E-Mail Privacy (Before You Hit ‘send’ Read This…)

No e-mail message is private and your company has every right to look over your shoulder

Dear Nan,

I am a human resource administrator at my firm. Our corporate attorney has just asked me to update our policy on the proper use of company e-mail. I started asking employees about their particular e-mail problems and opened Pandora's box. Can your readers give me some advice on how their organizations are handling e-mail use? Can it ever be used for personal use? Is there such a thing as e-mail privacy? I need some guidance to craft our new policy.

Your corporate attorney is right on target. Technology has dramatically changed office communication, and misuse has created a whole new arena of potential litigation for organizations. Your company needs to protect itself legally.

The abuse of e-mail has become a genuine hazard. The obvious problem is employees sending or receiving e-mail that is sexually explicit, racially offensive, obscene, or harassing in any manner. Such behavior can result in the company’s vulnerability to a lawsuit under federal guidelines on sexual harassment.

Two cases in point: The New York Times Co. fired 23 employees one day for “sending inappropriate e-mail messages.” And, a St. Louis-based firm fired more than a dozen employees for similar offenses. Many other companies are following suit, enforcing their zero-tolerance policies.

While the final word on this subject has yet to be litigated, the prevailing view is that an employee’s e-mail is the company’s property. The reasoning goes like this: It’s written on equipment owned by this company, using software licensed by the company, by a person paid by the company; ergo, this communication belongs to the company.

There’s no such thing as e-mail privacy. Everyone knows that if they receive an inappropriate e-mail message from outside their firm, they should delete and not respond. Responding starts a dialogue; you may have revved up the engine of a runaway train.

However, if you receive an inappropriate in-house e-mail message (from another employee), you should immediately respond (via e-mail) telling the sender to cease and desist sending such offensive material to you. Even though you will obviously delete the message, it is still floating out there in cyberspace somewhere and any pirate can draw it back. And, your name’s on it. So, for your own protection, get another message out there stating your objection.

Companies Accountable for Employee Actions

Increasingly, companies are monitoring their employees’ e-mail (along with other communications). Companies are accountable and liable for the actions of their employees. Therefore, they feel compelled to take extra steps to stop risky behavior like harassing or mischievous messages.

In a 1998 American Management Association survey of 1,000-plus U.S. companies, 45 percent said they electronically monitor all communications within the company, up from 35 percent in 1997. A survey today likely would indicate even more monitoring is occurring. The courts have stood squarely behind a company’s right to monitor e-mail (“company time and company equipment = company control”), including secret monitoring. In the same AMA survey, 84 percent of companies advised their employees of the monitoring ahead of time; only 16 percent monitored secretly.

Personally, I think surreptitious monitoring is unfair and promotes a corrosive atmosphere of distrust. Secret monitoring with a gotcha approach can only result in unleashing a huge backlash in the form of company resentment.

Some U.S. states and Canadian provinces are addressing this issue accordingly. The Minnesota Supreme Court, for example, now mandates with regard to surveillance or monitoring of electronic information that:

1. Employers must develop a policy on privacy in advance and present it to employees in writing and through training programs.
2. This policy must clearly state the electronic equipment of the employer is company property and that all uses thereof can and may be subject to surveillance even if a message has been deleted by the employee.

Drafting a Policy

When crafting your e-mail policy, incorporate the following:

• There is no such thing as e-mail privacy.
• The company owns all communications sent, received, and stored.
• There shall be no non-job-related use of the e-mail system.
• Sexually explicit and racially harassing e-mail is prohibited.
• The company may monitor employee use of the e-mail system.

Also include a statement about consequences of misbehavior. Some handbooks simply state “infractions will be subject to discipline.” Others have a “three strikes and you’re out” policy. And some companies enforce immediate dismissal accordingly. Regardless, employees deserve to know what the policy is ahead of time.

Amber Dilday, executive assistant and marketing coordinator for Innovation Industries in Russellville, Arkansas, says her company policy includes this extra verbiage: “All employees are responsible for seeing that these information systems are used in an efficient, ethical, and lawful manner. The use of information systems is a privilege, not a right, which may be revoked at any time for misuse.”

Mary Meaker CPS, administrative coordinator for McDonald Investments Inc. in Cleveland, Ohio, adds that her company includes an extra step of prevention. “Every group in our firm has a focal person, known as the ‘e-mail administrator’ who, through specialized software, is notified when an e-mail (incoming or outgoing) is ‘quarantined’ due to specific rules at our company. (The software has a dictionary of words it automatically flags accordingly). I am one of those focal persons and am flagged when an e-mail is coming in that is quarantined for profanity, jokes of sexual or discriminative nature, etc. I then go into the software and actually have to read the e-mail to ascertain if it should be approved or rejected. If an e-mail is quarantined and does not get approved for hours, it will sit in a holding pattern until approved or rejected. I reject any and all sexual, discriminative or profane e-mail messages. The sender and intended recipient have no idea the e-mail was not sent.”

Alert Senders and Receivers

Yes, big brother has been transformed into big browser. These policies, however, are established to protect both the employee and employer from possible harassment litigation.

For those who work for the government, Sue Colon, herself a government employee in Grand Rapids, Michigan, says a “main issue of concern is the Freedom of Information Act.” Her organization’s e-mail procedure specifically states: “E-mail is to be used solely for work-related correspondence.”

Besides including the policy in your employee handbook, incorporate an unambiguous reminder like this every time the e-mail function is opened: “CAUTION: Electronic mail is neither private nor privileged. Employees are hereby advised that a company representative may monitor e-mail communication. If an employee’s email usage is found to be inappropriate, e-mail privileges may be restricted and/or the employee may be disciplined. Inappropriate usage may include, but is not limited to, messages that are too frequently of a personal nature; frivolous; unrelated to the company’s business; disparaging of the company; communicating confidential company information; or of a sexual or racial nature.”

And, on messages going out from the company, consider this verbiage: “NOTICE: Information contained in this electronic mail is privileged and confidential. If you inadvertently receive this message in error, please destroy it immediately and contact the author. It is recommended that any recipient of this message print its contents and delete the original.”

Both the U.S. and Canadian governments protect substantial privacy in our home, but not in our workplace. And employees need a blueprint for what is acceptable and unacceptable with regard to e-mail correspondence. Your new policy will guide and protect all concerned.

Wasn’t snail mail a lot easier?

While the final word on this subject has yet to be litigated, the prevailing view is that an employee’s e-mail is the company’s property.

< Back To Columns

---

A past international president of IAAP, Nan DeMars CPS is an internationally recognized authority and seminar leader on office ethics. She is president of Executary Services in Minneapolis, MN, and author of You Want Me to do What? When, Where, and How to Draw the Line at Work (Simon & Schuster).