Managing Email In A Law-Enforcement Agency - April 2000

The test of whether a law-enforcement agency should develop a written policy on a given issue is foreseeability: if an agency uses computers and its employees have Internet access and email, then the sheriff or police chief can reasonably foresee that the sending and receipt of email may pose workplace privacy issues, an impact on the nature and performance of work, or present legal challenges in evaluating the sensitivity of the information or data transmitted. An agency might have to produce email correspondence during litigation, for instance.

It has always been true that law-enforcement managers have exercised the prerogative to create guidelines on the use of issued equipment, whether firearms or computers. Technological advances, however, have proceeded so rapidly that managers find it difficult to evaluate the policy implications of electronic communications. The question of how best to manage email communications should be asked with the broadest possible view. An agency that addresses email communications in policy should consider the larger context of computer access controls, data sensitivity and integrity, and the distribution of data. Further, computers themselves should be viewed in context with other telecommunications technology such as telephones (and the use of voicemail) and pagers. The issuance of a written policy is not sufficient: managers must train employees in the contents of the policy.

The Department of Criminal Justice Services is developing a sample directive on information management which will include a section which addresses email. The new sample order will become a part of the Sample Directives for Virginia Law-Enforcement Agencies, a compilation of orders on topics commonly found in procedural manuals.

What follows is an outline of topics or questions about email to be answered through a written directive. Many of the following guidelines apply to any form of telecommunications.

General Guidance
-An order states that the employer reserves a right to inspect agency-owned property at any time; electronic communications stored on the employer's systems (and all email) are property of the employer and the employee has no expectation of privacy in their electronic communications; order provides an email monitoring consent form. (Note that an employer may not require any consent before monitoring electronic communications.)

-An order defines acceptable business uses for telecommunications equipment.

-The agency defines its standards of good business practice concerning workplace communications, regardless of the media.

-An order gives examples of unacceptable uses for telecommunications equipment.

-An order addresses the use of passwords or personal access codes for telecommunications systems; describes how the passwords or codes are established or updated; includes management controls for passwords or codes.

-All employees have been issued relevant telecommunications directives and have been trained on the contents of directives.

-All of the agency's directives which address telecommunications systems are consistent in their treatment of what constitutes agency-managed information; all data or information receives comparable protection, regardless of the method of transmission.

-A penalty is (or penalties are) specified for failure to follow the agency's directives.

-Statement of applicability of the Electronic Communications Privacy Act (18 United States Code §2510). (Note that this law extends privacy protections to electronic communications, but exempts an employer monitoring communications on its own systems. This area of law, however, is evolving.)

-Statement of supervisory responsibilities; procedures for periodic audits.

-Identification of agency personnel/office responsible for managing electronic communications. Specific Guidance

-Relevant terms are defined (computer network, email, electronic communications, Internet).

-Obscene, illegal, discriminatory, defamatory, or harassing electronic communications are prohibited, as are any inconsistent with the agency's mission.

-A statement addressing personal email (whether an outright ban or limited personal use, with the understanding that the communication is not private).

-Guidance on storage, archiving, and purging of email.

-Guidance on participation in on-line forums.

-Guidance on installing or downloading software, executable files, or programs.

-Guidance on data storage, back-up, retrieval.

-Guidance on the exchange of or access to electronic communications protected by copyright, patent, license, or intellectual property protocol.

-Guidance on the exchange of or access to electronic communications of a commercial nature.

To comment on the Policy In Action topics or to request further information, send an e-mail to Tim Paul.

Click here to return to Policy in Action.