Email at Work

by Barbara Buffton

Security and legal issues

Many copies of emails exist – on your computer’s hard drive, on your server, on the back-up tapes, on the recipient’s computer, on their server and so on. We have no control over who sees our emails or what the recipient does with a message. It is therefore vital to ensure that your employees know about the risks and legalities involved in sending emails. This awareness could help protect your organisation from costly lawsuits.


In the UK, if your business is a private limited company (Ltd) or public limited company (PLC) or a Limited Liability Partnership (LLP), the Companies Act 2006 requires that your letterhead, order forms and all business emails include the following details in legible characters:

  • Your company name
  • Your company registration number
  • Your place of registration (such as Scotland or England and Wales)
  • Your registered office address – this may be different to the office that you trade from.

Failure to comply with these requirements puts your company at risk of a fine.

Email marketing

The Privacy and Electronic Communications (EC Directive) Regulations 2003 came into force in the UK on 11th December 2003. This applies to all organisations that send out marketing by some form of electronic communication. The legislation affects anyone using email or SMS marketing. Ignoring its key points means you might be liable for a hefty fine.

Stay within the law and ensure that your emails are welcome in people’s inboxes.

  • Go for permission-based marketing – where the receiver has opted to receive your advertising email/newsletter – as much as possible. This way you are only contacting customers who want you to contact them.
  • Make sure you clearly explain what individuals’ details will be used for. For example, explain to individuals why you might use their email address in the future.
  • Have an effective ‘unsubscribe’ mechanism and make it easy for recipients to unsubscribe from future communications, at no cost other than that of sending the message. Many companies provide an unsubscribe option in their emails but then fail to manage the removal process properly. When you receive an opt-out request, suppress the details rather than deleting them. This way you will have a record of who not to contact.

Audit trail

Organisations face numerous difficulties as they try to meet regulatory requirements aimed at ensuring their email communications can be audited. They also need to be able to retrieve archived messages when necessary.

Most firms have policies, such as an ‘Electronic documents and records management policy’, so that employees know what they should be doing. Your organisation’s policy will almost certainly include a directive to carry out daily, month-end and year-end backups so that data can be retrieved and dates verified when needed.


Does your organisation have a policy regarding emails? Do you know what it says? If it does have one and you don’t know about it, you risk breaching confidentiality rules and the security of organisation data. Start asking questions now!