ROANOKE TIMES

                         Roanoke Times
                 Copyright (c) 1995, Landmark Communications, Inc.

DATE: SUNDAY, January 30, 1994                   TAG: 9401280354
SECTION: BUSINESS                    PAGE: F-2   EDITION: METRO 
SOURCE: MICHELLE VRANIZAN ORANGE COUNTY REGISTER
DATELINE:                                 LENGTH: Medium


E-MAIL PRIVACY POLICIES OUGHT TO BE PUT IN WRITING

Patrice Lee is Mazda Motor of America's electronic-mail maven.

Lee, an office-system specialist, helped install the Irvine, Calif., auto company's E-mail system two years ago and is its chief troubleshooter.

But Lee hasn't quite got around to putting into words what kind of privacy - or lack of privacy - employees can expect when they dash off an electronic memo to a colleague in another department.

Mazda is not alone.

Although some companies have formal, written policies explaining employees' E-mail privacy, many do not, according to informal interviews with businesses of all types and sizes.

That's courting trouble, electronic-communication experts said.

"There's too much of an opportunity for misunderstanding" between employer and employee, said William Moroney, executive director of the Electronic Messaging Association, an Arlington trade group.

"Employers should write down the policy and tell employees. Having a policy - and we don't tell employers what it should be - is best," Moroney said.

Discussing E-mail privacy rights has become more important as more people use cyberspace to conduct business, industry insiders said.

According to the Electronic Messaging Association, the number of companies installing E-mail systems grew 83 percent during the past two years, and the number of individual E-mail users rose 17 percent. By the end of this year, the United States and Canada will have 14.5 million E-mail users, the association predicts.

Eight years ago, the federal government passed a law protecting the privacy of electronic letters sent on public E-mail systems such as MCI Mail or CompuServe. The Electronic Communications Privacy Act made it illegal to read someone else's mail posted on a public electronic network and required law-enforcement officials to obtain a search warrant to open E-mail.

But the law did not take up the issue of companies' rights to read employees' E-mail, leaving businesses to pen their own policies, said Shari Steele, an attorney with the Electronic Freedom Foundation, an electronic-privacy advocacy group.

"The No. 1 thing we suggest is [companies] make a policy and make it known to everyone," Steele said. If a company explicitly reserves the right to read employees' E-mail, she said, "and if there are clear warnings, then the employee can't have any expectation of privacy."

The number of E-mail privacy disputes that have made it to the courts is small - and in most cases the courts have ruled for companies' rights over employees' privacy.

Lee, the Mazda Motor E-mail administrator, is drafting a privacy policy now because the company is implementing several new programs that will force its 1,200 employees to make better use of electronic communications this year.

E-mail "will become more of a standard, and with standards you need to have policies covering how employees use it and what they use it for," Lee said.

The city of Irvine, Calif., does not monitor employees' electronic-mail use, although no written policy exists that outlines this, E-mail administrator Dean Anderson said.

Five hundred employees at City Hall, nine Irvine parks and an equipment yard use a 5-year-old Digital Equipment VAX computer system with built-in E-mail, Anderson said.

Because of the way the messaging system was designed, no one - not even Anderson - can read people's messages without their secret password. As a result, the city can't monitor messages.

About a year ago, employees received a letter suggesting they delete E-mail that was more than a year old to free up storage space on the VAX and protect themselves in the event of a lawsuit, Anderson said.

Other than the letter, the city has no written policy, but Anderson said he would like to change that soon.

\ EMAIL PRIVACY RULES

Decide whether E-mail privacy rules will conform to privacy rules covering paper files, phone calls and employees' work areas.

Take into account the impact on employers, employees, third parties such as contractors or suppliers, law-enforcement authorities and electronic-communication service providers.

Having a policy is one thing; telling employees about it is another. Make sure every employee has a copy of the company's E-mail privacy rules. Circulate any changes throughout the office.

For employees, if your company reserves the right to monitor E-mail - and even if it doesn't - don't send anything over the wires that you wouldn't want everyone to see. If information is personal, put it on a floppy disk and write "Personal" on it.

Companies formulating an E-mail privacy policy can order a pamphlet from the Electronic Messaging Association. The booklet, "Access to and Use and Disclosure of Electronic Mail on Company Computer Systems," is $20 for members and $45 for non-members. Write the EMA at 1655 N. Fort Myer Drive, Suite 850, Arlington, Va. 22209, or call (703) 524-5550. Source Electronic Messaging Association



 by CNB