Earlier this week, software firm Symantec released an email management solution designed to "keep message systems running, protected and compliant." The company touts that the software addresses critical corporate risk by "helping customers meet internal business and external regulatory requirements for the management of corporate data stored in email." This reflects the growing importance of email systems as crucial to a firm's operations.
Yet the concept of corporate risk goes beyond just security issues. The contents of an email document might come back to haunt (or help) a company or its employees. Companies that don't consider that may find themselves in hot water.
Emails are legal documents. Ask former WorldCom exec Bernie Ebbers. Ask Martha Stewart. They are important and legally admissible documents in employee disputes, private legal matters and civil legal cases. Your company needs to state its policy clearly regarding emails within its own culture as well as in its dealings with customers and partners.
Current concerns with email fall into two areas: E-discovery and internal corporate policy. E-discovery is the legal process by which your company's electronic documents, email included, can be subpoenaed within a certain period of time by a government agency or a legal adversary. For example, there was a recent case in which New York Attorney General Eliot Spitzer charged Web site purveyor Intermix Media with spreading spyware programs, electronic documents were requested.
"E-discovery raises all sorts of difficult issues," says Scott Dailand of Washington, D.C. law firm Dow, Lohnes and Albertson. "Do you search your employees' inboxes? Do you back up all your emails on a series of tapes?"
According to Dailand, emails are admissible evidence in any kind of court case where the content of the document is proven to be relevant. So your company better make sure it has its own versions of all emails.
Rules surrounding email's legality in the corporate setting vary from country to country, so each individual firm should know exactly how its emails could be used.
Barabra Weil Gall, a specialist in intellectual property at Denver-based Ireland Stapleton Pryor Pasco, recommends keeping all emails for the length of an employee's tenure, plus the statute-of-limitations period. That's not a matter of privacy, she states in a recent Gigalaw.com article, it's the law.
Gall also says that only two major cases have tested the company right to access employee email, and both have come down on the side of the company. In the first reported decision, a 1996 case from the U.S. District Court for the Eastern District of Pennsylvania known as Smyth v. The Pillsbury Co., an employee sued for wrongful termination after he was fired because he had written an email critical of management. The court determined that Smyth "did not have a reasonable expectation of privacy in his emails, despite the company's promises," adding that he "could not claim that he was fired in violation of any public policy" either, says Gall.
In McLaren v. Microsoft Corp., a 1999 Texas case, an employee was suspended by Microsoft pending investigation for sexual harassment and "inventory questions." McLaren requested access to his email to mount a defense, and he was denied full access. The email messages contained on the company computer were not McLaren's personal property, according to the court. They were an inherent part of the office environment.
Having a clear policy and communicating it effectively are equally critical. "By far the largest number of cases in which email evidence has been introduced involved employment-related disputes, including wrongful termination, employment discrimination and sexual harassment suits," states Ian C. Ballon of New York's Manatt, Phelps & Phillips. "A well thought-out email policy and employee education may reduce the creation of needlessly harmful email evidence and reduce employee friction."