Audit reveals true nature of 'work' email

Two-thirds of emails going through corporate gateways in the UK are not business related. Pornographic messages account for seven per cent of traffic, and 54 per cent are personal or chain mail.

But those containing illegal material, or material likely to land a company in court, accounted for just 1.4 per cent of emails.

The figures have been collected from audits carried out on UK companies' email systems by security software and services consultancy Peapod.

All incoming and outgoing emails were copied and relayed to Peapod's secure facilities in London where a team of auditors manually reviewed and categorised each email according to criteria agreed with the user.

The company has around 40 customers and the results are taken from audits across six large UK-based companies.

Grahame Thomas, technical director at Peapod, explained that company boards need to be educated about the risks because ultimate legal responsibility rests with them.

"Organisations don't realise that it is weighted that heavily against them," he said. "Employees are treating emails as transitory like telephone communications. At the executive level there is a need to understand legislation and the obligations to the Data Protection Act."

IT managers are also reluctant to expose the real level of email misuse within their company, claimed Thomas.

"IT managers usually aren't comfortable with it and we do meet resistance," he admitted. "It is because they have usually already recommended a content filtering system so the audit is an affront to them. But the IT department does not have to be included."

Stephen Mason, a barrister and lecturer at the Cranfield School of Management, warned that consistency is the key to users navigating the legal minefield of employee email monitoring.

"Providing users are upfront with employees and tell them they are monitoring, and that there is a business case and it is targeted, then there should be no problem," he said. "You can't monitor all of the emails all of the time but you do have to be consistent."

But companies will have to wait until June for the Information Commission's guidelines for monitoring staff without breaching the Data Protection Act.

The Ford Motor Company this week gave its UK employees a two-week amnesty to delete any offensive material from their PCs.