Do email disclaimers still matter?
Increasing numbers of email laws impact heavily on how email is used in the business world. From the General Data Protection Regulation (EU) 2016/679 (GDPR) to the California Consumer Privacy Act (CCPA), email is becoming more tightly regulated as phishing, spam, and cyber-attacks are becoming more commonplace.
What about email disclaimers?
With new regulations in effect and shifts in email trends, do disclaimers still matter?
Let's answer that question with another question. How many emails are your employees sending a year? Most likely, it will be in the thousands if not more. That's a lot of opportunities for just one email to damage your company's reputation, be it accidentally or maliciously, through libelous comments, leaking of confidential data, copyright infringement or transmission of viral content. Even today, it still makes absolute sense for companies of all sizes to use email disclaimers to protect their brand reputation and corporate liability.
But why do we use them in the first place? Disclaimers don't look great after all. Email disclaimers were originally created to cover confidentiality breaches, adhere to email regulations and protect companies from liability for negligent advice.
Some parties say that email disclaimers carry no authority, however, the wording is designed to protect and prevent legal action against you. An email disclaimer, when written correctly, can cover you in the following areas:
Breach of confidentiality
Liability for the unintentional transmission of computer viruses
Accidental breach of confidentiality
Unintentionally entering in to contracts
Regional legal or regulatory requirements
Email disclaimers in practice
In advanced markets, like the European Union and North America, still have regulations in place that require businesses to add disclaimers to emails, something that is not likely to change any time soon.
Take the United States for example. It has the most complete set of email disclaimer laws in the world. The Federal Information Security Management Act (FISMA) states that for regulatory compliance, an appropriate disclaimer needs to be included in all email communications. This then filters down into different industries where there are different requirements.
Let's look at the Health Insurance Portability and Accountability Act (HIPAA). This act strongly recommends that healthcare organizations use email disclaimers to highlight patient confidentiality in all communications.
A disclaimer does not make a company fully compliant with HIPAA law. Nonetheless, it ensures patients know the following:
The email they are receiving is not 100% secure
The content placed within the message is of a confidential nature
The message should be passed on to the relevant person if they are not the correct recipient
An example of a HIPAA email disclaimer might be:
"The information contained in this transmission may contain privileged and confidential information, including patient information protected by federal and state privacy laws. It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution, or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message."
Other countries, however, make email disclaimers on all messages mandatory. The Canada Anti-Spam Legislation (CASL) mandates that all companies obtain some level of consent before sending email messages to any recipient. That means all email signatures must contain appropriate legal text with unsubscribe links in place.
This, in essence, gives consumers complete control over their email messages. This law applies to all ingoing and outgoing email messages, and violating this law can cost your organization up to $10 million.
To protect your business, it is still highly advisable to use an appropriate legal disclaimer on your emails. It's simply not worth the risk.
It's true that email disclaimers will never provide you with 100% protection against legal action but it makes sense to include disclaimers to provide an extra level of protection.
Remember also that laws change, so you need to make sure that you stay up to date. Also, the text included in your email disclaimer might work for one region but not for another.
It's a good idea to use dedicated email signature management solutions to centrally manage all disclaimer content from one central location. With central management, you can make sure that all users’ corporate emails have the necessary legal disclaimers and are appropriate to their region, at all times.