ePolicy Institute

2009 Electronic Business Communication Policies & Procedures Survey:

Policy & Termination Control Social Media, E-Mail, Web, SmartPhone Use & Content

NEW YORK, July 28, 2009-Employers increasingly are putting rules and policies in place to govern employee use of e-mail, Twitter, texting, and other electronic business communication tools. The reasons for doing so range from litigation and regulatory risks, to data security and record retention requirements, to netiquette and productivity concerns. Topping the list of employer concerns are fears about the loss of confidential company, customer, and patient information. That's according to the 2009 Electronic Business Communication Policies & Procedures Survey from American Management Association (AMA) and The ePolicy Institute.

Employees Jeopardize Confidential Data

Employers' security and privacy concerns aren't surprising, considering that 14% of employees admit to e-mailing confidential/proprietary information about the company, its people, products, and services to outside parties. Another 14% admit to sending third-parties potentially embarrassing/"eyes-only" company e-mail that is intended strictly for internal readers/employees, not outsiders.

An additional 6% of employees have used e-mail to transmit customers' confidential data (credit card and social security numbers) to outsiders. Another 6% have transmitted patients' protected health information (health status, medical care, payment issues) to third-parties.

"Employers are required by federal and state laws, as well as government and industry regulations to keep customer and patient information safe and secure, so data thieves and other malicious third-parties cannot access it. The accidental or intentional transmission, posting, or accessing of personal customer and patient data puts employers at risk of potentially costly lawsuits and regulatory fines, not to mention negative publicity and lost reputations," said Nancy Flynn, ePolicy Institute executive director and author of The e-Policy Handbook, 2nd Edition (AMACOM 2009), Blog Rules (AMACOM 2006), Instant Messaging Rules (AMACOM 2004), and E-Mail Rules (AMACOM 2003).

Social Media Policies Protect Confidential Data

To help protect confidential company and customer information, 61% of businesses have established policies governing the exposure of company secrets/confidential information, company/customer financial data, and business-related rumors/gossip on corporate or personal social networking sites (Facebook, MySpace) or video-sharing sites (YouTube).

Another 41% of organizations have instituted policies governing discussions about the company on business-related social networking sites (LinkedIn). And 40% have formal rules governing the uploading of business-related photos or videos to personal social networking or video sharing sites.

Other social media policies: Viewing, downloading, or uploading videos to video sharing sites during working hours (54%); use of personal social networking sites during working hours (46%); use of words, photos, signage, uniforms, logos, or any other means to identify yourself as an employee of the company on personal social networking or video sharing sites (43%); and use of business-related networking sites during working hours (32%).

Workplace Tweeting Takes Off

Twitter is the fastest growing social networking service, with some 8 million current users. Therefore, it's no surprise that 10% of organizations now use Twitter as a marketing/communications tool, posting business-related Tweets for customers and prospects. To help manage the risks that Twitter poses to employee productivity, confidential information, and business records, 6% of employers have established formal rules to control personal Tweeting during business hours. Another 5% have instituted Twitter policies governing the posting of business-related Tweets.

Blog Policies Experience Tremendous Growth

Since 2006, there has been a huge surge in the number of companies operating business blogs: 19% in 2009 vs. 8% three years ago. Consequently, there has been a 60% increase in the number of employers who have established policies governing employees' business blog use and content (67% in 2009, vs. 7% in 2006). In 2009, 30% reported having policies governing the operation of personal blogs on company time, versus 9% in 2006. Twenty-nine percent now have policies governing personal postings on corporate blogs, vs. 6% three years ago. Twenty-seven percent today have policies governing the content employees may post on their personal, home-based blogs, up from 7% in 2006. Anti-blog policies banning all blog use on company time (25%) have increased 20% in the past three years, up from 5% in 2006.

BlackBerry, SmartPhone, Cell Phone & Texting Risks & Rules

Mindful that employees can easily use BlackBerries, iPhones, and SmartPhones to take business-related photos or videos, and then upload them to social networking sites, video sharing sites, or blogs, employers are applying policies to help manage mobile risks. Fully 51% of organizations have policies governing cell phone use and language. Another 30% have implemented text messaging rules.

