Smart Policies for E-Mail Messages
If you thought the "e" in e-mail stood for "electronic," wise up. Nowadays, good old e-mail is likely to be "evidence" if you, your company or any of your employees is the target of a legal attack.
That's the lesson being hammered home across the country over the past few years, beginning with Bill Gates' televised failures to recall embarrassing e-mail dredged up during Microsoft's antitrust hearings. Gates and Microsoft escaped that incident without serious damage, but the costs of failure to police e-mail are going up. Last fall, for instance, a manager at a Wall Street investment firm was sentenced to one to three years in jail, fined $400,000, and barred from the securities industry for life for destroying e-mail sought by prosecutors in a trading scandal.
Your chances of being caught in a similar trap are going up, too. In a 2001 survey conducted by the ePolicy Institute, an education and research organization, 9 percent of U.S. companies reported being ordered by a court or a regulator to cough up e-mail. In 2003, the same survey found the number had risen to 14 percent. "E-mail has become a real target of almost every type of business litigation," says Michael R. Overly, an attorney with Foley & Lardner in Los Angeles and author of E-Policy: How to Develop Computer, E-mail and Internet Guidelines to Protect Your Company and Its Assets (AMACOM).
Unfortunately, e-mail presents a daunting challenge for entrepreneurs. The problem starts with its image. Many people treat e-mail as if it were casual and informal, when it is anything but. It may not carry a company letterhead or a signature, but e-mail has the same legal weight as any memo, letter, report or other written document your company prepares. "It's when people forget that they have the same responsibilities as when they were negotiating a contract that they run into trouble," says Stephen Northcutt, director of training and certification for The SANS Institute, a Bethesda, Maryland, computer security organization.
E-mail also seems less permanent than other written communication, but e-mail may be more permanent than printed documents, warns Rick Edvalson, president of IntegriNet Solutions LLC, a Boise, Idaho, computer services firm. Copies of e-mail are created on your computer and recipients' computers as well as on any mail-server computers that relay the mail. Some copies will be backed up to tape and stored indefinitely. "They acquire an eternal life of their own," says Edvalson.
Any of those e-mail messages could become key evidence in civil or criminal litigation involving your firm. What to do? Experts recommend three steps:
1. Have a written e-mail policy. It should govern what can be said in e-mail as well as how long e-mail is to be kept. SANS Institute guidelines suggest keeping e-mail on administrative and financial matters for four years and general correspondence for one year. "Ephemeral correspondence" such as personal messages and status reports can be destroyed after reading. See a sample policy at www.sans.org.
2. Train employees in the use of the policy. For instance, teach them to categorize e-mail as administrative, financial or other types with a line at the top of the message, making it easier to sort and dispose of e-mail as appropriate. Explain the purpose of the policy as well as penalties for failure to follow it.
3. Enforce those penalties. Twenty-two percent of companies surveyed by the ePolicy Institute said they had fired people for failing to follow company e-mail policy. That kind of enforcement may convince a judge or jury that you tried to control your e-mail in good faith and save you embarrassment or worse.
Whatever you do, don't forget that e-mail can be evidence. "E-mail is a document like any other," says Edvalson. "These files are not benign and innocuous. They carry meaning and importance that can affect the well-being of the company."
Mark Henricks writes on business and technology for leading publications and is author of Not Just a Living.