Work Email Policies

Companies and organisations all need an email policy for legal and business requirements. This policy defines how everyone should manage and use emails as they carry out their work. There are two major aspects that need to be addressed in any email policy. Firstly, it must define what is appropriate use and outline the consequences of breaches in a clear and easy to understand way. Secondly, it should define how email should be managed, in terms of retrieval, archiving and retention.

Appropriate use

Set clear boundaries on what is acceptable and what isn't acceptable use of email. Certain types of email use are expressly prohibited and could result in formal disciplinary proceedings. All staff should be made aware that email messages can constitute a formal record, and as such, can be used as evidence in court proceedings.

Be very specific and set out conditions for writing and sending emails. The following is an example -

1. Behaviour or comments which are unacceptable in a spoken or paper environment are similarly not permissible in email messages.
2. When composing and sending email messages, care must be taken to ensure they are non-offensive and cannot be construed as harassment.
3. Forwarding and downloading material of a pornographic, sexist, racist or derogatory nature are all prohibited.
4. Email messages can be impersonal in nature, which makes it easier to cause offense than when speaking. If you are upset, annoyed or angry about something take time to ensure the response message does not cause additional aggravation.
5. Legal action can be taken against a person sending an email message, and anyone forwarding the email message on to others, containing inaccurate information in the form of opinion or fact about an individual or organisation.
6. Chain mail forwarding is not permitted.
7. It is not permitted to conduct any business other than that of this company via email.
8. Only authorised personnel should access company email accounts.

Limited personal use of work email account is permitted under the following conditions -
1. Sending and receiving personal email messages does not interfere with work commitments.
2. That the personal email messages do not constitute misuse of email as outlined above.

In order to protect the email network and system, all inbound and outgoing email messages are routinely scanned to ensure they do not contain viruses or other malware. Email messages suspected of containing viruses and malware will be retained by the Email Administrator. An email will be sent to the intended recipient asking them if they are expecting an attachment. The email message and attachment will only be forwarded for delivery only if an affirmative response is received. The email message and the attachment will be retained by the Email Administrator for 30 days before being deleted.

Email management

All members of staff have a responsibility to manage their email messages appropriately. As well as complying with Data Protection and Freedom of Information Legislation, managing email messages appropriately will also ensure work can be conducted more effectively.

In order to manage email messages appropriately, all members of staff are requested to identify those email messages that are records of their business activities, and those that are ephemeral email messages. Email messages that are records of work activities must be moved from personal mailboxes and managed with, and in the same way as other records. Ephemeral email messages can be managed within the mailbox and kept only as long as needed before being deleted.

Staff are advised that individual inboxes have a 500Mb limit and failure to maintain your inbox within this limit will result in an inability to send further emails. It is your responsibility to manage your mailbox by deleting or moving messages out of your mailbox according to the principles of email management set out above.

There may be on occasion a need to access someone's mailbox when that person is away from the office for an extended period of time, such as on holiday out of the country. In such circumstances, access is necessary in order to act on the following -
1. Subject access request under the Data Protection Act.
2. Freedom of Information request.
3. Legal proceedings evidence.
4. Evidence in a criminal investigation.
5. Urgent line of business enquiry.
6. Evidence in support of disciplinary action.

When it isn't possible to seek permission from the member of staff whose mailbox needs to be accessed, the protocol and procedure for gaining access is as follows -
1. Gain authorisation from the Head of Department.
2. Submit a request to the Email Administrator.
3. Access is gained in the presence of the Line Manager for that member of staff.
4. A record is made of the reason/s for accessing the mailbox, together with the names of people who were present.
5. Inform the owner of the mailbox that was accessed.

If email records were managed appropriately and mailbox access has been delegated to a trusted third party, it is unlikely this access procedure will be needed.