 According to the 2006 Workplace E-Mail, Instant Messaging & Blog Survey from American Management Association (AMA) and The ePolicy Institute, e-mail mismanagement has resulted in costly lawsuits and employee terminations. In recent court cases, 24% of organizations have had employee e-mail subpoenaed, and 15% of companies have gone to court to battle lawsuits triggered by employee e-mail. So, should you try to delete all your company emails?
No. Last year, the inability to produce subpoenaed e-mail resulted in million dollar—even billion dollar—lawsuits against U.S. companies. And then there are those e-mails that show up as evidence for the prosecution in criminal cases against companies and executives.
The dangers to companies posed by email content first got serious national attention in the Microsoft anti-trust trial. The legal implications of the Microsoft suit, and other trials where cases have hinged on e-mail evidence, make it clear that companies, as well as individuals, are liable for what happens on their email system.
Here’s some examples:
| • |
In April 2002, an internal e-mail was sent from a KPMG executive to 33 recipients stating that the firm had given a purposely incomplete list of tax shelter clients to the IRS, which prompted another KPMG executive to e-mail vice chairman Jeffrey Stein: "Given the sensitivity of this situation, should we be putting all this in print?" Plaintiff lawyers uncovered the damaging e-mails, which led KPMG to admit to criminal wrongdoing and agree to pay $456 million. |
| • |
Qantum Communications cut a preliminary deal to buy two radio stations from businessman Ronald Hale with a “no shop” clause in the contract, but Hale sold one of the stations to rival Cumulus Media Inc. In an effort to stop the sale in Miami federal court, Qantum lawyers sought to prove that Hale had violated a so-called "no shop,” and found the evidence they needed: a series of e-mails that show Hale had been discussing a sale to Cumulus well within the period of their client's "no shop" clause. |
| • |
Harry Stonecipher, the 68-year-old former CEO of Boeing, was ousted when the company's board of directors learned he was having a consensual affair with a female executive when a "very graphic" e-mail sent by the CEO to his paramour was discovered by another employee. |
| • |
Wall Street investment bank J.P. Morgan Chase & Co. was ordered to pay $2.1 million in fines to settle accusations that it failed to retain e-mails sought in investigations of stock research analyst misconduct. |
| • |
Frank Quattrone, a former investment banker, was jailed for 18 months in September 2004 and since been banned for life from working in the securities industry, following the discovery of a two-line email in which he exhorted colleagues to delete files during a US federal investigation. |
| • |
Jo Moore, formerly an adviser to the UK Transport Secretary, resigned over an email sent on September 11th, 2001 in which she indicated that media attention on the World Trade Center attack made it “a good day to bury bad news.” |
The most frequent cases, however, where e-mails are the dynamite Exhibit A are employee lawsuits against a company. These lawsuits include Sexual Harassment cases which often use as evidence e-mails by supervisors or other employees with lewd and sexually explicit content, discrimination cases which have used e-mails by employees containing racial or religious remarks or e-mails with comments on age, gender, or pregnancy of an employee, and in defamation cases which use e-mails by employees commenting on someone’s conduct, character, or performance.
This has become such a serious issue that many companies in the insurance industry now offer policies for Internet and email liability. Coverage includes such items as damages associated with security breaches, as well as, libel, slander, and defamation of character. But, insurance aside, what can you do to protect you company?
Is it legal for a company to perform email auditing (sometimes called email monitoring), where email is checked after the actual transmission, and email interception (sometimes called email filtering), where email is intercepted and checked during transmission, on employee e-mail accounts? Well, yes and no. Cases in the United States have proven that both are permitted if (a) done in a reasonable manner, (b) backed up by an email policy, and (c) backed by employee training that has been documented.
The best protection is a clear e-mail security Policies and Procedures document that covers all the potential danger zones, then well-planned, regular training that includes all new employees and all new updates to policies. The Society for Human Resource Management urges their members to establish a clear training program to ensure proper and effective use of email. One survey claims that 73% of companies do not offer Web training and 70% do not have a written content security policy.
Another important protection companies can adopt is the addition of legal disclaimers in the footer of every e-mail. Since content sent via email carries the same weight, legally, as those sent on company letterhead, if the email address includes the name of a company, a disclaimer such as, "the views of this email and of Company X's employees do not necessarily reflect the views of Company X," should be built into the template of every company e-mail account.
Another good idea is to emphasize in training, and with intermittent e-mails/memos reminders, that employees must remember that the email system is for business use, not personal use, and that their emails to others should be treated with the same respect as a company letter or memo. Also, it is a good idea to remind employees in writing that company email accounts belong to the company and are, therefore, not confidential for the employee, only the company. Employees should also be instructed to review what they have written before they send their messages and not send messages without verifying the accuracy of the factual information to be conveyed and verifying that the information about to be sent is not confidential information.
Vickie Adair, is the Senior Technical Writer/Editor of Media A-Team, Inc. and has written IT Security Policies and Procedures and developed Company specific IT Training classes. For more information on this topic call Media A-Team at 713-681-8302. |
