If your company uses email, provides email service for your employees, or allows your employees to use email for business purposes, you have to have a written email policy. To not have one opens you up to all manner of headache and potential liability.
Why Should I Be Concerned
Not convinced that it's necessary? Look at any recent court case. Opposing attorneys now ask for email the way they used to demand inter-office memos. Microsoft's prolonged anti-trust case was a prime example of the effect of company email on a trial.
Beyond legal ramifications, consider the negative publicity and damage to your company's reputation that could be caused by the wrong email getting out.
Or what about the possibility of company secrets being inadvertently or deliberately passed to a competitor. There are allegations that spies in the US nuclear industry used email to send secret material to China.
Isn't This A New Problem?
The central issues in a corporate email policy are not new. Issues of business purpose, privacy, restricted material, retention policies, even freedom of speech issues, have all been addressed before. Email is simply a new technology for communicating and an effective email policy will recognize that.
Your company probably has policies and procedures for archiving and retaining written business communications, letter, memos, etc. The policy may address what needs to be kept and for how long. An email policy needs to address the same issues.
A harassment policy exists for your company (or it had better) stipulating actions that are prohibited. Do you prohibit sexually explicit photos in the work areas, but not have an email policy that prohibits transmitting sexually oriented images.
Other than the technology involved, these aren't new issues. They simply need to be addressed in light of the new technology, and a policy developed, published, and enforced.
Who Writes The Policy?
An email policy needs input from many groups within the company. Upper management must direct the policy development so that it supports the company's overall mission. The legal department can tell you what must be included and what should be excluded.
IT (the computer department) can tell you their recommendations and what is technologically possible. Get the HR department input because this will effect virtually every employee. Although not absolutely required, I recommend getting the PR department involved up front. It is easier for them to cogently defend the policy if they were involved in its development.
Finally, get the employees involved. Select representatives from the various user groups, up and down the org chart, and of various skill levels. If you have employee stakeholder groups, like a union, include them too. You want people with opinions, not necessarily answers, but mostly you want their input to increase the chances of the policy ultimately being workable.
Heinz Tschabitscher is the About.com Guide to email. His site covers "all the wonderful things you can do with email, as well as topics like mailing lists, email marketing, software reviews, privacy issues, spam, and Internet standards."
AITP Model Electronic Mail (E-mail) Policy
From AITP (The Association of Information Technology Professionals), a suggested policy for rules and procedures for e-mail messages. It covers internal and external network systems and services to which the company may subscribe.
Sample email and voice-mail policy.
From the CPSR (Computer Professionals for Social Responsibility), a sample email/v-mail policy with CPSR's recommendations for improvements.
Educational Institutions have different requirements and cultures than most businesses. They generally generally are more interested in fostering academic interchange of ideas rather than being concerned about theft of trade secrets or pending litigation. Here are the email policies from the University of California as an example.
If you have any questions or comments about this article, or if there is an issue you would like us to address, please post them on our Management Forum to share with the entire group.