6th January, 2020


Email is undoubtedly an important and necessary part of your business. It provides an economical and instant source of communicating with employees, clients and vendors. This powerful tool of communication requires careful management. Otherwise, the same effective tool can lead your business to destructive consequences. Improper usage of the work email by your employees can subject your organization to security breaches, legal claims and reputation damage. To avoid all this, a clear and detailed email policy is required to administer and protect your company email system.

An email policy is a document which details your organization’s definition of acceptable and unacceptable use of the work email account. It indicates whose emails can be received from or sent to, as well as outlines what constitutes appropriate content for work emails. In addition to this, there are very positive reasons and benefits of having a company email policy in place.

  • It sets out rules for work email usage. A formal email policy gives you a way to present your employees with the rules they need to follow when using the work email account. For example, through the email policy you can inform your employees that they should not use the work email account to send and receive personal emails. You can also convey the rules about using personal computing devices (e.g. smartphones) to send and receive work emails.
  • It helps protect your organization against security breaches including unauthorised data access and distribution. Emails provide a perfect opportunity for security breaches including unauthorised data access and distribution. Phishing, more specifically, spear phishing emails have drastically increased and are the most common cyberattacks on businesses. Phishing refers to emails that appear to come from a legitimate source but are scams designed to steal private and sensitive information. According to Phishing Statistics 2019,
  • Phishing accounts for 90% of data breaches
  • The average financial cost of a data breach through phishing on a mid-sized company is €1.5 million
  • Phishing attempts have increased 65% in the last year
  • Phishing attacks have affected 76% of businesses

Furthermore, misaddressed emails are sent by your employees due to their lack of awareness and attention.  Ultimately, your company information and personal data may end up being delivered to unauthorised persons. This in itself may constitue a data breach if personal data is involved.

An email policy sets out some rules that address these issues and it requires your employees to follow the rules when using the work email account.

  • It protects your organization from liabilities. When your employees read and sign an email policy, it proves they are aware and agree to the information contained in that policy. If any of your employees sends an email that is not considered appropriate content according to the email policy, the employer may take disciplinary action against the employee.
  • It helps your organization comply with  data protection laws. Emails are regarded as personal data under the GDPR. The GDPR requires organizations to process personal data in accordance with the data protection principles. An email policy serves the purpose of notification for your employees. It notifies your employees about the possible disciplinary action which can be taken against them if they violate the policy. It also contains the emails retention period which helps your organization to fulfil one of the data protection principles called ‘data minimization’. It states that data collected and processed should not be held or further used unless this is essential for reasons that were clearly stated in advance to support data privacy.
  • It promotes a professional environment. If email is used only in a professional way in the workplace, it ensures you that embarrassing mistakes will not occur. For example, if employees are using work email to communicate with friends, the content in those emails is likely to be sloppy, unprofessional, and informal. If those emails accidentally get sent to clients or other professionals – the company’s image may be damaged. If an email policy does not allow for personal use of the work email system, your employees will remain in a professional mindset and eliminate the potential of personal emails going out to customers.

Be smart and have a formal email policy in place to protect your business: By having a formal email policy in place, you will ensure that your employees are aware of all the issues and best practices necessary to email on behalf of and using your organization’s resources to communicate online.

Advisory 21 in collaboration with 21 Law has drafted an extensive email policy which can be easily adapted by companies to fit their needs. Further details about the policy and a workshop designed to assist companies in implementing this policy may be found through the following link.