Information Tsunami

E-mail is at the crux of what many consider the information tsunami. E-mail is not just a messaging protocol; it constitutes a document-generating storage and communication system vital to business processes. The question arises about e-mail and its management, with little attention paid to the actual extent of the risk potential. Often the knowledge contained in e-mails relates to other electronic documents. It makes good business sense for e-mail to be retained within the organization's overall electronic document management program. This strategy ensures that all information relating to a particular topic can be located in a single system. E-mail and attachments must be considered and managed as business knowledge in the same fashion as paper-based documents.

Many companies interact with their customers electronically. Managing inquiries, confirmation, orders, financial information, and purchasing patterns are all part of a process called Customer Resource Management. CRM can provide tremendous value to an organization; having all customer interactions (including e-mail conversations between staff members and clients) in one location can bring customer service benefits and address potential legal liability issues by documenting exchanges. In legal proceedings, e-mail leading to a contract agreement may be as important in determining the spirit of the contract as the actual contract itself. If fraudulent conduct is alleged, and the e-mail records of that conduct are missing or deleted, the resulting judgment the organization will experience can be severe.

E-mail is not a transitory communications medium similar to a telephone call; rather it is a repository of information and accumulated knowledge. As e-mail has permeated our personal and business lives, becoming a vital productivity-enhancing medium, it has eclipsed verbal communications. It stands as a documentary record of deliberations and proceedings. E-mail must be considered critical business records to be preserved and accessed on demand for internal and external requirements. The ability to sift through waste and capture e-mail of importance requires good policies coupled with compliance procedures.

To reduce risks, organizations must carefully devise acceptable e-mail use policies. Settle for nothing less than professional commentary coursing through the organization's e-mail system. Good e-mail is businesslike, with an absence of obscene, vulgar, insensitive, defamatory, or offensive language. Good e-mail is well written and free from ambiguity and grammatical problems. Employees must understand and acknowledge that all e-mail content and e-mail attachments sent and received by the organization are the property of the organization. Exhibit 2 is a sample of acceptable e-mail use policy language. This policy statement leaves nothing to the imagination. Employees should have no trouble understanding that e-mail sent and received from the XYZ Corporation is the company's property, it is for official purposes only, is not confidential, and may be read at any time. Language of this type clearly states that the e-mail system is FOUO, For Official Use Only. This policy clearly eliminates personal use and anything other than use related to the business of XYZ Corporation. The policy is sufficiently broad, and avoids becoming mired in superfluous definitions and over-qualification. Using language of this nature eliminates off-color jokes, pornography, rumor mongering, and disparagement as acceptable.