I just encountered a very serious email privacy violation that was facilitated by having Act and Outlook integrated. Consider the scenario where all Act Users have access to the entire database of contacts. This setup is both necessary and preferred because our salespersons share many of the same contacts, selling them different products. Sharing contact information (activities, histories, proposals and sales) promotes greater awareness for our salespersons and a better experience for the customer. Now consider the following 3 company employees, an HR Manager, a Sales Manager (MGR), and a Salesperson (SP). The manager and the salesperson are both Act users whereas the HR person is not an Act user. SP is not performing well and MGR exchanges emails with HR discussing termination of SP. Meanwhile SP suspects that he may be getting terminated so he adds HR into the Contact database under a false name and company but with HR's actual email address.
MGR continues to exchange emails with HR, never suspecting that HR's email address would ever be in the Contact database so he does not bother to mark his email as Private. In fact he regards sending emails to fellow employees as being totally unrelated to the Act database because there is absolutely no need to store non-sales related employees in the Act database. Now the 'sneaky' (but clever) salesperson has access to the email exchange between HR and MGR because it is recorded in Act History!
Can this 'flaw' be fixed in Act? I had hoped that I could impose a validation on field 'E-mail' in the database, e.g. "does not contain @MyDomain.com" where MyDomain.com is the suffix on all our employees email addresses. I could not find a way to do this under the edit option of "Define Fields" afforded by Act. The downside to this proposed solution is that it would mean that field "E-mail" could not be populated on any User records and therefore would not be available for use in shared templates.
Another solution I suggested to Act Support was the availability of a domain name option when setting up email configuration in Act. This could be a domain name that would suppress recording emails in Act History if the "to" and "from" email address domain names were the same, i.e. inter-office emails amongst fellow employees. This of course would be optional but in my case, would suffice as a solution to combat the confidentiality breach described earlier.
I am sure there are cleverer ways to avoid the problem I have articulated but the "Mark as Private" or "do not record in history" are most certainly not viable solutions for my company. I need something that can be setup at the administrator level and is not dependant upon users having to remember to check privacy boxes, especially when they are in Outlook and communicating with a fellow employee who is not even an Act user. So how can 'devious' salespersons as described earlier be thwarted from abusing the Act-Outlook integration?
Somebody help me please because the owner of the company is threatening to throw out Act because of this confidentiality breach.