1. Be clear. The policy should list email risks to make users aware of the potential harmful effects of their actions. Make sure employees are signing this policy when they get the log-in to the company email system. And, make sure you speak directly with the employee upon hiring him or her about the policy.
2. The policy should state whether personal emails are accepted and if so, to what extent. I don't condone allowing any personal emails to be sent from a company computer. Liability issues can arise if your company's name is attached to anything personal that is threatening, explicit or can cause harm in anyway. Some companies are more liberal so speak with your legal counsel if you are considering allowing personal emails to be sent from your company's domain.
3. If you are going to monitor your employees’ emails, you must state this in your email policy. Warn that employees should have no expectation of privacy in anything they create, store, send or receive on the company’s computer system and that the company may, but is not obliged to monitor messages without prior notice. If you fail to mention this, and have your employee sign that he or she understands this, you can be SUED. Yes, you can be sued because of FCC and other privacy regulations.
There are many rules associated with giving an employee access to email. If you are starting a business make sure to include this topic on the list of "to review" with your legal counsel. You, your company and your employees can all be liable for any type of misuses.