Why is e-mail a business risk?
The use of e-mail as a business communication tool is widespread, and a great number of employers provide access to e-mail to their employees as a means towards enhancing communications efficiency both internally and externally. Very few businesses, however, have recognized that the use of e-mail poses unique and real risks to their reputation and viability, and that these risks can be proactively managed by taking a few simple steps.
What makes e-mail a business risk?
E-mail has unique features (although SMS has similar properties) and creates unique risks in that:
- The ease with which e-mails can be sent and forwarded to a vast audience means that messages intended for a specific audience can be placed in a far more public domain within hours. Once sent, e-mail becomes impossible to control.In 2001 the Cerner Corporation lost 22% of its value after an e-mail from the CEO berating employees as a motivational ploy was leaked and posted on the Yahoo site, triggering shareholder concern about staff morale.
- E-mail used by South African businesses is typically not encrypted and is therefore not secure either in transmission or storage. In 2002 Independent Newspapers suffered severe embarrassment and potential liability when a confidential e-mail from the editor to a manager regarding the inadequacies of certain staff members was publicized after a hacker retrieved it from the Independent telecommunications network.
- The ease of use of e-mail leads to many employees (and employers) lapsing into a degree of informality in business communications that is inappropriate and may harm external relationships. E-mail content which constitutes sexual or racial harassment or discrimination or which is defamatory can lead to liability on the part of the employer.
- The potential for abuse of e-mail as a personal communication tool is well known. If unchecked this practice can have negative monetary and productivity implications. Employers could be held vicariously liable for the personal e-mail of their employees where it is defamatory or constitutes harassment or discrimination.[What is vicarious liability?]
- Outgoing e-mail, whether of a business or personal nature, will always represent a particular business through the display of the e-mail address to the recipient.
- It is in fact very difficult to properly and irreversibly delete e-mail. Bill Gates himself found this out when supposedly "deleted" e-mails were introduced as evidence in the Microsoft anti-trust hearings in the US.
- Due to the passing of the Electronic Communications and Transactions Act in 2002, it is legally possible to conclude contracts by e-mail, even where a digital or advanced electronic signature is not used. Employers therefore need to be aware that junior employees may bind the business to "accidental contracts", even where they lack the authority to do so.
- E-mail addresses are easily mistyped and employees and employers are often not fully acquainted with e-mail usage. This can lead to potential liability and reputational damage where an inappropriate e-mail is sent to an incorrect address. In 2001 an employee at Dell entered an incorrect address (very similar to the one which he had attempted to type), resulting in pornographic material being sent to a senior female executive of the company. A similar incident occurred at Mercedes-Benz South Africa during 2002.
What can be done to address these risks?
Employers need to take only a few steps to ensure that the risks created by e-mail usage are minimised and controlled.
1. Draft and Implement an E-mail Usage Policy
This policy should provide guidelines to employees as to how and how not e-mail may be used in the workplace, both internally and externally. It should guide employees as to proper and responsible usage and strike a balance between meeting genuine personal communication needs and the management of business risks (e.g. by allowing staff to use a web-based mail service for personal mail) and productivity.
The existence of such a policy and its effective implementation is the foremost defence of an employer to a claim against it based on the acts of an employee who has caused harm to another through an e-mail message.
An e-mail policy also serves as a basis to take disciplinary action against an employee who misuses e-mail, as it establishes clear rules of conduct. The Dell employee mentioned above, summarily dismissed after the offending e-mail was sent, sued for unfair dismissal as Dell did not have an appropriate policy in place.
Read more about Acceptable Use Policies.
2. Introduce basic IT training
Simple training and refreshers in the use of e-mail can prevent many problems from ever arising. Employees should be thoroughly educated around security issues in particular.
3. Draft and implement an appropriate disclaimer
A properly drafted disclaimer can prevent the formation of accidental contracts and otherwise assist corporations to avoid liability. The use of the disclaimer for external e-mail should be a rule contained in the organisation's e-mail policy.
It is important that the disclaimer be drafted with the characteristics of the business in mind, and the drafter should take care to avoid undue legalese.
4. Monitor e-mail usage
Certain businesses may wish to monitor the e-mail usage and online activities of staff. For further information on the circumstances under which employers can lawfully intercept and monitor workplace communications, click here.
If you require any further information about how you can manage the risks of e-mail and other electronic communications, please contact us. The Electronic Law Consultancy offers and implements advice on all of the above steps.
24 Jan 2003
This article is intended to provide general guidance and does not constitute professional advice relating to specific instances. Should you wish to place any reliance on the information presented in this article we strongly advise that you consult your legal advisor or the Electronic Law Consultancy - firstname.lastname@example.org