Serving army major James Loden sent an email home from Afghanistan this summer that made headlines around the world. The British troops were exhausted and under-equipped and the Royal Air Force had been "utterly, utterly useless," wrote Loden. The email was political dynamite and caused a public relations disaster for the Ministry of Defence.

Loden's email is a timely reminder to employers of the damage that an employee with internet access can cause. Whether it's a few careless remarks that end up in the wrong hands, or the deliberate leaking of confidential information, email can wreak havoc.

Companies have to do something to protect themselves from email abuse, but what? Email is part-and-parcel of modern business life, so it's impossible to stop people using it. The temptation, then, is to keep a very close eye on what kind of messages employees are sending, and to whom.
Many companies are already taking action. One in four businesses employ staff to read and analyse outbound email, according to a recent survey from Proofpoint, a messaging software company. Worries about how staff use email seem justified-over half of companies that monitor email had investigated a suspected leak of confidential information, says Proofpoint, and one in five employee emails contain something that poses a legal, financial or regulatory risk. A third of companies have sacked someone in the last year for inappropriate use of company email.

The companies that are failing to monitor email use are putting themselves at risk, says Matthew Brain, an employment law partner at solicitors Irwin Mitchell. Apart from the risk of leaks, they could be liable if staff forward offensive material or write abusive messages to colleagues.

But Brain warns businesses to be careful about what action they take. Employers can monitor email to make sure staff are not sending vast volumes of personal messages or leaking confidential business information, but the law says they must explain monitoring procedures to staff, unless the circumstances are exceptional. "Surveillance of email use is prudent, given the risks, but this must be done in an open, rather than covert, manner," he says, adding that "it should be backed up by a written policy, which is properly explained and fairly applied." Even where a policy is in place, employers should not allow unnecessary or excessive monitoring.

"Only authorised members of staff should be able to access colleagues' email and any private correspondence viewed should remain confidential."
Companies also need to strike a delicate balance between protecting their commercial interests and damaging staff morale, says Ben Willmott, an employee relations advisor with human resources organisation the CIPD. "Our research shows that where employees feel that they are excessively monitored they are more likely to have a negative attitude to their employer and their work," he says. That can lead to poor productivity, stress and even a claim for constructive dismissal.

Willmott says a business thinking of introducing email monitoring should perform an impact assessment first. That includes clearly identifying the purpose of the monitoring and weighing the expected business benefits against any impact on morale. "It's important that employees do not feel that their employer is acting like Big Brother, taking action in this area for no reason," he says. "If you have good reasons, employees will normally understand."

Max Williamson, CEO of the online recruitment business careersinaudit.com, says he is against email monitoring. "As a small company, we feel that monitoring staff emails is impractical and a poor use of resources," he says. "Risks of this nature are better managed by training staff in the potential pitfalls and enforcing what we consider acceptable behaviour." Williamson feels that his approach helps to build an atmosphere of mutual trust, which plays a crucial role in the development of smaller businesses. "It's important to treat people like adults," he says.