Why your organization needs an email policy
Email has quickly become one of the most used business tools over the past couple of decades. While the benefits of email are clear to see, the sheer volume of messages sent and received ona daily basis makes the prospect of monitoring communications daunting. This is why implementing an email policy is so essential.
The best policies are created specific to the industry, size of organization, corporate culture and overall importance of using email as a critical communication tool. Regardless of the scope and restrictions of the policy, most companies lack the ability to enforce their policy if they have no awareness of when, how or by whom a policy is being broken.
This way management can directly and immediately address policy violations, educate users, and create or adjust policies based on actual company usage. This cycle of active management, user education and policy optimization is the only way to improve the business and reduce risk in the long term.
How to implement an email policy in your organization
1. Policy Communication
Any policy will be effective only to the extent it is communicated effectively. Accordingly, any policy should be distributed in writing to existing employees and new hires and it should be readily available on-line via the company’s intranet.
Inclusion in employee handbooks, manuals and stand-alone policies is also appropriate. The policy may also be incorporated into any employee training on correct and permitted use of the company’s resources and electronic systems.
Personnel who will monitor and administer the policy should also be trained in order to ensure consistent application. Additionally, this policy should be reviewed and updated at least annually or when faults or omissions the policy are detected.
Policies on electronic communications should be consistent with an employer’s other policies, such as those concerning computer network usage, use of the company’s name, telephone monitoring, antitrust, searches of office space, discrimination and discipline.
They should also be in compliance with applicable federal, state or local laws regarding electronic monitoring. Any procedures or disciplinary consequences arising from breaches of the policy should also be made clear and enforced consistently.
3. Consent to Monitor
In the United States, the Electronic Communications Privacy Act establishes that employees should have no expectation to or right of privacy in the workplace because all equipment and systems used in the workplace belong to the employer.
The situation in the European Union is a little less clear, where local and European data protection laws may both be relevant and in some cases even conflict. Here, a balance between the interests of the employer and the employee’s right to privacy may be required.
Regardless of jurisdiction, employers should require all new and existing employees to sign an email policy which gives them explicit consent to conduct email monitoring, and not merely provide an acknowledgement that such monitoring will occur during the course of employment.
4. Minimize Negative Impact
Regardless of the specifics of the your organization’s email policy, it should be presented to employees with an eye toward maintaining a positive relationship between the employee and employer. Monitoring of email conversations may foster an atmosphere of distrust and resentment.
Therefore, employers should present the monitoring program as part of an overall security program, advising employees that monitoring activities are being instituted as a necessary tool aimed at helping them in their jobs and responding efficiently and effectively to business needs.