• United States

Enron is forced to open the e-mail kimono

Nov 10, 20034 mins

* How to prevent your private e-mail from being posted on the Web

The failure of Enron as a company has taught us many lessons, most of them having to do with ethics and corporate governance.  Sadly, many of Enron’s current and former employees are now learning another lesson:  that e-mail – no matter how personal – is company property.  With Enron under investigation by so many government agencies, that property is now open for public inspection.

Those of us in the IT industry know and understand that e-mail is the property of our employers.  Many of our firms routinely point this out to workers through policy statements and other communications.  Yet it doesn’t stop people from using e-mail for personal purposes.

Whether you’re organizing the soccer team party or sending “how are you?” e-mails to friends, it’s just so easy to use company e-mail to keep in touch for non-work related business.  I mean, it’s there, it’s at your fingertips, and it’s available all day long.  Who can resist sending that personal note?

But how would you feel if suddenly, without warning to you, all of your e-mail for the past two years was put onto a public Web site?  Aside from being outraged, would you be embarrassed too?  Would you have some uncomfortable explaining to do, perhaps at home or at work?

This is precisely what 176 former and current Enron employees are experiencing.  Because of its investigation into fraud allegations, the Federal Energy Regulatory Commission (FERC) was able to obtain these employees’ e-mails from the years 2000 to 2002.  The FERC posted more than 1.6 million e-mails and other documents in a database on its Web site, and anyone can scroll through them, absolutely free of charge and without prior authorization.  A few weeks ago, the “Wall Street Journal” published the FERC Web address on its front page, virtually assuring a vast audience for the e-mails.  (Yes, there are juicy personal tidbits out there.)

This is a wake-up call for all of us who use company-owned e-mail systems.  We must acknowledge that e-mail isn’t private and act accordingly, and stress to our user communities to act responsibly when sending e-mail either inside or outside the company.

Has your company issued a “best practices guide to e-mail” document to end users?  Such a document, along with a well-publicized “e-mail use policy,” can keep your coworkers informed and may help reduce the misuse of this corporate tool.

Here are a couple of “best practices” rules you could stress:

* Send messages only to relevant people; do not copy the world. 

* When using a large distribution list, keep the recipient names and addresses private by using the “bcc” feature, especially if the e-mail is going to people outside the company.

* Instead of e-mailing attachments, post the file to a Web site or private file share and send a link to the file.  If you must e-mail an attachment, keep it small.

* After taking any necessary action on a message, delete it or file it in a folder.  Clean out your folders from time to time, or archive them offline.

* Keep your e-mail professional.  That includes no forwarding messages and adding snide comments, like “What an idiot!”

* Don’t send, pass on or respond to junk mail; just delete it.

* Help your e-mail administrator fine tune the spam filter by letting him know which domains to add to the blacklist or the whitelist.

* Always regard e-mail as insecure.  Use encryption when necessary.  Better yet, don’t e-mail sensitive or confidential information.

* Remember that e-mail isn’t a free service.  Bandwidth and storage cost your company money, so use it wisely.

If you need help constructing your best practices document, search the Web on “responsible use of e-mail.”  Many universities have published their policies and helpful user tips and the information can be applied to the corporate world as well.

Linda Musthaler is vice president of Currid & Company.  You can write to her responsibly at