Internet Newsletter for Lawyers |
|---|
E-mail is now seen as a standard form of communication used by a whole host of differing users, both for pleasure and business. Aside from a few separate regulatory statutes and regulations there is no generalised "e-law" to deal solely with e-mails. However, users are frequently surprised at the breadth of laws which actually cover e-mail communications and any accompanying attachments.
This article is designed to offer readers a brief insight into the kind of regulation that e-mails will attract. The article is written with a particular emphasis on the problems facing employers. This includes a checklist for any e-mail policy in operation and also a brief look at disciplining employees for overuse or abuse of the e-mail system.
E-mail use and abuse carries with it not just liability for the individual using the system but also potentially liability for those who are vicariously responsible for him or her (e.g. employers) and also those that operate the system (e.g. Internet Service Providers). Therefore, the regulation of e-mails is bound to be an important aspect of any development in this area.
Liability may cover areas as diverse and wide as the law relating to obscenity, defamation, confidentiality, privacy, negligence, intellectual property, viruses, data protection, unsolicited mail, broadcasting, professional conduct and discrimination. For a more detailed discussion of these, See E-mail, the Internet and the Law, EMIS Publishing 2001.
Given the breadth of the potential liability, individuals and employers alike need to be vigilant in the approach that they adopt towards its use. Part of the problem with e-mails is the way in which they are perceived. Individuals use e-mails increasingly to replace telephone discussions. They are conducted with an air of informality, which can be potentially risky. The major problem with that is the degree of permanence associated with e-mails. Firstly they are almost impossible to delete in the proper meaning of the word (clicking "delete" does not actually eradicate the e-mail from the system but merely removes the "map" to find it - retrieval systems can pick up almost anything, no matter how old). Secondly in their permanent form (capable, for instance of being printed off) they are to be viewed as normal correspondence. Something said in jest may appear to have a contrary meaning on paper. A very obvious example of the potential differences between oral communication and e-mails can be seen when one considers defamatory comments. Those made in conversation are only actionable with proof of actual loss flowing there from - not so with e-mails which attract the law of libel (as opposed to slander) and allow claims to be brought simply on the basis of the slur itself.
It should also be noted that anyone who forwards an e-mail is taken, in general terms, to have sent that e-mail themselves. It is no defence to point to the original sender in an attempt to absolve oneself from responsibility. Employers should bear this in mind when sweeping incoming and outgoing mails.
As employers can be held vicariously responsible for the actions of their employees (anything done within the course of their employment - which can be a very wide net indeed) they must consider how it is that they can (1) prevent the problem from occurring in the first place, and (2) avoid any liability once the problem has arisen.
The monitoring of e-mails will be an effective deterrent against routine abuse. One of the major methods of prevention is simply to set out clear explanations of the potential liabilities that the e-mail system brings with it. If employees know the dangers and the likely personal consequences, then they are far less likely to abuse the system.
Use of company e-mails could be banned for personal communications and a personal account could be set up - absent company name of course. A more radical alternative is barring access to e-mails completely.
Once the problem has arisen it may be possible to cure the situation. Liability will generally attach to forwarding or storing any incoming e-mails of certain descriptions. Thus effective removal from the system of such communications may be enough to avoid liability.
E-mails sent from work will usually be complete with the company heading on it. In order to prevent potential liabilities there are mail sweeping packages that, for instance, will pick up any foul language that is being used. Employers are permitted to monitor e-mail use and punish any abuses (see below).
Abuse which is occurring within the company may also be a potential problem. Claims have been successful in showing that abuse went along unsupervised or not rectified. An example is where pornography has been downloaded andd/or transmitted around the office. This may amount to sexual harassment for which the employer could face vicarious and direct responsibility. Effective discipline and monitoring may avoid such liability.
A well set out e-mail policy is essential. It is sensible to have this incorporated into the employee's contract of employment. This will usually require some form of variation supported by consideration. It may well be that the best option is to include it within the staff handbook. Different employers will have different considerations and resources to consider in deciding how to achieve the correct balance.
The proper identification of issues of concern and the proper drafting of the policies will assist greatly in preventing the problem, avoiding liabilities and also having a more effective work force (it is hoped!). Different provisions will no doubt be appropriate for different companies. The following are a non-exhaustive list of the kind of issues that need to be included in any e-mail policy:
(1) Extent of access to e-mail & internet for personal use;
(2) Whether the individual needs any form of permission to use the system for personal purposes;
(3) Extent to which e-mails may be monitored by the company (including deleted items);
(4) Requirement that all e-mails be encrypted;
(5) Requirement that all e-mails be accompanied by appropriate privacy and confidentiality notices;
(6) Requirement that no defamatory, obscene, lewd, unlawful, or otherwise inappropriate e-mails be sent, forwarded, stored, downloaded, printed or otherwise dealt with other than by deletion;
(7) Restriction of allowing others access to employee's password or system;
(8) Providing for people to deal with matters in another's absence including the retrieval of another's e-mail;
(9) The extent to which e-mail abuse is a matter capable of leading to disciplinary action and/or dismissal.
These are but the mere tip of the iceberg in this area. The most important aspect is the drafting. They should be sufficiently clearly worded so that employees understand them and they should be sufficiently widely drafted so that most, if not all, liabilities are covered.
Once a proper policy is in place disciplinary action will be all the easier. The important considerations to remember in this regard are fairness and equality. Employees should usually be subject to warnings before any dismissal action is taken (subject to gross misconduct which will obviously depend on the circumstances).
Possible misbehaviour should be investigated before action is taken and an even hand should be used across the board. Disparate treatment may leads to claims of discrimination and victimisation. Heavy handed treatment may lead to claims for unfair dismissal. If the policy gives clear guidance as to the level of sanction for certain offences, then the disciplinary action taken will be far easier to justify.
A proportionate and sensible approach to monitoring, educating and disciplining employees will greatly assist in reducing potential liabilities. Central to this is the adoption of a suitably drafted e-mail and internet policy.
Paul McGrath, pmcgrath@1templegardens.co.uk, is a Barrister at 1 Temple Gardens specialising in employment and aspects of computer law. He is the co-author (with Tim Kevan) of "E-mail, the Internet and the Law", EMIS Publishing, 2001; £28; email sales@emispp.com and website http://www.emispp.com.
Back to Contents.