E-mail policy dos and don'ts

Cyber lawyer Scott Nathan and The ePolicy Institute have some advice on putting together a company e-mail and IM policy.

This Content Component encountered an error

At TechTarget's recent CIO Conference, cyber law expert Scott Nathan and The ePolicy Institute offered some advice for IT executives looking to create e-mail and IM policies within their organizations. Click here to read why Nathan thinks it's so important for CIOs to get cracking on such a policy if they haven't already.


  • Establish comprehensive, written e-mail and IM policies.

  • Educate all employees about risks and compliance.

  • Stress that the e-mail and IM systems are business tools. Spell out what is – and what is not – considered appropriate business communication.

  • Spell out exactly how much personal e-mail and IM use (if any) is acceptable.

  • Recap your discrimination and sexual harassment policies.

  • Have all employees sign and date a copy of each policy.

  • Incorporate written policies in employee handbook and new hire orientation materials.


  • Address ownership issues and privacy expectations.

  • Tell employees if management monitors e-mail and IM.

  • Support e-mail and IM policies with content rules and language guidelines.

  • Establish netiquette policies for senders and receivers.

  • Implement e-mail and IM retention/deletion strategies.

  • Establish e-mail and IM security policies.

  • Install policy-based content filtering software to monitor and block e-mail and IM that violates policies or regulatory rules.


  • Expect employees to train themselves. Make them aware of rights, risks, responsibilities and repercussions.

  • Create separate policies for executives or managers.

  • Forget your international associates and laws governing e-mail/monitoring abroad.

  • Assign one individual the responsibility of single-handedly enforcing your organization's IM and e-mail policies.

  • Allow employees to dismiss the organization's IM and e-mail policies as insignificant or unenforceable.

Source: The ePolicy Institute

This article originally appeared on SearchCIO.com.

Dig deeper on Email Policy Management



Enjoy the benefits of Pro+ membership, learn more and join.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: