The rapid growth of e-mail communication in Asia over the past few years has meant that many businesses have provided their employees with the facility to communicate by e-mail without identifying all the risks which involved.

Sure, we all know that a firewall will minimise the chances of attack from hackers. However, there are a number of other risks of which employees who have access to e-mail should be aware. Ideally, these should be communicated by way of a corporate e-mail policy covering at least the following points:

  • It is the company's e-mail system - Employees will inevitably use work e-mail systems for personal messages. However, such use should be kept to a minimum and should not affect the employees' work. Employees should be informed that the IT manager has access to their e-mails and that mis-use of the e-mail system will result in disciplinary action.
  • Be careful of what you say in e-mail messages - Although e-mails messages are usually written in informal language, care should be taken as to the substance of the message. For example, a defamatory e-mail can render both the employee and the company liable for libel.
  • Never send confidential messages by e-mail - Although the risk of confidential e-mails being intercepted is low, this risk can easily be avoided, either by encrypting confidential messages or by sending them by different means.
  • Avoid unwittingly forming contracts by e-mail - Contracts formed by e-mail are just as valid as contracts set out in a formal, signed document. Employees should check with their superiors or counsel before agreeing by e-mail to any commercial arrangement.
  • Watch out for viruses - Suspicious e-mails should be referred to the IT department for checking. Employees should not attempt to check for viruses themselves.
  • E-mails are disclosable in Court proceedings - It is almost impossible to delete e-mails permanently. All e-mail messages, however damaging or confidential, may later be retrieved and used against the company in any litigation in which they are relevant.
  • Keep hard copies of important e-mails - Although deleted e-mails can be retrieved, this can be a painstaking task. As a matter of routine, hard copies should be kept of any messages which may need to be referred to in the future.
  • Obtain confirmation receipts for important messages - Not all e-mails reach their intended recipients. Accordingly, employees should set their e-mail program to provide an automatic receipt for important messages and, in some cases, also send a hard copy of the message.

It is all too often the case that businesses become aware of the advantages of having an e-mail policy only after a dispute has arisen with one of its employees or business partners. If such disputes can be avoided in the first place then having a such a policy will be worth the effort.

First published in SCMP Technology Post on 25 July 2000.