yet it being easily taken up or down. If I know I am going to be in a long meeting I would never wear my hair up because I know it would be too painful.

      1. allathian*

        I have thick hair, but it’s reasonably straight, so it takes me about 10 seconds to redo a ponytail. I can do it without thinking now, so I can also do it while I focus on a meeting.

  5. Hair IS heavy!*

    Omg another person with heavy hair! I have resorted to pixie cuts a number of times but I like my hair and like to have it shoulder length. But it weighs a ton and people have no idea…I have never my life been able to use a standard hair elastic because my hair is so thick I can’t double them without them snapping.

    I have found that I can wear (fine) French braids the longest. I also bought several nice metal hair slides at a RenFest 30+ yrs ago that are AWESOME for being able to both distribute the weight and discretely take in & out while looking more professional than a scruchy (which I own by the zillion). These days there are a ton of stores that sell them on etsy.

    Maybe because I have spent most of my career in federal govt in land management agencies & most people start in field work where comfort & practicality are highly valued but I’ve never had that my hair goes up & down all the time even register with most people. (I’ve asked in the past because I was self conscious about it in my younger years.)

      1. New Job So Much Better*

        Many women put their hair up during a meeting, especially when it’s hot. That seems much more normal and routine than taking it down during the meeting. Funny how that perception works.

      2. paxfelis*

        Even when it’s fine hair, it’s definitely hot. And aside from hurting, even well-restrained hair can (and does, gleefully and with malice aforethought) misbehave. Mine tries to eat my stethoscope, gets between my glasses and my face, and gradually works its way out of my braid over the course of a day.

        In the OP’s place, I’d be tempted to start putting my hair up with something I could say kept coming loose so I’d have a publicly-acceptable excuse to mess with it. Nobody expects a bun held in place by a pen to be secure all day long.

    1. WS*

      I had long, heavy hair like this (until I got hypothyroid and lost a lot of it, it’s pretty much on the thick side of average now) and I know exactly what the LW means by the shedding! I would give it a good brush every morning and by 10am there’d be shed hairs all over the place. When I was actually losing my hair, my doctor didn’t believe it because my hair still looked thick, but I ran my fingers through it and took out a big handful and then he believed it.

      I agree that distributing the hair weight is a great way to go, but even so, putting it up and down never attracted any attention in my case. It was just a minor thing I happened to be doing in the background.

    2. Pennyworth*

      I can’t imagine having to live with hair so heavy it hurts my head. I didn’t even know that was a thing until just now. Is it possible to have it professionally thinned out so it still looks great but doesn’t weigh so much? I’d like to think a good stylist could find a solution.
      I wouldn’t worry about letting it briefly during a meeting. Someone who is just playing with their hair is obviously not just doing a quick adjustment.

      1. Keymaster of Gozer*

        Very heavy and very long hair here (I shut it in the car door the other day) – thinning, on the few times I tried it, didn’t make much difference in terms of the weight and this is purely a sample size of one but it made my frizzy issues worse. My MIL once suggested that I get it cut short

      2. Bagpuss*

        You can get it thinned but it you have really thick hair even when it’s been thinned it’s still very heavy.

        I’m another in the same boat – my hair is very thick and also quite coarse (so I have enormous quantities of the stuff and each individual hair is also thick!)

        I always get it thinned, and while in my case that does help the shape, it is still thick enough that if it’s anything more than a jaw-length bob it it uncomfortably heavy if I put it up.

        Every time I go to the hairdresser I tell them when I book that I’ll need a longer than average appointment as my hair is so thick and takes a long time to cut, and to dry. They never believe me and then I arrive and get comments “Wow, your hair is so thick!!”

        I tend to have it in a bob about to my jawline, but of course given the current situation getting it cut hasn’t been possible so it’s currently almost hip-length, and hasn’t been thinned. I’m not yet comfortable at the thought of the physical proximity and length of time needed for a hair cut (especially as I hate the process of getting it cut, t the best of times) so will be sticking with my plait for now.

        1. Keymaster of Gozer*

          ‘Bet this kills vacuum cleaners’ my hairdresser said at my last haircut (2 years ago). She’s not wrong, my hair is very thick and over 2 foot long – I know our office cleaners have made comment about it getting wrapped around things but there’s not much I can do about it.

          1. allathian*

            My hair’s thick, but about half the length of yours. When I wore a buzz cut, it’d get to 2 inches before its weight bent it down in spite of styling foam.

            I’m in Finland and most people here have fine hair, so finding a hairdresser who knows what to do with it can be tough. The best one I’ve ever had was when I was an intern in Spain. I had a short pixie cut then because of the heat and she used a cutthroat razor to cut it.

        2. Red Reader the Adulting Fairy*

          I literally have never had a salon appointment that involved a shampoo and blow dry that didn’t result in a second (or more) stylist coming over with their own blow dryer and round brush to help. (And once when I got a full head of cornrows there were five of them working on me.)

          And I … still think it would be weird to be futzing with one’s hair in meetings and such, especially as often as every 30 minutes, and especially if every time one leaves handsful of shed hairs in one’s wake. I wouldn’t say anything, but internally it would really gross me out.

        3. londonedit*

          Yeah, I can’t have my hair thinned because it just makes it go frizzy. Source: my life until the age of about 25 when I finally found a hairdresser who understood how my hair works. I have a TON of hair, but it’s very fine, so if you try thinning it out it just goes *poof* into a ball of fluff. My current hairdresser and I have hit on the solution to the problem – an ear-length 1920s sort of bob with an undercut. The undercut has been revolutionary because it makes it look like I have the hair of a normal person, when in fact half of it has been shaved off! The other option is to grow it so long that it starts to weigh itself down, but then it’s massive and hot and it annoys me so I end up wearing it in a bun every day, which gives me a headache.

          1. Ella*

            It was pretty crushing for me, when I last went to a new hairdresser and said “yeah sorry, I have thick hair, it’s a bit of a nightmare” to be told, “no, your hair is really thin, you just have loads of it”.

            1. Blarghle Blarghle*

              Ah you have very *fine* hair, not thin hair! Mine’s the same – very thick (lots of strands) but very fine (very tiny strands).

              1. londonedit*

                Exactly this – for me, it was a revelation when I found a hairdresser who finally worked it out! Before then, I’d just been told I had ‘thick hair’ and all that could be done was endless layering/thinning/razoring, which just made it look worse. When a hairdresser finally told me I had fine hair but tons of it, suddenly my hair and its behaviour made total sense. And they knew how to work with it.

              2. Tau*

                Same here. I wear a pixie cut because I have not been able to find any sort of longer cut that looks OK and doesn’t end up giving me a headache. (Also, since it’s very straight and very fine hair clips, scrunchies etc. really don’t hold particularly well.) Even with the pixie it feels like I spend half my time at the hairdresser’s going “no, can you please thin it out more?”

                Also, shout-out to that time I needed an EEG and the nurse/technician struggled to find actual scalp.

                1. TardyTardis*

                  I have mixed hair types which all love to tangle like mad at the back of my neck whenever it gets long enough. Lockdown was not fun. It’s finally short again, and I think I’ll keep it that way.

                2. allathian*

                  Hear you on the EEG. Even when my hair is short, you can’t see my scalp at all except in the parting.

        4. Tisiphone*

          Very thick, very long (3′ or so) hair here, too. I haven’t had my hair cut for over two decades and it’s actually gotten thicker. I hate when other people touch my hair – too much of “You’ve got SUCH BEAUTIFUL long hair, you should get that cut” throughout my childhood and salon stylists salivating over getting to cut my hair. I’d ask for a trim, they’d gleefully lop off six inches to a foot. Apparently it’s fun to take the scissors and go to town on someone else’s hair.

          OP, be comfortable! I’ve not had hair-related headaches, but my neck occasionally needs a few quickie neck rolls for relief and it’s never been anything I’ve given much thought to.

          1. Keymaster of Gozer*

            Got a severe spinal injury (upper spine) and really long thick hair and a tendency to get migraines so just realised I probably *do* fidget a lot in meetings because I’m trying to work out if the pain will be reduced by a) undoing my hair b) being away from bright light c) sitting up straight d) adjusting my chair or e) some non euclidian combination.

          2. JustaTech*

            What is it with people just wanting to lop off long hair? Or not understanding “no, please no layers, I need to be able to pull it back”?

            I had a coworker who insisted that I needed “face framing layers” and then kept sending me pictures of these women who’d obviously just spent an hour in the chair having very specific curls put in – the kind that look great as long as you don’t move and there’s no wind and it’s not humid.

            I was delighted to find a new hair person who 1) listened about how much dye I would need rather than getting mad about it and 2) was totally fine when I said “I just want a trim, I like it long and I always pull it back”.

        5. Lora*

          Yeah, this was my hair pre-menopause / second round of cancer treatments. Now it’s more like normal people thickness, but for decades it was difficult: super thick, and if it was shorter than say bra strap length it was a big frizzy mass of cowlicks that resisted any and all efforts to tame it. Half curly, half wavy, all of it weirdly cowlick-y right up on my scalp where a straightening iron didn’t do a damn thing. It defied dozens of stylists until finally one extremely frustrated one, after about two and a half hours of blow-drying, brushing, hot-rolling, moussing, gelling etc finally conceded that perhaps I should just keep it in rollers whenever I wasn’t at school/work because there was absolutely no way to get it to look like anything other than a giant bed-head sticking-out mess for more than a few minutes. Buns are fine for a couple of days but result in broken pieces around the rubber band or on the back of my neck, creating yet another frizz / chronically disheveled issue.

          Solution: grow it long and then do Yulia Tymoshenko braids. Slick down a middle or side part with a bit of gel or leave-in conditioner, and make either one long Dutch braid or two side ones, then wrap the braids around and pin them in place to distribute the weight around my head. The part where it is Dutch braided acts as a sort of anchor to pin into securely. Another option, if you watch Morgan Donner on YouTube, is to sew them into place with either decorative ribbon or pick a piece of thin cord that is the same color as your hair and use a tapestry needle to sew them in place.

          1. JJax*

            +1 for the Morgan Donner reference! Whenever I think of huge, heavy hair, I think of hers. Her hairstyles and care are amazing, as is everything else she does.

          2. EvieK*

            All hail Morgan Donner! I am in the way too many individually fine hairs camp. That ribbon braid is a miracle. It should not stay up but it does and feels weightless and gives no headaches or follicle aches. I get people trying to figure out how it’s up there if I use thin dark ribbon and just huge smiles when I use the fat rainbow ribbon. But it’s so comfy that as long as people aren’t throwing eggs at me, I’m doing it! It has spurred me to watch way too many YouTube hair videos, most of which don’t work ot hurt but hers is perfect.

            1. JustaTech*

              All hail!
              Mine is still not quite long enough for the ribbon thing, so now I’m doing French pigtails and then bringing the free end back up and sort of making a headband with them. And spiral pins are the *best* – they stay put like nobody’s business, you don’t need nearly so many, and they don’t seem to tug or dig like traditional hairpins or bobby pins.

              The whole “sewing hair in place” thing is also weirdly an ancient Roman thing – there’s a YouTube channel that goes into a lot of those styles, but most of them require two people.

            2. Lora*

              Yes! I have mouse-brown hair so wasn’t too hard to find a spool of heavy thread / thin ribbon-ish stuff that matched my hair closely enough that it is nearly invisible. It’s incredibly comfortable yet gravity-defying.

              My ex, my mother and one particularly annoying boss used to make fun of my braided up-dos, but I pointed out the Prime Minister of Ukraine does her hair the same way, and also has artsy glasses and even Vladimir Putin doesn’t dare give her crap about her style choices.

        6. Kal*

          If you (or anyone reading) just want to cut off some of the pandemic hair so its not so heavy until you’re able to go for a professional cut, an option might be putting it up into a ponytail and then just cutting off a length of it as one big chunk, using the sharpest scissors you have on hand. It won’t look like a professional cut, but it should be more than passable for pandemic hair, and will at least get some of the weight off for the time being. You can always start with cutting only a conservative amount off, and cut more if it goes well and if it comes out bad, just blame the pandemic and let it grow in peace again till you can see the professional.

