E-mail is a staple of corporate culture. While e-mail has greatly increased the potential for better business communication and information access, it has its downside. Few employers have yet to fully appreciate the extent to which company e-mail increases their potential liability and to take steps to reduce the risk.
E-mail's "oral-like" feel is deceptively dangerous, since employers and employees may be lulled into saying things in e-mail messages which they would never say in writing--not realizing that e-mail leaves a written record, even after it is deleted. In fact, e-mail has far greater potential for distribution and permanency than other forms of written communication, since it gives employees near instantaneous communication with co-workers, competitors and customers who may be in the next cubicle or halfway around the world in a different time zone and it leaves a permanent record everywhere it is sent. In addition, messages can easily and cheaply be forwarded by one recipient to a much broader audience that the original sender intended. If the company e-mail system includes Internet access, employees can access an almost limitless expanse of information from global websites and discussion groups, including those with sexually explicit "cyberporn" and hate group ranting. The media is full of reports of employees doing just that using company e-mail. If you think your employees are not accessing these sites--think again.Some Areas of Potential Liability For The Employer.
- Invasion of Employees' Workplace Privacy.
- Copyright Infringement.
- Sexual Harassment, Discrimination and Cyberporn.
- Trademark Infringement
- Employees Using E-mail for Criminal Activities.
- Trade Secrets Disclosure
What Can The Employer Do To Reduce These Risks?
An effective liability prevention plan will start with a comprehensive company e-mail policy, but also include continuous employee education and implementation of technological security measures.
- Creating The E-Mail Policy.
The cornerstone of any effective e-mail liability prevention plan is a written e-mail policy. If it is to be effective, the drafters of the policy will need to consider not just the liabilities but also the corporate culture where it will be implemented. Otherwise even the most comprehensive policy runs the risk of becoming like the Constitution of the former Soviet Union--an enlightened document everyone ignores. Drafting the policy can also serve as a good excuse to review other information policies such as trade secret protection and document retention and destruction policies. A good plan can also enhance employee morale and the company's public image by enhancing workplace civility toward employees and customers.
Ideally it will start out with a general policy statement explaining about the potential dangers from e-mail and why these risks not only impact the employer, but also impact employee job security and the quality of the workplace environment. Then it should clearly inform employees that company e-mail belongs to the company just like the company fax machine and is to be used only for business purposes (or within acceptable non-business limits). Employees should be informed that they have no reasonable expectation of privacy while using company e-mail, that e-mail may be searched and/or screened, and that e-mail is retained for a designated period of time, even if it appears on an employee's computer screen that the message has been deleted. Employees should also be informed that every message they send on to the Internet is labeled with the company's domain name, as if it were sent on company letterhead. The policy should discourage employees from copying and distributing large portions of documents or images to minimize the risk of copyright and/or trademark infringement. In addition, employees should be prohibited from downloading software from the Internet, both to avoid copyright infringement and to avoid infecting the system with viruses or worms. The policy should contain a section covering treating fellow workers and customers with dignity and respect when composing e-mail messages and not using profanity, sexual or racial jokes or slurs. Employees should be encouraged to consider e-mail in the same vein as memoranda and letters. This is also important if e-mail is used to communicate with customers who expect good service and polite responses. Employers may also want to create a response time standard for responding to customer e-mail.
- Know the System You Seek To Regulate.
Whoever drafts the policy needs to understand how the e-mail system works. This means talking to the MIS people who administer the system and asking questions about the system.
- Define Your Goals.
Every employer needs to decide what results it wants to achieve from its e-mail policy. Some results to consider:
- Eliminate any reasonable expectation of privacy on the company e-mail system.
- Eliminate e-mail used for inappropriate communications, such as racist, sexist or "sexually explicit" comments or "jokes".
- Reduce the risks of misuse by limiting which employees have Internet access.
- Create an e-mail use policy that fits the corporate culture.
Some issues to consider:
- Should the policy prohibit e-mailing some sensitive business messages, such as promotions and termination?
- Should the e-mail of some employees, particularly those with access to trade secrets, be subject to closer scrutiny?
- How long should e-mail be stored before being destroyed?
- Before destroying e-mail, should messages be read?
- To what degree should e-mail be used to promote company civility?
- How will violations of the e-mail policy be handled?
- Put the Policy In Writing!!!
- Employee Education
Since it is designed to regulate their behavior, the best-drafted policy in the world is of little use unless it is effectively presented to employees. Employees need to be educated about the e-mail policy early and often.
- Make Use of Current Security Technology Such As Encryption,
Firewalls and Screening Software
Given the pervasive use of e-mail in business and the many faceted risk it creates for employers, no employer can afford to be without an e-mail liability prevention plan.