Nearly half of large companies employ staff to monitor and read outbound email for fear that staff are leaking confidential or embarrassing material.
According to the survey by Forrester, the trend is also on the up. However, legal experts warn that the urge to keep an eye on email could lead to its own legal and security problems.
Based on interviews with 140 senior staff at North American corporations, the survey suggested that companies are overwhelmingly concerned about the dangers posed by uncontrolled outbound email, but aren't satisfied with automatic scanning tools. Fifty-two percent of all companies, large and small, said they monitored external email with tools included in anti-spam software, and smaller proportions said they used other kinds of automated tools, such as software for watching instant messages and Web-based e-mail.
Even so, a human element was seen as necessary - 43.6 percent of companies with more than 20,000 employees had staff for reading outbound email, or an average of more than 30 percent of companies of all sizes. On top of this, one in three companies said they conducted regular audits of outbound email content, rising to 38 percent for large companies.
The reason for all this effort appears clear - nearly 75 percent of large companies said dealing with the financial and legal risks of outbound email was an "important" or "very important" priority in the next 12 months. Confidential memo leaks topped the list of biggest email concerns, with 75.7 percent saying they were "concerned" or "very concerned" about them, followed by intellectual property and trade secrets with 71.4 percent, and such areas as privacy regulations, inappropriate content and attachments and financial disclosure, all with about 64 percent.
The proportion of companies employing email-monitoring staff varied by sector - the highest was the business services, transportation and logistics, construction and engineering sector, with 45.5 percent; the lowest was goods manufacturing, with 22.2 percent. Among companies conducting regular email audits, the highest proportion was in the finance and insurance sector at 44.4 percent; only 24.4 percent of companies in goods manufacturing said they conducted audits.
Overall, 9.3 percent of the companies without email monitoring staff said they intended to add it, with the figure rising to 12.8 percent for large companies.
If the figures seem startling, they remain somewhat ambiguous. The survey, funded by a company that makes automated email monitoring tools, is designed to highlight the extra expense of email monitoring by staff instead of software, and as such is silent on what exactly these employees are doing. For the survey's purposes, a member of staff could have email monitoring as part of his or her job description without spending a great deal of time on it. The 52 percent of companies that use email monitoring tools included in anti-spam software may simply have a member of staff who spends a portion of his or her time keeping an eye on the tool.
What is clear from the results, more than half of which come from directors or managers of IT, is that companies see outbound email as a legal and financial risk, and feel they need some mechanism in place to control it. In the UK, however, privacy regulations may make this a dangerous path to take, not to mention the security risk, according to a legal analyst.
"It is essential that those who have access to other people's emails are properly trained to understand their responsibilities to ensure confidentiality and security. If employees fail to do so, the employer may fall foul of the Data Protection Act among other legal requirements," said Rosemary Jay, a data protection specialist with law firm Masons, in a bulletin on the survey.
Human email monitoring also raises a security risk, since individuals are often the weakest link in the security chain, Jay said: "It raises the question of who guards the guardians."