Electronic mail (email) has become the main mode of communication in the business world. Email has modified the character of corporate and personal communication. It removes the time and place restrictions previously associated with more traditional methods of communication. When engaging in business correspondence through email people perceive it as an informal mode of communication. Many assume that electronic communication affords anonymity because it is nothing more than a brief exchange. Mistakenly, electronic communication has been used in much the same way as the spoken word.
Consequently, people seem to pay less attention to the tone and content of email communication compared to the previous more formal method of communication, such as a letter or memorandum. When using email, people are more inclined to use emotive language that reflects an opinion or bias, send messages without carefully considering what is being said or without checking the message and assume that the message is irretrievably destroyed once it is read and erased by the recipient.
The risks arising from electronic mail are broad. First of all, most email systems do not provide anonymity and they are easily retrievable. There is a whole forensic industry which has been built around the recovery of emails including deleted and defragged emails. There is also a misconception that emails are not discoverable. The fact that documents are stored electronically does not prevent them from being discoverable. The retrieval of such electronic documents for the discovery process has the potential to be damaging, particularly because of the relaxed nature and haphazard manner in which email communications are sent and received. There is also an expediential risk of emails being sent to the wrong email address and the retrieval and destruction of wrongly sent emails is never guaranteed. Email can be easily transmitted to third parties beyond the intended recipients. Email can be easily intercepted and altered. This raises the concern of hacking. We learnt from the last US election where candidates’ email accounts were hacked (and potentially interfered with by a foreign power), that email is not a particularly secure form of communication.
Employers and employees need to be vigilant in a number of areas to manage their risks. Security of systems should be a given, but it is not. Employers should develop policy to give guidance to employees on the use of email making employees aware that email is no different to any other form of communication. It is discoverable and can provide a source of legal liability. For example, employees can be liable for defamatory comments in email communications. Email has also been the source of employee complaints particularly in the harassment and bullying area. This raises the question of when employers should monitor employee email and to what extent it is appropriate to audit the company’s systems. Employers should have a policy which deals with these tricky issues and confirms that email communications almost always belong to the company and not the individual.
We have only briefly touched on some of the risks from email. What we have highlighted is that there is a need for care when using email as a medium of communication, and employees need to be informed (through policy) of what is acceptable and the consequences of failure to treat this ‘informal’ means of communication formally.
Email policy should address the following: employees should be put on notice that the employer’s system is the property of the employer; the employee should be informed that they do not enjoy the right to privacy in email communication on the employer’s system; and the employer should reserve the right to monitor, access, and disclose email communications.