You probably didnt want to hear this, but that e-mail you sent last weekyou know, the one you wished you could take backhas been saved in about five different places and actually could end up as evidence in court.


Oh, and by the way, your boss had an opportunity to read it, too.


E-mail, though widely considered to be ephemeral because it can be written so spontaneously and vanishes magically from the computer screen at the click of a mouse, can be quite permanentand also far more widely distributed than intended.


E-mail is about as confidential as whispering at the White House, quips John Shovic, who consults companies on cyber security and teaches the subject at Eastern Washington University.


To understand the potential liabilities inherent in e-mail, Shovic says one should recognize the social weaknesses of e-mailwhat he calls the three sins of e-mail.


I also call them the three Cs, he says. Casual, candid, and careless. People will put into e-mails things they would never put into a memo.


They do that, surmises Shovic, because of a misperception that the lifespan of an e-mail is short.


E-mail never really disappears, he says. Its stored on your computer. Its stored on your companys e-mail server, its stored on the recipients computer, and sometimes on some computers in between. Its also often backed up in several places.


So, even if the writer and the recipient both delete an e-mail, it still can be stored for years in other places, and, in the case of litigation, even can be recovered from the desktop computers from which it was deleted, Shovic says.


Meanwhile, many companies now monitor employee e-mails.


In a recent survey, the American Management Association found that 55 percent of employers retain and review employee e-mail messages. Some systems scan for key words in an e-mail and route them to a holding tank for evaluation before sending them along to the intended recipient.


Also, says Shovic, computer users should remember that most e-mails are sent in a non-encrypted form, which means that hackers can view them as they pass through the Internet, especially if theyre sent over wireless networks or through Web-based e-mail accounts like Hotmail or Yahoo, he says.


Its like sending a postcard, says Shovic. Anybody who intercepts it can read it.


Reading someone elses e-mail without their consent is a federal crime, just like with postal mail, but companies get around that by having employees sign a waiver giving up their right to privacy and acknowledging that their employer owns every e-mail they send or receive.


Last year, e-mail correspondence between Boeing Co. executives and Air Force officials was read on the U.S. Senate floor in connection with charges that there were improper relationships between the company and military officials aimed at securing a $30 billion tanker-lease deal for Boeing.


Though it isnt necessarily e-mail, possible evidence of inappropriate computer use is being made public here in connection with an investigation of Spokane Mayor Jim West.


The American Management Association survey says that 84 percent of employers have policies that make clear to employees that their e-mail isnt private.


Workers e-mail, IM (instant messaging), blog, and Internet content creates written business records that are the electronic equivalent of DNA evidence, Nancy Flynn, executive director of the Columbus, Ohio-based ePolicy Insitute, said in connection with the American Management survey.


The ePolicy Institutes own surveys have shown that about one in five employers has had employee e-mail and instant messages subpoenaed in a lawsuit or regulatory investigation, and that 13 percent have battled workplace lawsuits triggered by employee e-mail.


Use policies


Spokane Public Schools, which employs about 3,100 people here, long has had employees sign an agreement that outlines appropriate computer use, including acknowledgement that all e-mails are subject to review, says Ken Brown, the districts technology director.


The district doesnt monitor employee e-mails routinely, but will do so in cases where an employee is being investigated by the human-resources department, Brown says. He also says that the district doesnt store e-mails in any special way beyond its normal strategy for backing up all computer data.


We tell our employees that there is no expectation of privacy in using the districts e-mail system, he says. Its not secure and its not private. Because we receive public funds, we consider e-mails to be public record.


He says the district has had to collect stored e-mails for litigation purposes, including for a current case in which the district is suing the state regarding special-education funding.


As is the case with Spokane Public Schools, employers routinely include in their Internet policies language that says that although some minor personal use of e-mail is OK, the employers e-mail system should be used only to conduct the business of the organization. Its an absolute no-no to include in e-mail anything thats obscene or that breaks laws, and users of some systems, including the school district, cant use their e-mail for political or religious purposes.


Resources abound on the Internet for employers to consult as they write or modify such policies, including at the ePolicy Institutes Internet site at www.epolicyinstitute.com. Among the suggestions provided by that organization is to include in an e-mail policy an overview of an employers discrimination and sexual harassment policies.


Make sure employees understand that regardless of how it is transmitted, an inappropriate comment is an inappropriate comment. And all it takes is one inappropriate comment to land you on the wrong side of an expensive lawsuit, the Web site says.


Some employers must adhere to regulations specific to their industry, such as health-care providers, who must follow rules included in the Health Insurance Portability and Accountability Act (HIPAA). Financial institutions must follow the Gramm-Leach-Bliley Act, and publicly traded concerns now must meet rules under Sarbanes-Oxley. All three of those acts include rules concerning appropriate communication.


Though in some industries employers must retain e-mails for specific periods of time, or print them out and file them, in other cases the best strategy is to eliminate e-mails as much as possible after theyre no longer needed, says Shovic.


Also, when an employees desktop computer is replaced or moved to another location, employers should consider getting rid of the hard drive, which still could contain hidden files with private information in them.


I wrote a policy recently that said that if you have confidential data on your hard drive, you should grind it, shred it when you get rid of or move the computer, says Shovic. Otherwise, that confidential information can become a liability.


Lawyers often recommend getting rid of e-mail after six months, but that, Shovic says, can be a problem, since businesspeople often need to refer to e-mails stored longer than that.


One thing you cant do, he says, is delete e-mails while youre involved in a legal dispute or if you anticipate being involved in one, because theyre subject to subpoena.


In the meantime, computer users should consider some technological safeguards, such as avoiding the use of free Web-based e-mail systems, which, although they are secure at the time you authenticate your username and password, can be wide open when you send an e-mail. That means hackers can see what you write quite easily.


Secondly, be sure that any wireless networks you use for sending e-mails are protected, and when possible, use e-mail systems that are encrypted. One way to ensure greater privacy is to use a virtual private network, or VPN, connection to send and receive proprietary or confidential e-mails. These connections are encrypted so outsiders cant easily intercept them, Shovic says.


Most of all, though, users should exercise caution and decorum when sending e-mails, and understand theres never a guarantee that no one besides the intended recipients will see them.