Few mortals can resist the urge to pass on juicy gossip or a good dirty joke. But mortals with corporate e-mail accounts should think twice before hitting send.
It is surprising how much people use corporate e-mail systems for stuff they know is probably inappropriate, but don’t perceive it as exposing the company to risk.
Most employees who use e-mail at work have sent or received messages that could put their companies at risk. But the vast majority doesn't believe they’ve ever sent risky e-mails.
That’s the key finding of a recent survey commissioned by Fortiva Inc., a Norwalk, Conn.-based provider of managed e-mail archiving products.
Conducted by Harris Interactive, a market research firm based in Rochester, N.Y., the survey examined the e-mail habits of 1,000 individuals, comparing their actual behaviours to their perceptions.
Almost half – 48 per cent – of respondents admitted they had sent or received jokes, images and stories containing sexual or "politically incorrect" content. While a majority – 73 per cent – says they’re aware of corporate e-mail policies, only 46 per cent say they "always" comply.
"It is surprising to us how much people use corporate e-mail systems for stuff they know is probably inappropriate – but don’t perceive it as exposing the company to risk," says Rick Dales, vice-president of product management at Fortiva.
People are aware a joke might be offensive to some – but not to the friends they sent it to, he says. They fail to consider it may well be circulated beyond the original trusted audience, complete with the original message header identifying the sender’s name and company.
Could a company be sued for offensive e-mails forwarded beyond by an employee’s recipients? "Anytime you send an e-mail, if the company e-mail address is used and automatic signatures are added, that may be interpreted as official correspondence and you are a [company] spokesperson," says Dennis Kennedy, an IT lawyer and legal technology consultant based in St. Louis, Mo. "[But] this is more of a public relations than a legal issue."
The survey also found that one out of five employees have sent or received a password or log-in information via e-mail. While this may appear to be primarily a security violation rather than an e-mail usage issue, these areas bleed into one another in the context of e-mail communication, says Dales.
"Having separate policies all over the place is an invitation to problems," agrees Kennedy. "If you have an employee manual, e-mail policy, Internet usage policy, computer security policy and so on, odds are they’re not going to be consistent and there will be different rules people don’t know about. It’s better to have one policy that covers all issues."
Although most businesses place limits on the amount of e-mail that can be stored, 41 per cent of respondents say they’d prefer to keep important e-mails indefinitely.
Document retention is not as simple as everyone hoped it would be, says Kennedy. There is nothing inherently good or bad about keeping e-mails for short or long periods of time. "You have to give what a judge decides is relevant," he says. "If you just delete everything, then you’re potentially deleting e-mails that are exculpatory or 'good' e-mails. The point is not to delete 'bad' e-mails, but to retain information in accordance with the time period specified in the policy."
icon.
