The email landscape is very different to what it was at the start of the 21st century. Mobile devices are now the most popular devices for reading emails. New email clients have appeared and legacy systems have disappeared. Instant messaging and social media have enhanced the way we communicate digitally. And email laws have had a huge impact on how email is viewed as a communications platform. From a sweeping new set of laws from the European Union know as the General Data Protection Regulation (EU) 2016/679 (GDPR) to a new consumer privacy act in California, email is becoming more tightly regulated in an age where phishing, spam and cyber attacks are becoming more commonplace.
What about email disclaimers?
This inevitably brings us to the humble email disclaimer. With a number of new regulations in effect and varying shift in email trends, do they even still matter in 2019?
Well, let’s answer that question with another question…how many emails are your employees sending a year? Most likely, it will be in the thousands if not more so. That’s plenty of opportunities for just one email to damage your company’s reputation, be it accidentally or maliciously, through libelous comments, leaking of confidential data, copyright infringement and even transmission of viral content. Even in 2019, it still makes absolute sense for companies of all sizes to use email disclaimers to protect their brand reputation and corporate liability.
But why do we even use them in the first place? The appearance of a disclaimer can be slightly unpleasant after all. Email disclaimers were originally created to cover confidentiality breaches, adhere to various email regulations and prevent companies being liable for negligent advice. Some parties have always said that email disclaimers carry no authority, but we’ve always been of the opinion that the content can at least protect and prevent legal action being taken against you. A disclaimer can cover you in the following areas:
- Breach of confidentiality.
- Employer’s liability.
- Liability for the unintentional transmission of computer viruses.
- Accidental breach of confidentiality.
- Unintentionally entering in to contracts.
- Negligent misstatement.
- Regional legal or regulatory requirements.
Many advanced markets, such as the European Union and North America, still have regulations in place that require businesses to add disclaimers to emails, something that is not likely to change any time soon. Take the United States for example. It has what is seen to be the most complete set of email disclaimer laws in the world. The Federal Information Security Management Act (FISMA) states that for regulatory compliance, an appropriate disclaimer needs to be included in all email communications. This then filters down into different industries where there are different requirements.
Let’s look at the Health Insurance Portability and Accountability Act (HIPAA). This act strongly recommends that healthcare organizations use email disclaimers to highlight patient confidentiality in all communications. Now, a disclaimer is only meant to be used to inform patients and does not actually make a company fully compliant with HIPAA law. Nonetheless, it is designed to ensure that patients are aware that the email they are receiving is not 100% secure, the content placed within the message is of a confidential nature, and that they should pass the email on to the relevant person if they are not actually the correct recipient. The U.S. Securities and Exchange Commission (SEC) and Gramm-Leach-Bliley Act (GLBA) also have similar requirements to financial institutions.
An example of a HIPAA email disclaimer would be:
“The information contained in this transmission may contain privileged and confidential information, including patient information protected by federal and state privacy laws. It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution, or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.”
Other countries, however, make email disclaimers on all messages mandatory. The Canada Anti-Spam Legislation (CASL) mandates that ALL companies obtain some level of consent before sending email messages to any recipient. As part of this law, it is required that all email signatures contain appropriate legal text with appropriate unsubscribe links in place should the recipient no longer wish to hear from you. This, in essence, gives consumers complete control over their email messages. This law applies to all ingoing and outgoing email messages, and violating this law can cost your organization up to $10 million.
To protect your business, it is still highly advisable to use an appropriate legal disclaimer on your emails. It’s simply not worth the risk. It’s true that email disclaimers will never provide you 100% protection against any legal action. They were never designed to do so. Still, due to the nature of email and the fact that so many are sent every day, it make good business sense to include disclaimers to just provide that extra level of protection. Remember also that laws continually change, so you need to make sure that you keep up. The text included in your email disclaimer might work in one region but not another. New developments will likely be covered in your industry press, so stay informed.
It’s best to use dedicated email signature management solutions to centrally manage all disclaimer content from one central location. With central management, you can ensure that all users’ corporate emails consistently have the necessary legal disclaimer, meaning your employees have no input into how and when they are applied to their messages.