SIR – The phrase “innocent until proven guilty” doesn’t apply to corporate Britain (‘Phishing for the real e-mailers’, Secure IT, SMT, June 2004, p47). New e-mail-based compliance and Duty of Care legislation has led to unprecedented levels of corporate and personal liability, with lawyers circling over the company directors of UK businesses.

To avoid reputation-damaging Court cases, punitive fines and unlimited damages, company directors must show that they’ve taken all reasonable action to control employees’ use or abuse of the e-mail system. Even if directors are unaware that harassment is occurring, with no mechanism in place to identify or prevent it they’ve failed in their Duty of Care and are liable for prosecution.

There are tools available that can be used to mitigate the corporate risk. An audit of e-mail traffic is never going to bring good news. However strong the e-mail usage policy or corporate culture, every company will suffer from an incidence of inappropriate behaviour. Mind you, it’s welcome bad news that enables a company to proactively address the problem, preventing damage to corporate reputation and employee distress alike.

By combining regular, proactive audits and management reports with a forensic tool that exploits context-sensitive searching to rapidly identify relevant communications (however obscure the language), organisations can offer a strong defence against claims of inappropriate activity.

Encouraging employees to tick the box marked ‘Usage policy’ before logging on to e-mail is no longer good enough. Organisations must take the appropriate steps to mitigate liability by using technology in support of strong policies that demonstrate both Duty of Care and commitment to comply with what is increasingly stringent legislation.

Brendan Nolan, Chief Executive, Waterford Technologies

Source

SMT