Organisations need to facilitate a new culture for email communication and usage driven by upper management, with the responsibility for compliance to be shared by all (where every email user and manager knows that they are responsible for their own actions) at an individual, departmental and organisational level.  Company directors need to champion email management as an organisational objective, and in doing so, costs to the organisation will be minimised.

There is a requirement for email management and monitoring to be passive and non-invasive, one which will effectively track employee usage patterns without compromising privacy.  The email monitoring tools can report on usage trends and thresholds so that management can deal with offending employees at a local level.  This type of management empowerment can assist management to address issues such as employee productivity, corporate privacy, legal liability, email system resource consumption or non-compliance with the organisational policies regarding email use.

Email users should be properly educated through training in good email practices, awareness of organisational policies and their recognition that the user must abide by these rules at all times.  Management should appraise their staff on their proper use of the email system.

What should organisations do now?

Organisations should be more proactive and not wait for their own employees to be formally disciplined for email abuse.

There are nine key recommendations that need to be implemented:

1. Conduct an ‘Impact Assessment’ to identify the business purpose for email monitoring and confine it to what is necessary to accomplish that purpose.  Monitoring will only be used as necessary and will not be intrusive on the employees’ email communication.

2. Develop, or modify, corporate policies that cover email use (such as the Acceptable Use Policy, Information Security Policy and/or Computer Use Policy). Make sure that all users accept these policies and they are documented.

3. Train users on current best practices of email management and use.

4. Allow management to appraise their staff regarding email use and what standards will be used to evaluate their performance.

5. Enforce and police all policies regarding email use at all times.

6. Consider which email monitoring tools are appropriate for the organisation. Only implement when supporting processes, procedures and resources are in place.

7. Frequently review and update corporate policies to ensure they fully comply with the law and regulations, and any changes thereafter.

8. Communicate any changes of policy to all email users and management.

9. Thoroughly consider the costs of excessive monitoring, such as ethics, low morale, high turnover, and potential lawsuits.

A suggested flowchart for implementing email monitoring, and the Acceptable Use Policy, is recommended below.