Chapter Four EMPLOYER CHALLENGES AND POTENTIAL … 4... · 2015-05-15 · • Possible reduction of...

Chapter Four

Chapter Four

EMPLOYER CHALLENGES AND POTENTIAL LIABILITY IN THE

ELECTRONIC WORKPLACE

Em

ployer Challenges and

Potential Liability in the E

lectronic Workplace

Chapter Four

Copyright © 2015 FordHarrison LLP. All rights reserved.115

EMPLOYER CHALLENGES AND POTENTIAL LIABILITY IN THE

ELECTRONIC WORKPLACETable of Contents

I. THE SOCIAL MEDIA CHALLENGE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117A. The Use of Social Media in Recruiting and Hiring . . . . . . . . . . . . . . . . . . . . . . . . . . 117

B. Monitoring and Regulating Employees’ Social Media Activities. . . . . . . . . . . . . . . . . 118

C. Sugggestions for Social Networking Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

D. Discovery of Employees’ Social Networking Sites . . . . . . . . . . . . . . . . . . . . . . . . . . 125

II. RETENTION, STORAGE, AND PRODUCTION OF ELECTRONICALLY STORED INFORMATION (ESI). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125A. Retention of E-Mails and Other ESI as Business Records . . . . . . . . . . . . . . . . . . . . 125

B. Document Retention and Detruction Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

C. Production of ESI in Litigation Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

III. OTHER ISSUES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133A. Risks of Internal Computer Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

B. Defamation Claims Based on Electronic Communications . . . . . . . . . . . . . . . . . . . . 137

C. Electronic Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Chapter Four


EMPLOYER CHALLENGES AND POTENTIAL LIABILITY IN THE ELECTRONIC WORKPLACE

Katie Parham, [email protected], and Laura L. Mall, [email protected],

Chapter Editors

I. THE SOCIAL MEDIA CHALLENGESocial media has quickly become a vital part of everyday life. There are now more than 750 million active users of social media. Some of the more popular social media platforms include: Facebook; Google Plus; LinkedIn; Twitter; YouTube; Instagram; Pinterest; Flickr; Tumblr; Vine; and Reddit, among many, many others. Social media is not merely social, however, as more and more businesses are recognizing that social media platforms can be valuable marketing and communication tools. However, the use of social media has created new and daunting challenges for employers, not the least of which is the blurring of the line between employees’ personal and professional lives.

A. Use of Social Media in Recruiting and Hiring. In a recent survey 56 percent of employers responded “Yes” when asked if they utilize social media for recruiting employees. However, only 42 percent responded that their company had a formal social media policy in place, and only 10 percent of those same employers responded that they have been formally trained on how to use social media in recruiting. See http://manpowerblogs.com/toth/2012/03/23/social-media-recruiting-whos-on-what. While it is always desirable to make hiring decisions based on the most relevant and useful information available, employers should exercise discretion in whether and how they utilize social media in recruiting and hiring.

1. Use of Social Media to Recruit Candidates. The reality is that more and more potential candidates are using the internet and social media to look for open positions, to research com-pany information on potential employers, and to post resumes, job search, and other career experience information that they know will be viewed by potential employers. Thus, progressive employers can utilize social media to post information about open positions, career opportuni-ties, benefits, and general company information, as well as other information designed to inform and lure the best candidates. Many companies now have their own LinkedIn accounts, Facebook pages, and Twitter sites through which they can share information about their company.

Employers should also expect that increasing numbers of potential candidates are visiting those social media sites to research and learn about potential jobs, research the company, and make decisions about whether they want to work there. Informative, targeted, and clever use of social media by employers can assist in reaching more and attracting better candidates.

In the latest generation of social media recruiting/job seeking, sites like the “online social job so-lution” and TweetMyJobs.com integrate with social media profiles to allow employers to post job openings and to distribute those job openings to potential candidates who are matched based on their social media profiles. TweetMyJobs interfaces with Facebook, Twitter, LinkedIn and major job search engines to provide this information.

2. Use of Social Media to Gather Information About and Screen Applicants. Largely gone are the days of walk-in applicants completing paper applications and sitting down for a face-to-face interview. While the temptation is to gather as much information as you possibly can about each job candidate, the reality is that the internet and social media make information (some reli-able, some not) so accessible that employers must make decisions about how much information they really want on candidates, how they should go about getting it, and how they should avoid getting information they really should not have or simply do not want.

Chapter Four


Some positives of utilizing social media to gather information on candidates may include:

• Allowing the employer to verify the application and resume information provided;

• Enabling the employer to make better, more informed hiring decisions by providing more information about the candidate;

• Possible revelation of areas of concern about the applicant’s judgment and/or potential for negatively impacting the company’s image/brand;

• Possible reduction of risks of negligent hiring lawsuits; and

• Reduced costs by hiring the best employees up front.

Some negatives or potential pitfalls of utilizing social media to gather information on candidates may include:

• Social media information is not always reliable;

• It may reveal characteristics or protected status upon which you may not lawfully make employment decisions, and thus, you are better off not knowing at that time (e.g., age, race, national origin, disability, genetic information, sex/sexual orientation, pregnancy, religion, union or other protected activities, etc.); and

• Violating your own policy by accessing improper social media sites.

The risks of using social media in connection with hiring decisions is demonstrated in Gaskell v. Univ. of Kentucky, 2010 WL 4867630, at *9 (E.D. Ky. Nov. 23, 2010), which the plaintiff claimed the University refused to hire him for the position of founding director of an astronomical observatory because of his religion in violation of Title VII. The plaintiff was the leading candidate for the posi-ton until members of the hiring committee discovered a paper on his personal website entitled Modern Astronomy, the Bible, and Creation. Subsequently, members of the committee discussed the “scientific integrity” of the paper with members of the biology department, which expressed concern about his “creationist” views. The chair of the search committee complained in an e-mail that the plaintiff was being denied the job because of his religion and stated that “no objective observer could possibly believe the decision was based on any reason other than religion.” Id. at *8. The court held that these statements, if true, were direct evidence of discrimination. The court also found other evidence that the plaintiff’s religious beliefs played a role in the decision to reject him for the position. Thus, the court denied the employer’s motion for summary judgment. In this case, the information regarding the plaintiff’s religious beliefs most likely would not have surfaced had a member of the search committee not accessed the plaintiff’s personal website. Reviewing a candidate’s social media page presents similar risks.

