Policy Matters

May 1, 1996
Electronic mail has changed the workplace in more ways than almost anyone could have imagined just a decade ago. Today, information is zapped from one computer terminal to another instantaneously—creating a digital trail of conversations, thoughts and ideas. As with any technological revolution, society's ability to adapt to this new tool has lagged. Although 80% of all organizations communicate and share business information via e-mail, only 36% have policies addressing proper e-mail usage. More disturbing is the fact that only 34% have written workplace privacy policies. That's the finding of a recently released survey conducted by the Society for Human Resource Management (SHRM).

"Many organizations are unsure how to address privacy and technology concerns without interfering with the tremendous benefits of a tool such as e-mail—increased efficiency, teamwork and flexibility," says Michael R. Losey, president of SHRM. But this laissez-faire approach can land an organization in serious trouble. In many cases, workers are confused about what is acceptable behavior and what isn't, as well as what their boss considers acceptable for requesting information and carrying on business. Is informal networking with an associate through e-mail deemed personal or professional? Is an occasional message to a friend or family member verboten?

"While employers believe they have the right to access e-mail messages, employees tend to believe their communications are private," writes Jeffrey A. Van Doren, a Pittsburgh-based labor and employment law attorney in a recent issue of HR News. "Implementing an e-mail policy can go a long way toward clarifying who legally owns and has the right to access and review e-mail system messages in the workplace." Indeed, a growing number of employees who feel their rights have been violated are taking such cases to court. And although the overwhelming majority of decisions have come down in favor of the company, the cost of defending such actions can be expensive, he asserts.

That's why DHL Systems, a Burlingame, California-based technology service company that's part of DHL Worldwide Express, decided to formulate a policy nearly one year ago. "We felt it was important that everyone knows exactly what the rules are. The idea was to be upfront and honest about what behavior is acceptable and what isn't," says Linda Giusti, human resources manager for the company. So, she and the firm's HR director and legal counsel, Margaret Phillips, began scanning articles, case law, legal memos and other companies' policies to glean ideas and ensure they weren't missing anything.

After several weeks of research, they created a draft policy. Then they asked staffers for feedback and additional ideas on creating a policy that would be realistic and fair. "That was a crucial step," says Phillips. "Having everyone's comments up front meant we could act proactively rather than reactively. It helped us deal with issues before they became problems." At the same time, the company had internal experts in HR, finance, legal and technology review the document to ensure it was accurate and would work. The final result? A single-page document that concisely spells out the organization's policies governing e-mail and online access—a policy that borrowed on other companies' experience but meshed with DHL Systems' own culture.

DHL Systems is an example of how a company can generate a policy so that everyone wins. It spells out that the company's e-mail isn't to be used for "communications of a discriminatory or harassing nature, or for obscene" messages or chain letters. It notes that occasional nonbusiness use is acceptable, but "employees may not abuse the privilege for any significant amount of personal business or pleasure." And it clearly states that information created on company computers is generally considered private, although the company reserves the right to review electronic files and messages "to ensure that these media are being used in compliance with the law and with company policy." Other parts of the document cover hacking into other employee's files and protecting confidential information when sending e-mail to outsiders or posting it online.

That's a good start. But as Don Harris, manager of HR systems for the New York Times Co. and chair of the International Human Resources Information Management Association puts it: "Companies get into problems not only because of a lack of policy, but also due to poor policy implementation. It's crucial to follow the guidelines." His committee is working to develop a set of professional guidelines for the use and protection of HR information in computers and other forms of electronic media. But, "ultimately, it's people who protect information, not policies. That's why people must understand policies and take responsibility for them," he says.

Amid all the discussion about respecting employees rights, it's important to remember that e-mail and other forms of online communication can pose a serious security risk. Even ardent privacy advocates agree that electronic communication provides an easy way for a disgruntled worker to zap information to himself or a friend outside of the company. The bottom line? "It's important to strike a balance. If you suspect there's a problem, it's a good idea to monitor an employee. But randomly monitoring e-mail just to see what's going on can lead to enormous problems," says Laura Pincus, director of the Institute for Business and Professional Ethics at DePaul University.

Personnel Journal, May 1996, Vol. 75, No. 5, p. 78.