Every company, regardless of size and its particular line of business, should have some form of corporate policy governing the use of electronic mail (e-mail) services provided by a company to its employees. It is essential for a company to have a clear e-mail policy that defines proper use and misuse of e-mail services and informs employees about their legal responsibilities with respect to sending and retaining e-mail messages. Among other things, an e-mail policy should clearly define the scope of employees’ privacy expectations with respect to communications sent and received using the company’s electronic equipment including the rights reserved by the company to access employees’ e-mail messages for business and legal purposes without prior notice to the employee. The e-mail policy should also refer to the company’s records retention policies and remind employees that e-mail message are “records” that must be preserved and may also be discovered from the company in litigation. In addition, the e-mail policy should remind employees about the risks associated with the use of e-mail include the possibility that confidential information sent via e-mail will be circulated outside the company. Finally, the e-mail policy should cover personal use of the e-mail system and include warnings to employees not to use the e-mail system for harassing, discriminating or other illegal activities. In some cases a separate document that outlines general use cautions should be disseminated along with the main policy.
Two of the most important issues that should be explicitly address in the e-mail policy are restrictions on use of e-mail services and the rights of the company to access e-mail content of users and, if necessary, disclose e-mail messages to third parties. E-mail users are required to comply with state and federal law, company policies, and normal standards of professional and personal courtesy and conduct and access to e-mail services should be deemed a privilege that may be wholly or partially restricted by the company without prior notice and without the consent of the e-mail user when required by and consistent with applicable law or policy, when there is a reasonable suspicion that violations of policy or law have occurred or may occur, or when required to meet time-dependent, critical operational needs. The e-mail policy should elimination expectations of privacy by informing employees that the company may permit the inspection, monitoring, or disclosure of e-mail in certain circumstances and that users will be required to comply with company requests for access to and copies of company e-mail records when access or disclosure is required or allowed by applicable law or policy, regardless of whether such records reside on a computer housed or owned by the company.
The e-mail use policy should be widely disseminated in employee handbooks and on the company’s internal website and a record should be maintained that shows that employees have acknowledged receipt of a copy of the policy on a regular basis (e.g., at least annually). When the policy is disseminated it should be accompanied by a transmittal letter or memorandum that highlights the main elements of the policy and includes references to specific text regarding an issue within the actual policy.
The content in this post has been adapted from material that will appear in Business Counsel Update (April 2008) and is presented with permission of Thomson/West. Copyright 2008 Thomson/West. For more information or to order call 1-800-762-5272.