Protect Your Business With an E-Mail Policy

Did you know that e-mail written by employees in the
workplace could be legally attributed to employers? The
potential legal pitfalls, such as breach of
confidentiality and hostile workplace lawsuits, could
significantly hamper your business and damage your
reputation.

by Kelle Campbell NFIB.com

Not only can e-mail easily be sent "astray," but you
also may have to turn over e-mail records to resolve
disputes involving contracts, lawsuits or law
enforcement issues. More mundane but still damaging are
downloaded viruses and loss of productivity as a result
of personal e-mail communications.

An increasing number of companies are establishing
e-mail policies in order to keep electronic
communications professional, maintain productivity and
minimize their liability. The following guidelines
should help you put together or refine your policy:

If you already have rules regarding issues such as
confidentiality, use of business property or
harassment, make your e-mail policy as consistent with
them as you can. Of course e-mail users’ general
tendency to write casually and e-mail’s semi-permanence
in computer storage (even when you think that they’re
deleted) may require special action.

For example, some companies include "netiquette" rules
to ensure a certain degree of professionalism in
electronic communications. If you think this is
necessary, provide stylistic guidelines and advice on
how to handle concerns such as attachments,
particularly large ones.

Also, decide if you’ll allow personal e-mails, and if
so, to what extent. Your employees spend a significant
portion of their lives in the workplace and so may need
to use your e-mail system to maintain balance between
work and life. In addition, employees may wish to
receive messages from mailing lists, e-newsletters and
newsgroups. Although these resources can provide
professionally useful information, you may want to
caution employees about inadvertently posting sensitive
information or defaming a competitor.

Even if you do allow personal use, you will very likely
want to emphasize that company e-mail is for business
communications. Nancy Flynn, managing director of the
ePolicy Institute and author of The ePolicy Handbook,
recommends setting guidelines for appropriate business
communications. Some policies just state that e-mail
should be related to the organizational objectives, but
others are more specific. For example, the University
of Wisconsin-Green Bay’s policy states that e-mail is
"to inform faculty, staff and students about
activities, events or policies that relate to the
University’s educational services and businesses."

You may want to prohibit personal comments about
others, discussions about flaws in products, chain
letters, copyright infringements, e-mails for an
employee’s own money-making endeavors and any content
contrary to company policy.

Additionally, you should prohibit pornography, racist
or sexist language and other offensive material. Doing
this can reduce or even eliminate your "hostile work
environment" liability if such materials are ever
received or sent. Explain what actions should be taken
if an offending e-mail is received, encourage
recipients to come forward and establish procedures for
investigating complaints.

If you decide to monitor for inappropriate e-mails
(which may include filtering offending messages), make
this clear in your policy. Explain how much privacy
employees should expect plus the conditions and
procedures under which you will access their e-mail
messages. Many policies state that the e-mail system is
the organization’s property and that e-mail messages
are subject to inspection without prior notice to the
employee. Although courts have upheld organizations’
right to monitor, privacy rights advocates are still
fighting these decisions, so keep track of state and
federal rulings on e-mail monitoring.

Some companies place their e-mail policies — or at
least a section about e-mail monitoring — in employee
contracts so that they have signed agreements. In
addition, some have a monitoring notice appear whenever
employees log onto a computer.

Also consider some of the larger legal issues. How do
you wish employees to send confidential and sensitive
information? Should they use encryption software, limit
the material to the company intranet, keep this data
offline completely or use some other measure?

Do regulatory bodies require that your company data,
including e-mails, be kept for specific periods?
Specify which e-mails need to be archived and recommend
a timeline for deleting non-archived messages.
Organizations involved with litigation may need to hold
on to electronic data for indefinite periods.

Finally, ensure that your employees have seen and
understood the policy. Make it available via handbooks
or the company intranet, and use it during training or
orientation sessions. Whenever you update the policy,
circulate the new version and consider having it signed
by employees.

The American Management Association’s 2003 survey
revealed that three-fourths of respondents had a
written e-mail policy. If you still feel at a loss
about joining the ranks of the policy-protected, you
can download samples at http://www.email-policy.com and adapt
them with the help of legal counsel.

To read this and other related articles online, visit:
http://www.nfib.com/cgi-bin/NFIB.dll/jsp/toolsAndTips/toolsAndTipsDisplay.jsp?contentId=4055517