Email Leaks, Politics and FDA-Regulated Industry

An email leak from a Democratic National Committee (DNC) led to the Chair of the DNC losing her job and the leader of the party barely surviving a major crisis on the eve of the convention. This followed concerns of security of personal and official emails. This episode highlights once again the high-risk of electronic communications for all organizations. Emails are not private and we are accountable for everything we write. FDA-regulated industry has its share of email-related debacles. Last year, the CEO of a food manufacturing facility was found to be personally responsible for GMP violations based on the emails he wrote. Multiple cases of off-label promotion, deliberate falsification of statements, and willful non-compliance have been found based on email communications. There are several lessons to learn from these episodes for high-quality email etiquette for all FDA-regulated organizations. First, emails should be professionally written. Work emails should be devoid of non-professional sentiments as much as possible. In regulated industry all professional opinions must be based on an unambiguous understanding of the regulations. Second, emails must be retained and not deleted. In this age of extremely cheap storage, there is no excuse for deleting any data. Full email chains must be archived to maintain the context of the conversation in the email trail. It is practically impossible to completely delete an email anyway. Emails are at the minimum located at the sender and receiving location. Plus there could be additional storage locations such as servers, cache on hard drives, and other places. Third, emails should be categories into professional, personal, family, etc to segregate messages based on purpose with each category strictly guarded for permitted content. Ideally, different categories of email addresses should be handled on segregated devices, such a professional emails only on work computers or work phones, and personal emails on personal devices. The convenience of single device handling multiple email accounts will probably make the practice of segregated devices unpopular but secure emails must not be handled on unsecure devices. Personal devices are much less secured than work devices where organizations spend additional resources for security. Lastly, the most secure and private conversation is that one that is conducted privately. The best way to have a private conversation is to have a private conversation without an electronic trail. If you want to talk to someone in private, perhaps you should consider how people used to do it before emails; by just walking up to the person they wanted to talk to, and talk. Email was never intended to reduce human interaction and it should never replace the good old water cooler.