Every week I send Keep the Joint Running to an opt-in list of subscribers. Every week I get a bunch of messages back — autoreplies about travel plans, messages that were undeliverable for one reason or another, and spam managers that ask me to click to confirm it’s a legitimate e-mail.
I also get returns like this one:
————————————-
This is an automated message from the mail server at [name withheld because I’m such a nice guy].
An email, apparently sent from you was not delivered because it contains one or more forbidden attachments. It has been placed in temporary Quarantine and will be reviewed by the mail administrator and released to the receipient (sic) if appropriate.
If you have any questions as to why your email was stopped, please call information security at 860-555-5555 begin_of_the_skype_highlighting 860-555-5555 end_of_the_skype_highlighting [actual number withheld for similar reasons]
Please read the summary of the email content to determine why it was stopped.
image/jpeg
forbidden content type
Attachment: image001.jpg
image001.jpg
forbidden attachment
image/jpeg
forbidden content type
[a total of 13 images were listed, one of which was a jpeg of my smiling face]
objectionable content.
————————————-
The column in question was “Encouraging adulthood,” (Keep the Joint Running, February 6, 2006). The only possible objectionable content, if you’re wondering, was a reference to the less desirable afterlife alternative.
If Dante had only reserved a circle for the terminally stupid we’d know the ultimate destination of the clever soul who decided to establish this level of security. Because the next step is to ban pens and paper too (to eliminate the risk of nasty doodles), making employees chisel messages in granite. Then the business would be safe from all threats. Except, of course, the threat of employees beating each other to death with memos.
It’s like this: When you eliminate all risk, you eliminate all opportunity. I’m tempted to point out that this is yet another example of optimizing a part (security) at the expense of the whole (getting useful work done) except that we just finally put that subject to bed last week, so never mind.
Corporate America is at risk (get it?) of becoming the League of Frightened Executives. Don’t believe me? How many conversations have you been part of that included the fretful worry, “Someone might sue us!”
Well, yes. There are bottom feeders out there who will sue anyone at the drop of a hat, claiming the hat-fall traumatized their poodle. Does that mean you’ll never remove your chapeau again for fear of litigation?
Among modern corporate executives, the answer, too often, is a proud, resounding “Yes!” And there you are, running IT, trapped in the middle as usual.
The name of the discipline is risk management, not risk elimination. That means IT should be implementing policy, not writing it, and those writing the policy should be clear and explicit about what constitutes the right balance between reducing risk and doing business with as little friction as possible. My bet is that the filter that classified my smiling face as a risk was put in place because there was no policy to follow. Or if there was, it was written by a member of the League of Frightened Executives and stated, “Make sure no spam gets through.”
As a place to start on the path out of the madness, consider the following for your spam filter, which begins with the notion that your employees are adults and you should treat them accordingly: Ask each employee to establish a profile based on their personal preference. Level 1 gives them maximum protection from anything and everything they might find offensive. Level 3 filters out what is clearly spam, but will probably leave in some offensive e-mails they’ll have to deal with manually. Level 2 is halfway between (and if they couldn’t figure that out, it’s time to reconsider your philosophy of employee retention).
Will a setup like this prevent employees from suing you if one of them chooses Level 3, receives something obnoxious, and decides it’s your fault? Of course not. Our legal system needs something equivalent to a Level 3 spam filter but doesn’t have one. There is little or no filtering at the filing level, and probably not enough at the don’t-be-ridiculous level.
You can’t do anything about the risk of being sued. What you should be asking is whether the above policy increases your risk of legitimate lawsuits. It’s a valid question, for which I don’t know the answer.
Besides, if I shared my opinion and it turned out to be wrong, you might sue me.