Employers who choose to use social media to gather information on or screen applicants should (a) create a standardized procedure for HR personnel to follow; (b) apply that procedure consis-tently; (c) document decisions made based on legitimate concerns uncovered via social media; (d) use social networking sites as late in the hiring process as possible; and (e) have a non-decision maker conduct the search and instruct him or her to report only limited, nonprotected information.

B. Monitoring and Regulating Employees’ Social Media Activities. Like other electronic infor-mation systems that employees may use at or in conjunction with their work, employers must de-termine how to deal with social media use at the workplace and by its employees outside the work-place. Although the technology is new, generally speaking, employers may often simply apply their existing policies, procedures and work rules when dealing with social media.

1. Legitimate Reasons to Monitor or Regulate. With respect to monitoring social media ac-tivities of employees, some reasons an employer may want to monitor or regulate such ac-tivities include increasing productivity, efficiency and performance; reducing drains on company IT systems; identifying leave of absence abuse (e.g., employee on Family and Medical Leave

Chapter Four


Act (FMLA) leave acting inconsistently with medical restrictions, moonlighting, posting vacation photos etc.); monitoring company image or brand; ensuring compliance with fair trade, advertis-ing laws and regulations; identifying/investigating claims of harassment or discrimination; and monitoring compliance with confidentiality and noncompetition agreements. See, e.g. Amway Global v. Woodward, 744 F. Supp. 2d 657 (E.D. Mich. 2010) (enforcing arbitration award against an ex-employee for breach of a nonsolicitation agreement through blog postings; deferring to the arbitrator’s conclusion that the employee engaged in mass solicitation by posting his reasons for joining a competitor on a blog with 100,000 viewers).

2. Legal Implications of Monitoring or Regulating Social Media Use. Courts have begun to grapple with the ways in which the legal statutes and principles discussed above relating to monitoring (e.g., the Electronic Communications Privacy Act (ECPA), Stored Communications Act (SCA), Wiretap Act, invasion of privacy claims and Fourth Amendment claims) apply to use of social media.

a. SCA. In Ehling v. Monmouth-Ocean Hosp. Serv. Corp., 961 F. Supp. 2d 659 (D.N.J. 2013), a federal trial court in New Jersey held that Facebook wall posts that are configured to be private are covered by the SCA. The SCA protects against unauthorized access to stored electronic communications and records. See 18 U.S.C. §§ 2701-2711. The court held that such posts are; (1) electronic communications; (2) transmitted via an electronic communication service; (3) in storage; and (4) if configured to be private, not accessible to the general public. The court noted that unlike e-mail, Facebook wall posts are not held somewhere temporarily before they are delivered; rather, the website itself is the final destination. However, because Facebook stores posts for backup purposes, the court found that they are in electronic stor-age for the purposes of the SCA. The court also held that when users make their Facebook posts private, the wall posts “are configured to be private” for the purposes of the SCA. In this case, however, the court held that the employer was not liable because the inappropriate Facebook post was shown to management by an employee who was a Facebook “friend” of the plaintiff. Since the person who accessed the post was an authorized user who shared the post voluntarily and without coercion from management, the court held that authorized user exception applied to this case.

While “authorized user immunity” may shield employers from liability where express or implied consent is given to access social media, civil and criminal penalties are available against employers who gain unauthorized access to employees’ personal electronic com-munications and data. In Pure Power Boot Camp v. Warrior Fitness Boot Camp, LLC, 587 F.Supp.2d 548 (S.D.N.Y. 2008), summary judgment granted in part, denied in part, 759 F. Supp. 2d 417(S.D.N.Y. 2010), judgment entered, 813 F. Supp. 2d 489 (S.D.N.Y. 2012), an employer maintained a broad computer use policy stating that: (1) employees had no right of personal privacy in any matter stored in or created on the company’s system, inclusive of personal e-mail accounts accessed on the company’s system; and (2) that computer usage was subject to monitoring without additional notice. The employer accessed the employee’s personal Hotmail account by using the password the employee had saved on his company computer, which was stored on the employer-owned hard drive. The employer also accessed the employee’s Gmail and another e-mail account through information it obtained from the Hotmail account. The court held that the employer’s actions violated the SCA, reasoning that, “If [an employee] had left a key to his house on the front desk at [his workplace] one could not reasonably argue that he was giving consent to whoever found the key to use it to enter his house and rummage through his belongings.” Id. at 561. The court held that if the employer only read information available to it on its own system, it would not have violated the SCA. But, by going further into the actual Gmail and Hotmail accounts, the employer committed a violation. Employers thus must be careful about accessing employee private areas of social media sites, such as Facebook, even if the employee’s password is saved on the employer’s system. See also Rodriguez v. Widener Univ., 2013 WL 3009736 (E.D. Pa. June 17, 2013) (de-

Chapter Four


nying motion to dismiss former employee’s ECPA and SCA claims against former employer based on improper access of the former employee’s Facebook images; it was not clear how the former employer gained access to the images and the court was unwilling to hold as a matter of law that Facebook images are generally available to the public).

b. Nondiscrimination/Harassment Statutes. Although employers should be cautious about attempting to regulate employee’s off-duty or non-work-related social media activities, dis-crimination and harassment that occurs via social media must be prohibited and promptly addressed. Recently, a California Court of Appeals issued an opinion discussing how em-ployers should respond to reports of employee harassment which occur via social media. In Espinoza v. County of Orange, 2012 WL 420149 (Feb. 9, 2012) (unpublished opinion) the Orange County Probation Department (“employer”) was sued for disability harassment by an employee who was born without fingers on his right hand. The employee alleged that he was harassed both in the workplace and via blog posts by employees made on personal, non-work-related blogs. Some of the blog posts referred to the employee’s hand as a “claw,” called him a “rat,” and contained threats of physical harm. Upon receiving the complaint, the employer discovered many employees were accessing the blog from the employer’s comput-ers using generic login passwords. The employer then blocked employee access to the blogs through the use of generic user names and passwords. However, it did not attempt to block access to the blogs through the use of personal passwords.

