The Problem with E-mail
Policy Can Limit Expectation of Privacy
Additional Ground Rules for E-mail Use

Sometimes your employees send jokes and personal commentaries using the office e-mail system. What’s the harm? They get their work done, so no problem, right? Wrong. If you don’t have rules governing the proper use of e-mail, you may be liable for your employees’ abuses.

The use of e-mail is so entrenched in the average office it is hard to imagine a time without it. Most employees view e-mail as a necessary workplace tool since it allows them to communicate quickly and efficiently with coworkers, customers, and vendors. But there are problems associated with how employees are using e-mail, and some of the problems are beginning to reach the courts. Employers can minimize liability from e-mail abuse by setting and enforcing ground rules that give employees a clear understanding of what use is acceptable.

On the positive side, e-mail is a relatively simple, user-friendly, and inexpensive tool that allows employees to communicate instantaneously with each other and outsiders. However, because messages can travel into cyberspace at the click of a button, employees often do not take sufficient time to review what they are saying before sending the e-mail. Instead, many treat e-mail like a telephone conversation that no one will remember, rather than a business letter that may be printed or forwarded to others. Based on volume alone, it is easy to understand how employees without guidance in the proper use of e-mail can cause problems. Examples of how employees can misuse organizations’ e-mail systems include:

• Harassment of employees. E-mail provides employees with another medium to offend each other and even violate harassment laws. Messages consisting of off-color jokes, racial slurs, or gender-related remarks could be the basis for a discrimination claim.
   

• Copyright infringement. Computer technology makes it easy to cut, paste, and scan copyrighted material into an organization’s database, and e-mail makes it easy for employees to send and receive this material. However, e-mailing information from the Internet or printed material without authorization from the author or publisher could be a violation of the Federal Copyright Act for the employee and the employer.
   

• Confidential information. Since the employer’s proprietary information (such as customer lists, product information, databases, and computer programs) is often stored on computer, it also is possible for an employee to e-mail this information to the wrong parties. The ease by which the information can be transmitted makes it susceptible to both accidental and intentional misappropriation.
   

• E-mail mistakes. Information meant to be confidential that is inadvertently sent to the wrong person can be a source of embarrassment and liability. Such an accident actually happened to a Federal Communications Commission worker when a dirty joke, which was meant to be sent to a few select friends, went out to 6,000 people, including employees and associates of the agency.
   

• Retention of e-mail files. Retention and deletion of e-mail files also is a concern for employers. E-mail files can be left on an organization’s net-work, stored in back-up files, or archived on the employee’s own hard drive. As a result, simply hitting the “delete” button does not necessarily eliminate the e-mail. In addition, sophisticated software can retrieve a message even after it has been deleted. So, if the organization’s records are ever subpoenaed, that e-mail could be used as evidence against the employer.
   

• Viruses. Many destructive viruses come into the workplace via e-mails that include attached files. These viruses have varying degrees of destructiveness, ranging from jamming servers with volumes of messages to destroying or scrambling employee files.

Employers can prevent these types of problems by establishing a clear policy dealing with the use of e-mail. The policy can address only e-mail or be part of a policy covering the use of all of the employer’s communication systems. The first step is to address the organization’s position on the monitoring of e-mail and to limit each employee’s expectation of privacy.

Three federal laws address e-mail monitoring. Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (the Wiretap Act), prohibits intentional interception or accessing of any wire, oral, or electronic communication and was amended in 1986 by the Electronic Communications Privacy Act (ECPA) to include e-mail specifically. However, the law allows employers to monitor and access e-mail if their employees have been notified of the monitoring. In addition, under the Stored Wire and Electronic Communications and Transactional Records Access Act, employers that provide the electronic communication service may access messages once they are stored in their computer systems without notifying employees of the access. Therefore, to ensure compliance with the Wiretap Act and ECPA, employers should give notice to employees that the e-mail system is the sole property of the employer, is for business use only, and that the employer reserves the right to access, review, and monitor its use, including any data that is stored or transmitted. Some employers also use pop-up messages as a reminder to employees about the e-mail policy and have them sign a form giving express consent to the monitoring.

In addition to a clearly worded statement limiting privacy, the policy should include the following restrictions on e-mail:

1. Specifically prohibit the transmission of discriminatory or harassing e-mail as a violation of the employer’s harassment and communications policies. All potentially harassing e-mail should be investigated, and violators should be disciplined under the organization’s harassment policy.
    

2. Prohibit the duplication or distribution of copyrighted materials without the permission of the author or publisher. Require employees to get a manager’s approval or confer with legal counsel before copying, scanning, or using any copyrighted information received via e-mail or before sending this type of information in an e-mail.
    

3. Prohibit the transmission of e-mail containing confidential, proprietary, or trade secret information and restrict access to this information.
    

4. Instruct employees to treat the composition of e-mail like any other business communication and explain that personal correspondence should not be presented as representing the organization. Remind them that e-mail is like any paper document that could be used in a lawsuit. In addition, suggest they double-check the addresses to which an e-mail is being sent and review the contents to save embarrassment for both the employee and employer.
    

5. Train employees about retaining and deleting e-mail. Any “junk” or personal e-mail should be deleted on a regular basis. E-mail of a business nature should be saved and then purged periodically as it becomes obsolete. E-mail that contains information subject to record retention rules (such as an employee’s performance appraisal), however, should be kept as long as required by law.
    

6. Require that all information received by e-mail, downloaded from the Internet, or received on floppy disks be scanned for viruses. Keep employees up to date on the latest viruses and how to protect the integrity of the organization’s computer system.

The popularity of e-mail continues to grow and is becoming one of the most heavily used forms of communication in the business world. However, misuse of the e-mail system can open the employer to many problems and even liability. Just like any document, e-mail can be around for a long time. Providing your employees with a set of ground rules lets them know your expectations and is good insurance against possible abuses.