[EP 017] The Risks Lurking in Your Inbox

The new email environment we live in, that sees us swamped by more and more emails everyday… has changed the way we do business and introduced a whole new set of risk. As emails have become the primary medium for how we communicate, and started to create an exponentially increasing volume of business documentation, email management has created a legal nightmare for businesses.


How many of us have been involved in, or heard about, some sort of email disaster…? An accidental use of REPLY ALL. An unintended REPLY rather than FORWARD. Or even just a “heat of the moment” reply that was too easy to send before waiting for rational thought processes to return!

The new email environment we live in, that sees us swamped by more and more emails everyday… has changed the way we do business and introduced a whole new set of risk.

Emails are seen as less formal than other forms of business communication and documentation – people are more candid, and less thoughtful about what they write.

As emails have become the primary medium for how we communicate, and started to create an exponentially increasing volume of business documentation, email management has created a legal nightmare for businesses.

What legal significance can an email hold?

From an “evidence” perspective, email is a business document, holding the same legal and evidentiary weight as any other business document. It can provide very important proof if there is ever a disagreement. However, emails also can also pose a large issue – if a corporate email policy is weak, or not strictly enforced – and when emails simply can’t be found when they are needed.

If you are a bit of a “delete the entire inbox” kind of person, it might be interesting for you to note some stunning examples of the possible costs of failing to keep important email documentation. Zubulake v UBS Warburg is one of my favourites. It is an American case, but it demonstrates the point well. The case related to an employment discrimination dispute. A number of crucial internal emails at the time of the dispute “went missing” , with the stunning result that the court assumed that the missing emails would have been damaging (even though they had never been seen by the court) – and awarded an eye watering verdict of more than $29,000,000 in damages and harsh sanctions.

The greatest risks created by emails can be broken into these 4 main categories:

  1. Increasing opportunity for contractual risk – Contracts can formed by email. Standards can be defined by email. Terms can be varied by email. Concessions can be made, rights can be waived, and your legal position can be blown out of the water by accident. If you don’t have a policy for what things can go in email, and what things can’t (and proper guidelines on what staff have the right to make decisions on, and about various issues) – and you don’t have this policy adequately reflected in the terms of your contracts with suppliers, clients, and business partners – you are leaving the gates open for the floodwaters to seep in…
  1. Potential for loss of a business’s intellectual property – Email technology makes it possible for confidential information to be leaked out of your office at merely the press of a button. After taking the first steps of locking down confidential information so it can only be accessed by staff who really require it, on a broader scale, education and communication are key.
  1. Difficulty in finding documentation in proving your case, and sky rocketing legal costs in disputes. When our clients come to us in relation to any dispute, the first thing we need is ALL of the supporting documents, all of the trail of information. If your case is reliant on you finding information recorded from multiple people who recorded that information in multiple ways, your case is doomed. Emails can provide proof, but finding that supporting documentation when it is from emails or scattered documentation is generally very expensive, and time consuming. What happens if the people who were involved with the matter have now left the organisation? What happens if you need a copy of one email sent 6 years ago to prove your case? Where do you start looking? How accessible are these emails in tight timeframes?
  1. Failing to meet compliance requirements – Many email documents could be categorized as documentation that is required to be retained form a compliance perspective. If you don’t have a solid document retention policy in place, you are risking potential breaches of legislation.

So we’ve talked about the risks – I now want to talk about the steps you can take now to reduce these risk that emails pose to you and your job, and to your organization.

  1. Get educated! Make sure you are aware of your statutory retention periods. Not only do you have to keep the documents, you have to be able to find them.

It’s not well known, but every organisation in Australia has an obligation to retain data.

The Financial Transactions Act requires retention of financial data for 5 years.

HR regulations stipulate 7.

The corporations act requires various records are retained for for 7 yrs , and imposes fines of up to $200,000 and 10 yrs prison.

You should be keeping all critical information relating to contracts for 6 yrs after their termination.

The list goes on – understand your obligations – both from a regulation perspective and a contractual perspective. And make sure you take this into account when creating systems.

  1. Create systems relating to how and what information in emails needs to be saved – so staff know that anything important that has been sent by emails needs to be recorded in a way that is searchable, and findable by others in the future.
  1. Formulate a company policy on emails – the tone to be used, things that can and cant be sent via email, the proper sign off protocols for decision making, what types of emails are to be saved, and how to file those properly, and an email destruction policy (governing what types of emails must not be deleted, and what types of emails may be deleted).

For example, you may decide to implement a “1 minute safety hold” on the sending of emails within your business, so that potential damaging emails can’t be sent in the heat of the moment.

You might want to have conversations with your staff to share examples of big errors that have been made within the company with emails – just start talking to people and you will find that everyone has a story about something they have seen go spectacularly wrong with emails. Real life examples are the best, and most memorable, reminders of the risk!

  1. Ensure that you have adequate protections in employment contracts with your staff – confidentiality and intellectual property ownership should be a key provision of your agreements with your employees and contractors, and where your information is particularly vulnerable or valuable, these conditions should be contained in separate stand alone documents.
  2. Introduce practices that strengthen your systems. For example, remind your employees of the importance of confidentiality at least annually. Remind them of what can never be sent out via email. And lastly, when you have staff leaving, take adequate precautions to ensure that they don’t have the opportunity to leak sensitive or confidential information.

Just a quick recap, in this episode we talked about the new email environment we live in, that sees us swamped by more and more emails everyday, has changed the way we do business and introduced a whole new set of risk.

We talked about the top 4 risks posed by our inboxes – over and above just the pure embarrassment that can be caused by sending something that you didn’t intend the recipient to see:

  1. Firstly we talked about contractual risk – the risk of staff accidentally creating contractual obligations for the business, or waiving contractual rights of the business – by pressing send too quickly before they thought about the issue deeply enough, or got the right people involved
  2. Secondly we talked about the potential for loss of the IP in a business – through the ease of which people in an organization can send information out.
  3. Thirdly we talked about the difficulty of finding important evidence sitting in emails, when we might need to unearth them years after they have been sent (or worse still, if the people involved in the email trail are no longer around)
  4. And lastly, we talked about the failure to meet compliance requirements.

At the end of the day it comes down to this. Sitting on the side of the fence that deal with negotiations, document drafting and disputes all day, the best advice I can give to businesses in which their employees communicate via email is to ensure that their employees write every email as though it may one day end up as evidence in the courts – and make sure everyone in the business views it in the same way.

If you would like assistance with education in your work environment, or assistance in designing systems to help reduce the risk posed by emails, simply click here to book in a time to speak with one of our lawyers about how we can assist your organization.