Below is a sample e-mail policy by the ePolicy Institute that could be used as a starting point for crafting one for an organization:
(Organization) is pleased to make e-mail access available to authorized employees. Created as a business tool to help (Organization) employees serve customers, communicate with suppliers, streamline internal communications, and reduce unnecessary paperwork, the e-mail system is intended primarily for business purposes. Personal use of (Organization's) e-mail system is restricted to the terms outlined below. The e-mail system is the property of (Organization). Employees accessing (Organization's) e-mail system are required to adhere to the following policy and procedures. Violation of (Organization's) e-mail policy may result in disciplinary action, up to and including termination.
1. All communications and information transmitted, received, or archived in (Organization's) computer system belong to the company. The federal Electronic Communications Privacy Act (ECPA) gives management the right to access and disclose all employee e-mail messages transmitted or received via the organization's computer system. (Organization) intends to exercise our legal right to monitor employees' e-mail activity. When it comes to e-mail, employees should have no expectation of privacy. Be aware that management may access and monitor e-mail at any time for any reason without notice.
2. The e-mail system is reserved primarily for business use. Only under the following circumstances may employees use (Organization's) e-mail system for personal reasons:
a) Communication with children, spouses, and immediate family is permitted but must be limited to no more than 15 minutes a day during business hours. Employees also are free to e-mail children, spouses, immediate family during the lunch hour and other authorized break times.
b) Personal e-mail communication that exceeds the time limits outlined in point 2a and/or which is conducted between the employee and an individual other than a child, spouse or immediate family member is prohibited unless authorized by (Organization's) human resources manager.
c) The use of (Organization's) e-mail system to solicit for any purpose, campaign for a political candidate, espouse political views, promote a religious cause, and or advertise the sale of merchandise is strictly prohibited without the prior approval of the Chief Information Officer.
3. E-mail passwords are the property of (Organization). Employees are required to provide the Chief Information Officer with current passwords. Only authorized personnel are permitted to use passwords to access another employee's e-mail without consent. Misuse of passwords, the sharing of passwords with non-employees, and/or the unauthorized use of another employee's password will result in disciplinary action, up to and including termination.
4. Privacy does not exist when using (Organization's) computer system including desktop computers, laptops, and handhelds. Confidential or personal information never should be sent via e-mail without the understanding that it can be intercepted. This includes the transmission of the organization's intellectual property, customer financial information, Social Security numbers, employee health records, proprietary data and trade secrets, and/or other confidential material. When sending confidential material (or any messages for that matter), employees should use extreme caution to ensure the intended recipient's e-mail address is correct.
5. Exercise sound judgment and common sense when distributing e-mail messages. Client-related messages should be carefully guarded and protected, like any other written materials. You must also abide by copyright laws, ethics rules, and other applicable laws. Exercise caution when sending blind carbon copies to ensure you don't violate addressees' privacy by inadvertently sending carbon copies.
6. E-mail usage must conform to (Organization's) harassment and discrimination policies. Messages containing defamatory, obscene, menacing, threatening, offensive, harassing, or otherwise objectionable and/or inappropriate statements--and/or messages that disclose personal information without authorization--are prohibited. If you receive this type of prohibited, unsolicited message, do not forward it. Notify your supervisor and/or the Chief Information Officer about the message. Delete the message as instructed by management.
7. E-mail messages should be treated as formal business documents, written in accordance with (Organization's) Electronic Writing Style and Netiquette Guidelines. Style, spelling, grammar, and punctuation should be appropriate and accurate, and the rules of netiquette must be adhered to.
8. Employees are prohibited from sending jokes via e-mail. Jokes, which often contain objectionable material, are easily misconstrued when communicated electronically.
9. Employees are prohibited from sending organization-wide e-mail messages to all employees without approval from the Chief Information Officer. In addition, employees are prohibited from requesting e-mail replies to organization-wide e-mail without the permission of the Chief Information Officer.
10. Employees may not waste (Organization's) computer resources or colleagues' time. Send e-mail messages and copies only to those with a legitimate need to read your message. Chain messages and executable graphics should be deleted, not forwarded, as they can overload the system.
11. Only the Chief Information Officer and/or Systems Administrator may generate public e-mail distribution lists.
12. Employees are responsible for knowing and adhering to (Organization's) e-mail retention and deletion policies.
13. Misuse and/or abuse of (Organization's) electronic assets (wasting productive time online, copying or downloading copyrighted materials, visiting inappropriate sites, sending inappropriate/abusive e-mail messages, etc.) will result in disciplinary action, up to and including termination.
Note: If you have questions or concerns about (Organization's) E-Mail Policy, contact the Chief Information Officer and/or Human Resources Director (e-mail addresses and phone numbers) before signing this agreement.
I have read (Organization's) E-Mail Policy and agree to abide by it. I understand violation of any of the above terms may result in discipline, up to and including my termination.
Employee Name (Printed)
Source: ©2007, The ePolicy Institute (www.epolicyinstitute.com or 614-451-3200), Executive Director Nancy Flynn. For informational purposes only. Individual policies should be developed with assistance from competent legal counsel. The ePolicy Institute offers sample, fill-in-the-blanks policies governing e-mail, instant messaging, Internet, blog, and software use and content. Visit www.epolicyinstitute.com to learn more about the ePolicy Forms Kit.