The employer argued that since the employee voluntarily viewed the blog postings and since the alleged “blogging” misconduct did not occur in the workplace, no liability should attach. However, the court found that “[e]valuating the blog postings and the acts in the workplace as would a reasonable person in plaintiff’s position, the evidence established sufficient ha-rassing and threatening comments and conduct to satisfy the severe or pervasive test.” Id. at *10. Additionally, the court rejected the employer’s argument that it was not liable because it maintained a written anti-harassment policy and blocked access to the blog. The court held that “the blog continued for eight weeks after defendant began investigating … And, although it did block the generic logins, defendant did not block access of those using personal pass-words, which it had the ability to do.” Id. at *11. The court also found it significant that, even though several managers were informed about the harassment and potential harassers, the employer never interviewed anyone, including plaintiff and the individually named harassers. Id. Lastly, the court rejected the employer’s attempt to rely on a New Jersey Supreme Court decision, which held that employers are not required to monitor their employees’ private com-munications. See Blakey v. Continental Airlines, Inc., 164 N.J. 38 (2000). The court reasoned that Blakey merely established that employers must take effective measures to end co-worker harassment that occurs “in settings that are related to the workplace” when they know or have reason to know that such behavior is part of a pattern of harassment occurring in the work-place – which, it held, is what happened in Espinoza. Id. at *6.

c. National Labor Relations Act (NLRA). Section 7 of the NLRA protects the right of em-ployees to engage in “protected concerted activity” regardless of whether the employer is unionized. Thus, social media activities of employees that constitute “protected concerted activity” are protected by § 7, and it could be a violation of the NLRA to discipline or discharge an employee for comments in social media. The National Labor Relations Board (NLRB) has been extremely active in deciding cases alleging that employers have engaged in unfair labor practices by promulgating overly broad social media policies and/or disciplining or discharg-ing employees for social media activities that constituted protected concerted activities. Inter-estingly, most of the NLRB cases have involved nonunion workplaces.

Protected Concerted Activity. The NLRB General Counsel has issued two reports sum-marizing cases involving social media issues, which are available on the Board’s web site at http://www.nlrb.gov. According to a press release issued by the Board, the report underscores

Chapter Four


two points: (1) employer policies should not be so sweeping that they prohibit the kinds of activity protected by federal labor law, such as the discussion of wages or working conditions among employees; and (2) an employee’s comments on social media are generally not pro-tected if they are mere gripes not made in relation to group activity among employees. For more information on unfair labor practices, please see the NLRA’s Impact on the Workplace Chapter of the SourceBook.

The case law is quickly developing in this area so it is difficult to articulate hard and fast rules. However, the following analysis should assist employers when considering potential disci-pline or discharge based on social media activities:

First, the employer should ask the threshold question of whether the conduct impacts the workplace? If it is a matter of purely personal concern unrelated to the workplace, no action should be taken.

Second, is the employee using or posting on social media a supervisor? If so, supervisors do not have the same § 7 rights as nonsupervisory employees to engage in protected concerted activity. A supervisor’s posts, however, may have NLRB implications if they infringe upon em-ployees’ § 7 rights. (See the Surveillance discussion below.)

Third, is the communication “protected concerted activity” under the NLRA? “Protected” activ-ity includes concerns regarding, wages, terms or conditions of work, the work environment, or that is the result of a labor dispute. “Concerted” activity would encompass activity between two or more employees addressing the employer, two or more engaging in dialogue, a single employee inviting dialogue from other employees, and a single employee authorized to speak on behalf of other employees. In Hispanics United of Buffalo, Inc., 359 NLRB No. 37 (Dec. 14, 2012), the NLRB affirmed the decision of an ALJ, which held that a nonprofit organization unlawfully discharged five employees who had posted comments on Facebook in response to a co-worker’s complaint about their job performance. The Board held that “there should be no question that the activity engaged in by the five employees was concerted for the “purpose of mutual aid or protection” as required by Section 7.” Id. at *2. The Board also held that the actions of the five employees were concerted as defined by the relevant case law because they “were taking a first step towards taking group action to defend themselves against the ac-cusations they could reasonably believe [the co-worker] was going to make to management.” Id. The Board also found that the discussions were protected under the NLRA because it has “long held that § 7 protects employee discussions about their job performance,” which is what the Facebook comments addressed. See also Triple Play Sports Bar, 361 NLRB No. 31 (Aug. 22, 2014) (holding that an employer violated the NLRA by discharging two employees for their participation in a Facebook discussion in which they complained about perceived errors in the employer’s tax withholding calculations. One employee’s “like” of a wall post and another em-ployee’s use of a profane epithet toward the employer took place in the course of a discussion of their tax treatment, and were thus protected. The comments were not so disloyal, reckless, or maliciously untrue as to lose the Act’s protection.). In Laurus Technical Institute, 360 NLRB No. 133 (June 13, 2014), the Board adopted an Administrative Law Judge’s (ALJ’s) determi-nation that a college’s no gossiping policy and its termination of an employee for violating the policy violated the NLRA. The policy defined gossiping as: “1) Talking about a person’s personal life when they are not present; 2) Talking about a person’s professional life without his/her supervisor present; 3) Negative, or untrue, or disparaging comments or criticisms of another person or persons; 4) Creating, sharing, or repeating information that can injure a person’s credibility or reputation; 5) Creating, sharing, or repeating a rumor about another person; and 6) Creating, sharing or repeating a rumor that is overheard or hearsay.” The col-lege fired an employee for soliciting her co-workers to go work for a competitor. Subsequently, the college fired another employee for discussing the first employee’s discharge, in violation of the no gossiping policy. The ALJ held that the policy was “overly broad, ambiguous, and

Chapter Four


severely restricts employees from discussing or complaining about any terms and conditions of employment” and a violation of the NLRA. See also Design Technology Group, d/b/a/ Bet-tie Page Clothing, 361 NLRB No. 79 (Oct.31, 2014) (terminating employees for Facebook posts complaining about and disparaging a supervisor and criticizing the employer’s lack of response to their complaints about the supervisor violated the Act because engaging in pro-tected concerted activity and their Facebook complaints “were complaints among employees about the conduct of their supervisor as it related to their terms and conditions of employ-ment”) (affirming ALJ’s decision for the reasons stated in the Board’s earlier decision, which was vacated in accordance with NLRB v. Noel Canning, 134 S. Ct. 2550 (2014)).

However, in Karl Knauz Motors, Inc., 358 NLRB No. 164 (N.L.R.B. Sept. 28, 2012), the Board upheld the termination of an employee whose Facebook posts mocked an accident on his employer’s property. The case was tried before an ALJ, who held that the plaintiff was fired because of his offensive, unprotected accident-related Facebook postings. The Board unani-mously adopted the ALJ’s conclusion that the plaintiff was lawfully terminated for his offensive Facebook postings. The ALJ had also held that sarcastic Facebook comments made by the plaintiff concerning a sales event the employer hosted were protected under § 7. The Board did not rule on this issue.

