Staff email policies and procedures are necessary to protect both the employer and workers from potential legal liabilities such as viewing inappropriate images, bullying, defamation and breaches of Data Protection.
Both policies and procedures must be agreed and championed at board level and applied to all workers across the organisation without exception.
It's also important that policies and procedures are reviewed regularly and staff training provided.
Employment contracts should always refer to email policies and procedures so that it is clear any breach of the policy is a disciplinary offence.
Contents of the staff email policy
The policy must:
(a) state that non-compliance can lead to disciplinary action (for employees) or termination of contract (for contractors and consultants). It must be legally incorporated into each employee’s terms and conditions of employment (or contractor/consultant contract) and can be referred to in a staff handbook, IT policy, new joiner’s manual, etc.
(b) be brought to the attention of every worker who has email access. It must make it clear that workers must never send or store emails or attachments that are obscene, indecent, sexist, racist, defamatory, abusive, in breach of copyright, compromises data protection, or is otherwise inappropriate.
(c) specify that workers should treat emails as having the same legal authority as signed letters on headed paper
(d) lay down procedures for contracting by email (or IM), including specifying which level of employees are authorised to enter into such contracts on behalf of the organisation.
(e) stipulate that the processing of personal data must comply with the organisation’s privacy/data protection policy.
Consider also whether the policy should:
(f) state whether workers are permitted to use the organisation’s email accounts to send and receive personal email. Organisations that allow employees to use the organisation’s email account for personal use must also inform workers of any relevant restrictions on use
(g) inform workers not to open attachments to email messages from unknown senders without first having them scanned for viruses. Organisations should consider deploying an automatic checking system for viruses, worms, bots and other malware, and inform workers accordingly to help reduce infection and spread of infection
(i) contain a warning that strictly confidential emails should not be send via the Internet without the recipient’s prior consent unless encrypted.
(j) provide training in appropriate email use highlighting all legal issues and disciplinary procedures
It is also advisable that the policy:
(k) discourages personal advertising by email (or IM) or sending messages for missing items and other trivial administrative matters unless genuinely urgent (workers should be encouraged to use bulleting boards instead, for example via the Intranet/Extranet.
(l) refers to the procedures that are in place for dealing with disputes and complaints in relation to email and IM use.