A quick lesson for business leaders (and the millions of others who communicate by e-mail):
The digital world as we now know it is forever. Maybe even after forever if there is such a time dimension.
If you think that double-deleting those snarky comments you made about your competitor, boss, or colleague in an e-mail, tweet, video, or other digital medium eliminated those words from your secure hard drive or an anonymous server in some secluded location, you are mistaken.
That does not mean your creations are easy to find, of course – we have all anguished over materials that have disappeared into the netherworld of our internet-accessible devices. Nonetheless, your digitally documented words will never be, as the Munchkin said, really, and most-sincerely, dead.
Risks and Consequences
The countless opportunities for damage to security and operations through verbal, written and electronic communications have long been recognized by government agencies and the law enforcement and intelligence communities. For example, the e-mails of a former IRS Director revealed that she had strong political views that appeared to influence the decisions of her office regarding non-profit organizations. These communications, the disclosure that some e-mails might be “lost” in the IRS cyber-system, and the possible mismanagement behind them had devastating consequences that included a Congressional investigation, a DOJ investigation and the resignations of two key IRS executives. In New Jersey, two members of the Governor’s staff were indicted for closing lanes to the George Washington Bridge – charges that were supported by the content of e-mails they composed before the event.
Similarly, businesses face significant reputational risk when the intemperate remarks of their leaders become open-source material with no known shelf-life. Plaintiffs routinely “e-discover” smoking-gun e-mails and other highly embarrassing documents on defendants’ servers, such as the location of internal British Petroleum emails that established a permanent record of the dates and times when executives became aware of the extent of their oil spill in the Gulf of Mexico.
The Excuses and Tricks
Despite the horror stories of e-mails gone-wild, why do some seemingly intelligent people continue to ignore the possibility that what they write today, however intemperate or cruel, may become a future headline, impact their company’s revenue, or destroy a family?
You’ve heard some of lame and lazy excuses for being careless:
“I’m too busy to re-read my e-mails before I hit send.”
“The confidentiality paragraph at the end of my e-mail protects me.”
“We’ll use alias names and a private information sharing service.”
“Everyone knows I have no filters.”
“I only say what’s true.”
Most successful men and women are busy, but good leaders understand that words matter. The confidentiality paragraph may be stern, or even eloquent, but relies too heavily on the ethics of the unintended or unknown recipient to protect the sender. Technically-savvy investigators armed with subpoenas can easily determine the content and senders of most emails. Professionals without filters are also known as narcissists. And, of course, some people can’t handle the truth.
Good, Better, Best Practices
Protecting yourself and your business or organization from the inherent risks of managing digital information is a responsibility that cannot be solely delegated to a Chief Information Security Officer. Establishing and implementing policies about the use, management and, to some extent, the content of e-mails is a good start.
A better practice is to ensure compliance with information management policies by maintaining a values-centered and respectful institutional culture wherein employees collegially point-out inappropriate messages to their peers. Polices such as Microsoft’s Standards of Business Conduct, also address the use of social media and emphasize the protection of confidential information, the expectation of honest, accurate and ethical communications, and the need for employees to understand the consequences of their actions.
The best practices for risk reduction? Imagine your words in a newspaper, blog or court document. Ask your son or daughter to read your email aloud. When in doubt, hit delete.
The New Fossils
A thousand years from now, social archeologists will likely uncover flash drives, CDs, hard drives, servers and methods of storage not yet imagined in obscure landfills and clouds. Like covered wagons and dinosaur bones, e-mails from the 21st century may find their way into the museums of the future – all virtual, of course. The data miners will likely be surprised by our limited technical skills, but even more astonished by our lack of civility.
Will this matter to you one thousand years from now? Probably not.
But it should matter to you today.