          I’m largely housebound, so this sort of home cut has been my go-to for years now, and have even had compliments on my hair once I got better at it. Some tips – a higher ponytail will create layers (with the layers more extreme the higher it is/the closer it goes to your forehead) while a ponytail that starts right at the nape of your neck will leave a blunter cut. Sharper scissors are best to leave softer ends that are less prone to damage, but since most of us don’t have properly maintained hair shears at home, it makes sense to leave a margin of extra length so that any damage that develops can be cut off properly by the professional stylist once you can see them.

      3. I'd Rather Be Eating Dumplings*

        My partner has his hair thinned out by the stylist, so it can be done, but I understand that you need to do it very frequently to maintain and it gets expensive, especially for people who wear longer styles.

      4. Hrođvitnir*

        You can, and will most likely, get it thinned when you get a haircut – but that helps (me, at least) for maybe 2 weeks, and no one can afford that. It does feel incredible though.

        My hair is a thicker ponytail in a high undercut than a lot of people’s full head of hair. I like my thick hair, but I don’t like the headaches that a full head of hair brings.

      5. Falling Diphthong*

        *raises hand as someone who thought of hair that heavy as a Borgia thing, not an issue for less than knee length*

        Which is Alison’s blog at its best: This is a thing some people experience? I didn’t know that! I have learned something.

        And its inverse: This is a thing that is quite new to some people reading the blog? I won’t assume that this is obvious to any bystander then.

      6. ecnaseener*

        I mean, LW already shaved half their head and that didn’t solve it. A little bit of thinning isn’t going to make the difference.

        1. Wisteria*

          As a thick hair haver who has also done the undercut — an undercut doesn’t help the weight hanging from the top of your scalp, which is why an undercut doesn’t solve the overall problem. I have also had my hair thinned and layered with a cut, and it does help. I don’t know what you were picturing, but it’s not just “a little bit of thinning.” They can take out a significant volume of hair while leaving the length. But, I didn’t care for the thinning. It made my hair ragged at the ends. So it is a viable option, but LW might not care to pursue it.

    3. I'd Rather Be Eating Dumplings*

      It rarely registers with me. If it does, usually my own thought is: aw, I wish I had thicker hair.

      OP — please make yourself comfortable!

    4. Elspeth McGillicuddy*

      If we’re doing recommendations, may I suggest hair sticks and forks? Though you do need a certain length to width minimum ratio, so OP’s hair may not be long enough since it’s so thick. If you can, a nautilus or disc bun is comfortable, secure, and takes no time to make. I also hear great things about ficcares and claw clips, but I’ve never tried the one and never been able to get the other to work for me-hair is so personal as to what works.

      I also find a French braid into a bun is particularly comfortable.

      1. Mimi*

        My hair is nowhere near that heavy, but a ponytail will give me a headache after several hours, whereas a French braid/double French braids is comfortable all day. My wife could wear a French braid all day when she had hair down to her waist, and each strand of her braid is as thick as my entire braid.

        1. RecoveringSWO*

          I find that having a part is really key to preventing my headaches. French braids or a low pony/bun with a part works for me, while a pony/bun without a part puts too much pressure on my scalp.

        2. Keymaster of Gozer*

          I tend to just shove mine into a low ponytail because I can’t hold my arms up long enough to do anything more complex (disabilities are fun) but even that’ll give me a headache after a while. Giving serious thought to doing like Isabela from Dragon Age and just covering it with a loose scarf.

        3. allathian*

          I can’t do a standard braid on my own hair, although I can braid someone else’s. Keeping my hands up for that long is just too painful.

      2. JustaTech*

        My ponytail is about as big around as my (skinny) wrist, and it’s wavy, and I have great success with claw-clips. I can got from “mostly-down, just pulled away from my face” to a pseudo French Twist in ~15 seconds, and that will stay up firmly for hours.

  6. Jessica*

    LW4 : I have a theory! (it could be bunnies)

    I bet the people who made this decision had just enough information to know that they can “outsource their email to Gmail” and not enough to understand that doing so would actually mean signing up for Gmail business suite or similar.

    Or possibly: they did, and then they decided since “ gmail is gmail” it would be cheaper just to have people sign up for their own , because its all the same place, right?

    Of course the Gmail (or similar) business outsourced email options are totally different – and have the capacity for organizations to still control their email and comply with assorted privacy laws and security clearance requirements, all while still being securely managed by professional mail administrators.

    This is what your agency should be doing if they don’t want to run their own email environment.
    Not telling people to get their own free email accounts for work.

    1. Willis*

      I was also wondering if this was some misunderstanding of Gmail business suite vs regular free Gmail accounts. Security issues aside, I would think a company so unprofessional if everyone there had differently structured email accounts from a variety of free providers. This is just so bizarre.

      1. Teekanne aus Schokolade*

        Right? And there’s no IT recourse when someone gets locked out of their email, and everything is lost.

        1. Keymaster of Gozer*

          Or your gmail account gets hacked, which I’m embarrassed to say has happened to one of mine in the past.

          1. ecnaseener*

            Why are you embarrassed about that? Hacking happens – not your fault, unless you fell for a really blatant phishing scam that you should’ve recognized?

            1. Keymaster of Gozer*

              I’m a paranoid IT professional – having anything of my own hacked is like having my car dinged – I know it’s not my fault per se but it still feels like I could have done better.

            2. Tiger Snake*

              Amongst the more technical-savvy crowd, there’s a sort of perception that hacking happens to Other People. People who don’t understand how computers work and who didn’t plan correctly. The other people that don’t understand the work that IT does and don’t appreciate it. The Not-Them sort of other people.

              What’s actually happening here is a bias in the way correlation is perceived: Most ‘hacks’ are actually rudimentary and exploit something that’s already well-known and has easy preventative fixes for. These kinds of fixes tend to fall into the wheelhouse of IT Support, so anyone that’s tech-savvy is expected to understand how to do those things and be able to protect themselves.
              So if a non-technical person gets hacked, its seen as they were clueless. But if a technical person gets hacked, its seen as they were careless.

              That’s not always true, of course; but it is the feeling that gets carried around.

              (And for comparison: when its the IT Security professional that falls for the email and clicks the malicious link that downloads malware into the organisation, then he’s stuck hearing about it for years. And you can’t escape it, because security is a small industry and everyone in the entire town knows by the end of the next happy hour. No it was not me. It was my then-boss; 8 years ago and he’s still getting ribbing.)

      2. katertot*

        I was wondering this too! I’m betting there may be a misunderstanding and it truly isn’t “each of you go out and get your own personal gmail!” but a gmail business. I’ve never had gmail business suite but I’m wondering if this is what they’re referring to.

      3. Momma Bear*

        I’m almost certain this is part of it, but also since they said any free address, they are not thinking through the implications of all those individual accounts.

    2. Allonge*

      It’s also ridiculous from a low-key logistics perspective in addition to the high level ones: how will everyone know what everybod’s email address even is? How do I know if a random email from is a new staff member or a competitor (hell, how will clients know)? Don’t teams need distribution lists and such? The mind boggles.

    3. Bilateralrope*

      That’s the best case I can see here.

      Though I doubt privacy and data retention laws care about intent

    4. EvilQueenRegina*

      On a day I needed cheering up, the Buffy reference succeeded in doing that, so thanks for that.

    5. Save the Hellbender*

      Bunnies aren’t so cute like everyone supposes! They’ve got them hoppy legs and twitchy little noses!

    6. Beany*

      Yeah, this sounds likely.

      My employer moved from hosting their own mail servers to using a Google GSuite setup (with associated calendaring etc). It’s invisible from the outside world — the e-mail address didn’t change — but actually more convenient for other purposes.

      (I now have at least 6 Google accounts between work and private life, though two of them are GSuite.)

  7. John Smith*

    #4, this is so wrong. How will your clients react to getting Gmail instead of .org or whatever? Are they being advised prior? I know I’d be thinking I’m being contacted by a scammer.

    Your new manager isn’t Boris Johnson is it?

        1. JustaTech*

          Seriously. After an audit every employee will be sent home in a bucket. Senior management will go home in a coffee cup (if they’re not sent to jail; the agencies are grumpy).

    1. Virginia Plain*

      I was going to say something similar, but re prospective new clients or those considering a peer level business relationship of some kind – this is terrible for a business reputation! At best i would assume the company was about to fold as they were cutting services to the bone, and as such best avoided. I’d probably assume the whole thing was a scam though to be honest.

      1. Jinni*

        This! My car insurance broker recently sent an email that he no longer had (insurance company domain) and that I should contact him on hotmail and that was just CAR insurance. I asked for a new broker over that because…well because…

        I can’t imagine emailing a contractor who said they worked for x gov’t agency, then getting a personal gmail? I wouldn’t send anything that way, much less my personal health information.

        1. magc*

          My insurance company required a mini-exam (including a blood draw) as part of a life insurance application. When the email from the person contracted to do the mini-exam arrived, I was blown away, as the gmail address was something like “bloodtaker1234” and there was only a first name in the email “signature”. Turned out the company the insurance company contracted with to handle the health exam contracted the exams out as well. The contractors had their own personal gmail email accounts, incredibly unprofessional email contents / signature, no website or phone for the contracting company, with the final straw being no location so they had to come to your home / office.

          Since I work from home and any work locations were clinic locations where such a contractor would not be allowed and at the time not all of my household was fully vaccinated, I pushed back. Fortunately, my insurance company was just as horrified by the situation and ended up doing a one-off for me to go to a Quest lab location where the mini-exam was handled via Quest’s subsidiary Exam One.

          1. Jinni*

            I had to read this twice. OMG. I guess the LW is not the only one in this situation. But OMG.

  8. LisTF*

    LW1 I think we work for the same company, those are the same amounts my employer is paying. Healthcare company operating in 5 states?
    From what I’ve heard, the motivation is to smooth over any discontent from those who aren’t happy with the recent edict regarding everyone’s telecommuter/return to work status. Since they decided it for you with no ability to change unless for medical reasons, they were hoping pairing that announcement with cash would ease any sting.

  9. Adam*

    Re: #5, It seems like this is industry specific, but I work in software and would be surprised if an employer *didn’t* interview on a rolling basis. Everywhere I’ve worked, you post a job, screen applicants as resumes come in, start interviews when someone looks promising, and take down the job posting once someone is hired. The most you might do is wait to make an offer if someone else you think you like more is partway through the interview process. A lot of that has to do with the fact that good software engineers are rare and often not job hunting for long, so you need to be quick if you want a chance of hiring them.

    1. Erica*

      I actually find this really interesting overall. I grew up and worked in the US and have since moved to Australia. In Australia, unless its an international company (which I will say have mostly been tech related companies in this scenario), it’s common practice to have an application deadline and not invite applicants to interview until after that date. It’s actually quite unusual to do applications on a rolling basis.

      To me, it feels a lot more humane. The deadline means that I know how long I have to prepare my application, and can actually put real time and thought into it, instead of on a rolling basis where I feel like I have to get it in ASAP or else I’ll miss out (and subsequently possibly not have the best application as a result).

      1. Forrest*

        Same in the UK. I interviewed earlier this year for an American tech company which is just expanding in the UK, and they made an offer to someone else whilst I was waiting for my second-level interview and ended the process. Because of reading Ask A Manager, I was fine with it, but the hiring manager was *so* apologetic and embarrassed about it because it’s so unusual in the UK!

        1. UKDancer*

          Definitely, unless it’s something like a supermarket which is always recruiting at the moment (at least my local ones both are) application processes have a firm deadline as a rule in the companies to which I’ve applied.

          When I’ve recruited staff my HR processes are always that you have to interview everyone you’ve decided to shortlist before you can make anyone an offer. So you advertise, consider all the applications, shortlist and then interview and reach a decision. I don’t think it’s a legal requirement that you have to interview everyone but it’s just been the rule everywhere I’ve worked.

        2. Pleeease*

          That’s weird because I work in software in the UK and we do the rolling interview thing all the time – it would not strike me as unusual at all.

          1. Forrest*

            Both me and the person interviewing me come from a public sector background (it’s an software start-up which would work with public sector organisation), so it was very weird for both of us!

          2. General von Klinkerhoffen*

            My spouse does rolling interviews in tech in the UK but the difference is that they’re pretty much always hiring. When a candidate gets all the way through and gets hired, that doesn’t tend to affect candidates earlier in the process.

