5 Tips for Creating an Effective Electronic Communications Policy

Over 80% of business correspondence was in the form of email in 2012, with 89 billion messages sent and received each day. This raises the very real and immediate possibility of security breaches arising from employee errors or illegal activities conducted via email — from within and/or outside an organization.

Businesses can help prevent the unauthorized disclosure of sensitive business and consumer information by establishing and enforcing good electronic communications policies and practices. Consider the following five tips for developing an e-policy:

Determine the departments and individuals with a stake in developing an e-policy. Generally, representatives from the IT, human resources, compliance, record management and legal departments all play a key role in developing an e-policy.
Take stock of the organization's business communication tools, including the type of electronic communication features, whether the organization has a social-media presence, the tools at hand to monitor and secure the technology and what devices employees may use.
Each organization is different, and how one approaches the development of an e-policy will depend on the goals, resources and culture involved. Some issues to consider include —
Communicating the established policies and procedures and training employees on their use is essential. Regular training will keep these practices fresh and allow for additional training on new policies and procedures implemented in response to changes in technology.
Coordinate e-policy into the organization's broader information policies, such as record retention and disposal policies.
  1. Assess the players.
  2. Assess the technology.
  3. Assess and develop policies.
    • Scope — Determine the scope of the policy — e.g., what types of electronic communications the e-policy will address, to whom it will apply and whether there will be separate policies for different types of devices.
    • Expectations of use — Decide on the organization's expectations regarding technology use, such as acceptable business versus personal uses, prohibited communications, remote access, use of company hardware and software and copyright or licensing issues.
    • Monitoring and privacy — Decide whether the organization will monitor the use of electronic resources, how will it do so, and how will it protect the privacy of employee and consumer data.
    • Ownership and security — Will the policy outline ownership of data stored on the organization's devices? Will there be any related restrictions on access to that data?
    • Personal devices — Determine to what extent the policy will address the use of personal devices for business purposes.
  4. Train employees.
  5. Integrate with other information practices.

Because electronic communications are an integral part of doing business, they must be secure. While many solutions to security issues are technological, it is important that employees follow procedures to protect against human error.

Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© WeComply, a Thomson Reuters business | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.