You Have to Have an Email Policy

If your company uses email, provides email service for your employees, or allows your employees
to use e-email for business purposes, you have to have a written email policy. To not have one opens you up to
all manner of headache and potential liability.

Why Should I Be Concerned?

Not convinced that it’s necessary? Look at any recent court case. Opposing attorneys now ask for
email the way they used to demand inter-office memos. Microsoft’s prolonged anti-trust case is a prime example
of the effect of company email on a trial.

Beyond legal ramifications, consider the negative publicity and damage to your company’s
reputation that could be caused by the wrong email getting out.

Or what about the possibility of company secrets being inadvertently or deliberately passed to
a competitor. There are allegations that spies in the US nuclear industry used email to send secret material
to China.

Isn’t This A New Problem?

The central issues in a corporate email policy are not new. Issues of business purpose, privacy,
restricted material, retention policies, even freedom of speech issues, have all been addressed before. Email
is simply a new technology for communicating and an effective email policy will recognize that.

Your company probably has policies and procedures for archiving and retaining written business
communications, letter, memos, etc. The policy may address what needs to be kept and for how long. An email
policy needs to address the same issues.

A harassment policy exists for your company (or it had better) stipulating prohibit sexually
explicit photos in the work areas, but not have an email policy that prohibits transmitting sexually oriented

Other than the technology involved, these aren’t new issues. They simply need to be addressed
in light of the new technology, and a policy developed, published, and enforced.

Who Writes The Policy?

An email policy needs input from many groups within the company. Upper management must
direct the policy development so that it supports the company’s overall mission. The legal
department can tell you what must be included and what should be excluded.

IT (the computer department) can tell you
their recommendations and what is technologically possible. Get the HR department input
because this will effect virtually every employee. Although not absolutely required, I
recommend getting the PR department involved up front. It is easier for them to cogently
defend the policy if they were involved in its development.

Finally, get the employees involved. Select
representatives from the various user groups, up and down the org chart, and of various
skill levels. If you have employee stakeholder groups, like a union, include them too. You
want people with opinions, not necessarily answers, but mostly you want their input to
increase the chances of the policy ultimately being workable.