            1. tamarack and fireweed*

              Yeah, I used to do rolling interviews when I was working in tech in the UK, but again, we were always at least open to hiring. (My team grew from 2-3 people when I started to 9 + a team lead + a manager [me] in 4 years, and we had a pretty specific skills profile we were looking for.)

      2. fhqwhgads*

        I’m in the US and we both put an application deadline and do rolling interviews. Generally the time from first posting to cutoff is pretty short (short in the context of hiring timelines). Usually 3 weeks at most. It makes the scheduling less of a burden on the people involved in the hiring to have it more spread it out by not waiting until after the deadline to start the interviews. But anyone being seriously considered would likely have at least two interviews, if not a third, so it’s very unlikely someone who happened to apply the day before the deadline (but was a strong candidate) would miss out. Worst case, they’d have their first interview within a day or two of someone else’s second, but both would still be considered. If we had pending, already scheduled interviews we wouldn’t make and offer/end the process without finishing those. Although if we were leaning very strongly toward a particular candidate it might mean someone later in the process didn’t get a second, but in that context it’s unlikely to have made a difference anyway.

    2. Smithy*

      I do think it’s always helpful to be upfront on the nature of the “rolling interview” process – even if it’s a case where it’s assumed that’s what’s happening.

      Where I used to work, the interview process generally speaking took about 4-5 interviews including the initial HR screening call. I found it VERY helpful to tell candidates up front that the process was rolling, particularly for those candidates who I interviewed first. Mostly because should they ultimately be successful, the process was likely to be longer and there was only so much expediting the process that would be possible.

    3. BethDH*

      I see a lot of “review of applicants will begin on mm/dd and continue until the position is filled.” Usually the date is 2-4 weeks out from the date the announcement is posted. I think that’s a good compromise.

    4. NotAnotherManager!*

      Same. Unless I was applying to a government entity with a posted application deadline (that often specifically says that consideration will start after the deadline), I would assume rolling consideration. We don’t even have application deadlines posted because our jobs are posted until they are filled.

      Often, I only get two weeks’ notice of a departure, so holding off on interviews until some date in the future means longer without someone in the role. Maybe in places where there are are contractually-obligated longer notice period a delayed process might work better, but I generally need to start seeing candidates as soon as strong ones appear in the application queue.

  10. Emma*

    LW #4 the security thing just baffles me, completely. I wonder if this is just a half-assed cover for the real reason they’re doing this, because it makes no sense! Using personal emails is terrible for information security, gives them zero ability to control who has access to sensitive company communications, makes it impossible for them to protect employees from phishing, malware and scam attempts or to monitor and flag when those things are happening, prevents them from enforcing any kind of good security practise like multi-factor authentication or password length requirements or limiting access by IP address or geolocation… it’s just a mess! It makes no sense!

    1. Emma*

      And another thing! Is your industry one where a leaving employee might try to take clients with them? How do they propose to stop people doing that, when ex-employees will still have access to their “company” email and all the records contained therein, forever?

      1. LW4 (He/Him)*

        It would be really hard to take clients with me when I leave; it’s more likely that I would jump ship and work directly for the client. There’s a non-compete preventing that, but none of us are really sure if that would still be enforceable since my state passed right-to-work after I started working for them.

        It… hasn’t been an issue thus far because I really liked my employer under Old Ownership.

        1. Blarg*

          I’d strongly encourage you to ask your clients if they’d be able to send you emails to a gmail account. In writing. Just very matter of factly. They are all going to say “umm, no, are you kidding??” And perhaps forwarding this to higher ups will make them realize they will just literally lose clients over this.

          I previously worked for a gov agency and needed to send specific patient info to some providers who were solo practices and used gmail and it was an issue for the state. Some of the providers were forced into using our third party encrypted service which was abysmal for everyone. Others switched to e-fax which has its own security issues but not ones we could be held to account for. FERPA is often more hard core than HIPAA, and people often think they know what HIPAA says but they are wrong. So I’d start with FERPA-land.

        2. So they all rolled over*

          Right-to-work usually refers to anti-union laws, not to non-non-compete laws.

    2. Keymaster of Gozer*

      I gave the text of this letter to our security operations team this morning to get their views. Here’s the response:

      That’s more daft than filling our data centre with water and turning it into a swimming pool.

      There was more swearing involved but I redacted it.

      1. AnonoDoc*

        Perhaps they could somehow inactivate the GFIs, and then invite the genius who thought up this scheme of private emails to be the first to try out the new pool?

    3. Ashley*

      All this. My old employer had company branded eamils but the platform sucked so everyone forwarded to their personal email. Any time an employee left it was crazy. At least at some point someone was allowed in the company to setup the free email so the recovery email could be used to retake the account. In a non heavy regulated industry it always worried me from a legal record keeping standpoint. I can only imagine in a regulated area. Not to mention previous comments about sending and opening attachments from someone at a free account. Corporate training says not to do that as it is likely a hoax.

  11. Working Hypothesis*

    Re #4, using private email for HIPAA-protected material:

    “If they won’t budge after that, there might not be more you can do, other than to take this as a serious mark about your new management’s sense. But yeah, I wouldn’t flatly refuse to do it.”

    I *would* flatly refuse to do it… but that’s because I would expect to get fired for it, and see no alternative. This is the kind of thing that can get you in serious legal trouble if you handle it wrong, and your company is all but forcing you to handle it wrong because you have no way to keep material secure the way it needs to be via an email account handled by a third party not themselves HIPAA-compliant or responsible for being so.

    I lost one job in a very similar fashion. I am a licensed health care worker. I and the other front line workers in my company were required (by business-department management who were not legally permitted to be in authority over us in the first place… my state has a law forbidding owners or managers in a health care clinic from being in direct chain of command without having licenses to practice themselves, because of precisely this kind of problem) to do something which would have caused my license to be taken away if we had done it and the state had found out that we’d done it.

    I couldn’t let myself risk my entire career for a single job; nor could I risk my clients in the way that the pertinent legal ethics obligation was designed to prevent. My license being taken away was a very real threat, but even if I had known that I wouldn’t be caught, I believe in the ethics of my profession and couldn’t bring myself to throw that away on command.

    So I asked the manager, in open meeting in front of the rest of the staff, how he intended to handle the conflict between his new orders and the ethics requirements of our licensure. As expected, he was furious — not just that I’d put him on the spot, but that I’d reminded the others that there was indeed a conflict if they hadn’t noticed it for themselves yet. He fired me the same day and I’ve never so willingly walked away from a job. I couldn’t stay there if they were going to demand something like that from us.

    LW#4, I know you’re not quite in the same situation. You’re not a health care worker yourself, and even though you’re responsible to HIPAA requirements, you probably don’t have a license that’s at risk if you obey this. I also know that I was in a position to be safe if I lost my job: I’m in an industry where there are always more jobs than there are good licensed professionals, and I had a spouse making enough money to cover us for a while if necessary.

    I don’t assume you have these things, so I’m not going to tell you outright to refuse even if it risks your job. Because it will, and you need to think hard about whether that’s something you’re willing to risk or not. But you might be, so I’m also not going to tell you, as Alison did, simply “don’t just refuse.” If you think it’s worth it to you to risk your job in order to take a stand on this, then DO refuse; it may shock them to their senses. Especially if you can do it with the kind of public scene that I could and did. (I was told by friends who stayed there longer than I did that they never tried to enforce the new rule; it was quietly dropped after that meeting.)

    But I do agree with her to this extent: only refuse outright after you’ve tried whatever else you’ve got in your arsenal in the time left before they actually take away your work email; and only refuse then if you can afford to lose the job the way I could. If you have no choice but to stay until you can find something else, then yeah… try to persuade them until you run out of time, and then if you must, knuckle under until you can get another job and leave this one in your dust.

    But if that’s the way it has to be, do start looking for another. Because this has ‘disaster waiting to happen’ written all over it, and if you can’t actually prevent it, then I’d rather for your sake that you aren’t there when it hits.

    1. Shad*

      Honestly, this is the kind of thing I’d be looking up how to report once I’d jumped ship, because it’s just so flagrantly unethical and illegal for any kind of confidentiality-regulated industry. And especially with the half-stated logic of “let’s protect ourselves from liability by shifting a higher liability burden to our employees”, I just can’t see any way to interpret it that isn’t at least gross negligence towards maintaining confidentiality.

    2. Bagpuss*

      Is there a way to report this, and do you have whistleblower protection laws which might kick in?

    3. Akcipitrokulo*

      I agree.

      Obviously LW may not be in a position where they can take the risk of losing their job – you have to eat – but this is right at the top of the list of hills to die on if you can.

      Personally, I would refuse. Absolutely. This is outrageous, unethical, insecure and a betrayal of clients’ trust.

    4. LW4 (he/him)*

      I *am* a licensed health care worker. That’s why “refuse” was something I put on my list of options.

      1. Forrest*

        In that case, is it worth getting in touch with your licensing authority for guidance?

      2. Blackcat*

        Yeah, violating HIPAA puts your license at risk. If you can at all afford the financial ramifications of losing the job, I’d refuse.

      3. ContractsKiller*

        Attorney here, lots of thoughts on this. I would definitely contact your state licensing authority to ask if it would violate your professional obligations to use a personal account and if there is an expected level of encryption you need to use.

        If you have the equivalent of a public access counselor in your state, I would also ask the protocol if (and really, WHEN,) sensitive information is disclosed. Will you be personally liable? Are there reporting requirements that you personally would have to do if there was a breach, such as send certified letters to everyone potentially affected by the breach?

        Internally, I would be asking similar questions. I would also be dusting off my resume ASAP. If your company is making this decision, either they don’t have an attorney, they don’t have a GOOD attorney, or they are ignoring their advice, because I cannot fathom how even someone straight out of law school would think this is a good idea. I foresee additional poor decisions in the company’s future.

        And from the company’s point of view, what happens to all your email data when you quit? Are they going to require a specific service or will some employees have Hotmail and others have Gmail? Is it a violation of any of those email services to use them for business reasons rather than personal ones? My little lawyer brain is blowing up with the millions of questions I want to ask the company, the first being – ARE YOU STUPID?!?!?!

      4. Working Hypothesis*

        I’m sorry — I missed that part. Reading too quickly, in disbelieving outrage!

        In that case, I agree with the others in this thread. Talk to your licensing authority post haste. Make sure they know all the facts of what this organization is trying to do; ask for guidance on what it means for your ethical commitments, and ask if there is anywhere else besides to them where you should be reporting the situation.

        And then, I’m afraid, I think you need to refuse to do what your company is demanding if you can possibly afford to lose this job over it. Document the demands and if you lose the job document exactly why; you may be able to get unemployment anyway, because they dismissed you for doing something you had every right (and legal duty) to do.

        How much further you take it than that depends on how aggressive you want to be. You could plausibly be a whistleblower (and you probably have to, at least to the extent of telling your licensing agency). You could bring it to the press in order to shine a bright light on what they’re doing. You might have a lawsuit available to you if they fire you for being a whistleblower or for refusing to take actions which your license forbids you to take.

        Or you could walk away, leaving it to implode without you, and hurrying to safe ground. So long as you’ve deposited the info with your licensing agency and checked with them that there are no further duties you have to report it elsewhere, that’s all you really need to do.

        But I definitely think you have to do that much, if you possibly can. Talk to the agency, refuse to do the private email garbage, and look for other work. If you absolutely can’t afford to risk your job, then contact the licensing agency and don’t refuse (if the agency says you’re legally allowed not to refuse), but look for other work and get out as fast as you can.

        But I’m hoping, for your sake and those of the patients involved in this situation, that you can afford to stand your ground. This really needs to be stopped.

    5. I'm just here for the cats*

      I would document everything they have told you, send emails or whatever to yourself. And then if they fire you for refusing then you have documentation.

    6. Elle Woods*

      It is definitely a disaster waiting to happen. If any of the entities LW4 deals with are public ones and she is using her personal email address for work, every single email message could be subpoenaed in the event of a lawsuit. Yes. EVERY. SINGLE. EMAIL. MESSAGE. (I’ve seen this kind of thing happen.)

      Protect yourself and demand a work email account.

    7. Worldwalker*

      I actually would refuse, and/or quit over this. There’s no way it’s not going to end up in court, and if the OP is involved, the fallout may splash all over him, and be a big negative when he tries to get any other job in his industry. “Oh, you worked for Llama Health Management? The ones that were all over the news last year when that big lawsuit hit? Thank you for applying, but your skills do not fit our needs at this time.”

