You Have To Have An Email Policy

from Your Virtual Insurance Volume 2 – Issue 10-19-01, published by

If your company uses email, provides email service for your employees, or allows your
employees to use e-email for business purposes, you have to have a written email policy. To not have one
opens you up to all manner of headache and potential liability.

Why Should I Be Concerned?

Not convinced that it’s necessary? Look at any recent court case. Opposing attorneys now
ask for email the way they used to demand inter-office memos. Microsoft’s prolonged anti-trust case is a
prime example of the effect of company email on a trial.

Beyond legal ramifications, consider the negative publicity and damage to your company’s
reputation that could be caused by the wrong email getting out.

Or what about the possibility of company secrets being inadvertently or deliberately passed
to a competitor. There are allegations that spies in the US nuclear industry used email to send secret
material to China.

Isn’t This A New Problem?

The central issues in a corporate email policy are not new. Issues of business purpose,
privacy, restricted material, retention policies, even freedom of speech issues, have all been addressed
before. Email is simply a new technology for communicating and an effective email policy will recognize that.

Your company probably has policies and procedures for archiving and retaining written
business communications, letter, memos, etc. The policy may address what needs to be kept and for how
long. An email policy needs to address the same issues.

A harassment policy exists for your company (or it had better) stipulating prohibit
sexually explicit photos in the work areas, but not have an email policy that prohibits transmitting
sexually oriented images.

Other than the technology involved, these aren’t new issues. They simply need to be
addressed in light of the new technology, and a policy developed, published, and enforced.

Who Writes The Policy?

An email policy needs input from many groups within the company. Upper management must
direct the policy development so that it supports the company’s overall mission. The legal department
can tell you what must be included and what should be excluded.

IT (the computer department) can tell you their recommendations and what is technologically
possible. Get the HR department input because this will affect virtually every employee. Although not
absolutely required, I recommend getting the PR department involved up front. It is easier for them to
cogently defend the policy if they were involved in its development.

Finally, get the employees involved. Select representatives from the various user groups,
up and down the org chart, and of various skill levels. If you have employee stakeholder groups, like a
union, include them too. You want people with opinions, not necessarily answers, but mostly you want their
input to increase the chances of the policy ultimately being workable.