Email Disclaimers to Protect Your Organization
Email is an essential business tool that not many organizations can do without. However, after several high-profile lawsuits with multimillion dollar penalties concerning the contents of emails in the corporate sector, nonprofit organizations, too, are increasingly aware that simply by using email, they may be exposing themselves to a number of legal threats. One of the ways these legal risks can be minimised is by adding a disclaimer to every email that is sent on or from the organization’s email network. This article discusses why email disclaimers are needed, the different types of disclaimers that can be used and how to add them.
What Are Email Disclaimers?
Email disclaimers are statements that are added to emails to disclaim liability. The statements are usually of a legal character, but can also be used for marketing purposes.
There are three main reasons why you might decide to add disclaimers to your emails: legal protection, regulatory compliance and marketing purposes.
1. Legal Protection
If you were to be so unlucky to be sued for the contents of an email, it is not certain whether an email disclaimer will protect you from liability in a court of law. However, it can help your case and, in some situations, might exempt you from liability. More importantly, it may well prevent the actual occurrence of lawsuits against your organization, since the mere presence of the statement might deter most persons from seeking legal compensation from your organization. Besides avoiding liability, disclaimers are also used to prevent persons from unlawfully forwarding or copying confidential emails. Again, the presence of the notice will deter most persons from doing this. Therefore, the use of disclaimers is always recommended.
Disclaimers can help protect against six types of legal threats:
Breach of confidentiality
By including a disclaimer that warns the content of the email is confidential, you can help protect your organization against the exposure of confidential information. If the receiver breaches this confidentiality, they could be liable.
Accidental breach of confidentiality
If an employee were to receive a confidential email from someone and accidentally forward it to an unauthorised person, the employee and, therefore, the organization could be held liable. For instance, this can happen if a wrongly addressed email is forwarded to a postmaster, who might not be authorised to read the email, or if an email message is intercepted. If you include a notice at the end of your email stating that it is only intended for the addressee and that if anyone receives the email by mistake they are bound to confidentiality, this could protect you.
Transmission of viruses
If an employee sends or forwards an email that contains a virus, your organization can be sued for this. Apart from implementing a good virus checker that blocks viruses entering and leaving the organization via email, you can also warn in your disclaimer that the email could possibly contain viruses and that the receiver is responsible for checking and deleting viruses.
Entering into contracts
Written communication, including email, can be used to form binding legal contracts if the individuals have actual or apparent authority to do so. If you do not wish certain employees to be able to form binding contracts by email, you could include a statement that any form of contract needs to be confirmed by the person’s manager.
By law, a person is obliged to take care when giving advice that a third party relies on. If an employee were to give professional advice in an email, the organization could be liable for the effect of the advice that the recipient, or even third party, reasonably relies upon. A suitable disclaimer could protect your organization from this kind of liability.
Although an organization is ultimately responsible for the actions of its employees, including the content of any emails they send, a disclaimer can decrease liability. If an organization can show that it has correctly instructed its employees not to send libelous, offensive, obscene or defamatory statements, this could help in disclaiming responsibility if an employee breaches these rules. An organization can demonstrate this by including an email disclaimer to that effect and by implementing an email policy that clearly warns employees against such misuse. However, there is no disclaimer that can protect against actual libelous, offensive or obscene content. The most a disclaimer can accomplish in this respect is to reduce the responsibility of the organization, since it can prove that the organization has acted responsibly and done everything in its power to stop employees from committing these offenses.
2. Regulatory Compliance
New and existing regulations are forcing companies and organizations to protect their client’s privacy. In the United States, the Health Insurance Portability and Accountability Act (HIPAA) requires health care institutions to keep a record of their email communications and secure confidentiality of information. The U.S. Securities and Exchange Commission (SEC) and Gramm-Leach-Bliley Act (GLBA) impose similar duties on financial institutions. Steep penalties can apply to those organizations that do not comply with their industry’s regulations. Therefore, in these industries, organizations are actually required to add disclaimers to their emails in order to protect the integrity of their patients or clients and to avoid any confidentiality breaches. In the new Internal Revenue Service (IRS) regulation Circular 230, the IRS requires tax advisors to add an email disclaimer to any emails including tax advice, expressly stating that the opinion cannot be relied upon for penalty purposes.
3. Marketing Purposes
A footnote can also be added to serve marketing purposes. Disclaimers can include an organization’s address, URL and/or slogan. For example, it may be helpful to include a footnote about an upcoming fundraising or outreach campaign.
