By Victor Woodward
Last year, for another publication, Micheal Overly and I wrote an article that posed this question: is your organization prepared to weather the legal storms of email?
We reviewed some incidents that hopefully left readers with a clear message: when it comes to safeguarding your company from the legal liability of corporate email use, readiness is all. In the last year, numerous other companies experienced the pain of large lawsuits that hinged on the contents of email. The dangers posed by email content were further illustrated by the Microsoft anti-trust trial. The legal implications of the Microsoft suit, and other trials, are clear--companies are liable for what happens on their email system.
"Most critical: demonstrate your company's intention to prevent email abuse."
Meanwhile, email as a form of business communication is increasing every day; thus, liability and risk from email content is increasing every day. We've been thinking about ways to increase preventive measures that don't require a lot of time or money to implement. We've devised the five part plan below, which we hope you'll find useful in protecting your company.
Step 1: Establish a content security policy
One way to stem the tide of email-related lawsuits is with a sound content security policy. This is a policy in which employees acknowledge that the Web and email system belongs to the company and messages may be monitored. A policy not only alerts employees to concerns of organizational liability, but may also be used as evidence of supporting a healthy work environment--or not. In a recent settlement involving a Toronto law firm, a partner who knew of email abuse was fired after the firm's management committee found him "willfully negligent" for failing to establish a policy to prevent the abuse.
In addition, an established email policy protects you from lawsuits based on the right to privacy. According to the Center for Democracy and Technology, a recent poll suggests that 83% of Americans are "very concerned about their privacy." The Electronic Frontier Foundation believes that "the protection of privacy is one of the greatest challenges facing our country today." Though monitoring email is a necessary security measure, it may also be perceived by employees as an invasion of privacy--which means that you, as an employer, could be held liable for monitoring your employee's email.
This might sound like you're darned if you do, darned if you don't, but with a sound email policy, your employees do not have a case. The Electronic Communications Privacy Act of 1986 (ECPA), which is in part directed at preventing the unauthorized interception of electronic communication, states that it is lawful to intercept an electronic communication if one "has given prior consent to such interception." A content security policy can provide this consent.