There is no legal authority on the effectiveness of these notices in email messages; but that is not to say that they should not be used, provided care is taken in drafting them. The disclaimer and the confidentiality notice are intended to serve different purposes, and ideally should be separated.
In addition, certain information is required in the email footer of a company or Limited Liability Partnership.
If your business is a private or public limited company or a Limited Liability Partnership, the Companies Act 2006 requires all of your business emails (and your letterhead and order forms) to include the following details in legible characters:
This information should also appear on your company's website (and for an overview of other information that is required on a website, see our guide to the UK's E-commerce Regulations). Failure to comply with these requirements puts a company at risk of a fine of £1,000.
The duty has existed for business letters for many years. But some people were unsure whether this duty extended to email communication. Any doubt was removed by an amendment to the Companies Act 2006 that took effect on 1st January 2007. The duty is now contained in the Companies (Trading Disclosures) Regulations 2008, which came into force on 1st October.
It is not enough to provide a link to this information from an email footer. The Regulations provide that any ‘display’ or disclosure of information required by the Regulations must be "in characters that can be read with the naked eye."
Not all emails will be relevant to your business but most companies will find it easier to add the information to all outgoing emails, including those messages that forward or reply to a third party's email.
For avoidance of doubt, these details are not required of sole traders or standard partnerships.
An example footer:
Green Organisation Ltd is a company registered in England and Wales. Registered number: 5464771. Registered office: Green House, 21 Bloom Street, London, WC1 1AA.
Enforcement of the mandatory information requirement is the responsibility of Trading Standards. The maximum fine for non-compliance is currently £1,000. An additional daily fine of up to £300 per day can be imposed for any continuing breach.
Some companies are part of a group of companies - e.g. ABC Ltd might be one of several subsidiaries of XYZ plc. Sometimes two or more companies in a group share the same standard email footer. However, this approach runs a risk. Each email footer should make clear which company it represents. If it is not sent on behalf of the parent company, it should not refer only to the parent company's details. Nor is it legally compliant, in our view, to offer a link in an email footer to a page that explains the company structure in lieu of an email footer that is tailored to the subsidiary.
This can present a technical challenge for some companies: they need to ensure that an individual employee is using a certain template for sending email. They may also need to train staff in using a choice of email templates because one employee might have to send emails on behalf of more than one company.
The confidentiality notice is an attempt to say that the content of the email is confidential and that it should not be read by anyone other than the intended recipient. Common sense dictates that adding this notice to the foot of the email is too late: if the notice is read at all, it will be read after the message. The email system used by your organisation may or may not facilitate the automatic posting of a confidentiality notice above the text of all messages being sent externally. If it does, this is the best practice to follow. If it does not or you consider the message unsightly, you are not breaking any rules; you are simply taking a slightly higher risk.
The following wording would be appropriate above the message text:
***** Email confidentiality notice *****
This message is private and confidential. If you have received this message in error, please notify us and remove it from your system.
Some confidentiality notices begin, "This message is intended for the addressee only". This is misguided because any person who receives the email will likely only receive it because he is an addressee, albeit the sender may misspell the intended recipient's email address.
Do not take it for granted that your confidentiality notice can be relied upon, however much care goes into its preparation. There is no legal authority on the value of these notices in email communications. When the notice is added automatically to every external communication, there is a risk that a court would consider that the venom in your warning has been diluted.
The value of the notice is that, if the disclosure of the content of an email becomes a subject of dispute, it would be possible to point a court to the existence of the confidentiality notice and argue that the recipient should have known to not disclose the contents of the message.
If your organisation decides that it is worth including such a notice, just be aware that it will be in a court's discretion to ignore it.
A disclaimer, if required, can appear beneath the message, along with contact details and any regulatory information that your organisation needs to provide (often required of regulated professions like financial services). But use disclaimers with caution.
Some businesses automatically add a disclaimer to all email. As with confidentiality notices, there are no legal authorities on email disclaimers; but there is guidance on disclaimers generally.
Following this guidance, disclaimers of the type that effectively warn a recipient not to rely on the content of the email will be ineffective. They also fail to inspire confidence in the sender, so make little commercial sense.
Many disclaimers are over-ambitious. If you go bungee jumping, you may be asked to sign a waiver of liability for your death in the event of accident; but such disclaimers do not stand up in court.
What you attempt to disclaim will depend on the nature of your business. If you think your business should add a disclaimer to all its email messages, seek legal advice on its likely effectiveness.
We cannot suggest a one-size-fits-all disclaimer.
If your organisation monitors some email traffic data, your outgoing emails should say: “[Organisation name] may monitor email traffic data.”
If your organization also monitors the content of email, you should say: “[Organisation name] may monitor email traffic data and also the content of email for the purposes of [security and staff training].“
The monitoring of business email is primarily governed by the Telecommunications (Lawful Business Practice) Regulations 2000 but it is also affected by other laws including EU rules and, in the UK, the Human Rights Act 1998 and the Regulation of Investigatory Powers Act 2000.
Among other things, the rules require you to give correspondents notice of the monitoring you carry out, including monitoring email traffic data. You should take legal advice on any monitoring of communications that your organisation conducts.
The statements above can help your organisation to reduce the risk of a successful claim for unlawful monitoring of your organisation’s email data but you should be aware that such statements have never been tested in court and therefore any monitoring will carry some degree of risk.