Essential email policies: Check IT List

An email policy sounds like a good idea, but what issues should you address in your company's version? This Check IT List has a list of 10 items to consider.

Whether you employ one part-time worker or dozens of full-time professionals, any time you allow employees access to your email system, you put your organization's assets, future and reputation at risk. Regardless of industry type or company size, the accidental misuse and intentional abuse of email by employees can create million-dollar headaches for employers. If employees are using email to conduct business and engage in personal correspondence, the mix of professional and personal messages creates potential risk.

To ensure your small business' email system is safe and secure and your employees are producing email that is clean, clear and compliant, The ePolicy Institute recommends you apply these 10 e-policy tips.

  1. Apply the three Es of e-risk management.

    1. Establish written email rules and policies.
    2. Educate all employees, from the summer intern to the owner. Written email policy coupled with an effective employee education program may help your organization defend workplace lawsuits and other risks.
    3. Enforce email policy with a combination of discipline and monitoring/filtering software.

  2. Address ownership issues and privacy expectations. Email belongs to the employer, not the employee. Use your email policy to advise employees that the email system -- including all content, messages and passwords -- is the property of the organization. If you monitor email, tell your employees. Let employees know they have no reasonable expectation of privacy when using the company's email system.

  3. Control risk by controlling content. Is it possible your employees are insulting, defaming, harassing or otherwise offending customers, coworkers and vendors via email? Couple content rules with employee education to ensure email messages are as clean and clear as they are safe and secure.

  4. Establish and enforce rules of netiquette. Employees have the right to work in an environment free from harassment, discrimination and hostility of any kind. Adherence to online etiquette, or netiquette, guidelines keeps employees' content clean and employers' liabilities in check.

  5. Treat email as a business record. Email creates a written business record that can come back to haunt you (or help you) in a lawsuit. According to the 2004 Workplace Email and Instant Messaging Survey from American Management Association and The ePolicy Institute, 20% of employers have had email subpoenaed and 13% have battled lawsuits triggered by employee email.

  6. Address personal use. Use your policy to let employees know how much, if any, personal email use is allowed. Be specific. Leave no room for individual interpretation. Remember, an employee's interpretation of "appropriate" personal use is likely to be significantly different from your own. Spell out exactly when, for how long, with whom and about what topics employees may communicate.

  7. Incorporate an overview of your sexual harassment and discrimination policies within your email policy. Because of email's relaxed, informal nature, some employees will put in writing comments they would never say aloud. Make sure employees understand that regardless of how a message is transmitted, an inappropriate comment is an inappropriate comment. All it takes is one offensive remark to land you on the wrong side of a costly, protracted lawsuit.

  8. Address the sending, forwarding and receiving of spam in your email policy. Establish a policy that addresses email spam as a threat. Educate employees about spam and email policy compliance. Implement technology to block spam at the gateway and eliminate the need for desktop management of unsolicited email. Let employees know how you want them to handle unsolicited email that violates policy.

  9. Don't forget instant messaging. It's estimated that 25 million employees are using personal IM tools downloaded from the Internet. They put the organization at tremendous risk by communicating via public networks -- without management's knowledge or written rules and policies to reduce liabilities. Manage IM today, or face legal, security and other challenges tomorrow.

  10. Insist on employee compliance. Be sure every employee understands each email policy and procedure and is clear on what constitutes appropriate and inappropriate use of the organization's email system. Require each employee to sign and date a copy of every email rule and policy, acknowledging that the employee has read, understands and will comply with the policy -- or accept the consequences, up to and including termination. Create continuing education activities and tools to reinforce training and ensure email rule and policy compliance.

Nancy Flynn is founder and executive director of The ePolicy Institute, an organization devoted to reducing employers' e-risks and enhancing employees' e-communications. An in-demand speaker and trainer, Nancy Flynn is the author of six books including Email Rules, Instant Messaging Rules, The ePolicy Handbook, and Writing Effective Email. Email Nancy Flynn or visit

This was last published in November 2004

Dig Deeper on Small-business infrastructure and operations

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.