Implementing an email policy - checklist

Reviewed by Astan Morarji, NewCoLegal.

Implementing an email policy - checklist

Read our checklist on creating a workplace email policy, establishing security procedures and letting your employees know what's expected of them.

  • You don't have to start from scratch. You can find advice about what to include, along with sample email policies and email disclaimers online.
  • Create an individual email account for each employee. Make sure each account is protected by a strong password. You might also want to set up general addresses like [email protected].
  • Establish who is responsible for each account. You should also decide how incoming emails will be handled when an employee is absent. For instance, is another member of staff expected to answer queries sent to your sales address?
  • Establish security procedures. Make sure passwords are strong and change them regularly. Ideally, your email server should be encrypted. You should also use security software to scan incoming and outgoing emails for security problems.
  • Specify what use of email is prohibited. For instance, you should ban the use of email for sending or receiving offensive material or engaging in illegal activities.
  • Set limits on personal use of email. For example, you may want to allow staff to use their email for personal messages only outside of working hours or during their breaks. You might also consider putting a limit on attachment sizes.
  • Set up personalised signatures for outgoing emails. These should include key company information (your company's registered name, place of registration, registration number and address of its registered office).
  • Consider adding a disclaimer to email signatures. Bear in mind that these have little legal authority and may be ineffective - especially as people will probably see them after they have already read the email. Seek legal advice if you are unsure.
  • Establish rules on sending confidential and personal information. Make sure these meet the requirements of data protection regulations.
  • Let employees know how emails are monitored and stored. Make sure any monitoring complies with legal restrictions protecting privacy.
  • Communicate the policy to all staff. Make sure it forms part of your induction process for new employees and provide appropriate training in effective use of email and the legal issues.
  • Use the policy to protect your employees too. Email can be highly disruptive to members of staff trying to get things done. You might want to make it clear that it's fine for staff to shut down their email if they need to concentrate. Or go further, and designate one day a week as email free.
  • Clarify the disciplinary consequences of breaching the policy. Make sure you enforce it consistently and fairly.

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.