MD Bar BulletinMaryland Bar Bulletin
Publications : Bar Bulletin

Editor: W. Patrick Tandy

May, 2004


Policies and Procedures for Office E-mail Usage
~No Firm is Too Small to be Prepared and Protected~

By Pat Yevics

I receive more and more calls asking for some guidance on what rules or procedures solos and small firms should have regarding the use of e-mail and Internet access for employees. Unfortunately, most rules and procedures are not one-size-fits-all. Solos and small firms should establish procedures and policies that are best for their particular situations.

What I have presented here are some issues that need to be considered if you are using the Internet and e-mail and giving Internet access to your employees. They are questions you need to ask to determine which direction you should take. There are also some issues that you need to consider even if you do not have any employees or partners in your firm. As with all policies and procedures, they should be in writing, preferably in a loose-leaf binder or manual. All employees should receive copies of the written procedures and policies. In addition, all employees (even if there is only one) should sign off on receiving the information.

All rules and policies should be kept to a minimum, reasonable and easy to enforce. Bear in mind that no policy should be established because of a problem with one employee.


1. Decide how restrictive you want to be when allowing employees to use e-mail. At a minimum, it should be similar to your policy for using the phone. Since you do not prohibit your employees from using the phone, it seems impractical to completely restrict their use of e-mail for personal use.

However, you do need to stress that there are some uses of Internet that will not be tolerated. With the proliferation of spam and viruses, it is more important than ever to use e-mail for work-related use and less for personal use.

If you have a domain name, it is even more important to have rules for e-mail usage by anyone in your firm. Every message that is sent by you or an employee using a firm e-mail, in essence, goes out on your (the firm’s) electronic letterhead.

Your policy should indicate that the use of e-mail should be primarily for business use. Although the use for personal reasons is not prohibited, some types of e-mail are completely prohibited. Some of these uses include the following:

  1. Do not allow forwarding of jokes. While some of these jokes are amusing, you have no way of knowing where they ultimately end up and who may be offended. Forwarding jokes from the office e-mail is the same as sending them on letterhead.
  2. Do not allow the distribution of chain letters.
  3. Do not allow the employee to pass off personal views as representing those of the firm.
  4. Do not allow employees to provide legal advice via e-mail.
  5. Do not allow employees to use e-mail for any solicitation.
  6. Do not allow employees to use e-mail for gambling pools.
  7. Do not allow employees to use e-mail for religious or political causes.
  8. Although it should go without saying, any messages that a reasonable person would find offensive are prohibited. Any messages that contain messages of a sexual nature or racial or ethnic slurs are prohibited.
  9. Do not allow employees to use the office e-mail for confirmations for online purchases. You should also consider prohibiting the use of office Internet for purchases

2. Require that all employees (including you) have an electronic signature at the bottom of all e-mail. Determine what should be included. It should only be a few lines and should include the name of the person, firm name, address, phone and fax. Do not make it any longer. Do not allow any anonymous messages to be sent from your office. (For information on setting up signatures with Netscape Communicator or Microsoft Outlook, please go to the MSBA Website at and click on LOMA.)

3. Decide what level of privacy employees should expect. Will the employee have some expectation of privacy or they have no expectation of privacy regarding e-mail communication? Which ever you choose, make certain that all employees understand the level of privacy. It would be best to put the policy in writing and have employees sign the policy. This is especially important if there is no expectation of privacy.

Regardless of the level of privacy, all employees should understand that highly confidential messages should not be sent via e-mail. Employees should also understand that deleted messages are not really deleted.

There should also be a policy regarding sending encrypted e-mail messages. Unless you have clients who request to have messages sent using encryption, this should not be allowed without permission.

4. Are you going to allow employees to participate in work-related Email Lists? These can be very helpful, but they should only be related to the legal profession. However, it is important to remember that these employees represent your firm. They should not be allowed to answer legal questions online or provide confidential information about the firm.

5. Will all e-mail messages be the property of the employer or will personal e-mail messages belong to the employee and business-related messages belong to the employer?

6. Establish a policy for deleting messages. There are not a lot of good reasons to keep most e-mail messages longer than a few weeks. For any messages that should be saved, establish a policy for creating folders for client messages and saving the messages in the appropriate folders.

7. There should be rules as to when you and employees should use e-mail to communicate with clients and when you should use postal mail.

  1. For most solos and small firms, e-mail should be used for informal communications with clients.
  2. You should not use e-mail for time-sensitive messages.
  3. It is not a good idea to use e-mail for discussions involving extensive dialogue.
  4. Use e-mail to streamline communications. Use it for memos and short notes.
  5. Learn to use the attachment feature and send files of a non-confidential nature to clients and others.

8. Do not open any attachments without using virus protection software.

9. Always remember that you should never put anything in e-mail that you would not want to see on somebody’s bulletin board.

If you would like more detailed policy information, please e-mail your name and mailing address to In addition, please go to the LOMA section of the MSBA website at for policies and procedures on Internet access for employees.



Publications : Bar Bulletin: May, 2004

Back to top