      The employer is either mind-blowingly stupid, trying to offload liability onto the employees, or lying. Or all of the above. This is not going to end well.

      1. JustaTech*

        Sometimes, if it’s super clear that an applicant wasn’t one of the people who made the terrible decisions, having worked for EvilCorp won’t be held against them. But they’d need to be ready in an interview to say “as soon as I found out about [thing in the news] I started trying to leave the company because …”

    8. PeanutButter*

      Same. I walked away from a licensed healthcare role when it became clear that people could (and did!) use other people’s credentials to log onto workstations to chart. Sometimes it wasn’t even on purpose, if you swiped your RFID badge too soon after someone swiped to log off, the system would sometimes log you back into their session.

      Management responded by upping the punishments and reprimands for employees who had things done under their log ins to patients who weren’t theirs…despite none of us having a reliable way to secure workstations. I told the C-suite exec in charge of the healthcare information this made me feel professionally unsafe and she mocked me. I worked the rest of the shifts I had signed up for (I was per diem) and never picked up another shift again.

  12. LavaLamp*

    Not the OP, but I also shed. A lot. Some people just do. I was banned from brushing my hair anywhere but the bathroom when I was a kid because of it, not even in my room. We don’t get bald patches or anything, we just loose more hair, and if our hair is longer it seems like it’s even more than it is.

    1. PeanutButter*

      Yup. It’s an ongoing joke that my cats’ hairballs are more my hair than theirs. And my hair is short! There just never seems to be any less of it. :/

  13. UKgreen*


    No one should be playing ANYTHING in a communal area without headphones. No music. No movies. No religious services. No videos of their cat meowing cutely. Nothing. Nada.

    Can you tell that ‘stuff play through the tinnny speakers of a phone’ is my pet hate??

    1. I'd Rather Be Eating Dumplings*

      Yeah, I think OP might be putting more weight on this because it’s something religious, which makes it feel loaded — just approach as if she were blasting the Black Eyed Peas or reruns of Cheers. Fine to enjoy, but not to force on everyone within earshot.

      1. Worldwalker*

        I once shared a very small office with three people with very divergent tastes in music: British punk, classical, and *shudder* elevator music. (and that one was our department head!) I listened to filk and classic rock; I enjoy classical; I can tolerate British punk; but the elevator music was intolerable. And I had the greatest tolerance of them all — none of the other three could stand any office-mate’s taste in music, except the elevator music guy was okay with my filk. The solution was Walkmans. (which probably dates this story!)

        Because no matter what it is, nobody else should have to listen to it. Even if it’s something they *like*, it might not be what they like right now.

        In a world where almost everyone has smartphones and you can get off-brand wireless earbuds that still sound better than those tinny speakers for twenty bucks, there’s no reason to subject everyone around you to your playlist. (note: I picked up a set of Wyze noise-cancelling headphones for cheap on Amazon Prime Day — something like that can save your sanity with two people working from home five feet apart, when one needs to concentrate deeply and the other has to be at a lot of meetings)

    2. Homophone Hattie*

      Me too. I want to toss unheadphoned people’s phones into the sun. You’re in public. What’s wrong with your brain?

    3. Hush42*

      This. As I was reading the letter my first thought was “why does it matter that it’s religious? They shouldn’t be playing anything without headphones in a common area”. My general rule is that, unless I’m completely alone, headphones are always required. I find it annoying and distracting if other people are listening to *anything* without headphones.

        1. JustaTech*

          Or working in a clean room (so you’re wrapped in a white plastic space suit and can’t leave for hours on end) with a guy who will only listen to country music or hyper-right wing talk radio. It’s a weird sensation to hate but also be deeply grateful for country music.

    4. londonedit*

      Absolutely. I cannot stand it when I can hear some tinny rubbish from someone’s phone. It really sets my teeth on edge, it’s so distracting! It’s bad enough when you’re on public transport and someone’s video calling their mum with no headphones (WHY), let alone in the office.

    5. Falling Diphthong*

      The last time I took an airport bus, someone watched a video on a tablet the whole way. Without earphones. My laser eyes from several rows back did not impact her.

      I agree with Dumplings that the religious aspect is making this feel more weighty. “Don’t play your electronic audio in a public setting” is a fine policy, one which may have been taken for granted right up until Chad, and then management made a rule about it.

      1. JustaTech*

        I was in an airport once waiting a the gate where a guy was watching something on his tablet very loudly. Finally another guy got up and tapped him on the shoulder and said “your headphones aren’t connected, can you please turn it down?” The whole gate applauded.

        1. Falling Diphthong*

          (possibly I have been told by my son that the headphones on my ears are not connected to my laptop, which explains why I am having so much trouble with the volume)

    6. Threeve*

      I’m so surprised by letters here sometimes. I am far from confrontational, but I wouldn’t think twice about politely asking “would you mind wearing headphones for that?”

      I’m not referring to the LW, who is asking about putting a stop to the behavior completely, and is right to be thoughtful about it, but that so many coworkers would whisper uncomfortably rather than make a reasonable, inoffensive request–is something else going on with the office dynamic?

      1. General von Klinkerhoffen*

        Maybe they mistakenly believe they’d be infringing religious freedoms by doing so. Maybe the person in question is a missing stair.

        I agree, it should be trivial to say, “Please use headphones in the break room.”

      2. PurplePeopleEater*

        I’ve definitely asked people to put headphones in on buses and trains, so I’d feel even more comfortable asking a coworker. I do think the religious aspect is making that seem more awkward, but we don’t have any information to suggest that the service-listener is trying to play out loud *at* people, so it should still be a simple request.

    7. generic_username*

      I hate it too. Years back, I purchased a cheap 5-pack of earbuds that were individually packaged to passive-aggressively hand out to the people listening to music aloud on the metro (surprisingly not that common in my area, but purchased the pack after a particularly annoying 45-minute ride home with music so loud it cut through my book on tape so I couldn’t understand the narrator). Then Apple got rid of the headphone jack so I had to ditch that strategy.

      But yeah, idk why even escalate this to HR. Just ask the guy to wear headphones in the breakroom

      1. La Triviata*

        I work in an open office and, before rules were set that we had to use headphones or something, people would blast their music and it was very distracting. To the point that I would sometimes have to ask someone if I could call them back because I couldn’t hear them over my phone. (And I mean blasting literally – two people would have a competition to see whose music could drown out the other’s. In an open office with no dividers.)

        1. allathian*

          I’m amazed management thought that was okay. No doubt they were in their cushy individual offices and lacked the empathy to realize others who worked in the open office space would find it distracting.

    8. Nana*

      In a noisy dorm, in my long-gone youth, I tuned my radio to the local Catholic station…where Cardinal Cushing prayed the Rosary at 7PM. [In a droning, white-noise way] My roommates (both ACTORS and rather dramatic) tip-toed around and didn’t practice their lines during that 30 or 40 minutes, because they thought I was praying along.

  14. BTL*

    OP4 – assuming you or others deal with external partners/clients via email, how is your company planning to explain the change to them?

    If I’m working with a company changing their contact details from, saw wakeen@companydomain to wakeen2016@gmail that’s going to raise some serious questions about the professionalism of the company, and maybe even cause me to take a look at its finances, as there’s a good chance I’m going to assume this is about cost cutting

    1. Bilateralrope*

      I’d be thinking they are trying to avoid any legally required disclosure of a data breach. Or trying to dodge some other regulations. Or Wakeen got fired and doesn’t want me to know.

      I can’t think of any good ways for outsiders to interpret this.

      1. EvilQueenRegina*

        Your point about Wakeen getting fired makes me think of another issue around this: What if someone at that company really was fired? Without the actual company addresses, there’s no means for IT to shut their account down, people could be emailing clients and partners anything and the company couldn’t do anything to stop it!

        1. Bilateralrope*

          Especially if the first thing Wakeen does is send out an email warning that certain others* at the company have been compromised/ended their employment and any emails from them should be deleted without reading them due to a malware risk.

          *Coincidentally including everyone else at the company that this client has regular contact is.

          1. Coffee Officinado*

            All of these are really valid points. This company are plain nuts!
            On a less serious note, I would probably set up my email account as MinnieMouse@…

      2. tg*

        I wouldn’t think it was about dodging regulations because it is so bizzare. I would just assume it was spam and delete.

      3. Falling Diphthong*

        Right? My mind would go straight to “Whoa, Wakeen got fired and is trying to set-up as an independent contractor and hopes I won’t notice.”

    2. LW4 (He/Him)*

      This is a question I don’t have an answer for, because I’m still not sure whether, if I do get to keep my e-mail, if it will stay the same or if it will change from LW@OldOwners to LW@NewOwners.

      But because this is a change that affects not just me, but the whole company, I’m going to be expecting that the company lets personnel at our contracts know rather than expecting our external colleagues to field a dozen “my e-mail address is changing” e-mails (but I will be asking about it because there are a few other things about this that people haven’t thought through).

      1. Worldwalker*

        Is the company being bought by/merged with another company? Say, BigLlamaCo is buying and absorbing Llama Lleisurewear? Or is it just a change in ownership, so Joe Schmoe is buying out Llama Lleisurewear but it’ll still do business under the name of Llama Lleisurewear?

        In the case of the former, companies I’ve done business with who have done that will send out an email to their clients/customers, from the old address, saying something like “We are now a division of BigLllamaCo and our new email addresses are Please update your address books accordingly. This email address will become inactive on September 30.”

  15. Caroline Bowman*

    Re OP2… um… I’d just – because I’m evil – have really loud, laughter-filled phone chats at the next table every. single. time. this happened. It’s so… oblivious and unnecessary and really selfish. It’s a hot-button topic for me though, to be fair, when somehow ”but it’s my religion” often seems to equal exemption from anything and given special status, regardless of how intrusive or overbearing it might feel to anyone else, and any attempt to change things is seen as ”disrespect” and persecution.

    Saying that, I’d lean towards getting a ”headphones required” policy implemented as a blanket thing and then if it persists, directly asking the person if they could use headphones rather and ONLY THEN turning childish.

  16. Anya*

    Something like gmail, hotmail, or yahoo etc is just NO, especially from a HIPAA standpoint. Google’s (And Yahoo, Microsoft, etc) AI reads pretty much every message you send to better ‘serve’ you and target advertising, update creepy databases, etc. I use those services occasionally, but I have a secure paid email that doesn’t spy on me for anything sensitive. I’d be beyond enraged if someone were sending my sensitive data through one of those services. Please take this to legal or HR or something, there’s a good chance they don’t know about this, and once they know about it, I’m sure they’ll take care of it. If they don’t get it, have them take a look at this

  17. The answer is (probably) 42*

    LW #3: My one worry is that you’ll be labeled the “fun police” if you make a broad policy. I do think a policy against disruptive audio in shared spaces is a good idea, but you have to be careful how you implement it. Like if someone is showing a 3 minute clip to a friend on their phone over lunch, that’s different than listening to an entire audiobook or podcast or religious service.

    Reasonable people will understand the difference between those two scenarios, but reasonable people also know better than to subject their entire office to their religious services. So the people you’ll get pushback from are the ones who will take the policy to its logical extreme and complain about that extreme, rather than understanding the common-sense purpose of it.

    1. Homophone Hattie*

      Those three minutes would be agony for me. That’s quite a long video! Maybe a ten-second tiktok would be acceptable, if it were only one. I think a broad “no audio without headphones” rule in the office is perfectly acceptable. People might skirt it for incredibly short videos, which, fine I guess, but it would send the message that it’s not ok and give people the backup when rude colleagues start inevitably showing that second and third tiktok.

      1. AcademiaNut*

        No audio in working spaces is a perfectly reasonable requirement.

        If they have a break room, or hallways, people can go there if they absolutely must share pet/kid/random funny internet videos with a coworker.

        1. Homophone Hattie*

          Honestly, not even there, unless it’s empty of other people. It would render it very uncomfortable for a lot of people trying to take a break. “Use headphones for noise made by your device” is not unreasonable. Again, a single very short video of maybe 30 seconds or less, ok, fine, let’s pretend we didn’t hear it, but anything longer you can find your headphones or watch with the sound off.

