Been ticked off by your boss for misusing email? Ever received a warning for sending unsafe attachments, spamming or even sending out company information?
Corporate India is suddenly waking up to the need of having a well-defined email and Net usage policy. Technology giant Infosys is one of the first to have set up an email policy five years ago. A company spokesperson said, "We at Infosys do have a policy that is communicated to Infoscions during their induction into the organisation and also on a popup screen when they log in."
The email policy has many dos and don'ts that include no chatting, no use of instant messengers and no sending large attachments. It's clearly mentioned that the email system may not be used for spamming, to solicit for commercial ventures, religious or political causes, outside organisations, and other non-job-related issues. Also, sending or posting confidential material externally, or posting company confidential material internally to non-authorised personnel is strictly prohibited.
"With viruses and spam increasing, content filtering and user awareness on handling email is a must," says the spokesperson, "Instances of misuse such as spamming, sending potentially unsafe attachments, etc are reported as are cases of users opening virus-infected mail."
Infosys formed the email policy in discussion with their legal department and believe that since all messages received and sent on the company network belong to the company, in case of any reported misuse, email messages may be used as evidence in legal proceedings. The spokesperson adds, "We have not enabled any content filtering on our email gateways. But privacy laws allow for corporate monitoring of mail sent on the corporate network provided that users are notified of such monitoring."
Abroad, monitoring of email and computer files have led to offending employees being fired. But in India misuse of official email, PC storage space and the Internet would lead to a counseling session at the most. Now though, many organisations are setting up email and Net usage policies.
Reliance framed one such policy when they found official email IDs being misused by employees for sharing "lighter information". Official accounts were also used a lot to send ecards. Now, a document is given out to employees explaining the dos and don'ts of email usage.
BNP Paribas also formed a policy four months ago, more to prevent the eating up of bandwidth by their employees, than to monitor their activities online. While the bank does have firewalls to provide a secure system, they also have systems by which mails are scanned for expletives or pictures and deleted when found.
However Deputy HR Manager Rajat Sinha believes, "When it's tough to fire people due to bad performance reports, firing because of email misuse is still a few years away in India. Besides, I think having a strict code where one is penalised for such things would incite employees to try to break the law and get away without being caught. The IT department has more important functions than purely monitoring email of employees!"
While some organisations do experience breach of security despite email policies being set up, others like Infosys believe the policy acts as a deterrent since disciplinary action may be initiated against offenders.
How do employees respond to such policies? Some self-censor their surfing to avoid being "busted" for visiting the "wrong" sites and use free Web mail accounts for personal communication.
Others turn a blind eye. Explains Amit Ahuja, a software programmer, "Anyone with an email account knows it's next to impossible to keep your inbox free of dirty jokes and sexually explicit JPEGs. A lot of professionals have no qualms about forwarding a little X-rated fun to friends and colleagues. I don't think an email policy is going to make me stop that!"
Smaller companies like Persistent Systems believe in an unspoken policy. Says Colonel Wakankar, the HR director, "We expect our employees to use email and the Net responsibly. They are professionals after all and can handle this tool just as responsibly as they handle other official property."
Policies also differ when companies lay off employees. While it's standard practice to immediately terminate their email accounts, some firms leave email and server access active for weeks or months.
A Mumbai based Web solutions company decided on another approach. Says Raj Nagda, the ex-CEO, "Most employees who were laid off were told about it a month in advance and the company uses an automated process to forward all their mail to their preferred accounts, without reading or rifling through it".
From the legal viewpoint, Paul Heylman of US law firm Schmeltzer, Aptaker & Shepard, P.C. asks employers to have an email policy that should "Advise employees that email is company property and not private; that it should be used for business purposes only; that all messages, sent or received, are subject to review; and finally, that the email system and all messages distributed on it are the property of the employer, not the employee. It should also state that violation of the policy would subject the employee to discipline, up to and including discharge. Finally, of course, the policy must be enforced."
Sites to help you frame your own email policy:
ePolicy Institute: Email policy information such as dos and don'ts, employee training tips, Netiquette rules and Q&As.
JB's Web: Discusses email policy and lists points that must be included in the policy.
Dangerous Email: Interesting articles covering email policy issues, email management and monitoring of email.