With a single improper email message, a company can be crippled. In a few moments, an employee can send an inappropriate email that is then blasted to the entire company.

Before you know it, there is a complaint about sexual harassment. A disgruntled employee can steal proprietary information and transmit it to unwanted sources. Private information about customers can result in an embarrassing data breach that causes significant expenses and wasted time.

Another threat of improper email usage is that emails are often discoverable in lawsuits. They are treated as documents and survive much longer than after a simple delete request as they remain in a company’s electronic archives. Companies can continue to be held liable for the content in an email for months or years after it was deleted.

1. Establish an Email Usage Policy

All companies should develop comprehensive email usage policies. These policies should be given to employees when they are hired and distributed periodically, such as every year or every other year.

All employees should be required to sign an acknowledgment that they have received, read, understand and agree to the policy. The policy should state what type of uses for employee email and state things that employees should not do on employer computers or email systems. It should provide clear guidelines and expectations, including discussing what employees can do on their own devices or employer-owned devices.

Email policies may include the following components:

• A statement that the employer’s email system is owned by the employer and it is to be used for business purposes
• A statement of the employer’s interest in protecting email correspondence and potential employer liability
• Whether or not personal emails are permissible and boundaries regarding their use
• That employees agree to provide any employer-owned equipment on their last day of work
• That employees should not share confidential company information outside the company
• That personal emails should not tie up the company’s network

2. Monitor Email Usage

Some companies choose to carefully monitor the emails of their employees. They often have ample justification. They may want to protect their business image by controlling the type of message that employees disseminate. They may want to prevent potential legal exposure by noticing problems immediately and putting a stop to them promptly. They may also want to ensure that employees are being productive and check if any proprietary information is being stolen or shared with competitors.

Employers can include language in their email usage policy that warns employees that their work email may be monitored. The employer has an ownership interest in the desktops and other company-owned property. Additionally, employers often have control over the electronic mail systems at work. Notifying employees ahead of time can eliminate any expectation of privacy that the employee may have in the email.

Monitoring email usage may involve a random sampling of email messages or checking messages when supervisors are alerted to possible problems. Companies may also use programs that alert them when certain keywords are used. The policy may indicate the circumstances under which monitoring will take place. It should also include a statement that the employee has no expectation to privacy in any emails that are sent, received or stored in the company email.

3. Create Consequences

The policy should establish consequences for the misuse of employee email. The company should adopt procedures for employees to report offenses, investigate misconduct, and take corrective action regarding the violation of the company’s email policy.

Disciplinary action may include a progressive disciplinary policy that begins with a verbal warning, moves to a written warning, and ends in termination. If the company does not enforce the policy, employees may not adhere to it.

4. Prohibit Certain Types of Emails

The email policy should include statements about the type of emails that are prohibited. Employees should be informed that their email use must comply with all applicable laws and regulations. They should be warned about using emails that:

• Discriminate against any person on the basis of a protected class, such as race, color, national origin, religion, age, disability, genetic information or any other protected class under state or federal law
• Transmit or receive client information, proprietary information or sensitive information
• Transmit or receive messages that include illegal or inappropriate messages
• Download unauthorized software or images

5. Establish an Email Retention Policy

Many businesses are required to maintain email communications, including government entities, financial institutions, and healthcare organizations. Businesses may also be required to retain information when it is notified that certain information may be required in potential litigation.

Emails may need to be retrieved during the course of a civil lawsuit or regulatory investigation. They are frequently requested as part of the eDiscovery process. All businesses should establish a clear retention policy that states which types of emails should be retained and which can be deleted.

It can be expensive and time-consuming for a company to locate and produce emails. However, if a solid retention plan is put in place, this process can be simplified. The retention policy should be incorporated into the email policy. Having this additional policy in place reminds employees of the potential risk associated with company email and that such communications could wind up as a public record or evidence in a civil case. It also notifies employees that emails should be retained so that they think through what they are sending.

Protect Your Business

If an employer is sued for the acts of its employees, the court will often consider whether the employer followed the law, company policy, and industry standards. A company may be able to assert a defense that it has taken reasonable steps to prevent the improper use of its emails.

Furthermore, employers can provide periodic training to employees to remind them about the proper use of emails. Taking these steps shows that the employer was proactive in its employee computer and email usage and may help avoid or reduce liability for employee email usage misconduct.