          1. Homophone Hattie*

            General “you” meant there, not directing this at AcademiaNut in particular :)

    2. ecnaseener*

      I mean, don’t yell at people the instant you hear a video start on their phone, but…you’re not the fun police if you gently enforce the rule for a minutes-long video.

    3. Abogado Avocado*

      #3: There are plenty of very good bone-conduction headphones (I use Aftershokz, but they can be a bit pricey; Amazon offers cheaper models) that your coworker could use to listen to the service, while also leaving the ears free to respond to visitors or hear inquiries from coworkers. I use these at work and love them. Therefore, you might also want to recommend that any policy changes allow the use of bone-conduction headphones. Just a thought.

    4. ErinWV*

      Letter 3 really takes me back. The lobby outside my office used to be populated by a woman (contract employee, not with my institution) who would sing her heart out all morning long. Frequently, gospel songs. Sometimes she would play the song on her phone and sing along with it, sometimes she just went a capella. I wrote a note to her manager nicely asking her to tell the lady to keep it down. I copied someone from another adjacent office who I figured was also affected, and who immediately appeared in my doorway all “OMG THANK YOU.” I know that the singing lady was talked to, but she did not stay quiet very long.

      This went on for about four years. She has never returned from the pandemic, so I am assuming she retired or found other work during that time. It has been blessedly quiet ever since (although her replacement did not properly wear a mask even when it was required, but still: quiet).

      Anyway, I should have been able to just ask her, kindly but pointedly, to keep it down, but I was always held back by the religious nature of her singing. I work at an academic institution and if she took it the wrong way, I could just see the headlines: Godless Liberal Indoctrination Center Tramples Devout Hero’s Right to Practice Her Religion. I did not need to see my workplace on Fox News.

      Anyway, OP3, I hope you figure it out.

  18. Akcipitrokulo*

    OP2 – would taking your hair out of ponytail/bun as you enter meeting help? If you probably will need to, then doing at start, when everyone is settling down, might make you feel less awkward.

    But it honestly is not a big deal anyway.

    1. ecnaseener*

      She said that the weight starts to hurt after a while, whether it starts out up or down.

    2. I'm just here for the cats*

      I don’t think the hair thing is a big deal unless she is in a very stuffy office. Heck my director is always putting her hair up or down when on meetings.

  19. M*

    OP4, you work directly with clients who have to comply with HIPAA and FERPA.

    …Imma gonna bet that if you send a mass email *notifying* them that, per the request of your company, you will be moving all communications to a personal email address, specified below (pick a nice Blaring Red Alert Alarms outdated provider, for maximum impact), from [specify date], ccing your manager…

    …that the policy will be rescinded by Friday.

    1. M*

      I mean, draft carefully for plausibly deniability when the inevitable nuclear fallout lands, but yeah, this is… very unlikely to survive you notifying clients of it.

    2. Ana Gram*

      Honestly, that’s a good idea just so they know to expect to receive gmail from her. If it causes clients to complain, all the better!

    3. ecnaseener*

      Especially if you add “This new account doesn’t have the same encryption that my previous address had, so I won’t be able to safely email you private health information anymore.”

      1. Working Hypothesis*

        This is also a good way to get yourself fired, so he’d better be able to afford to lose the job if he tries this. But it might be worth a try, if that’s true.

        1. M*

          Yeah, the tone I’m suggesting here is in the line of: “Just letting you know you’ll get emails from a different address! It’s here! Hope you’re well!”, so that OP4 has plenty of plausible deniability. (They’re external parties, they won’t know he’s changing email address unless he tells them, so *obviously* he had to email them. Realistically, that backlash is coming at some point, the point of the mass email is to make sure it all floods in at once, *before* OP4 handles any confidential information in his shiny new personal email account.)

          ecnaseener’s addition – while I very much understand the temptation – is something that makes it very clear that OP4 knows how bad that email is to send, and so makes them an easy scapegoat.

  20. Ana Gram*

    OP 4, this is obviously a bad idea for all the reasons already listed but it’s also just weird. If I got an email from someone in their professional capacity from a gmail address, I would assume they were trying to do something in a sneaky sort of way.

    Actually, I did have this happen. I got a request for info from a gmail address from a guy who claimed to be affiliated with XYZ Agency. I contacted the agency and they confirmed he was legit (they don’t give part-timers email…) and mentioned that people were always calling trying to verify his legitimacy. Well, I should hope so!

    The whole thing is strange and a bad idea but will also just waste time!

    1. Bilateralrope*

      I would ask them if they want me to call them to check after every email I get from their part time staff. Because, even if they are employed by them today, that could change tomorrow.

      Partly to protect myself from someone they fire. Partly to annoy them into giving part time staff email addresses.

  21. whistle*

    LW4, be ready for your company to demand your password once your email account is set up.

    1. Bilateralrope*

      Just remember that the TOS of the email provider probably require to change the password as soon as you know it’s compromised. Which means the second you pass it to someone else.

      Then there is the matter of two factor authentication.

    2. LW4 (he/him)*

      I’d be… disinclined to acquiesce to that request.

      If they want access to my e-mail, they can own the e-mail address.

      1. Falling Diphthong*

        Another point to bring up in this:

        As a not-very-technical person, I still know to hover my mouse over the sender’s email address. If it’s not person@domain, I assume it’s spam and off to the junk folder it goes. (Thus fall a zillion warnings that my Amazon account must have its credit card updated.) This is very, very baseline “how to avoid phishing” stuff. “We want to look like a phishing scam!” should not be the image your company is setting out to create.

        1. Falling Diphthong*

          If you’re a one-person business and I initiated the contact, it’s probably fine. But as soon as you expand much beyond that, I expect a domain name.

          1. so many questions*

            And even a one person business can buy a domain name and email hosting for a few dollars a month.

        1. One of the Spreadsheet Horde*

          Prepare Spaceball 1 for immediate departure! And change the combination on my luggage!

  22. Onetime Poster*

    RE: OP2 – I think this has more to do with her personal view on the “intimacy” of touching one’s own hair and the sexualization perceived in our culture. I too am a cis woman, mid-40’s, and have a lot of hair – though not nearly as much as it sounds like the OP. Point being, I am *always* touching my hair – it’s always falling into my face, or it’s uncomfortable to wear back all day, or I just have a ‘tic’ that has me touching my hair rather subconsciously. The most I’ve ever been aware is when I’m doing the latter a lot… but, who cares? Women have hair. It gets places we don’t want it; headbands hurt after a while… and if we’re in a meeting, so be it. As Alison said, as long as one is not making it a sexualized thing then what’s the issue?

  23. Onetime Poster*

    RE: OP3 – Your company sounds like they don’t want to invest in the software or email administrator which/who would actually ensure that they are secure. That’s probably the root of the issue: budget. But, they are setting themselves up for disaster, and their employees, if something goes wrong. On the one hand, should anyone’s “personal-work” email address get breached somehow (or info accidentally leaked due to confusion or misuse on employee’s part), then liability shifts to the employee. On the other hand, if that happens, then the employee has to file a suit of liability by the company for requiring this situation. It’s just a terrible approach.

    What’s odd is that the company can set themselves up on G-Suite (Google email services/software) at little to no cost, thus sort of bridging the gap I can only assume they’re trying to avoid.

    I wholeheartedly recommend that you refuse to use personal email accounts for work-related communication on the basis that you are not able to comply as a general civilian with the requirements of HIPPA or whatever else. You may wish to consult a lawyer to get some wording correct, but by no means should a company require an employee to use an email account for work that is not secured and overseen by the company – because that means the employee is the first line of liability. Shame on them for putting so much at risk. If they can’t find a bit of budget for the proper oversight and software, then they shouldn’t be using email at all. (Note: I work in security software. This is an insane requirement!)

    1. JustaTech*

      I’ve had a couple of instances where I couldn’t use my work email to contact work vendors. Once my email refused all emails from a domain registered in France (a long-time vendor), and until I could get that fixed I had to ask them to send stuff to my personal email (thank goodness it’s just my name).

      The other time a vendor got hacked, so our communication had to go through LinkedIn (of all things) for a while.

      But both of those were very short-term work arounds, not permanent solutions!

  24. Alton Brown's Evil Twin*

    #2 The sudden gust of wind! I guess Alison watched the same sitcoms as I did.

    1. Falling Diphthong*

      In Camila Cabello’s “Havana” video, the opening soap sketch culminates in a marriage proposal in a bedroom with closed windows, at which point Camila’s hair starts blowing like it’s in a hurricane.

      Chuck also had a lot of fun with the sudden indoor winds blowing Sarah’s hair back dramatically.

      1. pleaset cheap rolls*

        “or suddenly being accompanied by a dramatic wind,”

        I really want to be able to put in a whole row of laughing face emojis.

        1. Solana*

          Or ‘Scrubs’ when beautiful female characters were introduced in a slo-mo shot. “This is a really windy hospital.”

          1. Acronyms Are Life (AAL)*

            Haha, I was just thinking this! Someone did a compilation video on YouTube of all of the women being introduced with the dramatic wind, and ended it with Dr. Clock’s ‘this is a really windy hospital.’

  25. JelloStapler*

    Higher Ed here, re: FERPA:

    Our institution not only has University wide secured email but we also has to do two factor authentication if we login to the browser version. We tell our students to use their school account instead of a personal account so that we know what is them and not someone pretending to be them if we’re discussing FERPA protected information. So while the person could comply with FERPA from a personal email,the issue of security is still a problem.

    In all I’m not really sure how this management feels that Gmail is less of a security risk than Outlook or something similar. Do y’all have an IT department? I’m sure they have feelings.

  26. feral fairy*

    To LW4, if your company doesn’t let up on the issue of the private email accounts, I would strongly consider looking into whistleblower protections and contacting HHS in order to protect yourself and your clients’ privacy. It sounds like your company has a different structure in that it’s a contracting agency, but everywhere I’ve worked/interned where we handled PHI there was a compliance office where we could make anonymous complaints if we were concerned about HIPAA violations. I’m not sure if this is built into your company’s structure but maybe another potential avenue to explore.

    1. LW4 (He/Him)*

      I literally have no idea what the current structure is (although I agree that I need to find out if the expectation of using personal e-mail for work business becomes enforced).

      I was an employee of a company so small and (respectfully) hands-on that the CEO and I would have recognized each other passing on the street, now I’m an employee of a large national company that’s responding very differently to requests and concerns, and I didn’t make that change.

      1. JustaTech*

        Oh, the purchase by a giant corporation. Those are always stressful at best, and an utter sh*tshow at worst.

        When my company got bought by EvilCorp they fired an entire department without asking what they did. Turns out, it was 100% essential to the business (like, can’t get through one day without them, OMG), so they had to try to hire everyone back at higher salaries. They also tried to cheap out on shipping and receiving until I pointed out that shipping or receiving a shipment on dry ice requires a license, and also we got a lot of refrigerated packages that needed to get to their destination in minutes, not hours. “The guy from the downtown office will come by once a week” idea was scrapped and we got a new person for our loading dock.

        I hope you can weather this storm and come out in one piece!

  27. RudeRabbit*

    Can we just stop to appreciate Alison’s “suddenly being accompanied by a dramatic wind” comment? Hah!

    1. Pleeease*

      Yes, the LW should excuse themselves to go to the bathroom if they are accompanied by a dramatic wind. Ha ha!

    2. New Job So Much Better*

      Yes! Great comment!! And did you all see recently how they accomplish hair blowing dramatically in shampoo commercials? Stylists dressed entirely in green to blend in are actually moving the model’s long hair. Amazing.

      1. NopityNope*

        Well, dang, I was wondering! Now I shall have to hire a stylist to follow me around and dramatically move my flowing locks. Will they fit in the bag with the industrial fan I already carry? And will them dressing entirely in green work IRL?

  28. Mental Lentil*

    A Gmail account is incredibly easy to hack into. This is really the least secure option. LW’s company is woefully misinformed.

    1. Princess Flying Hedgehog*

      I suspect LW’s company believes this will transfer the liability risk from the company to the individual employees.

  29. foolofgrace*

    #4: I don’t know much about security, but would a VPN connection, in conjunction with a security app such as Norton, protect against this? This is not to say that such a remedy should be on the shoulders of the employee.