Fourth, even if social media activity is “protected concerted activity,” is the conduct: (1) so opprobrious or egregious that it renders the employee “unfit” for further service to employer (e.g., maliciously defamatory); or (2) so disloyal that it is no longer entitled to protection? If so, it loses its § 7 protection and discipline can be imposed. See Endicott Interconnect Tech. v. NLRB, 453 F.3d 532 (D.C. Cir. 2006) (reversing NLRB determination that employee engaged in protected activity when he posted a disparaging message about employer in a chat-room sponsored by a local newspaper; communication was so disloyal that it was not protected and employee was lawfully discharged).

Fifth and similarly, even if otherwise protected, does the social media activity violate or impli-cate another policy, law, or contract such as the employer’s policies relating to nondiscrimina-tion/harassment, workplace violence, disclosure of trade secrets or confidential information, computer usage, code of conduct, confidentiality, or trade secrets? If so, and assuming the policies are not overbroad, the employer can argue that it would have discharged the em-ployee even in the absence of the protected behavior and discipline may be imposed.

Employers should review their policies to ensure they are not overly broad, as the NLRB has found several policies unlawfully overbroad when applied to social media. The following analysis is used by the Board in ruling on policies: (1) Does the policy explicitly restrict § 7 protected concerted activities? (2) If the policy does not explicitly restrict such activities, then (a) would employees reasonably construe the language to prohibit § 7 activity? (b) was the rule promulgated in response to union activity? or (c) has the rule been applied to restrict the exercise of § 7 rights? Lutheran Heritage Village-Livonia, 343 NLRB 646, 647 (2004).

For example, in In re American Medical Response of Connecticut, Inc., Case No. 34-CA-12576 (filed October 27, 2010) the NLRB alleged that the company’s social media policy, which, among other things, prohibited employees from “making disparaging, discriminatory or defamatory comments when discussing the Company or the employee’s superiors, co-workers and/or competitors” was overly broad and interfered with employees’ exercise of their right to engage in protected concerted activity under the NLRA. The parties settled the charge shortly before the scheduled Board hearing. Although the full terms of the settlement were not disclosed, in a press release issued February 7, 2011 the NLRB stated that the employer has agreed “to revise its overly-broad rules to ensure that they do not improperly restrict employ-ees from discussing their wages, hours and working conditions with co-workers and others while not at work, and that they would not discipline or discharge employees for engaging in such discussions.” Any policy that the Board reasonably believes could be construed by

Chapter Four


employees to infringe their § 7 rights will be held overbroad.

Sixth, what discipline, if any, is appropriate and consistent with prior precedent for the same type of behavior outside the social media context? Finally, consider whether any policy revi-sion or clarification may be appropriate.

Surveillance. Guidelines for employer conduct prohibited by § 8 of the NLRA, such as sur-veillance of employees’ union organizing efforts, apply equally in the context of social media. An employer is free to observe employees participating in union or other protected concerted activities when those employees are doing so openly and in public. But it is an unfair labor practice when an employer engages in surveillance of union or organizing activity, or when it creates the “impression of surveillance.” In Magna Int’l Inc., 2001 WL 1603861 (N.L.R.B. March 9, 2001), after viewing a photo of an employee organizing committee posted on a union’s public website, a supervisor told an employee that he “liked her picture.” While visiting the public area of the website and viewing open union activity was not unlawful surveillance, the supervisor’s comment to the employee conveyed the impression that he was keeping track of her union activities and thus created an unlawful impression of surveillance. Id. The same principles apply to visits to employee or union blogs, Facebook pages, and other social media sites.

d. First Amendment. The Fourth Circuit has held that a sheriff may have violated the First Amendment when he fired two employees for liking an opposing candidate’s Facebook page. “Once one understands the nature of what Carter did by liking the Campaign Page, it be-comes apparent that his conduct qualifies as speech. On the most basic level, clicking on the ‘like’ button literally causes to be published the statement that the User ‘likes’ something, which is itself a substantive statement.” Bland v. Roberts, 730 F.3d 368 (4th Cir. 2013), as amended Sep. 23, 2013.

However, in Shepherd v. McGee, 986 F. Supp. 2d 1211 (D. Or. 2013), the court held that Face-book comments by a child protective services caseworker that disparaged clients and irrepa-rably impaired her workplace effectiveness, her credibility, and her impartiality as a witness provided a legitimate basis for her termination that outweighed her First Amendment rights. The court noted that the Plaintiff’s comments did not strike at the heart or core of the First Amendment given her own characterization of them as “humorous and ironic” and “joke[s].” Id. at 1221. As such they were on the periphery of First Amendment protection because they were banter rather than speech intended to help the public actually evaluate the performance of a public agency. Id. The court further held that assuming the posts were entitled to First Amendment protection, they were not distributed to the public or the media but were target-ing a smaller audience and were not at the core of First Amendment protection. Id. at 1222. Accordingly, the government had more deference in determining whether the speech at issue interfered with its operations or with the employee’s ability to effectively perform her duties. The court held, “when weighing the respective interests in this case, the balance unquestion-ably tips in favor of DHS.” Id. See also Gresham v. City of Atlanta, 542 F. App’x 817 (11th Cir. 2013) (affirming summary judgment on plaintiff’s claim she was retaliated against in violation of the First Amendment because of comments she made on her Facebook page criticizing another officer; the court held that the legitimate interest of the employer (the Atlanta police department) in maintaining discipline and good working relationships amongst its employees outweighed the plaintiff’s interest in venting her frustration with her superiors).

e. State Laws. Some states have enacted laws prohibiting employers from requesting so-cial media passwords from applicants or employees or otherwise demanding access to em-ployees’ social media accounts. For example, New Jersey’s law prohibits discrimination and retaliation against individuals who refuse to provide or disclose their user name, password or otherwise provide access to a personal account on a social networking site. The law applies to all employers regardless of size (other than the Department of Corrections, State Parole

