As a business attorney, I see emails as a double-edged sword for businesses.
On the one hand, they are a quick and convenient way to communicate, and establish an easily accessible record of conversations and documents.
On the other hand, their informal nature and relative permanence make them a huge vulnerability for businesses and employers. This is especially true in a climate where most employees can access their work email anywhere—from their phones, on-the-go, and at home.
Consider these best practices to protect your business from unnecessary risks:
- Include confidentiality notices. Emails can be a source of leaks, whether intentional or not. Businesses that handle sensitive information—for example, protected health information or proprietary information—should include confidentiality notices in their email signatures. Where appropriate, conservations that may be privileged (such as doctor-patient communications) should also be marked as such. These disclaimers can not only limit unintentional leaks, but also protect the information from disclosure in the event of a legal dispute.
- Invest in secure systems. Cybersecurity is a must-have in today’s world. Businesses are wise to invest in strong security measures, such as encryption or secure password protocols, to prevent cyberattacks and safeguard sensitive information.
- Train your employees and contractors. When onboarding new employees or contractors, provide training on the appropriate use of work email. Employees should also undergo regular refresher trainings. Consider encouraging employees to communicate in other ways—for example, over the phone or in-person—especially when hashing out sensitive topics in informal settings.
- Monitor usage. The ability to review employees’ work emails is an effective way to identify and deter misuse. However, employers should have a written policy on email monitoring stating that review of employees’ emails will only be done for legitimate business purposes. Employees should also have notice of this policy.
- Develop a policy for storing or deleting emails. Businesses should also adopt a formal policy addressing how long to retain emails and whether to routinely delete or archive them. Consider classifying emails according to their content and sensitivity. However, you should be aware of record-retention regulations that may impact your business, including industry-specific legislation.
These best practices should be tailored to fit each business’s needs, risks and industry. Consult with an Oregon business attorney for advice specific to your business and industry.