Software

Liability@work: What's your corporate e-mail policy?

An e-mail policy is a good way to set limits on your company's legal liabilities. Here are the things you need to take into consideration when defining your corporate policy on e-mail.


Having a clear and well-written e-mail policy that has been communicated to all employees can protect your staff and the company from embarrassment—and maybe even some legal consequences.

“Most of the cases I’m aware of are not about content, like the Microsoft case and the tobacco industry one and some others were,” said Joyce Graff, vice president and research director for electronic mail for the Gartner Group, Inc. in Stamford, CT. “The much more numerous ones are harassment suits and the day-to-day garden-variety kind.”

Graff said that when it comes to e-mail liabilities, every company needs to:
  • Create a policy.
  • Make employees aware.
  • Train employees.
  • Monitor the e-mail.

The policy is the “important thing”
According to Graff, “The most important thing of all is [to create] a policy so people understand” what’s expected of them. They should know:
  • Who owns the account: The employee or the company?
  • Is the employee’s e-mail private, or will it be monitored?
  • The company’s rules on whether recreational material, like jokes, MP3 files, and pictures, can be sent or received via e-mail.

Employees should be told that the e-mail account is for business use and that they’re expected to do the right thing, Graff said. Their e-mail correspondence shouldn’t embarrass the company or make the company liable for any fines.

Make it a priority to tell your employees that the company owns their e-mail and that the company reserves the right to monitor that e-mail, if that is the case, Graff said.

“Some employers absolutely need access, such as with company trade secrets,” said Samuel A. Thumma, director of Brown & Bain, P.A., of Phoenix. “You need to make sure your corporate assets are staying inside the corporation.”
See TechRepublic’s story on corporate e-mail policies by Matthew Osborn for a discussion on e-mail ownership. Bruce Spencer’s E-Market Watch column recently described security issues with e-mail and monitoring software. Don’t miss either article if your company would benefit from more information on these topics!
Monitoring e-mail isn’t always desirable for every business, Thumma said.

“Are you in an industry where you are used to folks looking over your shoulder? It might not be a big deal,” he said.

“If you are in an industry where you have high producers who pride themselves on having autonomy, to say, ‘You know we are going to reserve the right to look over your shoulder about anything you do,’ might be counter-productive,” Thumma said.

Ask your employees: Are you aware?
Having an e-mail policy is great, but if no one knows about it, does it do you any good?

“If you’ve laid out [an e-mail policy] and you keep reminding people—because they need to be reminded probably at least once a quarter—then if they misbehave you have the right to take action,” Graff said.

“You should reserve the right to go into that account, monitor that account, and take disciplinary action, including termination.

“If you lay that out, then you’re less likely to get into trouble, because there have been suits where employees said, ‘I didn’t know that’ and, ‘We expected this was our private account,’” Graff said. “It’s generally not held up in court, but you can get yourself out of that whole argument if you have a policy, and especially if you have the employee’s signature on that policy.”
To start writing an e-mail policy, check out the template on Court TV’s Legal Help business site.
Ideally, you have a piece of paper with your e-mail policy explained on it and every employee has signed off on it, in essence saying they know about the policy and understand it, Thumma said.

In addition, it might be a good idea to e-mail the policy to every employee periodically.

“E-mail is a particularly good way, if the user has to sign in with a password, to know they received it,” Thumma said.

“It’s not perfect. It’s not like a signature, but it’s pretty good,” he said, adding that an employee could still claim that someone else broke into their account and received the message. But such an argument goes against common sense.

Training removes any doubts
At home on their own e-mail account, employees can be as flippant as they want with their e-mail, but when they write something at work, their e-mail is being written on corporate stationary, and they should not write anything they wouldn’t say in an open business meeting.

When employees use e-mail, they often mistakenly believe that their mailto address is theirs alone. “People don’t realize this, but it’s not what’s to the left of the @ sign, it’s what’s to the right of the @ sign,” Graff said. “It’s the company that can be held liable, depending on what happened in that e-mail message."

Sometimes employees blur the lines between personal and business e-mail use and may not realize, without training, that they’ve crossed the line.

Graff gives this example:

“If someone copies an MP3 file to their personal computer, that’s one copy for personal use and that’s OK,” she said. “If they copy it down to the corporation’s server, then the corporation is in violation of copyright. There are fines for this.

“The corporation now is in jeopardy of being sued for violation of copyright. These are the kinds of things that we have to watch out for.”

Thumma’s research found a lot of this sort of e-mail abuse.

Here’s his list of common e-mail types that wind up in court:
  • Purported jokes
  • Individual harassment by people who target other individual employees. These e-mails can sometimes be graphic, sometimes physically threatening, and sometimes retaliatory or even just offensively frequent or numerous.
  • Messages taken out of context that were sent as jokes or for fun but were misconstrued because the sender can’t react to the receiver’s reaction in real time (with e-mail).

In court, employers find there is a gulf between reality and perception in how e-mail is interpreted by juries of people unassociated with the company.

“It’s the electronic version of water cooler gossip,” Thumma said about e-mail. “Merely because it occurs in written form doesn’t mean it actually occurred, or doesn’t mean that was the corporation’s position or doesn’t mean a position like that was taken.

“You get that in front of a jury of six or 12 people who aren’t familiar with the corporation, and they may think that was the company’s position. And that may or may not be true,” he said.

Monitor and enforce your policy
When employees violate the company’s trust, there has to be some consequence.

“If the company doesn’t take action, now the company becomes liable because the company wasn’t fostering the right kind of working environment,” Graff said.

“This is where it moves from the individual act to the corporate act,” she said.

This liability is not being lost on company CIOs and others who are using e-mail policies. According to Thumma, cases of employee abuse of e-mail are decreasing, possibly because more companies are instituting policies.

In 1997, about 50 percent of e-mail cases involved employee abuse of the medium, he said. That dropped to about 41 percent of the cases in 1998 and about 37 percent in the first half of 1999, the latest figures he has.

“Employers are more and more looking toward intelligently written, communicated, and enforced e-mail use policies in supporting disciplinary decisions, and courts are beginning to look at those things closely,” Thumma said.

The courts are “saying, ‘Look, if you misuse e-mail, and you were told that you shouldn’t misuse e-mail and that you could be punished if you misuse e-mail, we’re not going to claim the employer did something wrong when you were punished,'” Thumma said.

“You can’t just say you have a policy and tell the employees that you have a policy,” he said. “You have to enforce it.”
Does your company have an e-mail policy that addresses how employees can use this quick and interactive tool? Can you be sure everyone is aware of the policy? How? If you don’t have a policy, is there a reason you don’t? Post a note below or send us an e-mail with answers to these questions.

Editor's Picks

Free Newsletters, In your Inbox