Half of all employers surveyed have implemented policies governing the use of company-provided cell phones to take, transmit, download, or upload personal videos or photos that are not related to business.

While only 1% of organizations have battled lawsuits resulting from employees talking or texting while driving, 27% ban cell phone use while driving, and an additional 26% outlaw text messaging while driving.

E-Mail Remains a Source of Liability for Employers

In spite of the fact that 80% of organizations have written e-mail policies in place to govern use and content, e-mail continues to pose potentially costly litigation risks to business. Nearly a quarter (24%) of employers report that a court or regulatory body has subpoenaed employee e-mail. An additional 9% have gone to court to battle lawsuits that were specifically triggered by employee e-mail.

Inappropriate content that can trigger lawsuits or serve as smoking gun evidence in litigation poses an additional challenge. Fully 89% of users admit to using the office system to send jokes, gossip, rumors, or disparaging remarks to outsiders. Another 9% have used company e-mail to transmit sexual, romantic, or pornographic text or images.

"Part of the problem is a lack of employee education," said Manny Avramidis, senior vice president of global human resources for AMA. "You cannot expect an untrained workforce to recognize risks and comply with policy. Yet, only 47% of employers offer formal training to educate employees about e-mail risks and rules, policies and procedures. Handing over a written policy simply is not enough. When it comes to compliance management, employers need to do more," said Avramidis.

IM Is Turbocharged E-Mail-Complete with the Same Risks & Rules

Workplace IM use has grown to 42% in 2009, up from 35% in 2006. Like e-mail, IM poses potentially costly litigation risks. This year, 2% of employers were ordered by courts or regulators to produce employee IM-twice the number reported in 2006.

To help manage risks and protect electronic business records, 28% of employers have implemented IM policies and 72% have installed enterprise IM systems, vs. 50% three years ago. Unfortunately, 25% of employers are totally unaware of the fact that 34% of employees have downloaded free IM software from the Internet, putting company and customer data at tremendous risk as it travels across the public Internet, outside corporate firewalls and security systems.

Personal Use & Productivity Concerns

Most (52%) employees spend up to two hours a day on e-mail, and another 20% devote four or more hours (half the workday) to e-mail, twice the figure (10%) reported in 2004. To help keep a grip on productivity, employers use policy to govern personal use of the company's system, as well as employees' own e-mail, cell phones, texting, and social media tools and accounts during the workday.

Fully 83% of organizations have policy governing personal use of company-provided e-mail. Half (50%) ban employees from using personal e-mail accounts during business hours. In addition, 36% have policies governing personal use of company-provided IM.

Sixty-two percent have policies governing personal use of company-provided cell phones. Half of the organizations surveyed have policies governing use of company-provided cell phones to take, transmit, download, or upload personal photos or videos. Another 43% have set rules for personal cell phone use during business hours.

On a related note, 35% have policy governing personal use of company-provided text messaging, and 33% have imposed rules to control the use of personal text messaging tools during business hours.

Netiquette Rules Encourage Civil Business Behavior

Concern for civil business behavior has motivated 40% of organizations to establish written e-mail etiquette, or netiquette, policies. An additional 30% use netiquette rules to help guide employees' cell phone use and language.

Firing Employees for Electronic Misuse

Thanks to concerns over litigation, security breaches, lost productivity, and other risks, employers increasingly are putting teeth in their written electronic business communication policies. This year, 26% of organizations report firing employees for e-mail policy violations, vs. 14% in 2001. Another 26% have terminated workers for Internet misuse in 2009. IM-related terminations (4%) have doubled since the 2% figure reported in 2006.

Misuse of social media and blogs also leads to terminations, with 2% dismissing workers for content posted on personal social networking sites; 1% for videos posted on video sharing sites; 1% for content posted on employees' personal blogs; and another 1% for misuse of the corporate blog.

