Email has become one of the staples of business and personal communication. Now more than ever, companies are increasingly aware that email and other forms of electronic communication pose a number of significant exposures. In recent years many organizations have fallen victim to lawsuits brought by both their employees and other companies as a result of email messages. Allegations can range anywhere from defamation of character to unintended contract formation.
Companies can use a number of risk management techniques to control the exposure associated with electronic communi- cation, including disclaimers, email policies, email filtering and anti-virus software.
The purpose of this Special Report is to provide a brief overview of most email disclaimers and discuss some of the risk management techniques that can be used to minimize your organization’s liability associated with electronic communication.
Generally, there are seven areas of concern when it comes to liability for electronic communication.
1. Breach of Confidentiality
This type of breach occurs when confidential information is intentionally sent to someone who then fails to honor the confidentiality of
the message. By including a disclaimer warning that the content of the email is confidential, you can protect your company against the exposure of confidential information. If the receiver breaches this confidentiality, they could be liable.
2. Accidental Breach of Confidentiality
This type of breach occurs when an individual mistakenly sends a confidential message to someone who should not have received it. For example, if an employee were to receive a confidential message and then inadvertently forwards that message to the wrong person, the employee, and the company, could be liable. A wrongly addressed email could easily be forwarded to a webmaster, which might not be authorized to read the mail.
With these things in mind, you may want to include a statement at the end of your email that the message is only intended for the addressee and that if anyone receives the email by mistake, they are bound to confidentiality.
3. Transmission of Viruses
Emails have the potential to contain viruses or other corrupt computer files. If an employee sends or forwards an email that contains a virus, your company can be sued for any resulting damages.
Apart from implementing a good virus checker that blocks viruses entering and leaving the company via email, organizations should also include a disclaimer that the email can possibly contain viruses and that the receiver is responsible for checking and deleting viruses.
4. Entering into Contracts
Written communication, including email, can be used to form binding legal contracts if the individuals have actual or apparent authority to do so. If you do not wish certain employees to be able to form binding contracts by email, you could include a statement that any form of contract needs to be confirmed by the person’s manager or, in the alternative, that employees do not have the authority to bind the company to any contracts.
5. Negligent Misstatement
By law, a person is obliged to exercise reasonable care when giving advice that a foreseeable third party relies on. If an employee were to give professional advice in an email, the employer will be liable for the effect of the advice. For this reason, you would want to include a disclaimer that any advice is for the benefit of the receiver and can not be relied on by third parties.
6. Vicarious Liability of the Employer
Although a company is ultimately responsible for the actions of its employees, including the content of any emails they send, a disclaimer can decrease liability if a company can show that it has correctly instructed its employees not to send libelous, inappropriate or defame- atory statements. A company can demonstrate this by including an email disclaimer to that effect, and by implementing an email policy that clearly warns employees against misuse of email.
7. Legal Compliance
There are a number of federal and state laws that require individuals to disclose certain facts. For example, a debt collector is required to notify the recipients that they are a collection agency attempting to collect a debt. An investment advisor may want to identify those states where he or she licensed to conduct business. An attorney may want to disclose those states where he or she is licensed to practice law. Some states require companies to disclose their license numbers. Many of these requirements vary by region and industry.
The following are just a few of the state and federal laws governing emails:
• Federal Information Security Management
• Federal Rules of Civil Procedure (FRCP)
• Financial Services Act 198, regulated by
• Freedom of Information Act (FOIA)
• The Gramm-Leach-Bliley Act (GLB)
• Health Insurance Portability & Account- ability Act (HIPAA)
• IRS Circular 230
• MiFID (Markets in Financial Instruments
• PIPEDA (Personal Information Protec- tion and Electronic Documents Act)
• Sarbanes-Oxley 2002
• SEC Rule 17a-4/ NASD 3010 (Securities
Exchange Act 1934)
How to draft a disclaimer
At a minimum, an email disclaimer should address each of the seven areas defined above. Once the basic elements are established, your disclaimer should be tailored to fit the specific needs of your organization depending on the nature of your business.
The following is sample disclaimer that addresses many of the issues discussed in this report:
This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may include trade secrets or privileged or otherwise confidential information. Federal and state law governing electronic communications apply. Any unauthorized review, use, forwarding, printing, copying, disclosure or distribution is strictly prohibited and may subject that individual to criminal or civil liability. Sender shall not be liable for the improper and/or incomplete transmission of the information contained in this communication or for any delay in its receipt. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail. This email, including any attachments, could possibly contain viruses. The receiver assumes all responsible for checking and deleting any potential viruses. No employee, agent or office of the company has the authority to form binding contracts via email. All contracts must be in writing and signed by a company officer. Employees are prohibited from sending libelous,