Information Tsunami

E-mail is at the crux of what many consider the information tsunami. E-mail is not just a messaging protocol; it constitutes a document-generating storage and communication system vital to business processes. The question arises about e-mail and its management, with little attention paid to the actual extent of the risk potential. Often the knowledge contained in e-mails relates to other electronic documents. It makes good business sense for e-mail to be retained within the organization's overall electronic document management program. This strategy ensures that all information relating to a particular topic can be located in a single system. E-mail and attachments must be considered and managed as business knowledge in the same fashion as paper-based documents.

Many companies interact with their customers electronically. Managing inquiries, confirmation, orders, financial information, and purchasing patterns are all part of a process called Customer Resource Management. CRM can provide tremendous value to an organization; having all customer interactions (including e-mail conversations between staff members and clients) in one location can bring customer service benefits and address potential legal liability issues by documenting exchanges. In legal proceedings, e-mail leading to a contract agreement may be as important in determining the spirit of the contract as the actual contract itself. If fraudulent conduct is alleged, and the e-mail records of that conduct are missing or deleted, the resulting judgment the organization will experience can be severe.

E-mail is not a transitory communications medium similar to a telephone call; rather it is a repository of information and accumulated knowledge. As e-mail has permeated our personal and business lives, becoming a vital productivity-enhancing medium, it has eclipsed verbal communications. It stands as a documentary record of deliberations and proceedings. E-mail must be considered critical business records to be preserved and accessed on demand for internal and external requirements. The ability to sift through waste and capture e-mail of importance requires good policies coupled with compliance procedures.

To reduce risks, organizations must carefully devise acceptable e-mail use policies. Settle for nothing less than professional commentary coursing through the organization's e-mail system. Good e-mail is businesslike, with an absence of obscene, vulgar, insensitive, defamatory, or offensive language. Good e-mail is well written and free from ambiguity and grammatical problems. Employees must understand and acknowledge that all e-mail content and e-mail attachments sent and received by the organization are the property of the organization. Exhibit 2 is a sample of acceptable e-mail use policy language. This policy statement leaves nothing to the imagination. Employees should have no trouble understanding that e-mail sent and received from the XYZ Corporation is the company's property, it is for official purposes only, is not confidential, and may be read at any time. Language of this type clearly states that the e-mail system is FOUO, For Official Use Only. This policy clearly eliminates personal use and anything other than use related to the business of XYZ Corporation. The policy is sufficiently broad, and avoids becoming mired in superfluous definitions and over-qualification. Using language of this nature eliminates off-color jokes, pornography, rumor mongering, and disparagement as acceptable.

E-Mail Policy: Avoiding Hidden Risks

In today's business environment, organizations must be aware of potential liabilities by developing and implementing comprehensive management programs that address e-mail creation, content, retention, privacy, and deletion. E-mail has replaced the telephone call as the preferred means of business communication. Through e-mail threads, employees record their thoughts and read the thoughts of others. Wrongful statements, disparaging remarks, and off-color jokes can be read at future dates. The result is written ammunition that can make or break organizations should a lawsuit or criminal action follow.

In recent litigation about diet pills, some of the most embarrassing evidence against the manufacturer came from internal e-mail exchanges among its own employees. One insensitive message reported an employee expressing her dismay at the thought of spending the balance of her career paying "fat people who are a little afraid of some silly lung problem." The remark was a reflection of the employee's attitude to a rare but fatal condition some diet-pill users developed. Of course, the judge and jury in awarding damages carefully considered these e-mail messages.

In the past, if an investigator was trying to discover what employees were saying or thinking at a given time, the best evidence would generally come from notepads, calendars, diaries, desk pad scrawl, and other informal documents. However, with the use of the computer workstation and the prevalence of e-mail in the workplace, experts can have access to a virtual library of written documents located on hard drives, file servers, and backup media. E-mail records provide important insight about how decisions were made and the timeframe in which they were made. The fact that organizations lack viable e-mail policies means that senior managers do not give it the priority it deserves. It is a mission-critical tool present in daily business and personal life. If not managed properly, e-mail can pose serious risks.