We have been using e-mail within the organisation for a number of years without an end-user policy (data retention, and backup polices are in place for UK FoI and DP requirements), up until now we have used the "if you wouldn't write it down and put it in the post, it dosn't belong in an e-mail".
A working group has been formed to discuss the use of e-mail within the organisation, and the policies, procedures, rules and best practices surrounding e-mail.
What documents are typically published in relation to use of e-mail? are they separate documents of part of your AUP, ToU or contracts of employment? what typical rules and polices are contained within these documents?
I would keep it as small as possible, but several things do need to be spelled out. I use the phrase communication systems to include all forms of communication .. email, IM, telephone, intranet, blog, collaboration spaces, etc.
1- The corporate communication systems are not private. Any communication through a company network or service, whether personal or work-related, is the property of the company. The company can monitor, review, search, and re-publish any communication made using it's network or service, at it's sole discretion.
2- Disrespect, abuse, or poor treatment of other people, whether they are company associates or outsiders, is unacceptable and not allowed. This includes, but is not limited to, personal insults, abusive language, profanity, explicit or implicit sexual references, and reference to any "protected" class or status. This policy applies whether the target of said treatment is a party to the communication or not.
3- Copyright and authorship are to be respected. Any material written by another that is used in any form of ecomm must be referenced as such. If authorship is not known, that must be indicated.
4- Extreme care must be taken when dealing with confidential or proprietary information.
5- Written communication should follow the company style guide and other published guidelines.
6- All employees are expected to exercise sound judgment when using company communication systems.
mfx posted a great list, I'd just like to add one thing.
Whatever you do don't add a disclaimer. Especially if you have a large tech staff it just makes them look like idiots.
http://goldmark.org/jeff/stupid-disclaimers/
I am not a big fan of such policies and I would recommend that the above common-sense approach is best. Is there a particular reason why you need to introduce such policy now?
Anyway - in my organisation there is an official "Email Policy and Guidance" - a 7 page long document. I doubt anyone has ever read it, but it states things like:
I would do a Google search for 'netiquette' or 'email etiquette'. It should give you plenty of ideas.
The basic approach that you've taken makes sense. Here are some considerations on how to move forward:
I had to write a usage policy years ago. At the time I thought they were pretty stupid, but now I am starting to see some of the benefit. It's important to communicate as directly as possible the limits of acceptable use for your users. They will test them, despite all of the "common sense" remarks in this thread. It's also important, in fact even more important to communicate to employees / users that they do not have any implied or explicit right to privacy on the corporate network. You will have to read somebody's email some day, and in all likelihood you'll be asked to provide email and other records to lawyers. In this case you want to make sure that employees know that while things like email are "private" in the general sense, they are absolutely not "private" to the company.
In our policy we make clear the following (these are not quotes from the document, just the general gist of it):
Once you have your policy drafted, you might want to have it reviewed by a lawyer. After all, the policy just sort of sits there twiddling its thumbs until something bad happens, and something bad often means the potential for legal action...so it might be good to have some feedback about your particular verbiage. Being either too vague or too specific can land you in trouble.
My opinion is that you can be a bit more vague on the stuff that's less likely to cost a lot of money, and extremely explicit on the stuff that is. For example, if you try to define a rigid set of rules about when and why and how an employee can send an email message, then there will constantly be exceptions to these rules, thus weakening your entire policy. An employee forwarding a stupid chain letter or using a "non standard" signature or something along those lines is not the end of the world, and is something you can deal with on a case by case basis when necessary. On the other hand, if you have to pull a terminated employee's retained email and hand it over to the lawyers to prove that they were sending out company secrets, you don't want them to be able to say "hey, you can't do that, it's private!" and have a leg to stand on. You want to be able to reply "yes I can, here's where I told you this, and here's your signature".