Why Every Organization Needs Effective Electronic Policies
by Nancy Flynn
Could your business survive a multi-million-dollar lawsuit triggered by thoughtless employee email? All organizations face costly risks when employees communicate online. The accidental (or intentional) exposure of confidential email, consumers’ private data, students’ educational records, or patients protected health information can trigger lawsuits, regulatory fines, and PR nightmares.
If medical professionals discuss patients on Facebook, hospitals could face seven-figure HIPAA fines. If stockbrokers blog about public companies, SEC rules might be violated. If employees disparage suppliers on Twitter, managers mock employees in text messages, or executives reveal merger plans in email, the results could include litigation, lost revenues, and career setbacks.
Apply the 3Es
Fortunately, through the strategic application of policy, training, and technology, organizations can manage electronic risks. Best practices call for the three Es of e-risk management: (1) Establish policies governing email, social media, mobile devices, and the web; (2) educate users about risks and rules; and (3) enforce e-policies with discipline and technology.
Legal Rights v. Privacy Expectations
The federal Electronic Communications Privacy Act (ECPA) grants employers the legal right to monitor company computers. Content created, transmitted, and stored on business systems, sites, accounts, and devices belongs to the boss. Workers should not expect privacy.
Monitoring employees’ personal accounts is less clear, however, and is handled state-by-state. In Ohio, employers legally may request access to personal Facebook accounts as a condition of employment. Before requesting Facebook user names and passwords, consider whether personal monitoring fits your compliance needs and culture. If you do review personal sites, proceed cautiously and strictly for legitimate business reasons. Reject a job candidate for personal Facebook content today, and you may face a discrimination lawsuit tomorrow.
Best Practices to Minimize Risks & Maximize Compliance
- Update e-policies to reflect 2016 laws & regulations.
- Address business & personal content and use.
- Educate users about risks & policies.
- Support policy with discipline & monitoring.
- Insist on policy compliance 24/7/365.
Nancy Flynn, founder of The ePolicy Institute™ and Business Writing Institute™, is a professional trainer with clients worldwide. Author of The ePolicy Toolkit, The Social Media Handbook and Writing Effective E-Mail, she serves as an expert witness in Internet litigation. A go-to media source, she has been interviewed by The New York Times, Wall Street Journal, Time, Fortune, CNN, NPR & CBS among others. Visit epolicyinstitute.com and businesswritinginstitute.org.
Printed in the May 1 issue of OhioMBE.
