At TechTarget's CIO Conference, cyber law expert Scott Nathan and The ePolicy Institute offered some advice for...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
CIOs looking to create e-mail and IM policies within their organizations. Click here to read why Nathan thinks it's so important for CIOs to get cracking on such a policy if they haven't already.
- Establish comprehensive, written e-mail and IM policies.
- Educate all employees about risks and compliance.
- Stress that the e-mail and IM systems are business tools. Spell out what is – and what is not – considered appropriate business communication.
- Spell out exactly how much personal e-mail and IM use (if any) is acceptable.
- Recap your discrimination and sexual harassment policies.
- Have all employees sign and date a copy of each policy.
- Incorporate written policies in employee handbook and new hire orientation materials.
- Address ownership issues and privacy expectations.
- Tell employees if management monitors e-mail and IM.
- Support e-mail and IM policies with content rules and language guidelines.
- Establish netiquette policies for senders and receivers.
- Implement e-mail and IM retention/deletion strategies.
- Establish e-mail and IM security policies.
- Install policy-based content filtering software to monitor and block e-mail and IM that violates policies or regulatory rules.
- Expect employees to train themselves. Make them aware of rights, risks, responsibilities and repercussions.
- Create separate policies for executives or managers.
- Forget your international associates and laws governing e-mail/monitoring abroad.
- Assign one individual the responsibility of single-handedly enforcing your organization's IM and e-mail policies.
- Allow employees to dismiss the organization's IM and e-mail policies as insignificant or unenforceable.
Source: The ePolicy Institute