A new technology issue is rapidly becoming a key topic of agency risk management: communication management. While working electronically potentially increases productivity and reduces expenses, the benefits come with a price. The trade-off is that recent legislation has made communication management a legal matter.

For many years, the rule has been to document everything. In today's world of privacy laws and e-discovery, however, less is often more. Agencies are finding that having too much documentation can be just as costly as not having enough. E-mail messages are the electronic equivalent of DNA evidence. A recent study reports that 24% of employers have had e-mail subpoenaed by courts and regulators, while another 15% have battled lawsuits triggered by employee e-mail. (Source: American Management Association/ePolicy Institute 2006 Workplace E-Mail, InstantMessaging and Blog Survey.)
The process of defining, identifying and retaining so-called “business records” will be an important task for agencies in 2008. Agency assets, reputation and survival could one day rest on the outcome of a lawsuit or regulatory investigation involving your electronic communications.
A business record is a “business-critical” e-mail that has a direct connection to how you protect your clients. A “non-record” message is a personal e-mail sent or received by agency staff that does not directly relate to a business activity. According to the AMA survey, only 57% of employees know the difference between an electronic business record that must be retained and a non-record that may be purged.
To use business-record e-mail to legally document your agency's actions, you must be able to prove that the e-mail was sent and received. The U.S. Postal Service considers first-class mail delivered if sent, but a different standard applies to e-mail. The Uniform Electronic Transactions Act stipulates that electronic messages can be considered “delivered” only if they can be shown to have arrived at the recipient's mail system. As you know, not all e-mail reaches its destination, and not receiving a “bounce” reply does not mean the e-mail was delivered.
Communications management plans
As your agency plans for 2008, there are three specific aspects of communication management you ought to consider: document retention policies, privacy policies and registered e-mail.
Document retention plans: Document retention policies establish how agencies store and destroy all types of documents, including electronic communications. Consider this potential e-discovery scenario: A plaintiff requests a copy of each e-mail related to an E&O claim against your agency. These documents may reside in a variety of places, such as your computer network, laptops, backup tapes or other archives. Most likely, relevant e-mails are mixed with unrelated documents that your agency would not care to expose in court.
Having an attorney sift through massive amounts of data is expensive, but that's not even the most significant cost. As the opposing attorney also examines your documents, he or she might discover a casual e-mail that could be used in court against your agency. Personal e-mails may seem harmless, but they're fair game in litigation–which is why non-record communications should be periodically purged.
Another possibility is that opposing counsel will request certain documentation that your agency cannot produce. The judge could hold your agency responsible for not having a document retention policy that explains why you did not keep the document and how it was destroyed. You need a document policy that addresses these issues.
Privacy policies: While many agencies have privacy policies, they frequently don't include provisions for using and storing e-mail. Last December, a U.S. federal court announced amended rules governing the discovery of “electronically stored information,” or ESI, and your privacy policy will need to take them into account. ESI refers to e-mail and any other data that can be stored electronically. The court intends ESI to be a broad enough term to cover all types of current computer-based information, yet flexible enough to accommodate future technology developments.
The federal rules of civil procedure for electronic communications are clear on the following:
1) ESI is discoverable and may be used as evidence–for or against your company–in litigation.
2) Business-record ESI related to litigation must be retained, archived and produced during discovery.
3) Companies are allowed to routinely purge archives of data not relevant to litigation or pending cases.
4) Writing over backup tapes may constitute virtual shredding once litigation is under way.
5) To be accepted as evidence, e-mail must be trustworthy, authentic and tamperproof.
Registered e-mail: To comply with privacy legislation, agencies must be able to verify two critical pieces of data: that the e-mail was sent over a secure e-mail connection, and that its arrival was verified.
One way agencies can more effectively manage their electronic communications is by making sure that all business records sent by the agency are “registered.” Such records are admissible in court. Registered e-mail providers can aggregate the transmission information from the sender's and receiver's mail servers, interpret it and produce an easy-to-read report. The information is returned to the sender and contains proof of sending and receipt, proof of official time sent and received, and proof of content (including attachments, reconstruction of original content, delivery and times).
The 3 E's of electronic communication
As you make your plans, keep in mind that while they may be simple, they also must be complete. The “Three E's” of effective electronic communication management, cited by the ePolicy Institute, an online source of training information founded by Nancy Flynn, an author and speaker on e-mail topics, may provide some guidance.
Establish: Establish comprehensive rules, policies and procedures for your organization's business records and registered e-mail. Use your e-mail policy to spell out issues of usage (business and personal), content and “netiquette” (conventions that facilitate efficient interaction), confidentiality rules, retention and deletion schedules, and litigation hold rules.
Develop your e-mail policies with regulatory compliance, litigation concerns, security and privacy issues, and business needs in mind. Assign a team of legal, compliance, IT, records management and HR professionals to ensure that your policies address all of the risks, rules and regulations facing your industry.
Electronic communication policies should be clearly written and easy for employees to access, understand and follow. Avoid vague language that may leave a policy open to individual interpretation. Update written policies annually to ensure that your organization has procedures for complying with any new regulations.
Distribute a hard copy of each policy to all employees. Insist that every employee sign and date a copy, acknowledging that they have read it, understand it and agree to comply with it or accept disciplinary action up to and including termination.
Educate: Support written rules and policies with agencywide employee training. Make sure employees understand compliance is mandatory. Such training makes courts more likely to believe that your agency has made a reasonable effort to manage ESI. In your training address these issues:
1) What is a business record? What is the agency's retention/deletion schedule? What is each employee's role in the retention/deletion process?
2) Registered e-mail technology: How does it work? How does it differ from traditional e-mail? When and how should employees use it?
3) Review e-mail risks and liabilities facing the industry, organization and individual users.
4) Spell out e-mail content, language and netiquette rules.
5) Discuss e-mail ownership and privacy concerns: the agency's responsibilities and legal monitoring rights versus employees' privacy expectations.
6) Review industry and governmental regulations.
7) Explain e-mail's role as ESI–discoverable legal evidence.
8) Discuss confidentiality concerns. Stress the importance of protecting intellectual property, trade secrets, company financials, proprietary information, confidential data and internal documents.
9) Review monitoring laws, rules and tools.
10) Discuss penalties–up to and including termination–awaiting those who violate record retention, and acceptable e-mail and registered e-mail use policies.
Enforce: Enforce your agency's written electronic rules and policies with a combination of disciplinary action and technology tools. In general, employers are getting tougher about policy compliance, with 26% of managers reporting that they have dismissed employees for misusing their organization's e-mail system, according to the AMA survey.
Electronic communication management will always be an essential element of profitable agencies and protected clients. As technology resources continue to grow, so will the need to manage the risks of properly collecting data and storing it electronically. With the end of the year just ahead, now is the time to begin planning your response.
Ted Baker is the president of Advantage Automation Inc., which for 17 years has offered agency-consulting services addressing a variety of management and agency-development issues. He also is an author and frequent conference speaker. Ted can be reached at [email protected].