Careless or inappropriate use of email can create substantial reputational and security risks.
Jo Kangurs, director of KeystoneHR Consultancy, outlines how to create a workplace email policy, establishing security procedures and letting your employees know what's expected of them. (27 July 2020)
- Get a headstart by checking out the sample email policies and email disclaimers available online.
- Create an individual email account for each individual, protected by a strong password. You might also want to set up general addresses like [email protected].
- Establish who is responsible for each account and decide how incoming emails will be handled when someone is absent.
- Establish security procedures, as cybersecurity is a critical issue for law firms. Security software, strong passwords and encrypted emails can protect the firm and client data.
- Decide whether you allow the use of the firm’s e-mail for personal reasons. It is safer to forbid its use altogether but if allowed, make it clear that the firm’s details should be removed from the body of the e-mail.
- Set limits on the amount of time employees can spend using e-mail on their own mobile devices. The norm would be to restrict all personal mobile phone use to outside office hours and during breaks, but making allowances for emergency situations.
- Specify what use of email is prohibited. For instance, sending or receiving offensive material or engaging in illegal activities.
- Set up personalised signatures for outgoing emails. These should include both the individual's and the firm's name, plus contact details and regulatory information.
- Consider adding a disclaimer to email signatures. Bear in mind that these have little legal authority and may be ineffective - especially as people will probably see them after they have already read the email.
- Terms of business – include reference to the use of e-mail and the fact that it is not a totally secure form of communication.
- E-mails sent to the wrong address – have a procedure for the steps to be taken if this occurs, especially if the e-mail contains confidential information.
- Follow the data protection regulations with procedures to delete e-mails at appropriate times, depending on the nature of the content.
- Establish rules on sending confidential and personal information, complying with the data protection regulations.
- Let employees know how emails are monitored and stored, complying with the data protection regulations.
- Set standards for the use of email. For example, what your ‘house style' is, what types of communication email is and is not suitable for, and how quickly incoming emails need to be responded to.
- Communicate the policy to all staff. Include it in your induction process for new employees.
- Provide appropriate training in email best practice and the legal issues.
- Clarify the disciplinary consequences of breaching the policy, and enforce the policy consistently and fairly.
- Use the policy to protect your employees too. Constant incoming emails can be highly disruptive, so you may want to provide guidelines or time-blocking tools to create interruption-free blocks of time.
"We have all got used to the speed of correspondence using e-mail but an e-mail has the same significance as a letter sent in the post. A quick email reply can be very helpful – or disastrous. Everyone, especially lawyers, needs to understand the risks of firing off an email without taking the time to think things through"
Catherine Gasparini, consultant
"The content and style of an e-mail should mirror anything that is sent out by post. Your professional reputation, image and brand can be irreparably damaged if it does not. I always ask junior lawyers:"Would you be happy having your email read out in court?" David Calder, The Cashroom
- Email best practices for lawyers and law firms (2014 Moore Legal Technology blog)
- Induction of new lawyers and support staff – checklist
- GDPR for law firms