Company's Best Practices and Etiquettes

When it comes to the Internet, nothing is ever really forgotten and everything leaves a trail. This can be good or bad for business. These data trails can be used by companies to find who has been stealing their trade secrets - or to bust you if you are the thief. They can show who is working and who is goofing off. They can tell vendors who their online customers are and allow them to make better decisions and more money. This information is extraordinarily valuable, and there are laws that require companies to produce it and do it right now.

Before the Enron, WorldCom, and Tyco scandals, the legal rules for retaining communication records said only that a company had to be consistent. A company couldn't, for example, keep all e-mails except those having to do with a hostile takeover or a case under litigation. If the company's policy was to erase all old e-mails once a year or once a month, that was okay, as long as the policy was in writing and was strictly followed. Enron, for example, wiped its e-mail slate clean every 72 hours, which is hardly a surprise.

Today the rules have changed. Public and many private companies have to keep a copy of written communication of every type (letters, e-mails, even Internet instant messages) for up to seven years. These copies have to be kept in a form that allows their authenticity to be verified, whatever that may mean. Not only that, but companies must keep a second copy of every message in a different location in case of fire or natural disaster. The second copies must be on nonerasable storage media, such as optical disks. And if the SEC asks you to provide a copy of any given document or every given document, you have until close of business today to do it.

If the organization is a healthcare organization, an insurance company, or even a human resources department, the rules are even stricter. If a client asks for a list of every person or organization who has shared his or her medical records, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires that the organization provide that list... on the spot.

Companies that aren't public companies don't engage in healthcare or have no human resources department aren't off the hook because these requirements are becoming the accepted standards for all companies. If companies still dump e-mail every 72 hours and end up in court, they are effectively guilty as charged. Currently, penalties for noncompliance are mild, but will get stronger in the future, right up to sending people to jail. New SEC regulations, for example, hold the CEO personally responsible for record retention, meaning that he or she, not some techie in the computer room, will be doing the time. Then there are the civil penalties that will come from the inevitable lawsuits.

What are some of the best practices or etiquette that should be followed when writing business e-mails?

How is the Web affecting the way business is conducted? Are there changes in business practices that apply to a virtual company?