Why your organization needs an email policy
Email has quickly become one of the most used business tools over the past couple of decades. While the benefits of email are clear to see, the sheer volume of messages sent and received on a daily basis makes the thought of monitoring communications daunting. This is why implementing an email policy is so essential.
The best policies are created specific to the industry, size of organization, corporate culture and overall importance of using email as a critical communication tool. Regardless of the scope and restrictions of the policy, most companies lack the ability to enforce their policy if they have no awareness of when, how or by whom a policy is being broken.
With awareness management can directly and immediately address policy violations, educate users, and create or adjust policies based on actual company usage. This cycle of active management, user education and policy optimization is the only way to improve the business and reduce risk in the long term.
How to implement an email policy in your organization
1. Policy Communication
Any policy will be effective only to the extent it is communicated effectively. Accordingly, any policy should be distributed in writing to existing employees and new hires. It should also be readily available on-line via the company’s intranet.
Inclusion in employee handbooks, manuals and stand-alone policies is also appropriate. The policy may also be incorporated into any employee training on correct and permitted use of the company’s resources and electronic systems.
Personnel who will monitor and administer the policy should also be trained in order to ensure consistent application. Additionally, this policy should be reviewed and updated at least annually or when faults or omissions the policy are detected.
Policies on electronic communications should be consistent with an employer’s other policies, such as those concerning computer network usage, use of the company’s name, telephone monitoring, antitrust, searches of office space, discrimination and discipline.
They should also be in compliance with applicable federal, state or local laws regarding electronic monitoring. Any procedures or disciplinary consequences arising from breaches of the policy should also be made clear and enforced consistently.
3. Consent to Monitor
In the United States, the Electronic Communications Privacy Act establishes that employees should have no expectation to or right of privacy in the workplace because all equipment and systems used in the workplace belong to the employer.
In light of the recent ECHR (European Court of Human Rights) case that concluded in favour of the employee, responsibility has now been placed with organisations regarding email policies and email monitoring.
For best practise all employers should require all new and existing employees to sign an email policy, which gives them explicit consent to conduct email monitoring. Not merely provide an acknowledgement that such monitoring will occur during the course of employment.
4. Minimize Negative Impact
Regardless of the specifics of the your organization’s email policy, it should be presented to employees with an eye toward maintaining a positive relationship between the employee and employer. Monitoring of email conversations may foster an atmosphere of distrust and resentment.
Therefore, employers should present the monitoring program as part of an overall security program. Advise employees that monitoring activities are being instituted as a necessary tool aimed at helping them in their jobs and responding efficiently and effectively to business needs.