When Vice Presidential Candidate Sarah Palin’s Yahoo e-mail was hacked during the campaign, the culprit was looking for messages that might damage the candidate’s reputation. Her inbox contained less than her hacker had hoped, but she was criticized for using personal e-mail to send job-related messages.

The incident raises the issue of business and personal e-mail use policy throughout organizations. And it raises the issue of e-mail security.

Any high-level executive’s personal e-mail could be hacked for purposes of defamation or corporate espionage, say some analysts. It’s not frequently reported, but “I’m sure it happens all the time,” says Bruce Schneier, president of BT Counterpane and an IT security author. What was missing in Palin’s case, according to reports, was a strong security question and response. That was a glaring security flaw, says Schneier.

Companies should have a clear policy separating business and personal e-mail use, says Chenxi Wang, a Forrester Research analyst. That policy should be well communicated to employees. Companies should have strict policies, especially with regard to the handling of e-mails containing sensitive information, including customer data or information of high intellectual-property value. Companies should teach the policy when employees begin work and periodically thereafter.