Chapter Four


Board, county corrections department or any state or local law enforcement agency). The laws applies only to employees’ personal social networking accounts, defined as those used by a current or prospective employee exclusively for personal communications unrelated to any business purpose of the employer. It does not apply to any account, service or profile an employee maintains or accesses for the employer’s business purposes or to engage in busi-ness-related communications. Illinois has amended its Right to Privacy in the Workplace Act to permit employers to access information regarding professional social media accounts. A professional social media account is defined as one “created, maintained, used, or accessed by a current or prospective employee for business purposes of the employer.” The law still limits employers’ access to employees’ personal social media accounts. A personal account is “an account, service, or profile on a social networking website that is used by a current or prospective employee exclusively for personal communications unrelated to any business purposes of the employer.” California law prohibits employers from asking employees or job applicants to disclose any information related to their personal social media accounts, which includes an employee’s e-mail account and text messages. The law also prohibits employ-ers from retaliating against anyone who refuses to provide such information. However, the law provides an exception where the employer reasonably believes that the employee has engaged in misconduct or has violated the law, and the social media information is used solely for the purpose of an investigation. Cal. Lab. Code § 980. Tennessee recently passed the Employee Online Privacy Act of 2014, which prohibits an employer from: 1) requesting or requiring an employee or applicant to disclose a password to his or her “personal internet account”; (2) compelling an employee or applicant to add the employer to his or her list of contacts associated with the account; (3) compelling the employee or applicant to access the account in the employer’s presence in a way that would allow the employer to review the contents of the account; or (4) taking any adverse employment action against an employee or refusing to hire an applicant for failing to disclose information requested in violation of the Act. The Act broadly defines “personal internet account” to include “an online account that is used by an employee or applicant exclusively for personal communications unrelated to any business purpose of the employer” which includes “any electronic medium or service where users may create, share, or view content.” The Act also has several exceptions. For instance, the Act does not prohibit employers from conducting investigations of a personal internet ac-count or requiring an employee to cooperate in an investigation if: (1) the employee’s account contains specific information related to the employer’s compliance with certain regulations or to any work-related employee misconduct; or (2) the employer has specific information that the employee is using the personal internet account for the unauthorized transfer of the employer’s proprietary, confidential, or financial information. Another important exception al-lows employers to require employees to disclose a username and/or password required to gain access to a computer, laptop, cell phone, or other electronic communications device paid for wholly or in part by the employer, or an account or service provided by the employer as part of the employment relationship or used for the employer’s business purposes. There are several additional exceptions, which are all generally geared to ensuring that employers can continue to monitor employee use of company-owned electronic communication devices to ensure employees are not accessing improper websites and to allow employers to remain in compliance with applicable law. Other states that have enacted social media laws include Arkansas, Maryland, Michigan, New Mexico, Utah and Washington.

C. Suggestions for Social Networking Policies. Generally, the implementation of a social net-working policy should be a team effort that includes various departments such as Human Re-sources; IT/IS, Marketing and internal social media users. The team should determine what view the company will take of employees’ use of social networking media – total ban? Some tolerance for personal use? General curbs on business-related content? Recognize a business need? Embrace? The team should also determine what will be included in the term “social media” – business net-

Chapter Four


working sites vs. social (personal) networking sites; blogging sites; photo sharing sites; or business contact sites. The team should also assess the impact on other policies and agreements such as restrictive covenants and computer usage policies.

Although all policies must take into consideration an employer’s specific needs, employers need to be wary of these common pitfalls in social networking policies which have been found to violate the NLRA and infringe on § 7 rights:

• Do not broadly prohibit employees from “[m]aking disparaging comments about the company through any media, including online blogs, other electronic media or through the media.” Use examples to clarify exactly what kinds of behaviors you are prohibiting – e.g. harassing and discriminatory comments; defamatory comments in violation of state law.

• Do not broadly prohibit the use of company logos. Employees have a § 7 right to use their em-ployer’s name or logo in conjunction with protected concerted activity. Employer may, however, prohibit the use of company logos and trademarks for commercial purposes.

• Do not broadly prohibit disclosure of confidential or proprietary information, as this can include information regarding the terms and conditions of employees’ employment. Use examples of exactly what kinds of information employees are prohibited from disclosing, such as trade se-crets, client lists, new product information, stock information, merger information, etc.

• Some other common mistakes include stating:

• “You should never share confidential information with another team member unless they have a need to know the information to do their job.”

• All posts must be “completely accurate, not misleading and not reveal nonpublic information.”

• “Contact legal if you do not know if something should be posted.”

• “Do not reveal personal information about other employees.”

Lastly, while it will not render a facially overbroad policy lawful, employers are encouraged to include a saving clause in their social networking policies, such as, “[The] Social Media Policy will be ad-ministered in compliance with applicable laws and regulations (including § 7 of the National Labor Relations Act).”

D. Discovery of Employees’ Social Networking Sites. In EEOC v. Simply Storage Mgmt., 270 F.R.D. 430, (S.D. Ill. May 11, 2010), the court held that certain communications and images from a sexual harassment plaintiff’s social networking sites (MySpace and Facebook) were relevant to her claims of emotional distress based on the alleged harassment and, accordingly, were discover-able. Additionally, in Romano v. Steelcase, Inc., 907 N.Y.S.2d 650 (N.Y. Sup. Ct. 2010), in a nonem-ployment case, a New York court held that the defendant was entitled in discovery to access the plaintiff’s current and historical Facebook and MySpace pages and accounts, including previously deleted information, on the basis that information to be found there could prove to be inconsistent with her claims of injuries and loss of enjoyment of life. Although discovery issues are decided on a case-by-case basis, as this decision indicates, there could be situations in which the discovery of a plaintiff’s personal web site, Facebook page, or other social networking sites could be appropriate.

II. RETENTION, STORAGE, AND PRODUCTION OF ELECTRONICALLY STORED INFORMATION (ESI)A. Retention of E-Mails and Other ESI as Business Records. With the passage of the 2006 amendments to the Federal Rules of Civil Procedure pertaining to ESI, definitive policies regarding the retention, storage and destruction of business information are more critical than ever to avoid costly sanctions in the event of litigation. A duty of preservation of business information arises from the common law and has been confirmed by case law. See, e.g., Zubulake v. UBS Warburg, LLC,

Chapter Four


220 F.R.D. 212, 220 (S.D.N.Y. 2003), where the court identified specific steps of preservation that are anticipated such as imposing a litigation-hold on the company’s document retention policy, questioning whether to take possession of back-up tapes, notifying “key players” of the need for preserving documents and the responsibility to continue to preserve relevant documents, and a periodic reminder to all employees to preserve relevant documents. See also In re Pfizer Inc. Sec. Litig., 288 F.R.D. 297, 313 (S.D.N.Y. 2013) (“Evidence that must be preserved includes documents, electronically stored information, and physical evidence that the party knows or reasonably should know is relevant to claims or defenses in the action, is reasonably calculated to lead to the discovery of admissible evidence, or is reasonably likely to be requested during discovery.”).

