Creating An Email Policy
Basically an email policy should include all the do's and don'ts concerning the company's email system.
The policy should list email risks to make users aware of the potential harmful effects of their actions. Advise users that sending an email is like sending a postcard: if you don't want it posted on a bulletin board, then don't send it.
This should include email etiquette and writing rules in order to uphold the good reputation of the company and to deliver quality customer service. Also include instructions on compressing attachments to save bandwidth. More on email etiquette guidelines.
The policy should state whether personal emails are accepted and if so, to what extent. You can for instance set limits on the amount of personal emails sent each day, or you could require personal emails to be saved in a separate folder. You will probably want to prohibit the sending of chain letters and mass mailings and limit or eliminate certain email attachments from being sent or received. In every case, include examples and clear measures taken when these rules are breached.
Wastage of Resources
Warn users that they are making use of the company's email system and that they should not engage in non-business activities that unnecessarily tie up network traffic. The policy must also cover the use of newsletters & newsgroups. For instance you can require a user to request permission before subscribing to a newsletter or newsgroup.
The policy should expressly state that the email system is not to be used for the creation or distribution of any offensive, or disruptive messages, including messages containing offensive comments about race, gender, age, sexual orientation, pornography, religious or political beliefs, national origin or disability. State that employees who receive any emails with this content should report the matter to their supervisor immediately. Moreover, employees should not use email to discuss competitors, potential acquisitions or mergers or to give their opinion about another firm. Unlawful messages, such as copyright infringing emails should also be prohibited. Include examples and clear measures taken when these rules are breached.
Document Retention Policy
Unless your organization is required to archive email messages, which is the case for government, health care and financial institutions, it is best to create a policy rule that dictates deletion of emails after a certain amount of days. However, it is a good idea to provide an option to save certain emails in a different folder to avoid deletion. If you provide this option, spell out which emails may be saved and which must be deleted.
Treatment of Confidential Data
Include rules and guidelines on how employees should deal with confidential information and trade secrets. Make employees encrypt any confidential information that is sent via email and change passwords regularly. Also include measures that will be taken if an employee is found to be sending out confidential information unlawfully.
If you are adding a disclaimer to employees' emails, you should inform them of this and state the disclaimer text that is added.
If you are going to monitor your employees' emails, you must state this in your email policy. Warn that employees should have no expectation of privacy in anything they create, store, send or receive on the company's computer system and that the company may, but is not obliged to monitor messages without prior notice. If you do not mention that the company is not obliged to monitor messages, an employee could potentially sue the company for failing to block a particular message.
Publishing the Email Policy
The email policy should be made available and easily accessible to all employees. The policy should be included in employee handbooks and company intranets. It is best to include the email policy, or a short statement regarding the policy, in employment contracts. In this way the employee must acknowledge in writing that he/she is aware of the email policy and of the obligation to adhere to it. When the policy is updated a new copy can be circulated via email as well as on paper. Preferably have each new update signed by employees.
Disclaimer: The information present above is meant as a general guideline; and does not constitute legal advice and should not be relied upon as such. Please consult a professional expert or your legal advisor for specific matters related to creation, management and enforcement of your corporate email policies.