When E-Mail Puts You at Risk

The public display of corporate e-mail in Microsoft's antitrust trial may have made employees across corporate America realize that private e-mail messages don't always remain that way. But this publicity has not been enough to educate employees about the proper use of e-mail.

To protect themselves against a host of legal problems, experts say, companies need clear policies that cover everything from how long to keep old messages to who can read other people's messages.

The legal issues raised by e-mail are not new. What is new is determining how old laws apply to e-mail--and educating employees about the subject.

"People say the most incredible things on e-mail," says Jim Bruce, a partner at the law firm of Wiley Rein & Fielding, in Washington, D.C. "The power of e-mail is in a sense its own downfall, because it's so easy to transmit and collect."

According to a study commissioned by Elron Software, which makes network and e-mail monitoring software, more than 85 percent of adults say they send or receive personal e-mail messages at work. Seventy percent of those say they send or receive adult-oriented personal e-mail messages at work; 64 percent of those who use their employers' systems for personal use say they have received or sent sexist or racist e-mail messages.

How large a problem is it that employees send jokes to each other via e-mail? In some cases, it isn't a problem at all; in others, the jokes could become evidence in a sexual harassment lawsuit. Unfortunately, the legal lines are still being drawn that specify exactly what employers need to do to protect themselves.

"There is very little law regarding e-mail right now," says Michael Overly, a Los Angeles-based attorney who is special counsel to the information technology group at the Milwaukee-based law firm of Foley & Lardner. "The law that exists is state-based, which means that [laws in] each state vary, and even the courts within a particular state may have different ways of handling this issue."

Creating a Policy

The safest step companies that can take for the moment is to establish a reasonable policy on what constitutes appropriate e-mail use and to enforce it. The best policies are created by representatives of all the groups involved.

"You need the lawyers to understand what's dangerous and what's not; you need the [information technology] people to know what's feasible and what's not; and you need a smattering of people from the rest of the company to know what the culture is," says Wiley Rein & Fielding's Bruce.

One IT professional who has been through the process of creating a policy with his company says that a team approach helps to ensure that the policy is balanced.

"The idea is to have enough legal and technical savvy to think through what you really want to do," says this IT professional, an electronic commerce project manager at a Fortune 50 company. "In the early days of this work, some companies were monitoring e-mail. Other companies were aghast. They came out with statements like, 'We will guarantee that these e-mails will be private.' If you happen to compromise that privacy, you may be in a precarious legal situation. Think through the consequences of the privacy policy you want, implement it, and communicate it."