Five steps to success
1. Never look for an employee doing wrong, look for wrong and then investigate suspect employees.
2. If you have acceptable usage policies in place regarding e-mail usage, you must have e-mail monitoring in place.
3. Ensure employees are informed of acceptable usage policies, and that these are enforced.
4. Proactively monitor e-mail by searching random e-mails for key phrases or words to highlight suspicious or non-productive activity.
5. Ensure users use external e-mail (for example, Hotmail) outside working hours and use corporate e-mail during working hours.
E-mail is estimated to grow by 40% each year, commanding more and more of employees’ working hours. According to the Office for National Statistics, employees spend, on average, two hours a day on e-mail – assessing, managing and responding to messages. This equates to 11 working weeks for every user and translates into millions of pounds for organisations, without even taking into account the cost of lost productivity due to e-mail misuse.
Examples of e-mail misuse are now ubiquitous with cringe-worthy personal e-mails being dispatched around the world and rapidly making the headlines. A recent example was Lucy Gao, an intern at Citibank, whose 21st birthday invitation to the Ritz was circulated around the City and incited ridicule from her colleagues and peers.
Another example is legal executive Richard Phillips, who resigned after insisting in an e-mail that his secretary pay a £4 dry cleaning bill for a ketchup stain on his trousers. Most famously though was the boyfriend of Claire Swire, who forwarded her e-mail praising his sexual prowess to his lawyer mates, and it soon ended up across the world.
The chastened boyfriend and lawyer friends were suspended for bringing the company name into disrepute and abusing the company’s e-mail system, but none faced dismissal. Swire went into hiding, but still managed to keep her job.
These incidents are examples of the problems that employees can cause to the reputation of their organisation, and highlights the risk of disciplinary measures by forwarding personal or questionable material.
They also demonstrate that the majority of employees do not see corporate e-mail as holding the same ‘official’ status as a letter written on company letterhead.
Risk of claims
E-mail monitoring needs to be done correctly if organisations want to avoid the risk of claims. If no e-mail monitoring is taking place in your organisation, it is impossible for you to understand the extent of personal e-mail usage and the related productivity losses.
In our so-called ‘Big Brother’ nation, monitoring staff e-mails can mean that you could face claims if you haven’t taken the appropriate steps beforehand.
A new ruling this year said a Welsh college had breached the European Convention on Human Rights by secretly monitoring an employee’s e-mails without her knowledge. The European Court of Human Rights in Copland v UK ruled that the surveillance without her knowledge “amounted to an interference with her right to a private life”.
Most employers have acceptable usage policies (AUP) in place with regards to using e-mail for personal purposes. However, more often than not, AUPs are not enforced, which means that employees continue to breach the policies and the liability risk falls on the organisation’s shoulders.
Encourage employees not to use their corporate e-mail for personal use by requesting they use personal e-mail accounts outside work hours. If you have AUPs in place, you should monitor e-mails to ensure employees are complying with the policies.
Employers should ensure that employees are aware of the extent to which they are monitoring their use of the e-mail system. Consider the impact of the Data Protection Act (DPA) 1998 and the Regulation of Investigatory Powers Act 2002 before undertaking any form of monitoring.
The Information Commissioner recommends that employers carry out an impact assessment to help establish whether their internet and e-mail monitoring complies with the DPA.
Traditionally, employers have gone to the IT department to request e-mail monitoring and retrieve e-mails, but this can be a lengthy process. With high workloads, the IT department does not see e-mail monitoring as a priority within their workload. So what can you do?
Enforce your e-mail policy. Run regular electronic reports that provide information on e-mail usage volumes, and search for inappropriate key words in the subject heading or body of the text.
This ensures employees do not use inappropriate language in e-mail correspondence and monitors the level of personal e-mails being sent that affect productivity levels.
One example of an organisation that was able to achieve this was LA Fitness. The health club uses an e-mail management solution to provide insight into employee productivity and performance. This helps it to ensure the company’s e-mail policy is adhered to across its 88 clubs nationwide.
After LA Fitness implemented a software solution, the company discovered that 40% of the total number of e-mails sent were non-work related. Incidents of inappropriate e-mails were then eliminated and personal e-mail usage went down from 40% to 2%.
By taking away the responsibility of e-mail monitoring from the hands of IT, you can reduce the risk to your organisation’s reputation. In the case of a serious investigation – for example, bullying or sexual harassment – an e-mail management tool can be used to search and provide evidence, rather than having to ask IT to provide e-mail conversations, which can be a timely and costly process.
By allowing you to search for evidence using subject headers or key phrases within e-mails, you can move forward faster on a decision without instilling fear or negativity within the organisation.
You can also minimise the risk of negative PR by deciding whether users should have full use of e-mail for both internal and external communication or for internal or external communication only.
Malcolm Etchells is managing director EMEA of Waterford Technologies
E-mail and internet usage
E-mail monitoring powers come into force
Don’t leave yourself open to liability for a temp’s misuse of IT