The failure to fulfill the duty of preservation can and has resulted in serious sanctions available under FRCP, Rule 37 and under the inherent power of the court to manage the litigation. Sanctions have been assessed for large amounts of money, some in the millions of dollars, to dismissal of claims or defenses.

B. Document Retention and Destruction Policy. All employers should have a written document retention and destruction policy that has been formulated with the input of the operations, human resources, IT, and legal departments. The policy should outline what ESI should be retained for ordinary business purposes, how long it should be retained, when and how ESI is deleted in the ordinary course of business, what ESI should be retained for disaster back-up purposes and for how long, and how normal deletion processes can be suspended in the event litigation is reason-ably anticipated.

C. Production of ESI in Litigation Discovery.

1. ESI Is Discoverable and May be Admissible. ESI generally is discoverable during litigation. See, e.g., Zubulake v. UBS Warburg, LLC, 2003 WL 21087884 (S.D.N.Y. May 13, 2003) (“elec-tronic documents are no less subject to disclosure than paper records”). Unfortunately, many employees are not as careful with electronic communications such as e-mails and instant mes-sages (IMs) as they would be with more formal types of written communications. The result is that e-mails the sender may have thought were deleted may be produced during discovery and may be admissible against the employer at trial.

The determination of whether ESI is admissible depends on several factors. Like other types of evidence, ESI must be relevant (i.e., have a tendency to make some fact of consequence to the litigation more or less probable than it otherwise would be); authentic (that it is what it purports to be); and, if offered for its substantive truth, not hearsay (or covered by an applicable hearsay exception). ESI must also be an original or acceptable duplicate (i.e., “best evidence”) or meet an exception (Federal Rules of Evidence 1001 through 1008). Additionally, its probative value must outweigh any unfair prejudice (Federal Rule of Evidence 403). The court’s decision in Lorraine v. Markel Am. Ins. Co., 241 F.R.D. 534 (D. Md. 2007) contains a thorough analysis of the admissibil-ity of ESI. According to the court,

[C]onsidering the significant costs associated with discovery of ESI, it makes little sense to go to all the bother and expense to get electronic information only to have it excluded from evidence or rejected from consideration during summary judgment because the proponent cannot lay a sufficient foundation to get it admitted. The process is complicated by the fact that ESI comes in multiple evidentiary “flavors,” including e-mail, Web site ESI, internet postings, digital photographs, and computer-generated documents and data files.

In Lorraine, the parties were unable to supply the evidentiary foundation needed for the court to rely upon various e-mails and other ESI offered in support of and in opposition to an arbitrator’s award.

2. Federal Rules of Civil Procedure Regarding Discovery of ESI. Amendments to the Fed-eral Rules of Civil Procedure relating to e-discovery were effective December 1, 2006.

Chapter Four


a. Rules 16 and 26 – Parties Must Give Early Attention to Electronic Discovery Issues. Rules 16 and Rule 26 require early attention to electronic discovery issues. Rule 16 provides that scheduling orders may include provisions for discovery of ESI and any agreements the parties reach for asserting claims of privilege or of protection as trial preparation material after production. Rule 26(a) includes ESI in the category of documents that must be disclosed to the opposing party without a request.

Rule 26(f), which requires the parties to have a planning conference to discuss the case, the possibility of settlement and to develop a discovery plan, requires the parties to discuss the preservation of discoverable ESI. Under the rule, the parties must specifically address, among other things, any issue relating to the discovery or disclosure of ESI, including the form in which it should be produced. The focus in Rule 26(f) on ESI gives the parties the chance, early in the litigation, to discuss the parties’ information systems and develop a dis-covery plan that takes into account the capabilities of those systems.

The provision directing the parties to address the form in which ESI will be produced coin-cides with Rule 34(b), which was amended to permit the requesting party to specify the form or forms in which it wants electronically stored information produced. If the requesting party does not specify a form, Rule 34(b) directs the responding party to state the form it intends to use in the production. In Cenveo Corp.v. Southern Graphic Sys., 2009 WL 4042898 (D. Minn. Nov. 18, 2009), the court held that the production of documents in PDF format was not re-sponsive to a document request for documents in “native format.” The court held that the term “native format” is unambiguous, thus the requesting party was not required to define it. The producing party failed to object to producing documents in their native format, and failed to state the form of production, but instead unilaterally produced the documents in PDF format. Accordingly, the court ordered the party to produce the requested documents in their native format. Subsequently, the court ordered sanctions of $100,000 against Southern Graphics for spoliation of evidence. Cenveo Corp. v. Southern Graphic Systems, Inc. 2010 WL 3893680 (D.Minn., Jun. 18, 2010), adopted Cenveo Corp. v. Southern Graphic Systems, Inc., 2010 WL 3893709 (D.Minn., Sep. 30, 2010).

b. Litigation Hold. In addition to addressing the form in which electronically stored informa-tion is produced, Rule 26(f) also instructs the parties to discuss the preservation of ESI. The preservation of ESI is essential, especially in light of automated backup systems that auto-matically overwrite information on a regular basis.

This means that the employer and employment counsel need to meet early in the case to discuss the role of ESI in the dispute, where ESI is located in the client’s computer system, and specifically the location of ESI relating to key players in the litigation, including any data on laptops, handheld communication devices, and home computers used for work.

Employers should designate the IT personnel responsible for working with counsel on these issues and ensuring compliance with litigation hold instructions. The failure to timely institute written litigation holds and/or failure to engage in appropriate collection efforts after the duty to preserve arises may result in the imposition of sanctions. See, e.g.,Hawley v. Mphasis Corp., 302 F.R.D. 37, 46 (S.D.N.Y. 2014) (“an obligation to preserve evidence arises when a party ‘has notice that the evidence is relevant to litigation or when a party should have known that the evidence may be relevant to future litigation.’ … Even in the absence of a discovery order, a court may impose sanctions on a party for misconduct in discovery under its inherent power to manage its own affairs. … However, a court may not impose sanctions under its inherent power unless the party has “acted in bad faith, vexatiously, wantonly, or for oppressive rea-sons.”) (citations omitted).

