At TechTarget's CIO Conference, cyber law expert Scott Nathan and The ePolicy Institute offered some advice for CIOs looking to create e-mail and IM policies within their organizations. Click here to read why Nathan thinks it's so important for CIOs to get cracking on such a policy if they haven't already.
- Establish comprehensive, written e-mail and IM policies.
- Educate all employees about risks and compliance.
- Stress that the e-mail and IM systems are business tools. Spell out what is – and what is not – considered appropriate business communication.
- Spell out exactly how much personal e-mail and IM use (if any) is acceptable.
- Recap your discrimination and sexual harassment policies.
- Have all employees sign and date a copy of each policy.
- Incorporate written policies in employee handbook and new hire orientation materials.
- Address ownership issues and privacy expectations.
- Tell employees if management monitors e-mail and IM.
- Support e-mail and IM policies with content rules and language guidelines.
- Establish netiquette policies for senders and receivers.
- Implement e-mail and IM retention/deletion strategies.
- Establish e-mail and IM security policies.
- Install policy-based content filtering software to monitor and block e-mail and IM that violates policies or regulatory rules.
- Expect employees to train themselves. Make them aware of rights, risks, responsibilities and repercussions.
- Create separate policies for executives or managers.
- Forget your international associates and laws governing e-mail/monitoring abroad.
- Assign one individual the responsibility of single-handedly enforcing your organization's IM and e-mail policies.
- Allow employees to dismiss the organization's IM and e-mail policies as insignificant or unenforceable.
Source: The ePolicy Institute