News Stay informed about the latest enterprise technology news and product updates.

Dos and don'ts for e-mail and IM policy review

Cyber law Scott Nathan and The ePolicy Institute have some advice on putting together a company e-mail and IM policy.

At TechTarget's CIO Conference, cyber law expert Scott Nathan and The ePolicy Institute offered some advice for...

CIOs looking to create e-mail and IM policies within their organizations. Click here to read why Nathan thinks it's so important for CIOs to get cracking on such a policy if they haven't already.


  • Establish comprehensive, written e-mail and IM policies.

  • Educate all employees about risks and compliance.

  • Stress that the e-mail and IM systems are business tools. Spell out what is – and what is not – considered appropriate business communication.

  • Spell out exactly how much personal e-mail and IM use (if any) is acceptable.

  • Recap your discrimination and sexual harassment policies.

  • Have all employees sign and date a copy of each policy.

  • Incorporate written policies in employee handbook and new hire orientation materials.


  • Address ownership issues and privacy expectations.

  • Tell employees if management monitors e-mail and IM.

  • Support e-mail and IM policies with content rules and language guidelines.

  • Establish netiquette policies for senders and receivers.

  • Implement e-mail and IM retention/deletion strategies.

  • Establish e-mail and IM security policies.

  • Install policy-based content filtering software to monitor and block e-mail and IM that violates policies or regulatory rules.


  • Expect employees to train themselves. Make them aware of rights, risks, responsibilities and repercussions.

  • Create separate policies for executives or managers.

  • Forget your international associates and laws governing e-mail/monitoring abroad.

  • Assign one individual the responsibility of single-handedly enforcing your organization's IM and e-mail policies.

  • Allow employees to dismiss the organization's IM and e-mail policies as insignificant or unenforceable.

Source: The ePolicy Institute

Dig Deeper on Leadership and strategic planning

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.