Hutton Inquiry highlights email liability

The extensive use of sensitive internal emails as evidence in the Hutton Inquiry into the death of weapons expert Dr David Kelly highlights important risk and liability issues for corporates that do not keep control of electronic audit trails.

Government officials, BBC executives and Andrew Gilligan have all squirmed as various internal emails have been produced as evidence in the ongoing inquiry.

Gilligan's "poor reporting", and Downing Street's "game of chicken with the Beeb" were just two of the emails that were originally only intended for their recipients but have now been exposed to the public gaze and reveal informal or highly confidential comments.

The rapid adoption of email as a means of mass communication has added a liability risk for businesses, with employees able to inadvertently cause major embarrassment or damage with the click of a 'send' button.

David Naylor, partner in the technology transactions group at law firm Morrison and Foerster, said in order to reduce risk businesses must make it clear to staff exactly what they can and can't do with all technology, including email and telephones, at work and have a transparent policy with regards to any monitoring of communications.

"There is potential for employees to create liability for employers as a result of disclosures. Employers need to clearly define to staff what they do with personal data or any other confidential information on the company systems. Clarity and transparency is the key," he said.

The 'dodgy dossier' at the heart of the inquiry also highlights how staff can unwittingly exposed confidential or embarrassing internal details in the metadata of documents.

Andrew Pearson, executive VP of Workshare, uncovered author histories and document changes in the dossier when it was published as a word document on the government's website and found four members of the government's communications centre were contributors to the document.

Microsoft Word documents store metadata that records the author and changes made and when several people contribute then an audit trail starts to build up, increasing the risk of confidential data being exposed.

Pearson said that with both emails and documents, people are often unaware that the data could end up outside the organisation.

"It's inadvertent disclosure. People wouldn't do this if they knew what they were doing," he said.

Technology and education are both needed to minimise the risk posed to companies, and one piece of advice is to only publish documents externally in PDF format.

Pearson said: "People should publish public documents using PDF rather than Word. You would be surprised how many companies still publish documents on their website in Word format."

silicon.com is still looking for your tales of Digital Blunders and so if you have hit reply instead of forward, or mistyped an inappropriate word send us your story.