    1. LW4 (He/Him)*

      Original Ownership ran a VPN for report submission. Report submission is changing (in a legal and appropriate manner) under New Ownership, so I’m not sure what’s happening to our VPN.

    2. Gnizmo*

      From what I understand of HIPAA, no. Not even a little bit. For any electronic communict you need to have a BAA with the provider of the service. In this case it would be Google. Google absolutely does not offer BAAs for free accounts. It is a small to the point of trivial expense for a single account (less than $100 a year for mine as a solo practice). I still would not pay it for the company out of principle though, and want to run screaming from them. My response would be “not with my license” and let the chips fall where they may at that point. The company is playing a very dangerous, and stupid game.

    3. ecnaseener*

      Yeah no it wouldn’t stop free email providers like google from reading your emails.

    4. Observer*

      Nope. This doesn’t even begin to scratch the surface of what’s wrong with the idea.

  30. Uranus Wars*

    As long as you let it down in a quick motion of a few seconds and aren’t following up by raking your fingers through your hair, shaking it out, or suddenly being accompanied by a dramatic wind

    Anyone else conjure up a White Snake video?

    1. Phony Genius*

      One of our conference rooms has a fan in the corner that can blow really strong. I’m just sayin’.

  31. The Rafters*

    I work in a State agency that handles a huge amount of HIPPA related info. If I saw protected information sent via g-mail, etc., I would run screaming to our compliance officer. Please, please send an update and let us know that company came to their senses. If not, send an update that you reported them to the proper authorities.

  32. often trapped under a cat*

    #1: Last summer, when we were all remote, my employer allowed people to put in for reimbursement for office supplies, with some strictures, and a minor paperwork requirement. They also gave every employee $150 to help with general “summer expenses,” basically subsidizing AC use for those who had AC, without requiring any paperwork. They recently repeated the $150 summertime stipend.

    There have been no monetary or item-related vaccine incentives, but recently it was announced that vaccination would be required for anyone who will be physically present in our offices when they formally reopen in the fall. This includes both staff and visitors, and proof is required. If you cannot, or choose not to, get vaccinated, you cannot come into the office. No one will lose their job; they can work remotely in our new hybrid model.

    It was also recently announced that if you are vaccinated and have proof, you don’t have to wear a mask in the office. A limited number of people are working on-site already, ahead of the official reopening, and they’re happy to no longer have to wear masks at their desks, though they can choose to. I’m sure that some people will continue to wear masks, either by choice or because they are not vaccinated, and I’m a little worried that people who choose to mask will be assumed to be unvaccinated and that that might cause problems.

    1. JustaTech*

      I’m very confused why our office was acting like they couldn’t ask for proof of our COVID vaccinations when they already keep proof of everyone’s Hep B vaccination (or refusal). Like, it’s legal guys, we’ve been doing it for decades.

      1. pbnj*

        I think some people are confused by some state’s laws on covid vaccines – but these laws often restrict businesses requesting information from customers, not employees.

  33. Jonquille*

    LW#2, have you seen a dermatologist about your scalp hurting after 30 minutes of being tied up? I have the exact same hair as you (super long, super thick, right down to the underbuzz! I have about 40% of my hair left and the remainder is still thicker than most people’s full head of hair) The only time my scalp hurt that much was when I had a dermatological issue. It was easily treatable, though!

    I weave mine into a loose side braid. Mostly because a bun or ponytail looks weird with the underbuzz, haha. But the side braid is great because it puts no pressure on my scalp and keeps the stray hairs from shedding everywhere.

    1. BadWolf*

      When I had really long hair, a ponytail was generally too heavy. French braids and a large bun worked well, but some days the bun definitely came out earlier.

      Loose hairstyles for me were always a disaster as they quickly became messy and fuzzy. I’m enjoying my short hairstyle now, but I really miss the bun with an underbuzz.

      For OP2 — I would say avoid being me and actively finger combing your long hair during meetings and leaving hair that inevitably shed during the process behind. Shudders. I actively broke this habit when I realized it probably looked juvenile and the shed hair was gross (not that hair can’t shed, but finger combing it made it active). Sorry, past coworkers!

      1. clara sparks*

        Oh nooooo, finger-combing my hair is my number one fidget, and I’d never even considered that it might be making me shed on the spot. Guess that’s +1 habit I need to break by the time my company goes back into the office!

    2. Nicotena*

      I realize this doesn’t help OP but I’m fascinated and a bit jealous that someone’s hair could be half gone and still this heavy and thick. Mine is a downy puffball you could pinch together in two fingers. I once tried to donate to locks of love and the final ponytail wouldn’t have been enough for a set of bangs.

      I do sometimes get a sore scalp from a ponytail, but that’s not really the weight of the hair, it’s just the tightness causing it to pull. I do a lot of loose, low ponies and chignons for my tender headedness.

    3. quill*

      I can’t get mine (very thick, very curly) long enough that it would be too heavy for me, because it split ends like mad. (Yes, I have tried insert-trick-here. No, the only thing that keeps it from fuzzing into oblivion or snarling is regularly hunting out and eliminating split ends. It grows quite slowly and the fact is that hair is dead cells from the moment it springs from your scalp, even if there was one weird trick to make it stronger it would take over a year to see any results…)

      But too hot for me? Yes, all the time. So I’ve definitely redid my hair at work before, and I ALSO shed like a beast. Frankly, I’m now looking back on whether my cubicle hair rearrangement has necessarily been as clean and discreet as I’ve always thought!

  34. Geeky Teacher*

    #1: As a teacher who buys supplies to do my job…..I wish that corporations understood the financial burden placed on teachers….

    1. NopityNope*

      Hey, Geeky Teacher (and all other teachers), quick comment to make sure you’re aware of DonorsChoose dot org, a non-profit that lets teachers post supply/project/equipment requests and donors select a teacher/project to support. It sucks that so many (all?) teachers are underfunded.

      1. Geeky Teacher*

        There are many teachers who are not allowed to use donorschoose by their school districts!

        1. JustaTech*

          What?! That’s horrifying! (And stupid and cheap and shortsighted and ugh.)
          I’m sorry, that really sucks.

        2. NopityNope*

          Yeah, I know and I agree that that sucks. My school district banned for a bit, but looks like they backed off it, as I’ve seen some teachers back on again. I asked why they banned it, but just got shuffled around, no answer. So sure, don’t adequately fund, then cut off an avenue for people to get assistance. Makes sense to me. /s

          1. Observer*

            The only official reason I’ve seen is that the district was “concerned” that they can’t insure that the supplies and equipment are “appropriate” and proper quality.

            If you believe that that’s the actual reason, I have a bridge to sell you.

  35. Casual Librarian*

    OP4, I’ve done a lot of work digging in to the privacy policies of different email providers (both free and paid). I’d be happy to discuss it with you.

    Overall, though, Rise Up is probably one of your best bets as far as protecting privacy. The only downfall is that they have an attachment capacity. Proton Mail and Tutanota are also free options. These 3 services all fight subpoenas or only release encrypted data to their home-country (Switzerland and Germany) court orders.

  36. Missouri Girl in LA*

    LW 3-I’ve worked in government for the majority of my career and was always told that we keep stuff like religion out of the office. As somebody who had been, when I was a kid, constantly told by those who “knew better” that my religion wasn’t Christian, I realize I’m hyper-sensitive to things like this. It took me years to be able to tolerate opening prayers from city government meetings. Where I live now, more people will put religious items in their offices and it still startles me. However, in a public/common area, it doesn’t matter if it’s something religious or some rapper spewing out NSFW words in a song. Even my most favorite songs will be offensive to me if I hear it blaring from others’ devices. It’s a matter of being considerate and kind. If they can’t put conventional earphones in their phones, get the Bluetooth or listen in their office or car or a place that it doesn’t encroach on others. Can you imagine if there was employee A listening to that, employee B listening to another podcast, employee C listening to hard rock, etc without headphones? Yikes!

    1. Worldwalker*

      I don’t have to imagine. I once shared a very small office (as in four people stuffed into what would amount to a big cubicle) with people who each had a radio or tape player, and listened to “easy listening”, British punk, classical, and classic rock … all at the same time. It was … not good.

  37. MistOrMister*

    I don’t usually disagree with Alison, but re OP 2….meetings are boring and many times pointless. I, for one, would welcome the distraction if someone went to take down their hair and suddenly a huge fan was present to blow a dramatic gust of breeze through their newly freed tresses. It would be the highlight of my work day!

    1. NopityNope*

      Especially if accompanied by a stream of flowers and/or ray of sunlight glinting off of said tresses.

  38. Exhausted Trope*

    OP2, I had a colleague at oldjob with hair past her hips who took down her hair in meetings and at other times. We found it delightfully quirky but not unprofessional.

  39. lilsheba*

    On LW1 ….I guess it’s cool they’re offering incentives but it is really starting to irritate me that companies and states are offering to PAY people to get the vaccine. I got fully vaccinated before any of that was in places because it was the right thing to do and it protected me and my family. Those that are doing it just for the money? that’s messed up.

    1. Allypopx*

      The important thing is that they’re doing it. Herd immunity doesn’t really care what your motives are, we just need more people vaccinated and if money is what it takes – well that’s unfortunate but it is what it is.

      1. Lunch Ghost*

        I’m about at the point where I’d personally pay people to get the vaccine so I don’t have to start wearing masks again. If somebody else wants to pay them, go for it. (Although I do like that the company in the letter is also giving the incentive to people who already got the vaccine.)

    2. Tricksie*

      Whatever it takes, though. My state is at considerably less than 50% vax and I’m concerned. If more people would do it for a monetary incentive, I think we should offer monetary incentives.

    3. scooby dooby doo*

      the more people who get vaccinated, the better. no matter their reasoning. seems very silly to make this a moral high ground thing.

    4. Nope.*

      The vaccine and the virus don’t care what someone’s motives are. Shots in arms is how this ends, and if that means cash or free food or the like, I’m fine with it.

      1. Clisby*

        Yeah, what difference does it make why someone gets vaccinated? My son is working a seasonal part-time job, and they give a $100 bonus to any employee who provides proof of vaccination, My son had had his 2 Pfizer shots before he started work, and still got the bonus. This company, in the summer at least, hires a bunch of teenagers, who may be pretty cavalier about the vaccine. Not because they’re awful – because they’re teenagers, who think nothing terrible is going to happen to them until it does. $100 is nothing to me, but it’s a (relatively) lot to a high school or college student out working a summer job.

    5. RagingADHD*

      It’s really been irritating me for a long time that people turned a pandemic and a vaccine into one more thing to be divisive and point fingers over, instead of everybody trying to work together to end it.

      More people vaccinated = good news. That’s all there is to it.

    6. mreasy*

      Early vaccine-getters like us have had our immunity and its health protection longer! Annoying to see bad actors getting paid but we have had our own benefits.

  40. 867-5309*

    I read OP4 as working through a contract company, like Adecco or Robert Half. If this is correct, then it would be surprising that they had an email address from the company in the first place.

    1. LW4 (He/Him)*

      I don’t want to get into details because it’ll reduce my ability to stay anonymous to my employer, but the company I work for is not like Adecco or Robert Half.

    2. None*

      Nah, we hire contractors through Robert Half all the time and they don’t use their Gmail accounts. We give them an email address through our company server.

  41. middle name danger*

    My jaw dropped at “employees having company email addresses is a security liability for the company”. What? There’s a good reason there’s a huge scandal any time a politician is found to be discussing official business on a personal account.

    1. Nicotena*

      I think this is part of their calculation. If their contractors are using non-company-provided emails, the company can distance themselves from that content in the event of a scandal. (Do they think this would help them with some kind of FOIA request? It probably won’t, since the emails you send public figures still wouldn’t be protected).

      Speaking as someone who uses a gmail account for my freelancing work, it’s a pain in the butt, as gmails seem to get caught in outlook’s spam filter to a higher degree.

      1. Worldwalker*

        I’d strongly recommend getting your own domain name, and just having gmail forward to it. That way people can still send you emails to your old gmail account, but you can send out emails that are less likely to end up in spam filters or disregarded by readers who think “oh, gmail, must be spam.”

