Research: Battling Risk with Policies for Blogging, Email and IM

New survey from American Management Association and ePolicy Institute illustrates how communications risks are handled today


NEW YORK - E-mail mismanagement continues to take a hefty toll on U.S. employers, with costly lawsuits--and employee terminations--topping the list of electronic risks. As recent court cases demonstrate, e-mail can sink businesses--legally and financially. Last year, the inability to produce subpoenaed e-mail resulted in million dollar--even billion dollar--lawsuits against U.S. companies. In fact, 24% of organizations have had employee e-mail subpoenaed, and 15% of companies have gone to court to battle lawsuits triggered by employee e-mail. That's according to the 2006 Workplace E-Mail, Instant Messaging & Blog Survey from American Management Association (AMA) and The ePolicy Institute.

Increasingly, employers are fighting back by firing workers who violate computer privileges. Fully 26% of employers have terminated employees for e-mail misuse. Another 2% have dismissed workers for inappropriate instant messenger (IM) chat. And nearly 2% have fired workers for offensive blog content--including posts on employees' personal home-based blogs.

Employee bloggers, who can be fired, or "dooced" in blog parlance, for blogging at work (and at home on their own computers) face increasing risk of termination by employers struggling to keep a lid on legal claims, regulatory fines, and security breaches. With the blogosphere growing at the rate of one new blog per second, industry experts expect the ranks of dooced employee bloggers to swell.

"Employee bloggers mistakenly believe the First Amendment gives them the right to say whatever they want on their personal blogs. Wrong! The First Amendment only restricts government control of speech; it does not protect jobs. Bloggers who work for private employers in employment-at-will states can be fired for just about any reason--including blogging at home on their own time or at the office during work hours," said Nancy Flynn, author of the newly released book Blog Rules (AMACOM, July 2006) and executive director of The ePolicy Institute. In spite of the confusion, fewer than 2% of organizations have educated employee bloggers about the First Amendment and privacy rights.

Employers eager to minimize electronic risks and maximize employee compliance should start with written rules and policies, said Flynn. Fully 76% of organizations have e-mail usage and content policies, with another 68% using policy to control personal e-mail. Unfortunately, employers do a less effective job of managing electronic business records, the evidence that can make (or break) a company's legal position. According to the survey, 34% of companies have written e-mail retention/deletion policies in place, in spite of the fact that 34% of employees don't know the difference between business-critical e-mail that must be saved and insignificant messages that may be purged.

While 35% of employees use IM at work, only 31% of organizations have IM policy in place, and 13% retain IM business records. With 50% of workplace users downloading free IM tools from the Internet--a dangerous practice that 26% of employers aren't even aware of--the lack of written IM rules opens organizations to tremendous risk. Employees' use of public IM tools coupled with ill-advised content including attachments (26%); jokes, gossip, rumors, and disparaging remarks (24%); confidential company, employee, and client information (12%); and sexual, romantic, and pornographic chat (10%)--make workplace IM a recipe for legal, regulatory and security disaster.

This content continues onto the next page...