E-mail has become a ubiquitous part of the workplace. Even in the face of constant interruption, the ever-increasing torrent of spam, and potential liability issues, e-mail is a central part of business today. Because of these issues, a clearly articulated, written e-mail policy is important for any company.
Why does your company need a written e-mail policy? For starters, the U.S, Supreme Court has ruled that companies can protect themselves from liability by having clearly written policies. As a general rule, any company that has 15 or more employees should have written e-mail policies.
There are two sides to this argument. On one hand, company lawyers often warn their clients that poorly written policies can become main points of contention during litigation if the opposing side (usually an employee) alleges the company violated its own policy. However, well-written policies should protect against these claims and not be a problem. Companies that don’t have written policies, conversely, end up with less legal protection in cases such as sexual harassment, where e-mail is often used for evidence.
To get started, any e-mail policy should include the following components:
- Privacy: Employees should have no expectation of privacy associated with the information they store in or send through company systems. If this is not explicitly stated, the court may rule that there is a default expectation of privacy, similar to that of the U.S. mail.
- Right to examine and monitor: The company retains the right to examine all information, at any time, stored or transmitted on company systems. The company reserves the right to monitor for any purpose all communications and access usage via the company or client computing systems.
- Ownership: All information stored or transmitted by company computers and communication systems belongs to the company. This clause puts all e-mail and information transmitted and stored in the company computers as “work for hire” and places ownership and copyright of information with the company.
- Usage: Since the information is company property, employees should not use e-mail for any purpose that has not been explicitly approved by the company. A list with appropriate use and inappropriate use of e-mail should be as clear as possible.
- Copyright: Employees must not transmit or receive any material in violation of any federal or state laws and regulations. Employees must not receive or transmit copyrighted materials without permission. The courts have held companies liable for their employees downloading copyrighted materials.
- Confidentiality: As normal unencrypted e-mail is unsecure, employees should not send confidential information in e-mail. There are several methods for sending secure e-mail such as encrypting and password protecting attachments. These methods either require special software or more technical expertise at the recipient’s end.
- Care: Employees should take additional precautions to prevent customer information in e-mail from being inadvertently damaged or destroyed.
All employees should read and sign your company e-mail policy. This shows that they are aware of the information contained in the policy. Should an employee violate the e-mail policy (e.g., sending an e-mail containing inappropriate content), the employee, and not the business, would be primarily liable for any lawsuits or damages as a result. Policies are legal documents, so before implementing an e-mail policy, consult with an attorney.
John C. Shovic is a partner in Coeur d’Alene, Idaho–based MiloCreek Consulting.