Following a spate of high-profile legal cases, there has never been a greater need for IT managers to ensure that they understand the latest laws surrounding the use of company email systems.
An email sent by an employee can make his or her employer liable in a number of ways. If a statement is found to be defamatory a company may be forced to pay damages. In 1997, in one of the first cases of its kind, insurance firm Norwich Union was forced to pay £450,000 in libel damages after staff circulated untrue statements on an internal email system alleging financial difficulties at rival Western Provident.
If an email is offensive or pornographic, this may result in anything from extreme public humiliation for the company involved to, at worst, a trip to court and associated costs to the business, such as legal fees, compensation and unwanted media attention. Moreover, every time an unlawful email is forwarded by an employee, another person or company becomes potentially liable as well and so the problem snowballs. Once emails are sent abroad they can fall foul of laws unique to other countries too.
When a woman recently sent a sexually explicit email to a man's work address at City law firm Norton Rose, the recipient smugly forwarded her complimentary message to a few of his friends. Within days its readership extended around the world. This was despite the legal rider beneath the message informing readers that its contents were 'confidential', 'privileged' and 'solely for the use of the recipient' . The total readership was estimated at more than 20 million, and the incident resulted in four lawyers at the firm being suspended.
Meanwhile, in the case of Royal & SunAlliance, a crude cartoon was forwarded around an office in Liverpool. As a result, 10 people were sacked and a further 80 suspended, although several have since returned to work.
Surprising as it may seem, the laws that apply to the use of email at work are not new. The English law of vicarious liability states quite clearly that a company can be liable for the acts of an employee that are carried out in the course of employment, even if the act is unauthorised and contrary to company policy. The fact that email is an electronic rather than a written form of communication is irrelevant  the same law applies to any media.
Wisely, most companies have realised that preventative action is best. But precisely how far can a company go?
Managers can reduce the risk by introducing a corporate policy that explains to employees the company's code of practice on email use. In addition to staff training, one way for firms to get the message across is to incorporate their email policy and instructions on individual use into employment contracts, together with a clear warning to employees that any breach will be considered a disciplinary offence.
This may also pre-empt legislation that has been drafted, but not yet implemented, by the data protection commissioner (now the information commissioner), requiring the notification of staff before the monitoring of staff emails.
It could also be worth installing spyware  message inspector software that can be programmed to sift through emails and track down pre-programmed key words in their content so that, if such words are detected, the IT manager can be alerted.
The Regulation of Investigatory Powers Act 2000, introduced last October, allows UK firms to monitor staff emails at will, provided there is a legitimate business reason for doing so. Such action may be considered justified if an employer needs to access business communications in a worker's absence and so it effectively gives the employer permission to eavesdrop. Unlike many other countries, in the UK there is currently little in the way of privacy laws to prevent this, although the information commissioner may well decide to introduce legislation.
