Software

Decision Support: Can legal disclaimers in e-mail provide low-level security for company info?

Requirements of legal disclaimers in e-mail


You may have noticed that many of the e-mails in your inbox include ominous warnings in the signatures such as:

"This information is intended only for the use of the addressee(s) and may contain privileged, confidential, or proprietary information. If you are not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, displaying, copying, or use of this information is strictly prohibited….”

Legal experts insist that these disclaimers are often necessary in an environment where increasingly sensitive and valuable communications are distributed electronically.

Obviously, if your organization has a need to include disclaimers in its e-mail transmission, you should understand the requirements of such disclaimers and institute a policy to assist end users with their e-mail signatures. If your organization doesn’t have a policy or you’re unclear about the use of disclaimers, read on to learn more about the legal rationale behind them and how your organization's users can take advantage of this low-tech information security measure.

Who needs it and why?
Businesses are often obligated to have disclaimers placed at the end of e-mails as a part of an overall security policy.

According to Samuel A. Thumma—a partner in the commercial law firm of Brown & Bain, P.A., of Phoenix, AZ who specializes in securities, commercial litigation, and e-commerce issues—these disclaimers are an important part of securing company information.

"Under the Uniform Trade Secrets Act, you need to take reasonable measures to protect information as a trade secret. Among other things, you need to take reasonable measures that [such information] is not disclosed," Thumma said.

For some professions, disclaimers place an ethical and legal barrier on the message.

"There can no be question that the sender wants the recipient to know that this is privileged and if it was miss-sent, [the recipient has] obligations to return it unread," he said. In many jurisdictions, that obligation may be ignored if the disclaimer is missing.

Discretionary use of disclaimers
For some organizations, the requirement for legal disclaimers on e-mail might be restricted to specific departments or personnel. Here are three different ways in which organizations might use e-mail disclaimers:
  • ·        E-mail disclaimers are transmitted over the Internet with every message.
  • ·        Certain departments or people with certain job titles are required to always use disclaimers. (For example, the human resources and senior management may be required to use disclaimers, but clerks in the warehouse do not have to use them.)
  • ·        Users must use disclaimers for appropriate e-mail messages, or different messages for different kinds of e-mail content. (For example, Thumma has different disclaimers specifically designed for the types of litigation the e-mail discusses.)

If you find that your organization doesn't have a legal disclaimer policy but that some or all users transmit important data via e-mail, speak up. You should suggest to management that the company investigate using disclaimers, Thumma said. And if the company decides to use them, make sure the end users receive proper training on the use of these legal disclaimers.

Making it work for the end user
Organizations concerned about the Trade Secrets Act may want every piece of e-mail to bear a disclaimer. To make sure this happens, there are several third-party add-ons to Exchange that will allow the automatic placement of the disclaimer on e-mails.

Some of these tools are:

TechRepublic's Exchange administrator, Mike Laun, said that you can put such a disclaimer on the SMTP and that it will be attached only to those messages that are sent out over the Internet. Internal e-mail won't receive the excess text.

Fun with e-mail disclaimers
Even if your professional e-mail doesn't require a legal disclaimer, you can still add one to your personal mail. Check out a humorous example of an e-mail disclaimer from TechRepublic columnist Jeff Dray.

Instructing end users about e-mail disclaimers
In some organizations, only certain people with certain job titles need to send messages with a disclaimer. For those people, the signature features built into their e-mail clients should suffice.

There are organizations that ask these employees to use the disclaimer only when necessary. A disadvantage to depending on individuals to include the disclaimer is that some users may forget to use it. Or other users may not understand how to use it properly.

Thumma said he had several of the disclaimers he uses on a computer that was recently replaced. As he used his new computer, one of the disclaimers began appearing on every message he sent.

Apparently, when the support tech set up Thumma's machine, he set that particular signature as the default signature in Exchange under Tools/Options/Mail Format/Signature. Thumma didn't initially realize this, and he also wasn't sure how to reset the signature to be blank. So he had to ask for help.

Tips for supporting disclaimers in mail signatures
Knowing why an organization uses a legal disclaimer will help support techs explain the importance of using disclaimers to end-users. In a perfect world, every employee would already be aware of company policies—or the legal team would be available to explain it to them. But in the real world, support techs need to be ready to pass on this information to users when they question the use of such e-mail legal disclaimers.

Other tips on supporting disclaimers include the following:
  • ·        Check company policies to see if disclaimers are required for anyone, for everyone, or just for those in specific departments.
  • ·        After hardware and software changes, ask the end user if he or she needs instructions on setting up the default for behaviors for e-mail disclaimers.
  • ·        Use an automated process if legal disclaimers are required for every out-going message, but explain to your users how it works and why.
  • ·        If disclaimers are not being used in your organization, suggest that management investigate their use for all or several departments to add a level of security to their e-mail data.

Does your organization use disclaimers?
If your organization uses such disclaimers in its e-mail, what has been your experience with it? Can users be trusted with the responsibility of attaching disclaimers through signatures? Join the discussion below and tell us what you think.

 

 

Editor's Picks