e-mail Security Policies Are Important

SearchSMB.com writesWho should enforce e-mail policy rules? Is it better to have more than one person do this, or department managers?
There should be a centralized security committee that’s responsible for policy oversight. However, the policies should ultimately be enforced by the human resources department, which should be working closely with the various managers.
Our company has a very casual style. A formal e-mail policy would go against our company culture. How do we suddenly implement a policy like this when we’ve never been so formal?
The short answer is, if you need it, I think you can gradually ease into the policy by talking about what your e-mail systems and corporate assets are up against and then show the benefits of such a policy. Awareness is key to getting buy-in, especially in a smaller company.
How do you distinguish what is a policy and what is an invasion of privacy?
I strongly believe (and court cases have proven so) that for the most part, companies have the right to say what can and cannot be done on company time. I think you’ve got to be reasonable and fair and have a checks and balances system in place to make sure employees aren’t getting picked on. This is definitely something everyone should candidly discuss with their lawyer and HR representative to make sure everything is in line.