E-mail hell: the dark side of the Internet age

Folio: The Magazine for Magazine Management, June, 1998 by Phillip M. Perry

Faced with legal liability for employee misdeeds in cyberspace, magazine publishers are recasting their e-mail policies to reflect the new realities of the today's technology.

In the past year, Nation's Business installed a company-wide e-mail system--complete with the publisher's first written e-mail policy--to replace sporadic use of America Online addresses by the magazine's staff. Newsweek has circulated a new e-mail policy. And Penton Publishing began undertaking a company-wide overhaul of its e-mail policy to reflect the growing use of the Internet by the employees of its 50-plus business magazines.

What gives? Much of the activity is sparked by the rapid growth in the number of employees with e-mail access. It's become a lot tougher to keep track of who does what on the company's keyboards. When someone sends a defamatory e-mail message, downloads pornography for all the staff to see, or turns a friendly basketball pool into a megabucks gambling operation, it comes home to roost in the publisher's legal office.

The problem goes beyond the possibility that someone will break federal or state law. Publishers must also contend with deliberate sabotage of company information by a disgruntled employee with a loose keyboard. According to a recent survey by the Computer Security Institute, more than 87 percent of information security managers say that disgruntled employees are the most likely cause of data security incidents.

Users have an enormous capacity to inflict computer sabotage on their employers. In April of last year, for example, a temporary employee broke into the computer system at Forbes and destroyed vital data. Repair bill: $100,000.

A vengeful employee may also use the system to "set right a wrong" by broadcasting trade secrets. Consider the employee who recently sent an e-mail message to the press revealing the company's plan to shut down a branch office, a move that would result in worker layoffs. While the employee thought the publicity would keep the office from closing, the misbegotten e-mail caused considerable embarrassment to the employer, and a decline in morale among the staff.

Avoid misunderstandings

Part of the problem is that e-mail users tend to be blissfully unaware of one of the most troubling aspects of e-mail: its permanency. E-mail may seem to the user more insubstantial than a phone call, but it is actually more permanent than paper.

It's easy for an employee to take a chance with a risky e-mail, thinking it can be destroyed with a mere tap on the delete key. No way. The message still exists on the hard disk--it has just been disconnected from the computer's internal file maintenance system. Worse, the message also exists on backup storage devices at the sender and recipient locations. That's why investigators of fraud or other illegal matters typically seize computer equipment to resurrect old messages that can establish liability.

"Everyone needs to understand that anything typed onto the system remains out there forever," says Ronald J. James, outside counsel for Penton Publishing and a partner in the Cleveland law firm of Squire, Sanders & Dempsey. "There is no such thing as a delete key." Bottom line: If you wouldn't write the message on a postcard, don't put it in an e-mail.

Yet another misunderstanding is that an e-mail message is private. Maybe it's the "personal" in "personal computer." Or maybe it's the similarity of the term e-mail with sealed paper mail, which is protected from prying eyes. Whatever the cause, employees are often surprised when they discover bosses monitoring their e-mail--and taking disciplinary action up to and including discharge for messages that violate policies.

No laws protect business-related e-mail from management monitoring. But when employees have what attorneys call an "expectation of privacy," they get upset when their bosses intercept and read their e-mail. Expensive lawsuits for invasion of privacy have resulted. Although plaintiffs generally do not prevail in such cases, it still costs money to mount a defense.

"Employers have wide latitude to monitor e-mail, as long as the content concerns the business, and so long as they do so to protect their assets," says Robert Ellis Smith, an attorney and publisher of Privacy Journal, a Providence, Rhode Island-based publication that monitors federal and state privacy laws.

Things get dicey, though, when employers monitor personal e-mail messages. "Senders of personal e-mail are protected by the federal Electronic Communications Privacy Act, which covers virtually any communication," says Smith. "The rules are precisely the same as with phone calls." In other words, messages that are clearly personal should not be monitored.

At what point does communication cross the line from business to personal? That's a tough question, especially when one message contains multiple subjects. Hence the advice from many attorneys that employees be told to use the e-mail system only for business purposes.

It's smart policy to have a policy