    2. Captain dddd-cccc-ddWdd (ENTP)*

      This is the part that caught me as well. I can think of a lot of reasons (not ‘correct’ reasons, but potential arguments someone could use) such as lack of traceability back to official systems etc but that didn’t really seem to fit a “security liability”. The only thing I could come up with was that for some reason the work LW is doing is “contentious” in some way or can result in “unhappy customers” so that a company email address would ‘out’ LW’s place of work, causing a security risk to the work place / others in the work place, if an “unhappy customer” was so inclined.

      They are employees in the sense that they work ‘for’ the agency, but their actual relationship seems to be with the health care etc service users. So my guess is the service user works with (e.g.) “Charley Smith” who is sort of an independent practitioner, but can trace Charley back to their place of work by knowing that their email domain is mycompany dot com or whatever.

  42. Observer*

    #3 – Please do not bring the religious aspect to HR. I understand why you are uncomfortable, and I would be uncomfortable too. But it’s a losing proposition.

    Alison is correct, though. NO ONE should be listening to anything in a shared space without headphones / earbuds. It’s a matter of noise for one thing. This has an especially high chance of being problematic if multiple people are listening to stuff in the same space. You could wind up with a real cacophony. On top of that there is TON of content that could make people uncomfortable. Perhaps someone else will be listening to religious programming from a different religious tradition. But there is lots of other stuff. A lot of people are going to be uncomfortable with a lot of music, for instance.

    So, to the extent you talk about content, the point is not that THIS content is problematic. Rather, there is a lot of content that would make different people uncomfortable (and I’d be willing to be that the person playing religious services would be uncomfortable with some of the genres I’m thinking of) and it’s really not on the agency to decide what people get to be uncomfortable about on the one hand, but they do have an obligation to make the shared space reasonably comfortable. Asking for earbuds / headphones is a reasonable way to deal with it.

    1. Thin Mints didn't make me thin*

      I can easily see an employee who enjoys listening to rap running into trouble with others who object to profanity, or an NPR fan running afoul of someone who loathes pledge drives.

        1. JustaTech*

          I was in my lab one time doing some brainless stuff and wanted to listen to some music (headphones aren’t a great idea in the lab for safety reasons) and another coworker was in the lab as well. “Hey Bob, do you mind if I listen to my music? It’s got some swear words in Spanish.”
          Bob, who had been stuck in the lab for days with an incredibly boring but fiddly project, turned to me with sad, sad eyes and said “if it’s not Adele I don’t care”.

          Our other coworker had been listening to a mix of Adele, Amy Winehouse and Lorena McKennit for several weeks at that point. Which just goes to show that even music you like can get to be too much after a while.

    2. RagingADHD*

      I think it be good for the LW to consider whether they would be equally concerned about everyone else’s comfort if it were music or a movie, or even a different religious tradition.

      And if not, why not?

  43. Esmerelda*

    #5 – agree with Alison here, that ideally employers should say which method they’re using. I’ve helped my manager (the hiring manager) with interviews in the past and was honestly shocked when she would put a long-range application deadline on the job posting but then start interview the first applicant right away. We hired someone weeks in advance of the posted “deadline.” If I was an applicant who thought I had weeks left to apply, I’d be frustrated. And it wasn’t ideal for the hiring process, either, honestly – my boss would look at the pool of applicants that came in everyday and pick 1-3 people (out of the 1-5 applicants we got daily) and we’d interview them the next day. I get that for some industries rolling interviews just make sense, but for mine it really doesn’t. It was incredibly chaotic – instead of me blocking a few days on my calendar for the first round of interviews, I had to keep an open calendar indefinitely because my boss was scheduling several interviews daily (each an hour long) with little notice, for a couple weeks. In the end we interviewed WAY more people than we needed to because we didn’t wait until the end to see how candidates compared to each other. The outcome probably would have been different if the posting specified to apply as soon as possible.

  44. Erin*

    The company who is a giving clothing/supplies allowance & vaccine incentive: are they hiring?? Those are great ways to boost morale! I’m in!!

    As far as the person listening to religious services sans headphones, I cannot stand when people listen to anything on their phones without headphones in public spaces, but I’m also not going to be the person to ask someone to use headphones. It would be really helpful for everyone in your org if management intervened and created a blanket policy for all employees that says headphones are to be used with any media that has sounds.

    1. Meep*

      Seriously! I got on the vaccine trial (and was fortune to get the vaccine in Oct. ’20) because my company was being loosey-goosey about COVID. I signed up the day one of my coworkers sitting across from me with no mask on (I had mine on) complained her friend was waiting for a COVID test before informing me they went out for dinner the night before. (No thank you!)

      Said coworker also flipped when she heard I was on the trial (again maskless) and was the last to get the vaccine – which she only got to feel left out. This is the Vice President of the company.

      I would kill for a company that cares enough to encourage vaccines and pay for it.

  45. Observer*

    #4- Your company is a bunch of loons. But when you put your case together, focus on the ACTUAL problems.

    NOT problems – Gmail is generally HIPAA compliant, so that by itself is not an issue. As for expending your own resources, that’s going to sound seriously odd because Gmail is free. And assuming you set a separate gmail account up, checking it should be no different than checking your email that was issues by your employer.

    That doesn’t make it a good idea. In fact it’s a TERRIBLE idea that is exposing your company to devastating problems. So much so that if you can’t get them to see reason, I’d start searching for a new job. Because this really could destroy them. I’m not kidding.

    So, HIPAA compliance, to start with. Compliance is not just about which email carrier you use, but how you protect it. For instance, how are they reducing the possibility that someone is sharing that email account? How are they ensuring that sensitive information is being encrypted? How are they auditing information access? The answer is that they CANNOT. And if they get audited, if there is a data leak, or if there is a SUSPECTED data leak they are going to be in a world of hurt.

    Then there is basic business operations and continuity. What happens when someone goes on vacation and forgets to set an auto-responder / forwarding? What happens when someone leaves? Even if they leave on good terms, their email is GONE. They may actually see that as a plus as it means (they think) that they can’t have someone come after them for old emails. But in the meantime you have no access to information you need and you have no way to deal with the people who don’t know that this person left and will continue to email them. Remember, you can’t even send an email blast to everyone in the address book because you do NOT have access to their address book

    Then you have direct security. Sure, it’s true that bad actors sometimes use email systems to get into the wider system. But, it’s far more common to use email directly to deliver malware. How is your company going to protect you guys from spam, phishing and malware delivery on your work systems? A decent anti-malware products is not enough. And although training HELPS, it’s not close to being enough.

    The bottom line is that it’s actually not hard to see what they were thinking. The problem is that they stopped at stage one and didn’t think through the full ramifications. Talk to any security person and watch their hair turn to a spiked helmet and their eyebrows hit the ceiling. It’s an idea that only sounds good if you think like a 6 year old. But some 6 year olds can be shown why they GREAT idea is really not such a bad idea. So, I have not lost all hope.

    1. Observer*

      By the way, I don’t mean to say that you should use a standard Gmail account for HIPAA or FERPA covered email. “Generally HIPAA compliant” means that Gmail can be used in a HIPAA compliant manner not that it’s actually HIPPA compliant to use a personal Gmail account. Because using ANY personal email account is pretty much inherently non HIPAA compliant.

  46. blink14*

    OP #2 – this may seem totally out of left field, but have you ever seen a neurologist for the scalp pain? I have occipital nerve pain (and migraines), along with scalp pain that gets worse when my hair is up for multiple hours. Trigger point injections have been a HUGE game changer for me – helps with migraines, the nerve pain, and makes my scalp numb for months.

  47. Mockingdragon*

    Touching your hair is intimate? I’ve used my hair as a fidget toy as long as I can remember…it’s far from uncommon for me to undo and redo my braid as necessary. If anyone’s ever asked, “my hair’s on too tight” has been a fine explanation. I’m not sure if OP is over-thinking their hair or if I’m under-thinking mine!

    1. Now In the Job*

      I’ve found it a little immature when someone continuously fusses with their hair in a meeting. It’s one thing if it is a one-time adjustment, but if someone has four different hairstyles in one hour-long meeting, I would be questioning whether they’re paying attention.

  48. Phony Genius*

    While reading #2, has anybody else suddenly become more self-aware about how their hair feels on top of their head? Mine’s suddenly annoying me.

  49. Cora*

    I have literally never thought twice about taking my hair down or putting it back up quickly during a meeting.

  50. Meep*

    I am gobsmacked by LW4. It is a security issue so let’s get a personal gmail account? If I had to guess they think saving $2 per person on email is going to make the difference.

    My company had the opposite approach. Someone thought G-Suites was insecure and we spent $12,000 upgrading a server for storing and sharing files that the same person now refuses to use in favor of G-Suites. She constantly goes back and forth on how insecure G-Suites is vs how secure it is.

    Hopefully they be as fickle as my security problem child and it will be a few months to a year before they say they will do it again.

  51. Workfromhome*

    #4 If they are going to do this I’d suggest you go to them and say I’d prefer that he company set up all the gmail adresses and then provide the address and the password to me. This will ensure that there is some consistency in terms of all contracts using the same email service and address format as well as ensuring they have access should your employment end. (note this is pretty much BS but serves a purpose)

    That way you wont have a company email but the email and address will still be “provided” by the company. At least then if anything happens you can fall back on the fact that the company provided you the address and they in effect “won” any liability that goes with it.

  52. That One Person*

    I’d be super curious for #4’s company’s plans when it comes to any firings/leaving employees. With the business email aspect at least they can get shut out. Personal on the other hand comes down to, “We want your password so you can’t access it anymore.” “No.” “Well we’re out of ideas…”

    Maybe they go the legal route if the account’s not given up to them after the fact, but it’d still look really strange in court I imagine that the company wanted personal accounts for business purposes. Dealing with sensitive info like that just makes the decision weirder, and feels even more bizarre with some of the rehiring stuff about privacy/PI/HIPAA and so on so forth. I don’t deal with HIPAA luckily, but there’s still information I shouldn’t just be tossing out someplace either I imagine for privacy reasons.

    I feel like the only way they could get more lunatic is demanding any company equipment back, requesting you get your own, and then wanting said equipment if you leave the company because company secrets.

    1. Worldwalker*

      Oh, let them have the password.

      It won’t help with the fact that you’ve auto-forwarded/BCC’d all the emails to a second gmail account that they *don’t* have access to.

      That’s the kind of thing they could control if it was on the company servers. Gmail? Not so much.

    2. Observer*

      What Worldwalker wrote is true. But that just scratches the surface.

      Maybe they go the legal route if the account’s not given up to them after the fact,

      And what legal basis do they have for demanding the password?

      but it’d still look really strange in court

      Not just “strange”. It would put on the record for all to see that the company had an EXPLICIT policy or REQUIRING people to use personal email accounts for information that is legally protected and that the company should have been monitoring and managing. If their insanity had managed to fly under the radar till then, this would blow it sky high.

  53. Betsy S*

    LW#4 – I’ve been an email administrator for decades and agree with all of the above.

    One additional tactic might be to ‘innocently’ let an IT person at one of your customer sites know that you, or your team, will no longer be sending email from your business address, perhaps asking if they can whitelist your personal email or checking to see if they block hotmail, or whatever.

    A customer screaming may have more weight than all of the employees put together.

    However, it occurs to me, has the company put this policy in writing? You don’t want to be in the position of using personal email, having a client get upset, and then having your company say that you were violating policy by not using your (previously removed, magically restored) work email.

    1. Observer*

      Good point.

      DO NOT create an email account until you have this in writing. And then wait till they turn off your account.

  54. Michelle Smith*

    Can you not find a looser bun or use a headband? Maybe it’s just me but I find flying strands of hair super gross and would not want to be next to you when your hair was shaken out.

    1. ecnaseener*

      Looser buns just have more slack with which to pull down. Tighter styles are generally better for distributing the gravity across your scalp (but obviously still pulling).

      And yeah the title says “shaking out” but I think that might be Alison’s editorializing – the letter itself doesn’t say that.

    2. Rainy*

      Looser buns immediately fall out, and also put most of the weight of the hair on your hairline, so you can have a stylish fivehead after a while. As a fellow too-much-hair person, sometimes you just have to move it around so you don’t get a headache.

