The Official Assura Blog
Sunday, October 28, 2007
E-mail Disclaimers: Useful or Placebo?
We here at Assura have been debating the merits of adding a disclaimer to our e-mail signatures. Everyone's seen them. They range from:
This article from a company that publishes software to add legal disclaimers to all outgoing e-mails automatically makes some very compelling points about the issue -- and I agree with many of them.
However, the thing that's always struck me about adding a disclaimer is: Can you can legally bind someone to a contract which they've had no opportunity to read and accept by taking some positive action?
I'm no lawyer, but I'd venture to say, "no". In fact, I have yet to be able to get an attorney to tell me one way or another, much less find any statute or case law that says otherwise (at least in the United States -- I haven't looked at other countries).
For my money, the fact that an e-mail might have been opened by the auto preview feature of my mail reader doesn't constitute an active act of acceptance. If the email is from someone I don't know, have never heard of, and I open it to read the contents, does that mean I'm automatically obligated to accept the terms of the disclaimer? Where is my right to refuse to agree to something that's basically been laid in my lap?
So if I don't delete a misdirected e-mail, and I further forward it to another non-intended recipient, haven't I refused to accept the terms of the disclaimer?
If your organization or lawyer says to have an e-mail disclaimer: do it. There is really no down side to it. But, other than in the case where you're disclaiming professional advice provided in an e-mail, your actual protection in practical terms may be a lot less than you think.
For my money, I'm still on the fence. However, I'd love to see some feedback from readers about this issue, particularly if they're a member of the bar.
The contents of this message are for discussion purposes only and do not constitute professional advice of any kind. Neither the author nor Assura, Inc. shall be held liable for any outcomes based on this discussion. Do not taunt Happy Fun Ball. Your mileage may vary.
"This e-mail is to be read only by the intended recipient. If you've received this e-mail in error, please delete it immediately or you will be subject to penalties ranging from legal action to being permanently bombarded by chain letters."to
"This advice is worth what you paid for it."
This article from a company that publishes software to add legal disclaimers to all outgoing e-mails automatically makes some very compelling points about the issue -- and I agree with many of them.
However, the thing that's always struck me about adding a disclaimer is: Can you can legally bind someone to a contract which they've had no opportunity to read and accept by taking some positive action?
I'm no lawyer, but I'd venture to say, "no". In fact, I have yet to be able to get an attorney to tell me one way or another, much less find any statute or case law that says otherwise (at least in the United States -- I haven't looked at other countries).
For my money, the fact that an e-mail might have been opened by the auto preview feature of my mail reader doesn't constitute an active act of acceptance. If the email is from someone I don't know, have never heard of, and I open it to read the contents, does that mean I'm automatically obligated to accept the terms of the disclaimer? Where is my right to refuse to agree to something that's basically been laid in my lap?
So if I don't delete a misdirected e-mail, and I further forward it to another non-intended recipient, haven't I refused to accept the terms of the disclaimer?
If your organization or lawyer says to have an e-mail disclaimer: do it. There is really no down side to it. But, other than in the case where you're disclaiming professional advice provided in an e-mail, your actual protection in practical terms may be a lot less than you think.
For my money, I'm still on the fence. However, I'd love to see some feedback from readers about this issue, particularly if they're a member of the bar.
The contents of this message are for discussion purposes only and do not constitute professional advice of any kind. Neither the author nor Assura, Inc. shall be held liable for any outcomes based on this discussion. Do not taunt Happy Fun Ball. Your mileage may vary.
Labels: Legal Liability
Saturday, October 27, 2007
SEC 524: Voluntary Private Sector Preparedness Accreditation and Certification Program
In August, President Bush signed the Voluntary Private Sector Preparedness Accreditation and Certification Program into law. For those of you who do not spend every waking hour watching C-SPAN or tracking bills online, this is a voluntary law that enables Department of Homeland Security (DHS) to work with a certifying organization (such as the Disaster Recovery Institute International or ASIS) to develop a program for private business to obtain a preparedness certification.
