Product Family


Project Management Professional (PMP), Risk Manager – Loss Prevention and Education, Design Professional

As many of us have seen an increase in email use the past few months, it’s a great time to review your email policy with your staff. If you don’t have such a policy, there’s never been a better time to create one.

So many people are working remotely these days that those quick conversations that used to take place at your desk, in the hallway, or on the elevator have now been reduced to a series of emails. Add to that the normal daily deluge of correspondence and it’s only natural that some staff may have forgotten proper email protocol.

To help you either shore up your current email policy or create one, we’ve posted a sample below. We recommend that you work with your lawyer to tailor it to your own firm’s specific needs and incorporate it into your overall communications/media policy.

FIRM NAME considers email an important method of communication and recognizes the importance of proper email content and prompt replies in conveying a professional image and delivering effective customer service. You are obliged to use this tool only in a responsible, effective, and lawful manner. Although email is at times less formal than other written communication, the same laws apply, including those applicable to slander, copyright infringement, and plagiarism. Therefore, it is important that you treat email with the same care as you treat other written communications. Remember that every email you write can potentially be read by a third party and interpreted (or misinterpreted) by a court of law or regulator.

In addition, the FIRM NAME network is periodically backed up and recorded. Material transmitted through email may be disclosed to unintended third parties (for example, in a litigation or government investigation context), even if a hard copy of the email has not been made. Emails should, therefore, contain only the specific facts and other information that need to be communicated for business purposes. Before saving or sending an email, consider whether any information contained in the communication might be inaccurate or misconstrued if reviewed by a third party.

Acceptable use
This Policy permits limited personal use of your FIRM NAME email account. Personal use is subject to the following limitations:

  • A level of use that does not detract from your work
  • A level of use that does not in any way threaten FIRM NAME’s systems’ security or operating effectiveness
  • Priority must be given to the use of resources for business purposes
  • Personal use must not be of a commercial or profit-making nature, or for any form of personal financial gain
  • Personal use must not be of a nature that competes with FIRM NAME in business
  • Personal use must not relate to any use that conflicts with your obligations to FIRM NAME as your employer
  • Personal use must not be connected to any purpose or application that conflicts with FIRM NAME’s policies, rules, or procedures


Additionally, the following actions are prohibited:

  • Sending or forwarding email containing libelous, defamatory, harassing, offensive, racist, or obscene remarks
  • Sending unsolicited email (spam), chain letters, or junk mail
  • Forging or attempting to forge email messages
  • Disguising or attempting to disguise your identity when sending email
  • Sending email using another person’s email account unless explicitly authorized
  • Knowingly sending an attachment that contains a virus or malicious software (malware)

FIRM NAME business may only be conducted on computers and electronic devices in accordance with IT policies and using FIRM NAME email accounts. Avoid using FIRM NAME email addresses for personal use.

FIRM NAME’S confidentiality policies also apply to information transmitted electronically. Email must be treated as confidential by other system users and accessed only by the intended recipient unless authorized by the sender of the email, an addressed recipient of the email, or a member of senior management exercising FIRM NAME’S rights to monitor electronic communications in accordance with local law.

Email systems should not be considered secure and therefore should not be used to transmit confidential or personal information externally until reasonable assurances of confidentiality have been obtained. In addition, the following disclaimer will automatically be  added to each email that has an external destination:

CONFIDENTIALITY: This communication, including attachments, is for exclusive use of the addressee(s) and may contain proprietary, confidential, or privileged information. If you are not the intended recipient, any use, copying, disclosure, or distribution or the taking of any action in reliance upon this information is strictly prohibited. If you are not the intended recipient, please notify the sender immediately, delete this communication, and destroy all copies.

If you are in doubt about sending certain information via email, check with TITLE/DEPARTMENT before sending the email.

Email systems should not be considered secure and therefore should not be used to transmit confidential or personal information externally until reasonable assurances of confidentiality have been obtained.

Email records management
You must manage your email account in a manner that is consistent with FIRM NAME’s records management policies and retention schedules. Seek guidance from TITLE/DEPARTMENT to understand how the policy applies to your office. All email accounts maintained on our systems are the property of FIRM NAME. Employees should expect that their business records, including email, may be accessed at any time, including after they have left the organization. The IT department will ask all managers to provide instructions on how to deal with the email account of an employee who has left.

In addition, email may be subject to potential disclosure by subpoena or other lawful order of governmental authorities, or pursuant to discovery proceedings in a lawsuit or investigation. Alteration, deletion, or failure to disclose or produce such email that is identified for disclosure may subject FIRM NAME and the employee responsible for such failure to civil or criminal penalties or sanctions.

FIRM NAME reserves the right, through appropriate management, and in accordance with the applicable law, to review, monitor, audit, intercept, access, and disclose all messages, files, documents, and electronic information created, received, or sent via the system’s networks. This monitoring will only take place in order to protect the legitimate interests of FIRM NAME, its employees, or its clients.

For example, monitoring may be configured to detect a violation of this policy such as the release of proprietary, personal, or sensitive information; to prevent information security breaches and preserve IT operating effectiveness; to investigate a complaint of harassment or discrimination; or to prevent leaking or abuse of employee or client data.

FIRM NAME may, at its discretion, apply automatic message monitoring, filtering, and rejection systems as appropriate and deny transmission of messages with content that violates company policy.

Guidelines for writing emails and managing volume
When composing emails:

  • Use short, descriptive Subjects.
  • Consider using headings or other formatting to structure lengthy emails.
  • Send the email only to those necessary; avoid extensive “cc” lists.
  • Use short, concise sentences.
  • Clearly label privileged emails in the Subject line as “Confidential” or “Privileged and Confidential Communication Subject to Attorney- Client Privilege and/or Attorney Work Product,” if applicable.
  • Use humor and irony sparingly as they can easily be misinterpreted.
  • Avoid using internet abbreviations, emoticons, and emojis such as smiley faces.
  • Take advantage of the spell- and grammar-check tools before sending your email.
  • Do not send unnecessary attachments.
  • Ensure that large attachments are compressed (i.e., reduced in size using zipped files or similar methods that are available from the IT department). Employees can also use internal file transfer portals (e.g., SharePoint).
  • Do not write emails in capital letters.
  • Enable your out-of-office assistant for both internal and external email communications. Your out-of-office messages should provide information such as whom to contact in your absence and, if appropriate, your return date.
  • If you forward email, state clearly what action you expect the recipient to take.
  • Only mark emails as important if they really are important.
  • Do not use “Delivered” or “Read” receipts of messages unless absolutely necessary.Do not use “Reply to All” unless specifically required.
  • Utilize the applicable FIRM NAME protocol for email signatures. This information can be found in our employee handbook. It is important that you make clear you represent FIRM NAME.

Questions, concerns, and technical issues
If you learn of any misuse of FIRM NAME’s electronic communications systems in violation of FIRM NAME policy, you must notify TITLE/DEPARTMENT immediately.

If you suspect that a security breach has occurred (i.e., there is evidence to believe that there has been unauthorized access to FIRM NAME information systems, resources, or data), contact TITLE/DEPARTMENT immediately.

To contact the author of this story, please complete the below form

Invalid First Name
Invalid Last Name
Country is required
Invalid email
Invalid Captcha

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. AXA XL Risk. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any publication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with this publication, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: AXA Insurance Company, Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.