Heckman Consulting Newsletters
Why Document Manage-ment: A White Paper
No.34 Spring 2008: AMD Alive and Well at Lexis Nexis.
Blog from Heckman Computer Consulting
DMS Issues from Heckman Computer Consulting
Cheatsheets from Heckman Computer Consulting
Seminars from Heckman Computer Consulting
Law Office Computing Articles
Business Automation Checklist
Services Provided: Technology Consulting, Software Support, Planning Support
Supported Software Products: Amicus Attorney, CaseMap and TimeMap, ContactEase, WordPerfect, GroupWise, HotDocs, PC Law, Summation, Time Matters, Worldox
Email Policies
Backup Issues
Virus Issues & Alerts
Useful Links from Heckman Consulting
About Us - Heckmanco.com
Clients of Heckman Computer Consulting


No. 8, January 1998  

E-Mail and the Internet

E-mail has become an increasingly important factor in litigation--as Bill Gates, Oliver North and others have found out to their sorrow in the past few years. With e-mail becoming more and more prevalent as a primary means of transmitting information and documents, what are the real dangers in using e-mail and how can you protect your firm against them? Some small firms are avoiding e-mail altogether because of the perceived problems: does this make sense?

E-mail has become a basic business component. Employees, and certainly young attorneys fresh out of law school where they have been accustomed to using e-mail and high-speed Internet access, view e-mail on a par with the fax machine and telephone. Firms who try to ignore e-mail do so at the peril of becoming non-competitive. It is not just large corporate clients who are requiring e-mail: individual clients may choose a firm with e-mail capabilities over one without for a variety of reasons (e.g., clients who are deaf or have other disabilities).

Potential Dangers of E-mail

Courts currently view e-mail as discoverable in litigation--ranging from the Department of Justice's investigation of Microsoft to discrimination and sexual harassment suits. This can go as far as evidentiary seizure of entire computer systems (the FBI showed up on the doorstep of one client demanding the hard drive of their server, which would have prevented the entire firm from doing any work at all!).

The problem with e-mail is that people regard it on a par with the spoken word, not the written word. They feel free to make comments or statements in an e-mail that would certainly be revised or excised entirely if they were drafting a printed memo. When portrayed in court as "policy," such casual formulations can be very damning and literally cost a company millions of dollars.

Create a Company Policy

While a variety of admonitions concerning the use of e-mail are possible and necessary, their effectiveness is likely to be about nil. At one firm, for example, despite admonitions concerning personal e-mail, disk space on the server dwindled alarmingly just before Christmas due to a large number of 10Mb files with names such as "tree.exe." Some firms are adding legal disclaimers to every e-mail that goes out akin to the ubiquitous disclaimers on faxes (see box, over). The legal efficacy of such disclaimers has yet to be fully tested in the courts.

As a first line of defense, it is important to have a clearly stated firm and company policy concerning the acceptable use of e-mail. Insist that all employees sign the e-mail policy statement before being allowed to use it (see box, right).

The second line of protection is to limit the retention of e-mail. This has the advantage of reducing storage requirements for e-mail (which can be substantial: 10-15 Mb per user or more) as well as limiting the time period during which e-mail is exposed to discovery in litigation. Many firms limit the retention of e-mail to 30-60 days.

A third, more drastic, option is to not back up any e-mail at all. This means that if you have an unrecoverable server crash, all e-mail will be destroyed. However, if you do back up e-mail and have, say, a 30-day e-mail retention policy and keep 6 months of backups, then the time-frame of your exposure to discovery demands is 6 months plus 30 days, not just 30 days. In addition, the process of producing e-mail that has been backed up for a significant amount of time will be extremely time-consuming and expensive.

Other Risks

What about the danger of someone stealing your information? There are two levels to this concern: targeted attacks and random hackers.

Realistically, the likelihood that e-mail will be hi-jacked in a targeted fashion is very small, with the possible exception of transactions involving very large dollar amounts. However, the possibility that some random hacker will discover a potentially "juicy" morsel and circulate it to the world at large should not be dismissed (think of the IBM TV ad of the hacker e-mailing the salary structure for an entire company to all employees).