  55. James*

    LW #3: Replace “religious service” with “heavy metal” or “baseball game”. Would it still be disruptive? If so, you should be able to complain without it being about the religion. The baseball game thing is from personal experience–I’ve got a coworker that’s a fan, and keeps a radio at his desk to listen to games with. In his case it’s only disruptive if you’re at his cubicle, as he keeps the volume down to the point where it doesn’t travel past that.

    That said, does the public interact with folks at your office? If so, you do need to consider the image it presents. There are a lot of people who aren’t members of your coworker’s religion, after all. When I walk into a government office and see crosses everywhere and hear Christian music playing (it’s a distinct genre) I know that my options are either 1) hide my religious beliefs, or 2) accept that I’m going to be treated as a second-class citizen or refused service entirely. This is one of the reasons that a LOT of people in minority religions aren’t open about their religious beliefs. Same with LGBTQ+ folks.

    I’m not saying that should be the reason you give. It should, however, be a reason to push back on this. And remember, the issue isn’t that they’re listening to the service–it’s that they’re doing so in a way that makes everyone else listen to it. Put headphones on, or listen to it quietly, and the issue is obviated.

    1. Momma Bear*

      Agreed. I play the radio in my office. The sound shouldn’t really travel outside my office and disturb anyone else. My musical choices (or talk radio or whatever) are for me. If I have a meeting in my office, I turn the music off. It’s just common curtesy. The coworker can get/needs a set of headphones.

  56. JessaB*

    I wonder what would happen when the OP leaves the company, are they obliged to keep every email in their personal account? How do you do your due diligence and discovery during a lawsuit if all those emails are in separate places. Not to mention opening systems up so the OP can use gmail also opens them to problems from whatever web browser they’re using to read it. I have no idea but does gmail have unlimited storage? I’m very ignorant of gmail because I only have one for my android phone, and I’ve set the gmail to forward to my normal address. How hard is it to open up the browser for gmail but not universal use? The whole thing is just…weird.

    1. Observer*

      How do you do your due diligence and discovery during a lawsuit if all those emails are in separate places.

      You don’t. Which is apparently what the OP’s company wants. In a comment they mention that they were told that management “doesn’t like to put things in writing.”

  57. gbca*

    LW #1: As someone who both handles corporate budgets and is privvy to leadership discussions about these kinds of things, this sounds like a genuine attempt by leadership to soften the blow of return to office to keep up employee morale and retention. There have been a lot of articles lately about expected high turnover as employees realize they have options, no longer want to put up with employers who showed just how crappy they are during covid, and are not necessarily geographically bound. So smart employers realize that there is value in investing in employee morale.

  58. Nikki*

    #4 if you are at a large enough company to have internal legal, I’d escalate to them. (Assuming you are not since they are making this request in the first place.).

    Most medical professionals I’ve seen during the pandemic have specific software for HIPPA compliance, etc. Weird to not even have at least a business gmail account.

  59. Worldwalker*

    #4 is totally insane.

    Alison covered the issues about security, ownership, and so on fairly effectively. But there’s one more issue: IDENTITY.

    It sounds like this company deals with fairly confidential information. If I get an email with an address of a recognized company that I’ve done business with, I’ll conditionally trust it. If I get an email from joe.schmoe at gmail *claiming* to be with said company, it’ll go straight in the spam bin. If it’s asking for aforementioned confidential information, I might very well block it on the server level, but only after forwarding it to the provider’s abuse address. I can think of absolutely no way that someone with a gmail (or other freemail) address could conceivably convince me that they are a legitimate representative of that company and not a phisher. None.

    And if I were making decisions for a company that did business with this company, I don’t care if they’re the only source of whatever they do in the industry (and they’re not; nobody is, for anything, in any industry) — I’d terminate all business with them of any type. Because I couldn’t trust them with confidential information, or *any* information, or even not to make really stupid decisions that would be likely to affect my business in unknown but very bad ways.

    I’ve been reading AAM for a couple of years now, and read through a lot of the archives. I’ve seen letters about companies doing some amazingly stupid things. I cannot recall any company, at least bigger than mom-and-pop-and-family, doing anything this mind-blowingly stupid. The reasons are stupid, the implementation is stupid, and the outcome *may in fact crater the company.*

    This is just staggering.

  60. Wisteria*

    OP2: have you ever tried snoods? They are basically a bag that hangs off a headband and holds your hair. It doesn’t sound either comfortable or stylish, but they can be both. Think of them as one more thing to add to your arsenal of options to pull your hair back and take the weight off.

    I can tell you that the people in your meetings are a combination of some who judge you as not paying attention (or in some other unflattering and gendered manner) and some who barely register that you moved your arms near your head. Only you can decide how much you care about the opinions of the former set.

    1. nothing rhymes with purple*

      + I was just coming to suggest this. They have some lovely choices on Etsy for instance.

  61. Magenta Sky*

    Op #4: They’re telling you to use *Gmail* for business purposes when the company is responsible for HIPAA compliance? Are they *insane*? Google isn’t, in any way, shape or form responsible for HIPAA compliance because they are not a medical provider. Your company (do *you* have an personal liability for HIPAA?) *is* responsible, and *your* *company* is sharing medical information with Google *without* *permission*?

    And make no mistake, Google scans through *all* email, especially on free personal accounts, *and uses it for targeted advertising*. That’s the entire *point* of free email accounts. And they store that information forever.

    And they are *very* good at connecting dots, so when your client sends you an email with medical information, Google will connect that client with their employer, their coworkers, their friends and their family.

    And they will send ads their system believes to be connected to that medical condition. And depending on how the company network is setup up, those ads may go to everyone in the company. They’ll also send ads to people associated with the patient based on it – “You have a friend with cancer – send them a sympathy card.”

    There are verified accounts of people having coworkers finding out about medical issues (like cancer, or pregnancy) because of this, that they would have rather kept to themselves.

    Your company is run by people who have zero (or negative) understanding of how the internet works, and possibly a defective understanding of HIPAA. If you have any personal liability under HIPAA, I’d run for the hills.

      1. Sola Lingua Bona Lingua Mortua Est*

        It almost sounds like someone thinks this is the service that someone high up *thinks* they’re getting instead of the free service.

        Wikipedia (objections duly noted) reports In June 2021, Google announced that Workspace would be available “for everyone” with a Google Account, giving consumers access to the upgraded Gmail experience previously only available to paying subscribers. I wonder if that someone thinks that free accounts are getting the formerly paid service now?

      2. Observer*

        I think that there is too much focus on the fact that it’s Google. There is NO personal email service that come CLOSE to being appropriate to use for this kind of material. Not even ProtonMail, which is the only personal email provider that I know of that actually provides real encryption for their email.

  62. Now In the Job*

    Did you hear about the company that gave $10,000 a day to people who were in the office? I’ll link in a comment. I thought it was WILD.

  63. Magenta Sky*

    A strictly by the book approach would be to ask for formal permission to share their medical information with Google, since that’s what will be happening. I’m no expert on HIPAA, but I believe that permission has to be in writing. From every patient.

    (I wouldn’t do that unless I had another job lined, up, but I’ll bet it would be a very quick and brutal end to this brilliant plan.)

    1. ecnaseener*

      Not a lawyer but I do work with HIPAA to some extent – patient authorization is not needed to disclose information as part of normal operations (and I imagine corresponding with patients about their care counts as normal operations)

      1. Observer*

        patient authorization is not needed to disclose information as part of normal operations (and I imagine corresponding with patients about their care counts as normal operations)

        No, that’s not what that means. It means that you can disclose the information to people who actually need that information to do their normal and expected jobs that are directly related to dealing with your patients. So, you allow the radiologist to look at the films, and you allow them to talk to the physician who ordered the scan / x-ray / whatever. And you allow the transcriptionist to take the doctor’s audio notes and turn them into text for the EMR system.

        Sharing with Google (or MS, or Yahoo or whatever other email provider)? How does that fall under this exception? The answer is that it doesn’t.

        1. ecnaseener*

          My guess is that “using Gmail” is not legally equivalent to “giving the data to google.” I could be wrong. I just think this line of legal argument would be much more difficult than more obvious arguments based on other HIPAA requirements, like the requirements to have adequate data protection in place.

  64. hodie-hi*

    #1, My company has not paid incentive for vaccination. But everyone did get $1000 to put toward home-office needs, and we all get a small amount monthly as well. Many employees have been and always will be permanently working remotely. Others were always in an office before the pandemic, and now are going back hybrid.

  65. DJ Abbott*

    Some have brought up a good point that I will make here.
    I worked in a hospital and in the orientation training we were taught that we, personally, could be fined or jailed for a HIPAA breach. We were expected to understand what was necessary to protect patient info and do it.
    OP, you need to find out what your personal liability is for HIPAA and FERPA breaches and stick to that line, no matter what your employer says. I’m sure they wouldn’t try very hard to save you if you got in trouble with this.
    Maybe see an employment attorney to find out exactly what your rights are here, and to defend you if it comes to that.
    Good luck!

    1. lookie loo*

      yeah this seems like it’s a solution that doesn’t improve security generally but does improve/reduce the company’s on-paper liability for data security issues…

  66. Jessica Fletcher*

    4 – Get yourself to your company’s Legal department ASAP. This brainless decision will endanger your contracts with the healthcare agencies and open your company to liability.

    Options if your company still doesn’t reverse course:

    – Save the emails or other communications where they lay out this decision, where you raise concerns, and their response. If they respond via telephone or in-person conversation, make detailed notes afterwards about what was said, who was present, and who made the decision/who told you of the decision. Probably don’t make audio recordings. Some states require two-party consent for audio recording, plus there’s a chance your company has rules about it.

    – Your company probably has a Compliance or Fraud report hotline. You should be able to report anonymously if you want. Emphasize that there’s still time to change the policy if they act quickly.

    – If your company doesn’t have a hotline, or if you don’t feel comfortable contacting them – The healthcare agencies you do business with definitely have a Compliance or Fraud report hotline. You should have been trained how to report. If you don’t know the contact info, use a personal device on your home internet to go to their website or google for their hotline, and report directly to them. Emphasize that your management seems to need education and can be convinced to reverse this decision if contacted quickly.

    – As a super duper last resort, if you absolutely can’t find the healthcare agencies’ hotlines and find yourself concerned for your own liability (which is a smart concern to have!), you can report to CMS/OCR, OIG, or a state agency, depending on what your company does and which healthcare products your company performs services for. You can report anonymously to CMS/OCR or OIG, but you shouldn’t because they won’t have much evidence to go on and it’ll be tough to establish if this is a credible report. They’ll protect your identity.

    Oh my God. This might be the most irresponsible thing I’ve ever read on here!

    1. Jessica Fletcher*

      Also: You don’t have to “know” this is a compliance violation in order to make a report. You’re making a good faith report that you suspect this is a compliance violation.

      But it most likely is. :)

    2. DJ Abbott*

      When you save the emails and other documentation, make sure you save them in a place you can access them if you’re not at work.
      I would keep hard copies at home but of course don’t show them to anyone outside the company. IMHO email is too vulnerable to hacking or employer rules.

  67. Certified Scorpion Trainer*

    LW2: as someone who has hip-length hair, i have never put any thought into someone sexualizing me letting my hair out of its usual bun. i let it down regularly at work to let my scalp rest and then twist it back up into a bun once i feel it start to frizz. i can honestly say that i’ve never seen a coworker look, leer, or have any reaction to my hair other than very occasionally comment on the length.

  68. JM60*

    I’m not sure what happened to my comment, so I’ll try posting it again:

    Re #1 response:

    Legally they could simply require vaccination (with the usual medical and religious exceptions)

    I think there shouldn’t be religious exceptions to vaccination requirements. Your religious rights end at my nose, and if you expose me to COVID because you refuse to get vaccinated, you’re punching me in the nose.

    As far as what the law says, IANAL, but employers are required to provide “reasonable accommodation”. I would consider exposing customers or fellow employees to be unreasonable. What the EEOC says on this matter can be found at wwwDOTeeocDOTgovSLASHwyskSLASHwhat-you-should-know-about-covid-19-and-ada-rehabilitation-act-and-other-eeo-laws#K.12. The rough guidelines which include “the proportion of employees in the workplace who already are partially or fully vaccinated against COVID-19” as a consideration, seems to give a bit too much room for spreading disease to disease IMO.

  69. Water Dragon*

    We don’t eat lunch in your church, so please don’t play sermons in our lunchroom.

Comments are closed.