In addition to IT, the litigation hold should be sent to all personnel who might have relevant ESI. The notice should provide personnel with the guidance necessary to meaningfully fulfill the directive and follow-up reporting procedures:

Chapter Four


• advise as to the nature of the potential litigation;

• include the relevant date range;

• provide contact information for a person who can answer questions concerning the hold;

• provide a date by which preservation objectives must be met; and

• require personnel targeted as potentially having relevant documents to report back their findings (i.e., when a search was conducted, what areas were searched, the means used, what was found and what measures were taken to preserve anything potentially relevant).

c. Rule 26(b)(2) – Addressing Discovery of Electronic Information that is not Reason-ably Accessible.

(1) Undue Burden or Cost. Under Rule 26(b)(2) “[a] party need not provide discovery of electronically stored information from sources that the party identifies as not reasonably accessible because of undue burden or cost. On a motion to compel discovery or for a protective order, the party from whom discovery is sought must show that the information is not reasonably accessible because of undue burden or cost. If that showing is made, the court may nonetheless order discovery from such sources if the requesting party shows good cause, considering the limitations of Rule 26(b)(2)(C).” Considerations for determin-ing whether the burden and cost of producing information that is not reasonably accessible are justified in the circumstances of the case include: (a) the specificity of the discovery request; (b) the quantity of information available from other and more easily accessed sources; (c) the failure to produce relevant information that seems likely to have existed but is no longer available on more easily accessed sources; (d) the likelihood of finding relevant, responsive information that cannot be obtained from other, more easily accessed sources; (e) predictions as to the importance and usefulness of the further information; (f) the importance of issue at stake in the litigation; and (g) the parties’ resources. “[A] discovery request may be denied if, after assessing the needs of the case, the amount in controversy, the parties’ resources, the importance of the issues at stake in the action, and the importance of the discovery in resolving the issues, the court finds that there exists a likelihood that the resulting benefits would be outweighed by the burden or expenses imposed as a consequence of the proposed discovery.” Conn. General Life Ins. Co. v. Earl Scheib, Inc., 2013 WL 485846 at *2 (S.D. Cal. Feb. 6, 2013) (citing Takacs v. Union County, 2009 WL 3048471, 1 (D.N.J. 2009)). “The purpose of this rule of proportionality is to guard against redundant or disproportionate discovery by giving the court authority to reduce the amount of discovery that may be directed to matters that are otherwise proper subjects of inquiry.” Id. In Scheib, the court granted the defendant’s motion for protective order after the defendant presented evidence that the expense of producing e-mail from 19 different accounts in response to the plaintiff’s request for production outweighed the amount at issue in the case. The court held that the expense associated with responding to the dis-covery was too great when weighed against what was at stake in the litigation.

(2) When is Cost-Shifting Appropriate? Before the implementation of the amended Rules of Civil Procedure, courts varied with regard to how to address the costs of produc-ing information that is not reasonably accessible. In Zubulake v. UBS Warburg LLC, 216 F.R.D. 280 (S.D.N.Y. 2003), the court noted that under the Federal Rules of Civil Procedure (pre-revision), cost-shifting is appropriate only when inaccessible data is sought. But see Toshiba America Electronic Components, Inc. v. Superior Court of Santa Clara County, 21 Cal. Rptr. 3d 532, 537, 541 (Cal. 6th App. 2004) (holding that California law requires the party seeking production to bear this cost, which Toshiba estimated at between $1.5 and $1.9 million; although the California rule requires the requesting party to pay the cost of

Chapter Four


translating a data compilation into usable form, it is for the trial court to decide the reason-ableness and necessity of the cost).

In Zubulake, the court set forth a seven-factor test to be used to determine when cost-shifting is appropriate:

• The extent to which the request is specifically tailored to discover relevant informa-tion;

• The availability of such information from other sources;

• The total cost of production, compared to the amount in controversy;

• The total cost of production, compared to the resources available to each party;

• The relative ability of each party to control its costs and its incentive to do so;

• The importance of the issues at stake in the litigation; and

• The relative benefits to the parties of obtaining the information.

216 F.R.D. at 284.

Cost of Attorney Review: In Zubalake, the court held that the court held that the respond-ing party should always bear the cost of reviewing and producing electronic data once it has been converted into an accessible form. 216 F.R.D. 280, 290.

In Shevlin v. Phoenix Life Ins. Co., 2012 WL 1981793 (D.N.J. June 1, 2012), the court vacated a magistrate’s order shifting the cost of production of ESI, including the cost of attorney review, to the plaintiffs. In that case, the estimated cost of searching, retrieving and processing the ESI was approximately $14,750, while the estimated cost to review the documents for responsiveness and privilege was between $250,000 and $300,000. The district court noted that the Third Circuit had not yet ruled on the issue of whether a court may shift the cost of attorney review of ESI from the producing parting to the requesting party. The court also noted that “other courts are split on the issue. Compare In re Aspar-tame Antitrust Litig., 817 F. Supp. 2d 608, 615 (E.D. Pa. 2011) (awarding post-trial costs and finding that ‘[b]ecause a privilege screen is simply a keyword search for potentially privileged documents, we award that cost as well’) and Peskoff v. Faber, 251 F.R.D. 59, 61 (D.D.C. 2008) (noting that the Court ‘has the discretion … to shift all or part of the costs of production to the requesting party’) with Major Tours, Inc. v. Colorel, 2009 WL 3446761 at *6 (D.N.J. Oct. 20, 2009), aff’d on other grounds, 720 F. Supp. 2d 587 (D.N.J. 2010), recon-sideration denied 2010 WL 3906350 (Sept. 29, 2010) (‘The Court will not Order plaintiffs to share the cost of defendants’ privilege and relevancy review … Fairness dictates that de-fendants pay this cost.’) and Zubulake v. UBS Warburg LLC, 216 F.R.D. 280, 290 (S.D.N.Y. 2003) (‘the responding party should always bear the cost of reviewing and producing elec-tronic data once it has been converted to an accessible form.’).” Id. at *2. The district court vacated the magistrate’s order and directed him to more fully announce the findings of fact and conclusions of law that support the decision to shift the cost of attorney review of ESI from the producing party. Id. at *3.

