Most countries have data protection laws to protect their citizens. In the USA there are both state and federal laws and in Europe there is GDPR. These laws can create a significant risk for businesses as ex-employees can require you to remove data about them from your systems, or give them copies of all personal data that you hold about them.
Whilst you can typically find data held in your staff systems quickly, finding all emails that contain their personal data presents a challenge.
Your staff policy may forbid staff from using their company email account for personal messages, but until case law provides clarity you may be exposed if an ex-employee asks for copies of personal emails.
An easy way to address this is to ensure that personal messages don't exist on your systems which is why CloudFiler keeps personal messages separate from business ones and only accessible to the individual.
Example Staff Email Policy
You must file all business related email to the relevant business locations, personal messages can be filed to CloudFiler personal locations indicated by the padlock icon.
These locations are only accessible to you both for filing and searching. Messages filed here are stored separately from business email and can be synced to your Personal OneDrive if present.
Any messages remaining in your email account after 'n' days will be automatically deleted. Except where there is a business reason to keep the account active for a limited period, the email accounts of staff leaving the business will be automatically deleted within 'n' days of their departure.
A policy like this helps your business as:
- It requires staff to file business correspondence
- It reduces your storage and back-up costs because the junk is no-longer retained
- If someone makes a claim for copies of all personal emails, you can legitimately respond that your email filing system does not contain personal emails and that your policy is to delete inboxes after a given period.