Do you have an e-mail policy in place for your organisation? If you don’t, you’d better get one fast. E-mail policies are important since they spell out what the company considers as appropriate e-mail usage and more importantly, what is considered as inappropriate usage. You can either create a separate e-mail usage policy or you can include an e-mail policy section in your employee handbook. In both cases it is a good idea to ask the employees to sign the policy, indicating that they have read and understood the document.
What kind of subjects should you cover in your e-mail policy? Deborah Galea, COO at Red Earth Software, provides a list of ten points to include:
E-mail risks: The policy should list e-mail risks to make users aware of the potential harmful effects of their actions. Advise users that sending an e-mail is like sending a postcard: if you don’t want it posted on a bulletin board, then don’t send it.
Best practices: This should include e-mail etiquette and writing rules in order to uphold the good reputation of the company and to deliver quality customer service. For instance, include five etiquette rules: Do not write e-mails in capitals; enable spell checking; read the e-mail before you send it; include a signature conform company format; use proper grammar and punctuation. Also include instructions on compressing attachments to save bandwidth.
Personal usage: The policy should state whether personal e-mails are accepted and if so, to what extent. You can for instance set limits on the times of day that personal e-mails can be sent (only during breaks), or you could require personal e-mails to be saved in a separate folder. In addition, state that employees are prohibited from sending or receiving certain e-mail attachments, such as EXE, MP3 or VBS files. You could also include a maximum file size for attachments sent via e-mail.
Waste of resources: Warn users that they are making use of the company’s e-mail system and that they should not engage in non-business activities that unnecessarily tie up network traffic. The policy must also cover the use of newsletters and newsgroups. For instance you can state that employees may only subscribe to a newsletter or newsgroup if this directly relates to their job.
Prohibited content: The policy should expressly state that the e-mail system is not to be used for the creation or distribution of any offensive, or disruptive messages, including messages containing offensive comments about race, gender, age, sexual orientation, pornography, religious or political beliefs, national origin or disability. State that employees who receive any e-mails with this content should report the matter to their supervisor immediately. Moreover, employees should not use e-mail to discuss competitors, potential acquisitions or mergers or to give their opinion about another firm. Unlawful messages, such as copyright infringing e-mails should also be prohibited.
Document retention policy: Include information on whether or not e-mail will be archived and for how long. If your organisation is required to archive e-mail messages, state that all e-mails will be archived and include the number of years that the records will be kept. If you are not required to archive your e-mails, notify your users about whether they can or should delete e-mails after a number of months or years.
Treatment of confidential data: Include rules and guidelines on how employees should deal with your company’s confidential information and trade secrets. They should also be aware that they should not forward any confidential messages or attachments from other companies without permission. Make employees encrypt any confidential information that is sent via e-mail and change passwords regularly.
E-mail disclaimer: If you are adding a disclaimer to employees’ e-mails, you should inform them of this and state the disclaimer text that is added.
E-mail monitoring: If you are going to monitor your employees’ e-mails, you must state this in your e-mail policy. Warn that employees should have no expectation of privacy in anything they create, store, send or receive on the company’s computer system and that the company may, but is not obliged to monitor messages without prior notice. If you do not mention that the company is not obliged to monitor messages, an employee could potentially sue the company for failing to block a particular message.
Measures and violation reporting: Warn that if an employee is found to be in breach of the e-mail policy rules, this could result in disciplinary action, up to and including termination. If an employee witnesses e-mail policy abuse they are required to report the incident immediately. Include contact details of who to contact if a violation of the policy rules is detected. This could be a supervisor but it might also be a good idea to appoint a specific contact person to report e-mail policy breaches to.