Scott, First of all, if you have no IT policies of any kind at this time, you have a bomb waiting to go off.
Having no policies is not a defensible position in the event that an employee brings a legal action or something catastrophic happens within a companies network - it's considered ignorance in the Courts in the United States and, as the old adage goes, ignorance is no excuse. When it comes to IT, a pretty good rule of thumb is that if a company wants to be able to defend itself in a legal action, then an employee has no privacy when it comes to IT. In the cases of both Enron and Arthur Anderson, the courts held that company files belong to the company and e-mail reflects the position of the company, no matter who writes it or what the original intent of the writer. There are a number of free IT policies guides available on any one of a number of support web sites - GOOGLE is a great place to start. Do a search on "IT Policies and you'll find 35,500 links available. Then do a "SEARCH WITHIN" for your STATE and you can narrow it down a lot. Those policies need to include everything from how a person's PC, personal data and e-mail are handled when he or she leaves, to how a search warrant will be handled when one is served. It's also a good idea for a policy to clearly state that all e-mail sent via the companies servers is the property of the company and may be read and opened by management. If you don't have such a statement and an employee is accused of wrongdoing, you could be restricted from being able to defend the company. While these laws vary from state-to-state, there are some basics that need to be covered everywhere: What is the employee permitted to look at on the internet. What can they say in an e-mail. What can they NOT say in an e-mail. Who is authorized to be a spokesperson for a company if the company suddenly finds themselves in the forefront of a media frenzy. Are they allowed to install their own software or does that job fall to the IT department (never a smart idea to allow non-it employees to install software). Some companies include their telecommunications policy as part of the IT policy, something that will probably become more common as we see more Voice Over IP. Your company should retain the services of a good technology attorney and that attorney should work with the IT department and the HR departments to develop a STRONG IT POLICY that applies EQUALLY to EVERYONE. Bruce Barnes -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Scott Heath Sent: Wednesday, March 24, 2004 10:05 To: [EMAIL PROTECTED] Subject: [IMail Forum] logging/legal issues etc Ok, I've got an interesting problem. My boss wants to do away with keeping SMTP logs (we don't log pop3 or web connections unless there is an issue then we turn it on). His basis for not keeping logs is that it's a privacy issue because the admin can see what admins can see in logs (we all know what data is in there). My argument is that if someone sends a mail to a high ranking government official, I want to be able to defend myself to the government. Granted that is an extreme case, it's still a possibility. What do other companies do? What can I do in a situation like this? I dont want to loose my log files. I want to know whats going on in my servers. Keep in mind that we have no IT policies at this time. Thanks in advance! Scott To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
