A few years ago we hardly used e-mail, but now it seems as if we can't live without it!

Whilst e-mail is undoubtedly an efficient means of communication and an integral part of standard business practice, its simplicity and informality are like black holes in Cyberspace!

The informality and instantaneous nature of e-mail makes us tend to regard it as if it was like "casual conversation". We tend to say things in e-mails that we would never say in a letter or in a face to face meeting. We think of e-mail as anonymous but in fact it is the opposite.

If you write a letter in anger you have a chance to stop it being sent. If you make an error in a memo there is an opportunity to undo a potentially damaging situation. In the case of e-mails, hit "send" and there’s no going back.

Over the past few years we have found that legal and regulatory liability arises from the use of e-mail in several areas:

Copyright – Employees and their employers may be jointly liable for the publication of infringing copyright material which is often in the form of downloaded files from the internet, or copied text within an e-mail.

Defamation – Where an employee inadvertently or maliciously publishes an untrue statement about a person which is then published to a third party and damages the reputation of that person or holds them up to hatred, ridicule or contempt, then the employer may well be liable as a publisher.

Sexual/racial harassment - e-mails are more likely to contain inappropriate language than a formal letter or memo. Add to that the ease with which many employees can access and download and circulate sexually explicit material, and an employer faces a potentially serious problem.

Stress related illness – One of the main causes of stress in the workplace is bullying and many bosses tend to hide behind e-mail when sending abusive, aggressive or deliberately anti-social e-mails (flaming).

Contractual commitments – It is not difficult for employees to inadvertently commit their business to a contract if the recipient of an e-mailed message believes that the employee had authority to commit the company to a purchase order, offer to supply and so on.

Confidentiality – Statements made in e-mails might well contain business trade secrets and all too often employees exchange "gossip" with colleagues in competing organisations and without thinking reveal information that the company would not otherwise wish to have been placed in the public domain. In addition, disgruntled employees who used to "smuggle" customer lists out of the door in their briefcases or in disks on the day that they left, can now simply e-mail them out.

Security – The increase in viruses such as Melissa and the Love Bug highlight the dangers to businesses from e-mailed viruses.

These potential and real liabilities mean that businesses should put in place appropriate policies and procedures to appropriately manage e-mail within the workplace.

These policies and procedures should address a number of issues:-

• Maintaining confidentiality and business secrets.

• Addressing security issues.

• Reserving the right to monitor e-mail.

• Reducing the risks of liability.

• Training and educating staff in appropriate use of e-mail.

• Encouraging the efficient use of e-mail.

So what should an e-mail policy contain? Well, first of all the employers need to consider if e-mail will be used only for business purposes, or e-mails may be used for personal reasons. In addition, employers need to ask themselves if e-mailing of some types of data and content should be restricted and thus monitoring of e-mail will be a necessity. Further issues are "How long should e-mails be stored and archived?" "Should they he hard copied?" "How will non-compliance be dealt with and what training should be given to employees and finally, should e-mail be made secure by the use of encryption technology?"

The policy itself should contain terms which minimise risk, set out the employers attitude to use of e-mail and be realistic in its expectations. There is no point in having a policy if it is not capable of being enforced.

The policy should:-

• Reserve the right to monitor e-mail but respect employees human rights.

• Warn employees of the risk of personal and corporate liability from improper use.

• State that e-mail should never be used to send messages which are abusive, sexist, racist or defamatory.

• Alert employees to the insecurity of the internet.

• Teach employees that deletion of e-mails does not necessarily mean that e-mails are deleted.

• Remind employees that e-mails are evidence in legal proceedings and that care should be taken as to what is said in e-mails.

• Remind employees that data security rules should be adhered to.

• Alert employees to liability for copyright infringement.

• Warn employees not to waste time or congest the network by sending trivial messages, e-mailing unnecessary text and carrying out unnecessary copying.

• Address data security and data protection issues in relation to e-mail, its content and the use of encrypted e-mail.

© Robert Bond 2001

 

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.