E-mail is the fastest-growing communication tool in business today – it is fast, effective, user-friendly and, probably the most cost-effective way to communicate, writes Dries Morris, a director of Securicom.

However, e-mail also poses significant threats to business and, once you have a better understanding of what these threats are, you will quickly realise that an internal corporate e-mail policy is not just a nice-to-have, but rather an absolute necessity.
It doesn’t matter what size your company is, or what industry you are in, implementing a corporate e-mail policy is an essential first step towards protecting your company against the threats associated with e-mail, which include, amongst others, confidentiality breaches; loss of intellectual property; network congestion and, damage to reputation.
In fact, recent legislation actually calls for improved e-mail usage and retention policies as these records are increasingly being used in lawsuits and other legal actions.
By having an internal e-mail policy in place, you are officially making your employees aware of your organisation’s guidelines and restrictions on e-mail usage. This should hopefully discourage any misconduct, but if not, the e-mail policy can offer you some protection against liability for the “e-mail-misconduct” of your employees.
In previous cases, employers have been freed from liability because the existence of an e-mail policy provided proof that the company had in fact taken steps to discourage and prevent the inappropriate use of the company’s e-mail system.
Implementing an e-mail policy is also advisable if you intend using e-mail filtering software to check the content of your employees’ e-mails. Your e-mail policy would have to state the possibility of e-mail monitoring otherwise you could be liable for privacy infringement.
An e-mail policy is highly company specific and “one size does not fit all”. This is because an e-mail policy should be compiled according to your company’s specific business requirements.
An important first consideration should be to define the purpose of e-mail within your business, particularly if it is to be used for business-related communication only.
As a guideline, an e-mail policy should include precise directives regarding:
* Legal risks and requirements;
* Best practices and etiquette;
* Replying to e-mails;
* Newsgroups (whether employees are allowed to belong to them and what is the process in terms of applying);
* Personal usage;
* Confidential information;
* Prohibited content and language;
* Passwords and encryption policies and,
* Maintenance and system monitoring.
For smaller companies, there are template policies which can be purchased online and tailored to meet specific business requirements, but larger organisations are best advised to seek professional assistance in implementing and enforcing an e-mail policy.
In order to be effective, your e-mail policy must be easily accessible and readily available to all employees. Ideally, it should be included in employment contracts, employee handbooks and company intranets. Any changes or updates to the e-mail policy must be circulated via e-mail and on paper to ensure that employees are aware of them.
Without the consent and blessing of your employees, your e-mail policy probably won’t fly. As such, it is important that you communicate your policy to your employees, and if need be, negotiate it with them.
When it comes to privacy, South African Labour Law favours the position of employees, affording them a greater degree of protection. Hence, it is important to ensure that any changes to the policy, which might be considered an infringement on privacy, must be communicated to, and approved by, your staff.
It is important that your employees understand the legal tag associated with an offensive mail or joke and, that anyone found distributing content in contravention of the e-mail policy is dealt with promptly and fairly.
Admittedly, monitoring e-mail is the only sure-fire way of ensuring that no e-mail policies are breached and, the best way to monitor mail is to use filtering software to block and quarantine mail before it is sent or received. This is also enables a business to protect its infrastructure against offensive content, spam and viruses.
However, for companies not wanting to go this route, communication remains key to enforcing an e-mail policy. Employees must accept the policy and understand the ramifications of contravening that policy.