The use of private email for business is "rarely sanctioned but it's commonly tolerated," Hansen said.
One reason that IT managers might tolerate private accounts results from the conflict between information security and business alignment, according to Leon Kappelman, an information systems professor at the University of North Texas.
By allowing, or not preventing, the practice of BYOD, or bring your own device, and shadow IT (another name for what Clinton was doing), IT managers are not seen as people who always say "no," Kappelman said.
Shadow IT may be a big security risk, but some IT managers "think it's worth the tradeoff because it makes the customer happier," said Kappelman.
Nonetheless, private companies are advised to keep control of communications policies.
The reality is that it takes a team effort to get effective communications policies, said John Martin, a partner at the law firm Nelson Mullins Riley & Scarborough LLP. Sometimes the compliance effort is initiated by the IT security group, but it also could start with the legal department.
"They are not simply IT issues, they are cultural issues, they are business issues," said Martin, who heads his firm's Encompass E-Discovery and Document Review Solutions group.
Sign up for Computerworld eNewsletters.