5 Most Common Violations of Email Compliance

Email compliance is always a hot issue. Yet even while there are laws and regulations governing how certain industries send, receive, store and secure email messages, 73.7% of people who responded to a survey admitted that they had violated email compliance policies at their workplace.

It is important to note as well that this number represents those who knowingly violate company email policies. The same survey showed that 42.7% of those asked claim that their company either doesn’t have email compliance policies, or they were unsure if such a policy was in place.

So what are some of the most common violations of these policies? Take a look:

1. Sending confidential information

When it comes to industries like education, healthcare and finance, sending personal and confidential information via email can violate not only company and organizational policies, but also federal regulations.

Still 45.7% of respondents claim to have accidentally sent information via email that violated regulatory compliance and 28% admitted to having done so intentionally.

This also leads to another serious problem, printing confidential emails. While most of the time these emails are printed and immediately filed away, there have been stories of confidential emails left on the printers at trade shows, hotels and airport lounges. Worse still, the information contained in the email almost always remains electronically stored on the printer itself as well.

2. Sending work-related emails from personal accounts

According to a report from a security vendor 71% of people surveyed have been educated on the risks associated with sending work-related email from their personal accounts. 47% of them don’t agree with these policies however, and deem it acceptable to use their personal accounts for work. In fact the same survey showed this to be a major concern among younger employees with 85% of workers under the age of 25 regularly sending work related emails from their personal accounts.

3. Sending inappropriate emails

Nothing can be more damaging to the reputation of a company, or individual employee, than an inappropriate email.

This is a hard statistic to measure because most often, people think of inappropriate emails as those that make the headlines due to racist remarks or sexual references. But these types of emails are only the tip of the iceberg.

Inappropriate emails include sending emails when angry, sending emails with poor grammar and spelling, jokes, slide show presentations, pictures of the grandkids and just about anything else that people find offensive or bosses find to be not related to work.

Most people think that the later list is mostly harmless but when you add up the hours lost in productivity and the customers you lose because you consistently spell the as teh, you can see where it can become a problem.

4. Inappropriate use of the email signature

If a company has a well written email compliance policy in place then it will most certainly contain some guidance as to how employees should write their email signature. Most people will ignore this.

Frequently, companies restrict signatures to the person’s name, contact information and a link to the company’s web site. Sometimes they will specifically address the use of quotations or sayings in the signature line – but this is often ignored.

Email signatures that violate compliance policies can also be spotted by the font and color used as well. Generally, it is not consider professional looking to use multi-colored text or fancy fonts for the email signature.

5. Using work email for personal communications

Policy flaunters aren’t only using personal emails for work, but vice versa as well. One common misstep when it comes to email compliance is to fire off a quick email to a friend or spouse from your work account. Many people still don’t realize that the contents of their emails are subject to review by their employer. Even those who are aware of this continue to send personal emails from work or use their work email address to register for web sites or mailing lists online.

To reduce the number of people who violate email policies in the workplace, email administrators need to clearly define their expectations to all employees and take the time to enforce these policies. When people understand the rules and see that they are frequently, but fairly, enforced they will be far less likely to try to circumvent them.

Written by Jeff


  1. Terry Shankley · December 30, 2011

    Any HR department should be able to help out immensely with going over any email policies. It saves them from any headaches further down the line, so they’re typically quite happy to go over the guidelines with you if you ask them to.

  2. Greg Rasyahani · January 3, 2012

    Sending work-related emails from personal accounts – I’m guilty of this. However, if I may explain, when I’m mobile I’m using my beloved and handy smartphone to check, read, and reply to all email messages.

    As a security measure, I enrolled only my personal email account to my smartphone and use it to connect my corporate accounts (using Gmail’s POP3 system). I’m afraid that if I access my corporate email accounts using my phone, it will be compromised. POP3 is also more secure, faster, and more stable when you’re using a smartphone.

  3. Greg Rasyahani · January 5, 2012

    For me personally, I don’t get the purpose of fancy email signatures – the rule is KISS (keep it short and simple). This rule should always be followed to maintain professionalism especially if you’re sending email messages to your business partners or clients. What’s the use of putting your company’s website’s link to your signature when it can also be found on your email address?

    It’s OK to put telephone numbers but URLs are a big no no. And take note, links on emails can be used sometimes as a spam trigger point.

  4. dougontour · January 6, 2012

    @Greg Rasyahani – I have to ask what gives you the perception that POP3 is more secure or faster on a smartphone?

    Great Article by the way! We often see an additional factor that makes my skin crawl, and that is mismanagement of PST files or not having an appropriate archive strategy for the organisation, as a result, people having a PST file full of corporate data on a memory stick or similar just waiting to be compromised.


Leave A Reply