A new technology issue is rapidly becoming a key topic of agencyrisk management: communication management. While workingelectronically potentially increases productivity and reducesexpenses, the benefits come with a price. The trade-off is thatrecent legislation has made communication management a legalmatter.

For many years, the rule has been to document everything. Intoday's world of privacy laws and e-discovery, however, less isoften more. Agencies are finding that having too much documentationcan be just as costly as not having enough. E-mail messages are theelectronic equivalent of DNA evidence. A recent study reports that24% of employers have had e-mail subpoenaed by courts andregulators, while another 15% have battled lawsuits triggered byemployee e-mail. (Source: American ManagementAssociation/ePolicy Institute 2006 Workplace E-Mail,InstantMessaging and Blog Survey.)
The process of defining, identifying and retaining so-called“business records” will be an important task for agencies in 2008.Agency assets, reputation and survival could one day rest on theoutcome of a lawsuit or regulatory investigation involving yourelectronic communications.
A business record is a “business-critical” e-mail that has a directconnection to how you protect your clients. A “non-record” messageis a personal e-mail sent or received by agency staff that does notdirectly relate to a business activity. According to the AMAsurvey, only 57% of employees know the difference between anelectronic business record that must be retained and a non-recordthat may be purged.
To use business-record e-mail to legally document your agency'sactions, you must be able to prove that the e-mail was sent andreceived. The U.S. Postal Service considers first-class maildelivered if sent, but a different standard applies to e-mail. TheUniform Electronic Transactions Act stipulates that electronicmessages can be considered “delivered” only if they can be shown tohave arrived at the recipient's mail system. As you know, not alle-mail reaches its destination, and not receiving a “bounce” replydoes not mean the e-mail was delivered.
Communications management plans
As your agency plans for 2008, there are three specific aspects ofcommunication management you ought to consider: document retentionpolicies, privacy policies and registered e-mail.
Document retention plans: Document retention policiesestablish how agencies store and destroy all types of documents,including electronic communications. Consider this potentiale-discovery scenario: A plaintiff requests a copy of each e-mailrelated to an E&O claim against your agency. These documentsmay reside in a variety of places, such as your computer network,laptops, backup tapes or other archives. Most likely, relevante-mails are mixed with unrelated documents that your agency wouldnot care to expose in court.
Having an attorney sift through massive amounts of data isexpensive, but that's not even the most significant cost. As theopposing attorney also examines your documents, he or she mightdiscover a casual e-mail that could be used in court against youragency. Personal e-mails may seem harmless, but they're fair gamein litigation–which is why non-record communications should beperiodically purged.
Another possibility is that opposing counsel will request certaindocumentation that your agency cannot produce. The judge could holdyour agency responsible for not having a document retention policythat explains why you did not keep the document and how it wasdestroyed. You need a document policy that addresses theseissues.
Privacy policies: While many agencies have privacypolicies, they frequently don't include provisions for using andstoring e-mail. Last December, a U.S. federal court announcedamended rules governing the discovery of “electronically storedinformation,” or ESI, and your privacy policy will need to takethem into account. ESI refers to e-mail and any other data that canbe stored electronically. The court intends ESI to be a broadenough term to cover all types of current computer-basedinformation, yet flexible enough to accommodate future technologydevelopments.
The federal rules of civil procedure for electronic communicationsare clear on the following:
1) ESI is discoverable and may be used as evidence–for or againstyour company–in litigation.
2) Business-record ESI related to litigation must be retained,archived and produced during discovery.
3) Companies are allowed to routinely purge archives of data notrelevant to litigation or pending cases.
4) Writing over backup tapes may constitute virtualshredding once litigation is under way.
5) To be accepted as evidence, e-mail must be trustworthy,authentic and tamperproof.
Registered e-mail: To comply with privacy legislation,agencies must be able to verify two critical pieces of data: thatthe e-mail was sent over a secure e-mail connection, and that itsarrival was verified.
One way agencies can more effectively manage their electroniccommunications is by making sure that all business records sent bythe agency are “registered.” Such records are admissible in court.Registered e-mail providers can aggregate the transmissioninformation from the sender's and receiver's mail servers,interpret it and produce an easy-to-read report. The information isreturned to the sender and contains proof of sending and receipt,proof of official time sent and received, and proof of content(including attachments, reconstruction of original content,delivery and times).
The 3 E's of electronic communication
As you make your plans, keep in mind that while they may be simple,they also must be complete. The “Three E's” of effective electroniccommunication management, cited by the ePolicy Institute, an onlinesource of training information founded by Nancy Flynn, an authorand speaker on e-mail topics, may provide some guidance.
Establish: Establish comprehensive rules, policies andprocedures for your organization's business records and registerede-mail. Use your e-mail policy to spell out issues of usage(business and personal), content and “netiquette” (conventions thatfacilitate efficient interaction), confidentiality rules, retentionand deletion schedules, and litigation hold rules.
Develop your e-mail policies with regulatory compliance, litigationconcerns, security and privacy issues, and business needs in mind.Assign a team of legal, compliance, IT, records management and HRprofessionals to ensure that your policies address all of therisks, rules and regulations facing your industry.
Electronic communication policies should be clearly written andeasy for employees to access, understand and follow. Avoid vaguelanguage that may leave a policy open to individual interpretation.Update written policies annually to ensure that your organizationhas procedures for complying with any new regulations.
Distribute a hard copy of each policy to all employees. Insist thatevery employee sign and date a copy, acknowledging that they haveread it, understand it and agree to comply with it or acceptdisciplinary action up to and including termination.
Educate: Support written rules and policies withagencywide employee training. Make sure employees understandcompliance is mandatory. Such training makes courts more likely tobelieve that your agency has made a reasonable effort to manageESI. In your training address these issues:
1) What is a business record? What is the agency'sretention/deletion schedule? What is each employee's role in theretention/deletion process?
2) Registered e-mail technology: How does it work? How does itdiffer from traditional e-mail? When and how should employees useit?
3) Review e-mail risks and liabilities facing the industry,organization and individual users.
4) Spell out e-mail content, language and netiquette rules.
5) Discuss e-mail ownership and privacy concerns: the agency'sresponsibilities and legal monitoring rights versus employees'privacy expectations.
6) Review industry and governmental regulations.
7) Explain e-mail's role as ESI–discoverable legal evidence.
8) Discuss confidentiality concerns. Stress the importance ofprotecting intellectual property, trade secrets, companyfinancials, proprietary information, confidential data and internaldocuments.
9) Review monitoring laws, rules and tools.
10) Discuss penalties–up to and including termination–awaitingthose who violate record retention, and acceptable e-mail andregistered e-mail use policies.
Enforce: Enforce your agency's written electronic rulesand policies with a combination of disciplinary action andtechnology tools. In general, employers are getting tougher aboutpolicy compliance, with 26% of managers reporting that they havedismissed employees for misusing their organization's e-mailsystem, according to the AMA survey.
Electronic communication management will always be an essentialelement of profitable agencies and protected clients. As technologyresources continue to grow, so will the need to manage the risks ofproperly collecting data and storing it electronically. With theend of the year just ahead, now is the time to begin planning yourresponse.
Ted Baker is the president of Advantage Automation Inc., whichfor 17 years has offered agency-consulting services addressing avariety of management and agency-development issues. He also is anauthor and frequent conference speaker. Ted can be reached at[email protected].