Don't let e-mail gaffes put you in court
August 2, 2001
In June an employee of Dell in France was sacked for sexual harassment after accidentally e-mailing porn to a female senior executive of the company based in the US. He had intended to send the e-mail to a male colleague with a near-identical name. The employee has taken Dell to an industrial tribunal.
"Misuse of e-mail and the Internet by staff can incur liability for employers and damage their reputation in the industry, says Struan Robertson, a solicitor and site editor for Out-Law.com, an Internet service that has made available a free, downloadable sample communications policy.
"An effective communications policy is vital. The employer must decide the extent to which employees can make personal use of Internet and e-mail facilities. If a business has an existing policy for correspondence - eg, that letters must first be checked by a manager - the same rules can be applied to sending e-mail, in addition to any rules unique to e-mail."
Robertson says that the situation is complicated by the Regulation of Investigatory Powers Act and other legislation that in most cases forbids the interception of electronic communications unless a business is monitoring standards of service and training or gaining routine access to business communications. To be safe, he advises following the guidelines offered by the information commissioner.
"The guidance says that an employer must be open about interception," says Robertson. "The employee must know in advance that e-mail will be intercepted. The employer should not intrude on the privacy of the employee, so, where possible, monitoring should be limited to an automated process. Also, the employer must not monitor the content of e-mail unless the traffic record alone is not sufficient and they should not open e-mail which is clearly personal."
Robertson goes on to urge that employees should be given the benefit of the doubt when employers are using the results of monitoring and should, for example, take into account the ease with which sites can be visited by accident, and always give the employee an opportunity to explain or challenge the results.
He says an e-mail policy can only be effective if it has been brought to the attention of employees and they follow it. The best approach, he says, is not to rely only on a policy but also to educate employees on the correct use of e-mail and the Internet.
And that policy has to have teeth. "It will only be effective if it is enforced," says Robertson. "An employer cannot turn a blind eye to abuse of an existing policy then expect to suddenly enforce it.
by Ross Bentley, Copyright © 2001 ComputerWeekly.com