How to implement an email policy

Checklist

  1. 1 You don’t have to start from scratch. You can find advice about what to include, along with sample email policies and email disclaimers online.
  2. 2 Create an individual email account for each employee. Make sure each account is protected by a strong password. You might also want to set up general addresses like sales@yourcompany.co.uk.
  3. 3 Establish who is responsible for each account. You should also decide how incoming emails will be handled when an employee is absent. For instance, is another member of staff expected to answer queries sent to your sales address?
  4. 4 Establish security procedures. Make sure passwords are strong and change them regularly. Ideally, your email server should be encrypted. You should also use security software to scan incoming and outgoing emails for security problems.
  5. 5 Specify what use of email is prohibited. For instance, you should ban the use of email for sending or receiving offensive material or engaging in illegal activities.
  6. 6 Set limits on personal use of email. For example, you may want to allow staff to use their email for personal messages only outside of working hours or during their breaks. You might also consider putting a limit on attachment sizes.
  7. 7 Set limits on personal use of email: for example, prohibiting transmitting large attachments or joining busy mailing lists.
  8. 8 Set up personalised signatures for outgoing emails. These should include key company information (your company’s registered name, place of registration, registration number and address of its registered office).
  9. 9 Consider adding a disclaimer to email signatures. Bear in mind that these have little legal authority and may be ineffective — especially as people will probably see them after they have already read the email. Seek legal advice if you are unsure.
  10. 10 Establish rules on sending confidential and personal information. Make sure these meet the requirements of data protection regulations.
  11. 11 Let employees know how emails are monitored and stored. Make sure any monitoring complies with legal restrictions protecting privacy.
  12. 12 Communicate the policy to all staff. Make sure it forms part of your induction process for new employees and provide appropriate training in effective use of email and the legal issues.
  13. 13 Use the policy to protect your employees too. Email can be highly disruptive to members of staff trying to get things done. You might want to make it clear that it’s fine for staff to shut down their email if they need to concentrate. Or go further, and designate one day a week as email free.
  14. 14 Clarify the disciplinary consequences of breaching the policy. Make sure you enforce it consistently and fairly.

Cardinal rules

Do:

  • Set up IT systems in a way which helps support the policy
  • Encourage appropriate use
  • Clearly explain prohibited use
  • Provide training
  • Think about data protection

Don't:

  • Read employees’ emails unnecessarily and illegally
  • Ignore breaches of the policy

You can find further, in-depth advice on the IT Donut.