XL Design Professional - Engineers Loss Prevention Library

FUNDAMENTAL STRENTH - CAPITAL AND PEOPLE

. . .

The Trouble with E-mail

The trouble with e-mail is that you just can’t trust it.

One minute it’s your friend, the next minute it’s telling everyone your deepest secrets.

Ask Bill Gates, he’ll tell you. In its antitrust case against Microsoft, the Department of Justice was able to cast doubt on his video deposition by confronting him with an electronic mail message he had written three years earlier.

Or ask the former employee of a large corporation who filed a wrongful dismissal lawsuit. His former employer pieced together electronic files he thought he’d deleted, and its attorneys were able to establish that he had illegally copied company materials for a competitor.

Electronic Discovery

OK, you don’t work for Microsoft. But there’s still a good chance that one day your company will be involved in a lawsuit and you’ll be asked to hand your e-mail records over to a court.

Today, litigation has entered the brave new world of electronic discovery. Courts have ruled that electronic documents have as much evidentiary value as paper documents. As a result, electronic data is now being aggressively targeted in all types of civil discovery, as well as in regulatory actions, corporate in-house investigations and law enforcement activities.

The search for electronic evidence has spawned an entire new industry of software forensic technologists who use software to systematically seek information in electronic records for lawyers’ use in litigation or criminal cases. These e-detectives can track down forgotten copies of documents or even piece together bits of deleted or damaged files. The results are sometimes astounding.

E-Mail Risks

In a lawsuit, the single most damaging form of electronic document may be the simple e- mail. Consider this: during the government’s antitrust trial against Microsoft, subpoenaed e-mail comprised nearly all the major evidence presented by both sides in the case.

There are several reasons why e-mail can be so problematic. First, an e-mail is easy to produce and even easier to send. With a few taps of a key, you can distribute comments and attachments far and wide.

Perhaps because of the ease and the sense of informality inherent in e-mail, it seems to encourage careless commentary. People often say things in e-mails they would never say in person or by telephone. They may make unguarded, offhand comments that can be taken out of context in a courtroom. They may speak too candidly about a competitor or forward material that offends a coworker. They may unwittingly distribute copyrighted material or disseminate confidential or proprietary company information. All these things could be dredged up years later to build a case against your firm.

Delete Doesn’t Always Mean Delete

Merely deleting troublesome computer files doesn’t solve the problem. When a file is deleted from a computer, it may still be recoverable from hard drives or archived data files. And who’s to say that a copy of that flaming missive you fired off three years ago doesn’t lurk somewhere on an employee’s, a consultant’s or even a competitor’s computer? If it’s there — or parts of it are there — the digital discovery spelunkers can dig it up.

What Have You Got to Hide?

There is another important issue. If you delete only selected documents, you may create the appearance of guilt. And, depending on the situation, deleting a file may be illegal. Courts have held that once somebody has sued you, or you have a reasonable belief that a suit is impending, you’re under a duty to preserve what may be reasonably relevant to the action. If electronic data is reasonably relevant, or may lead to relevant information, it must be preserved, too.

On the other hand, you don’t want to keep everything indefinitely, either. All those aging e-mails take up valuable disk space, waste computer resources, may lead to an increase in network traffic and a slower response time. And they might end up costing you in other ways, too. If you don’t have some sort of policy to regularly and systematically delete e-mail and other electronic records, and your firm is sued, how much time and money will it cost to review every electronic document going back five or more years?

Even if there’s nothing damning in them, someone from your firm — or your attorney’s — will have to look; and you can bet that the plaintiff’s lawyer will be taking a leisurely fishing expedition through them.

An Employee E-Mail Policy

The best way to protect yourself against potential e-mail trouble is to formulate a well-thought-out and strongly communicated written policy regarding your company’s e-mail system — and enforce it. Requiring employees to adhere to a corporate e-mail policy can go a long way to protect your company.

Your human resources, corporate counsel and information services departments should work together to create an employee e-mail policy that sets forth company confidentiality rules and informs employees of their rights and responsibilities regarding e-mail.

Set clear expectations of employee privacy; if you’ll be monitoring employee e-mail, say so in advance. Outline specific types of e-mail that should be avoided; address content that could be considered discriminatory, obscene, defamatory of a co-worker or a competitor, or that infringes on copyrights. Additionally, to protect against viruses or breaches in security, many companies forbid employees to download software from the Internet or open .exe attachments.

Some companies also use disclaimers on outgoing messages. These might say such things as "the sender does not necessarily speak for the company." You might want to ask your attorney about the use of such a disclaimer.

Regularly communicate your policy to all employees and hold training seminars to make employees aware of the perils and problems associated with e-mail, as well as its proper use.

Such polices can be very effective: A telecommunications company successfully defended itself against a suit charging it allowed racially harassing messages on its e-mail system. The company had an e-mail policy in place that spelled out appropriate content and was able to show it actively enforced its policy and had quickly addressed the specific incident.

A Records Management Policy

Your company e-mail policy should be part of an overall data preservation policy. Seek expert advice on how to establish a document retention policy that encompasses all sources of electronic data, taking into consideration your company’s regulatory compliance requirements and the need to preserve information that might be helpful in defending against lawsuits, disaster recovery or other needs.

If you don’t need a record, and if you have no legal obligation to keep it, get rid of it, and make sure that data that should not be saved is, in fact, permanently deleted from all sources. At the very least, set up procedures for regularly deleting old e-mail — say, every 60, 90 or 120 days — and stick to them.

Remember, however, that if you are sued, you may have a duty to stop the regular deletion process in order to preserve all relevant data.

Practicing Safe E-Mail

Once your policies and procedures are in place, practice what you preach. Never put anything in an e-mail that you wouldn’t want printed in your local paper — or in a court record. Avoid off-color or racy humor, venting, unguarded statements and other potentially dangerous e-mail messages. When you use the company e-mail system to communicate with those outside the company, you’re perceived as speaking for the company. Remember, regardless of how you feel when you send a message or what the context, it will be taken literally in court.

If you’re in doubt about putting something in an e-mail, consider a phone call instead.

And, if you think these are unreasonable precautions, just ask Bill Gates — but don’t expect him to respond via e-mail.