How to Establish a Privacy Policy

Imagine that your business has a make-or-break presentation scheduled today with a prospective client. But after arriving at work this morning, you discovered that key files needed for the meeting are corrupt. The culprit: a virus-infected email message that one of your employees forwarded from the Web last night to everyone in the company.

It may sound like every business’ worst nightmare. But as the use of communications tools such as email and instant messaging (IM) proliferates, it’s a scenario that all businesses must wake up to sooner rather than later. If you’re serious about protecting your business’ intellectual property and other sensitive information, then you need a comprehensive privacy policy that addresses employee use of email and IM. This article will show you how to implement some privacy policy “best practices.”

Assess your risks Few people would doubt that email has revolutionized communications in today’s business world. According to the American Management Association’s 2003 “Email Rules, Policies and Practices” survey, 86 percent of respondents said that email has made them more efficient, while 51 percent said they are much more efficient. Gartner, meanwhile, forecasts that 70 percent of all corporations will use IM this year, and that by 2005 IM will represent 50 percent of all business-to-client communications.

But employee use of such tools can open businesses to some costly liabilities, including workplace lawsuits, sexual harassment claims, trademark and patent infringement suits, internal security breaches, hacker attacks, and lost productivity. As a result, companies are increasingly adopting strict privacy policies — often including monitoring — to govern their employees’ email and IM activity. Consider these additional findings from the American Management Association’s survey:

Three-fourths of all organizations have written policies concerning email, but fewer than half train their employees on them.

More than half of U.S. companies engage in some form of email monitoring of employees and enforce email policies with discipline or other methods.

22 percent of companies have terminated an employee for email infractions.

The average survey respondent spends a quarter of the workday on email.

Be explicit So how do you balance an employee’s privacy and the need to maintain security? With lots of care, experts agree. After all, no company wants to find itself in the position of playing “Big Brother.” And not all businesses will deem it necessary to monitor their employees’ email and IM use. But if sensitive business information regularly passes through your mail systems, it’s imperative that you have a clear, unambiguous privacy policy in place and the means to back it up.