In addition, 13% of companies review job applicants' social networking sites or personal blogs as part of the interview process, and 3% report that they have rejected job applicants on the basis of content posted on personal social networking sites or blogs.

When it comes to talking and texting, 6% of employers have fired workers for inappropriate cell phone use; 3% for text messaging policy violations; and another 2% for talking on cell phones or texting while driving.

Electronic Business Records & Legal Discovery

E-mail and other forms of electronically stored information (ESI) create the electronic equivalent of DNA evidence. As noted previously, 24% of organizations have had e-mail subpoenaed by a court or regulatory body, and 9% have battled lawsuits triggered by employee e-mail.

All organizations, regardless of industry, size, or status as a private or public entity, are obligated to manage ESI in a strategic and compliant fashion. Fortunately, employers today are doing a better job of managing electronic business records. In 2009, 34% of organizations provide employees with a formal definition of "electronic business record," versus 21% in 2006. Today, 59% of users claim to know the difference between electronic business records and insignificant e-mail messages.

The number of organizations that have implemented e-mail retention policies and deletion schedules has risen to 51%, up from 34% just three years ago. In addition, 6% of companies now retain and archive text messages transmitted via company-provided cell phones.

Of the 38% of survey respondents who perform a job function that is overseen by government or industry regulators, 61% report adhering to regulatory requirements governing e-mail usage, content, and record retention.

The 2009 Electronic Business Communication Policies & Procedures Survey is co-sponsored by American Management Association (www.amanet.org) and The ePolicy Institute (www.epolicyinstitute.com). A total of 586 companies participated: 24% represent companies employing 100 or fewer workers, 101-500 employees (22%), 501-1,000 (10%), 1,001-2,500 (8%), 2,501-5,000 (8%) and 5,001 or more (29%).

The 2009 Electronic Business Communication Policies & Procedures Survey questionnaire was designed by American Management Association and The ePolicy Institute's Nancy Flynn, author of The e-Policy Handbook, 2nd Edition (AMACOM 2009), Blog Rules (AMACOM 2006), Instant Messaging Rules (AMACOM 2004), and E-Mail Rules (AMACOM 2003). Comparative numbers drawn from the 2006 Workplace E-Mail, Instant Messaging & Blog Survey; 2004 Workplace E-Mail and Instant Messaging Survey; and 2001 Electronic Policies and Practices Survey from American Management Association and The ePolicy Institute.

Media wishing to receive a review copy of Nancy Flynn's newest book, The e-Policy Handbook, 2nd Edition (AMACOM 2009), should contact AMACOM's Irene Majuk (212/903-8087 or imajuk@amanet.org). Contact American Management Association's Roger Kelleher (212/903-7976 or rkelleher@amanet.org) or the ePolicy Institute's Nancy Flynn (614/451-3200 or nancy@epolicyinstitute.com) for interviews.

About AMA

American Management Association is a world leader in professional development, advancing the skills of individuals to drive business success. AMA's approach to improving performance combines experiential learning-learning through doing-with opportunities for ongoing professional growth at every step of one's career journey. AMA supports the goals of individuals and organizations through a complete range of products and services, including seminars, Webcasts and podcasts, conferences, corporate and government solutions, business books and research. Organizations worldwide, including the majority of the Fortune 500, turn to AMA as their trusted partner in professional development and draw upon its experience to enhance skills, abilities and knowledge with noticeable results from day one. For more information visit www.amanet.org.

About The ePolicy Institute

The ePolicy Institute is a training and consulting firm, dedicated to helping employers limit electronic risks, including litigation. Executive Director Nancy Flynn is an international speaker/seminar leader, author, and expert witness in e-mail and Internet-related litigation. Since 2001, ePolicy Institute has partnered with AMA on an annual survey of workplace e-mail and Internet policies and procedures. Nancy Flynn is a popular media source who has been interviewed by Fortune, Time, Newsweek, The Wall Street Journal, US News & World Report, Business Week, USA Today, Readers' Digest, New York Times, NPR, BBC, CNBC, CNN, CBS, ABC, NBC, and Fox Business News among others.