On a small scale, the only way to protect against this is to use encryption software. There are several products available and they are getting easier to use (at least in the most recent versions of e-mail software). However, as with any type of security, the more security you require, the more you inconvenience users. Encryption is still fairly clumsy, and requires that the recipient use it as well as the sender.

On a larger scale, there are a variety of Virtual Private Networks services that provide enhanced security for both small and larger companies. Again, these require both recipient and sender to subscribe.

Lastly, there are a variety of programs that will analyze your e-mail and can be used to spot potential problems. While these are not inexpensive, they can be a useful adjunct as part of an overall e-mail security program. Mimesweeper is one of the best known of these programs (www.mimesweeper.com).

Viruses are a major concern for many, especially for Word users ( WordPerfect is much less susceptible to attack than is Word). However, aggressive use of anti-virus software and end-user education can reduce this risk to acceptable levels.

Do You Need E-Mail At All?

With all the potential problems, a small firm with primarily individual clients might ask: do we need e-mail at all? One answer to this question is that having e-mail is becoming part of the basic requirements and cost of doing business, like fax machines and photocopiers. There really isn't any choice in the matter if a firm is to remain competitive.

The better answer is that selective implementation of technology options such as e-mail enables a small firm to compete successfully with much larger firms. E-mail levels the playing field and gives smaller firms competitive equality or even an advantage. While America On Line and other small ISP's appear amateurish and are a telltale sign of very limited resources, there is no way for anyone to guess the size of a firm with its own domain name: "myfirm.com."

Furthermore, there are several vendors who offer e-mail services aimed at smaller firms such that a firm can offer all employees e-mail for a minimal cost. Services such as DotOne (www.dotone.com) or AllegroNet (www.allegronet.com) integrate Internet e-mail with your regular in-house e-mail system. This allows you to extend to the Internet without necessarily providing Internet browsing to the entire firm and without the sometimes substantial costs of Internet infrastructure (firewalls, anti-virus scanning, etc.). An additional advantage of separating e-mail from Web browsing is that it tends to substantially reduce spam and unwanted solicitations, since you are using e-mail mainly for business purposes. The web browsing ID (spam is typically based on this ID) is totally separate from your e-mail ID.

There is, however, one caveat. E-mail is not like a fax, where when you feed it through the fax machine it is already being delivered at the other end. E-mails can be delayed or even lost, and there is no way to predict when that will happen. Further, it is very difficult to obtain proof of delivery for e-mail. Therefore, e-mail should not be used to send time-sensitive materials or anything requiring proof of delivery.


E-mail allows you to communicate with clients, other firms, etc. with even greater ease than voice mail (there is no such thing as "e-mail tag"). It can cut down turnaround time and improve communication with clients. It makes it easier for clients and others to do business with you. You may not need a Web Site yet, but you definitely need e-mail.

Sample E-mail Policy Provisions

You will want to include:

  • Explicit statement that the computer and e-mail system belong to the company, not the employee, who can use it only for authorized purposes.
  • Explicit statement that employees can expect no e-mail privacy.
  • The firm has the right (not a duty) to monitor e-mail.
  • A warning to exercise care in drafting e-mail, as the firm may be liable for the content under the Electronic Communications Privacy Act.
  • An explanation of what content is impermissible.
  • A requirement that the employee sign the policy statement in order to use e-mail, and that the employee understands that disciplinary action, including termination, may result from infraction of the e-mail policy.

E-Mail Disclaimers

No Attorney/Client Privilege

This message is not intended as legal advice. Therefore no Attorney/Client relationship is intended, implied, or created by this message.

Confidentiality Statement

This electronic mail from _______ may contain information or advice which is confidential or privileged and is solely for the use of the intended recipient. All proprietary rights, including copyright, are specifically reserved. If you are not the intended recipient, be aware that any disclosure, copying, distribution, or other use of the contents of this message is prohibited. If you have received this in error, please notify us immediately by phone or email at __________.

Blog: Does It Compute? | Contact UsUseful Links | About Heckman Consulting
Partial Client List | What's New ? | Software Supported | Service | Home

2001- Heckman Consulting, Old Lyme, Connecticut.  Law Firm Consulting & Support
Web Site by Consultwebs.com, Specializing in Legal Webs


No.21 April 2002
Future of Case Management Programs
No.20 October 2001
Disaster Recovery Small and Medium Firms
Previous Issues