Does your organization need a “Cyber Czar?” Cyber or electronic security is a big deal. It is even considered a national security issue. As reported in this online CNN.com report, dated May 29, 2009, the Obama administration announced plans to create the post of cyber security coordinator to oversee and secure America’s digital infrastructure.
In fact, according to this same CNN report, the Obama administration has made electronic security relevant to how the economic crisis is handled: “The economic crisis cannot be tackled without ensuring the safety of the nation's online activities,” Obama said. “America's economic prosperity in the 21st century will depend on cyber security,” he said.
Workplace technologies help employers and employees increase efficiencies and productivity levels, no doubt about it. However, similar to those concerns expressed by the federal government, employers should be mindful about the potential for employee abuse and misuse of these technologies. Employees can intentionally or unintentionally cause employers significant harm and expense if workplace technologies are misapplied or misused.
Employers often need both legal and HR guidance when policy issues relating to company e-mail and documentation practices come up. While answers to these issues are not always that clear-cut, I think that many employers simply want a list of ‘dos and don’ts.’ As described in a previous HRTools.com Insight, there are numerous factors one should consider when developing an e-mail retention policy.
In addition to that information and as you think about your own workplace technology security issues, I think you will find the following general points helpful:
- Use extreme caution with your e-mail practices. Be careful what you put into writing. Words in an e-mail can be easily misinterpreted.
- Check for any applicable state and/or federal laws for retention requirements for e-mails. You will want to develop a retention policy while keeping in mind that you will apply it in a consistent manner.
- Remember with e-mails you can have more than one person holding onto those records. For example, when two (or possibly more) people engage in extended e-mail ‘conversations,’ as messages going back and forth, you can have one party who deletes all his or her records. However, no one can control how long other individuals retain those same messages.
- Be careful before you hit that “send” button to be sure that you are sending e-mail messages to the intended person(s).
- Some e-mail communications may be considered ‘official documentation’ of what is communicated. If employers are asked by the courts, which can happen, to furnish all e-mails about employee ‘John Doe,’ you may be required to share those e-mails with the court. As an alternative, I recommend that people simply pick up the phone to talk to someone, especially about sensitive or delicate matters that can easily be misinterpreted in an e-mail.
- Employee health information is private and protected by law. You should not pass around such information by e-mail. Again, you want to avoid getting into employees’ personal and private matters, which can be easily misconstrued or mishandled via e-mailed messages.
Generally, I further explain to employers that their examples set the tone for the entire organization. Their actions speak louder than words.
Some organizations also develop and include their e-mailing best practices information in their employee handbooks. While you don’t want to preach to your employees, it’s always better to let them know what is expected and what is considered proper and acceptable e-mailing etiquette.
Finally, as a baseline standard, I often say this: If you wouldn’t want to see something that you have written in an e-mail message published in the daily newspaper for everyone to see, then it’s probably not a good idea to e-mail the message in the first place.