So, what does this mean for the business executives, board members, or senior managers? Is it one more thing they have to look at and approve each year for compliance. The immediate answer is no. However, there has been some speculation that it may be mandatory for businesses that meet a certain threshold of employees and/or revenue in the future.
It is a program that once it is developed will set a standard for businesses to become certified for preparedness by meeting some set of basic criteria. The criteria has yet to be developed by the DHS. As for now, DHS is working on selecting a certifying organization by February 2008.
While there has not been a significant amount of information released on this program, it is one that Assura is actively following. We will provide regular updates as they become available so stay tuned!
So, what does this mean for the business executives, board members, or senior managers? Is it one more thing they have to look at and approve each year for compliance. The immediate answer is no. However, there has been some speculation that it may be mandatory for businesses that meet a certain threshold of employees and/or revenue in the future.
It is a program that once it is developed will set a standard for businesses to become certified for preparedness by meeting some set of basic criteria. The criteria has yet to be developed by the DHS. As for now, DHS is working on selecting a certifying organization by February 2008.
While there has not been a significant amount of information released on this program, it is one that Assura is actively following. We will provide regular updates as they become available so stay tuned!
Labels: Preparedness
Wednesday, October 24, 2007
Welcome!
Welcome to the Assura blog! We're glad you're here.
The purpose of this blog is to provide a forum for discussing issues around risk management. What this is not is a means of promoting Assura or its services. We want this blog to be a useful tool for both clients and non-clients alike so that every visitor is provided with an opportunity to gain and share insights, lessons learned, and sometimes even enter into spirited debate about an issue.
While we want this to be a bi-directional communications mechanism, we do require that readers who do want to comment register with Blogger, our blog engine. Please keep a few rules in mind when commenting on a post or reading this blog:
Joshua A. Cole, CISSP
President and COO
Assura, Inc.
The purpose of this blog is to provide a forum for discussing issues around risk management. What this is not is a means of promoting Assura or its services. We want this blog to be a useful tool for both clients and non-clients alike so that every visitor is provided with an opportunity to gain and share insights, lessons learned, and sometimes even enter into spirited debate about an issue.
While we want this to be a bi-directional communications mechanism, we do require that readers who do want to comment register with Blogger, our blog engine. Please keep a few rules in mind when commenting on a post or reading this blog:
- All posts from the employees of Assura, Inc. constitute their personal opinions only. No post should be interpreted as representing the corporate policy or endorsement of Assura, Inc.
- Posts containing profanity, pornographic text or imagery, malicious code, insults, privacy protected information, vulnerabilities about specific networks or systems, or anything else that Assura, Inc. deems as going against its corporate values or could be legally actionable are strictly prohibited.
- Violators of these restrictions are subject to punishment ranging from a written warning up to and including legal action and referral to law enforcement.
- Readers should be mindful that commenters may attempt to post links to websites containing malicious code. BY READING THIS BLOG, YOU AGREE THAT YOU ARE SOLELY RESPONSIBLE FOR PROTECTING YOUR COMPUTER SYSTEM FROM HARMFUL CONTENT AND THAT ASSURA, INC., ITS SUCCESSORS OR ASSIGNS ARE TO BE HELD ENTIRELY HARMLESS FROM ANY OF THE CONTENT POSTED ON ITS BLOG. ASSURA, INC. ENCOURAGES ALL VISITORS TO TAKE PRECAUTIONS TO PROTECT THEIR SYSTEMS FROM ATTACK INCLUDING BUT NOT LIMITED TO ANTI-VIRUS, FIREWALL, INTRUSION DETECTION, AND ANTI-SPYWARE SOFTWARE. UPON NOTIFICATION, ASSURA, INC. COMMITS TO REMOVING ANY POSTS FROM ITS BLOG CONTAINING MALICIOUS CODE OR LINKING TO A WEBSITE CONTAINING MALICIOUS CODE AS SOON AS POSSIBLE.
- All visitors are subject to the terms and conditions of our Privacy Policy.
- We have the right to change these terms and conditions without notice.
With that out of the way, welcome again.
Sincerely,Joshua A. Cole, CISSP
President and COO
Assura, Inc.
Labels: Housekeeping