5 Tips for Creating an Effective Electronic Communications Policy

Over 80% of business correspondence was in the form of email in 2012, with 89 billion messages sent and received each day. This raises the very real and immediate possibility of security breaches arising from employee errors or illegal activities conducted via email — from within and/or outside an organization.

Businesses can help prevent the unauthorized disclosure of sensitive business and consumer information by establishing and enforcing good electronic communications policies and practices. Consider the following five tips for developing an e-policy:

Determine the departments and individuals with a stake in developing an e-policy. Generally, representatives from the IT, human resources, compliance, record management and legal departments all play a key role in developing an e-policy.
Take stock of the organization's business communication tools, including the type of electronic communication features, whether the organization has a social-media presence, the tools at hand to monitor and secure the technology and what devices employees may use.
Each organization is different, and how one approaches the development of an e-policy will depend on the goals, resources and culture involved. Some issues to consider include —
Communicating the established policies and procedures and training employees on their use is essential. Regular training will keep these practices fresh and allow for additional training on new policies and procedures implemented in response to changes in technology.
Coordinate e-policy into the organization's broader information policies, such as record retention and disposal policies.
  1. Assess the players.
  2. Assess the technology.
  3. Assess and develop policies.
    • Scope — Determine the scope of the policy — e.g., what types of electronic communications the e-policy will address, to whom it will apply and whether there will be separate policies for different types of devices.
    • Expectations of use — Decide on the organization's expectations regarding technology use, such as acceptable business versus personal uses, prohibited communications, remote access, use of company hardware and software and copyright or licensing issues.
    • Monitoring and privacy — Decide whether the organization will monitor the use of electronic resources, how will it do so, and how will it protect the privacy of employee and consumer data.
    • Ownership and security — Will the policy outline ownership of data stored on the organization's devices? Will there be any related restrictions on access to that data?
    • Personal devices — Determine to what extent the policy will address the use of personal devices for business purposes.
  4. Train employees.
  5. Integrate with other information practices.

Because electronic communications are an integral part of doing business, they must be secure. While many solutions to security issues are technological, it is important that employees follow procedures to protect against human error.