A SurfControl survey of roughly 400 UK IT managers and HR officers found that more than one-third (39 percent) have received confidential information via e-mail that was not intended for them. Nearly twice as many IT professionals received confidential data by mistake compared to human resource (HR) professionals 45 percent versus 23 percent, respectively.
The number of respondents who admitted to sending out confidential information to the wrong person or organization has increased from 3 percent in January 2002 to 15 percent in June 2004, according to the SurfControl survey. These breaches can be attributed to human error since 91 percent regularly send and receive corporate or customer confidential information via e-mail, but lack of a clear corporate e-mail policy shoulders some of the blame.
The SurfControl survey found that one-quarter of companies have little or no policy in place to protect themselves and many employees lack proper e-mail training. More than 4-in-10 HR officers and 47 percent of IT managers report that their training has been ''non-existent'' or ''basic'', and only 10 percent of the workforce claim to have had comprehensive and extensive training on policy surrounding the circulation of confidential e-mail.
Chris Baggott, co-founder and CMO of ExactTarget, comments on the stark contrast between e-mail policies and the postal counterpart: ''No one has paid attention to e-mail historically. More attention is paid to outbound postcards than e-mail,'' said Baggott, noting that anyone in a company can send an e-mail but branding and consistency guidelines are strict in direct mail campaigns.
E-mail has so few restrictions that an ExactTarget survey of 125 individuals revealed that 45 percent were somewhat to very concerned that an employee will inadvertently send an unapproved e-mail, and 9 percent reported that this actually occurred in their organization within the last year.
''Even if you have a policy, how do you enforce it? Where's the approval process? Who is allowed to do what? What kind of permissions do they have to do it? We're finding there is little compliance that ensures consistency across the global chain,'' said Baggott. Not only is branding inconsistent in these cases, but employees are often unaware of who they can e-mail and what they can say.
Furthermore, more than three-quarters reported feeling somewhat to very concerned that Internet users who have unsubscribed may inadvertently receive e-mail again. Concern is valid since 35 percent report that subscribers had received e-mails during the past year despite opting out of lists.