Laying down the e-mail law

E-mail is a seemingly mundane issue but one that demands careful attention from the CIO. The key realization is that e-mail management is principally about people management.

Your first line of defense against e-mail troubles is a solid e-mail usage policy, regularly communicated and consistently enforced. Unfortunately, no single e-mail policy works for all companies. Each CIO must sort through corporate culture and arrive at a policy that is within bounds and workable. The undertaking is usually done in conjunction with the general counsel (or other legal adviser) and the human resources department. Once it is set, the e-mail usage policy should become part of the company’s HR policies, right there in the employee handbook for all to see.

Here are 10 tips for taming the e-mail beast:

1. Create a reasonable and enforceable policy.

2. Spell out privacy expectations clearly.

3. Require that each employee sign the policy. Issue frequent policy reminders.

4. When the policy is broken, consult the legal department and have an immediate conversation with the employee, accompanied by a human resources representative.

5. Don’t limit employee training to policy issues. Also include etiquette, proper use of group mailing lists, and information about recognizing scams and urban legends.

6. Limit employee mailboxes to an appropriate size (Experts recommend a range from 15MB to 150MB, depending on the type of work).

7. Consider your potential legal liability in determining how long to store messages.

8. Consider filtering tools, but be aware of their limitations.

9. Install two different antivirus software packages – one for servers, one for desktops.

10. Teach users to distrust all attachments, particularly unexpected ones.