Using e-mail is like sharing walkie-talkies with a childhood friend. “Want to go for lunch? Over.” It’s fun.
But it will be all business come the 1st of January, when the Personal Information Protection and Electronic Document Act takes effect. PIPEDA requires businesses not to share any personal information that an individual has shared with them — in paper or electronic form — without the individual’s consent. In essence, the act gives e-mail the same legal status as paper-based documents. From now on, employees must be wary of cutting, pasting and forwarding personal details about third parties via e-mail — making formal e-mail policies a must for businesses that want to stay on the right side of the law. Here are a few things you should keep in mind when drafting your e-mail policy, which should conform to PIPEDA and any other legalities that bind your company.
- Set firm ground rules for how e-mail should be used. Include a list of prohibitions (e.g., defamatory, sexist or racist remarks) as well as proper uses, and outline the repercussions of breaking the rules. If an employee then gets into trouble for, say, revealing private information to a third party, then you can take appropriate action against the employee and be able to demonstrate due diligence to the aggrieved party in the event they sue.
- Have a system for e-mail retention. You can delete e-mails, but there should be protocol in place stating how long they are retained. The Act doesn’t stipulate how long a document must be stored, but be sure your protocol corresponds with the rules of any regulatory bodies that govern your business.
- Keep it honest. PIPEDA doesn’t distinguish between customers and employees, so you owe your staff the same consideration you owe the general public. If you’re going to monitor employee e-mail, make sure it’s for a good reason and clearly state your intention in the policy.
For more, visit “Privacy Legislation” at www.privcom.gc.ca.
© 2003 Paul Jay