What Are the Different Types of Disclaimers?
Disclaimers can be prepended or appended, applied organization-wide or per department/user, added to external and/or internal emails, and can be static or individualised.
Append or Prepend Disclaimers?
If you prepend the disclaimer, there is more chance that it will be read. However, it might interfere more with your email communications. The choice whether to prepend or append disclaimers will probably depend on how secure and confidential your email communications need to be and how important email is to your organization. For instances, a legal organization or financial institution might choose to prepend disclaimers. However, an organization selling books or flowers over the Internet would probably prefer to append the disclaimer. It is also possible to place a short sentence at the top with a link to the full disclaimer at the bottom of the mail.
Organization-Wide or User/Departmental Disclaimers?
Although an organization-wide disclaimer might be sufficient for a number of organizations, if at all possible, it is advisable to add different disclaimers per business group or department. For instance, a person in the sales department might need a statement saying that all quotes are only valid for 30 days. The accounts department might need a disclaimer that concentrates more on the confidential nature of the information. The technical support group might want to include a notice that they cannot be held liable for the consequences of their advice. By adjusting the contents of the disclaimer according to the context, the strength of the notice can be increased.
Internal and/or External Email?
Many organizations only add disclaimers to externally sent mails since they are not as aware of the legal implications of internal emails as they are of external emails. Although the virus and contract issues mainly apply to external emails, the confidentiality and employer’s liability issues are just as important for internal email. For instance, there have been several cases where employees filed hostile work environment claims after being confronted with offensive emails circulating the office. As for confidentiality, this might even be more of an issue for internal email, since not only is there a considerable chance that a colleague might accidentally read a confidential email, an insider will recognise the importance of the information much faster than an outsider. Preferably the internal disclaimer is different from the external disclaimer, focusing more on the internal confidentiality and hostile work environment issues and, for instance, including a link to the organization’s email policy.
Multiple Disclaimers and Positioning
On replies and forwards, it is of no use to keep adding new disclaimers at the bottom of the email. This just means you will end up with a long list of disclaimers at the end of every message. You can decide only to add the disclaimer once, but this means that on replies and forwards, the recipient may not notice the disclaimer and the strength of the disclaimer will diminish. A better solution is to repeat the disclaimer within the email, just after each new message. This ensures that the recipient will see the disclaimer each time they receive a message.
Static or Individualised Disclaimers?
You can add static disclaimer text to every email or a disclaimer that can change according to the context to make the disclaimer statement more specific. Where possible, it is advisable to be more specific, since this might add to the weight of the statement. For instance, instead of saying "the organization will not accept liability," it is zbetter to mention the actual organization name: "Organization XYZ will not accept liability." Furthermore, you could use merge fields in your disclaimers, such as:
If you can include the recipient name in your disclaimer — for example: "This email and its contents are only intended for [Mr. X]" — this will make it even clearer to whom the email is addressed and that if any other person were to read the information, they are bound to confidentiality.
In the case of limiting the entering into binding contracts via email, you could mention the name of the supervisor who needs to confirm a contract in writing. For example: "This employee is not authorised to conclude any binding contracts without the express written confirmation by [Mr. Y]."
Date: It might also be useful to include a date in the disclaimer.
How Can You Add Disclaimers?
You can add disclaimers to your emails by making use of a signature or by adding disclaimers at the server level. Signatures can be configured in email client software, such as Microsoft Outlook. However, since this software is client-based, the user could change the signature without the employer knowing. In addition, if you wish to change the signature, you will need to change this on every machine individually. Therefore, adding disclaimers at the server level is preferred.
It is a fact that simply by using email your organization is exposing itself to legal threats. Since prevention is better than the cure (and certainly less expensive), it is important that you take steps in which to minimise the threats. The first step is to draft an organization-wide email policy and distribute this among your employees. The next step is to make sure that the email policy is enforced. Adding legal disclaimers at the bottom of each email will provide the first basic protection against a number of legal issues arising out of the use of email. In addition, to further minimise the threat of employer liability and breach of confidentiality, you should consider using a content filtering tool to block inappropriate and unwanted emails, quarantine dangerous attachments and scan messages for viruses.
Want to see samples of email disclaimers used for different uses and recipients? Check out this list of examples adapted from a Red Earth white paper.