Note that under Rule 26(b)(2)(B), a party cannot produce inaccessible ESI and then seek reimbursement for the cost of production. See Cason-Merenda v. Detroit Medical Center, 2008 WL 2714239 (E.D. Mich. July 7, 2008) (refusing to order requesting party to bear 50 percent of the cost of production of allegedly inaccessible ESI where producing party never identified the ESI as inaccessible or filed a motion for protective order).

d. Procedure for Assertion of Privilege After Production. The potentially large volume of electronic data means it will be difficult if not impossible to conduct a page-by-page privilege or confidentiality review, as would be conducted on paper documents. Thus, there is an in-creased likelihood of inadvertent production of privileged information in the production of ESI.

Chapter Four


Federal Rules of Civil Procedure 16 and 26, as well as Federal Rule of Evidence 502 address this issue. Rule 16 provides that the court may include in the scheduling order any agreement the parties reach for asserting claims of privilege or protection as trial-preparation material after production. Thus, the parties could reach agreements such as “claw back” agreements, where the parties agree that production without intent to waive privilege or protection is not a waiver as long as the responding party identifies the documents mistakenly produced. The documents should be returned under these circumstances.

Rule 26(b)(5)(B) sets forth a specific procedure to be followed in the event of inadvertent production:

If information is produced in discovery that is subject to a claim of privilege or protection as trial-preparation material, the party making the claim may notify any party that received the information of the claim and the basis for it. After being noti-fied, a party must promptly return, sequester, or destroy the specified information and any copies it has and may not use or disclose the information until the claim is resolved. A receiving party may promptly present the information to the court under seal for a determination of the claim. If the receiving party disclosed the informa-tion before being notified, it must take reasonable steps to retrieve it. The producing party must preserve the information until the claim is resolved.

Federal Rule of Evidence 502, which took effect September 2008, was meant to ease fears that companies could accidentally waive attorney-client or work-product protections when they turn over reams of electronic data during litigation. The rule imposes uniform federal standards regarding such waivers. Subsection (a) deals with intentional waivers of otherwise protected materials “in a Federal proceeding or to a Federal office or agency.” Waivers extend to undisclosed materials if the waiver was intentional, what was disclosed and undisclosed concern the same subject matter, and the materials “ought in fairness” be considered to-gether. Subsection (b) deals with inadvertent production of otherwise protected or privileged material in state or federal proceedings. It provides that there is no waiver if the disclosure was inadvertent, reasonable steps were taken to prevent disclosure, and reasonable steps were promptly taken to rectify the disclosure, including, if applicable, following Federal Rule of Civil Procedure 26(b)(5)(B). Note that Subsection (b) can operate independent of any party agreement.

Subsection (c) addresses disclosures in state proceedings. Assuming there is no controlling state order, inadvertent disclosure is not a waiver in a federal proceeding if the disclosure would not have been a waiver if it had been made in the federal proceeding and if the disclo-sure “is not a waiver under the law of the State where the disclosure occurred.”

Subsection (d) provides that, “[a] Federal court may order that the privilege or protection is not waived by disclosure connected with the litigation before the court – in which event the dis-closure is also not a waiver in any other Federal or State proceeding.” This provisions means that parties can enter into claw back and quick peek agreements, without fear that by doing so they will waive protection elsewhere.

Subsection (e) states that agreements between parties in federal proceedings bind only the parties. Subsection (f) states that Rule 502 is binding in diversity actions pending in federal courts “even if State law provides the rule of decision.” Subsection (f) also states that Rule 502 “applies in State proceedings and to Federal courts.” See also Rhoads Indus. Inc. v. Building Materials Corp. of America, 254 F.R.D. 216 (E.D. Pa. Nov. 14, 2008) (analyzing case under Federal Rule of Evidence 502, finding that party waived the privilege for electronic files which were not logged in accordance with Rule 26(b)(5)’s mandatory logging requirement; privilege was not waived for logged electronic files – the court found that the disclosure was inadvertent and, while the disclosing party’s steps to prevent disclosure and rectify error were

Chapter Four


not reasonable, the interests of justice nevertheless favored the disclosing party), clarified, Rhoads Indus. v. Bldg. Materials Corp. of Am., 254 F.R.D. 238 (E.D. Pa. 2008).

e. Rule 33(d) – Response to Interrogatories. Rule 33(d) permits parties to respond to interrogatories by producing business records. This rule has been amended to include ESI information in the category of business records that can be produced in response to an inter-rogatory.

f. Rule 34 – Production of Documents. This rule requires parties to produce documents and things and permit entry on land for inspection and other purposes and has been revised to include the production of ESI. The revised rule permits the requesting party to specify the form in which it wants the ESI produced. If the producing party objects to the specified form or if no form was specified, the producing party must state the form it intends to use when it responds to the document request. The rule also states that if a request does not specify the form or forms for producing ESI, the responding party must produce the information in the form or forms in which it is ordinarily maintained or in a form or forms that are reasonably useable. The comments to the revised rule note that the option to produce ESI in a reasonably usable form does not mean that the responding party can convert this information to a form that makes it more difficult or burdensome for the requesting party to use the information ef-ficiently in litigation. Further, a party need not produce the same ESI in more than one form.

The comments to the revised rule note that a request for the discovery of “documents” should be understood to encompass ESI unless discovery in the case has clearly distinguished between ESI and documents. The revised rule also makes it clear that parties may request an opportunity to test or sample materials sought under Rule 34, in addition to inspecting or copying them.

g. Rule 37 – Sanctions for Failure to Make Disclosures or Cooperate in Discovery. Rule 37 has been amended to provide that, absent exceptional circumstances, a court may not impose sanctions on a party for failing to preserve ESI lost as a result of routine, good-faith operation of an electronic information system. See Fed. R. Civ. P. 37(f) advisory committee note to 2006 amendment.

In Qualcomm Inc. v. Broadcom Corp., 2008 WL 66932 (S.D. Cal. Jan. 7, 2008), vacated in part on other grounds, 2008 WL 638108 (S.D. Cal. March 5, 2008), a federal district court in California awarded over $8 million in sanctions against the plaintiff in a patent infringement trial because the plaintiff failed to produce 46,000 relevant documents while producing 1.2 million marginally relevant documents. In determining that Qualcomm intentionally withheld documents, the court emphasized that the suppressed documents directly contradicted a key argument advanced by Qualcomm in pretrial motions and throughout trial and supported a defense asserted by Broadcom. Id. The Court also stressed the quantity of suppressed docu-ments, the ease with which Qualcomm ultimately was able to locate the documents, the sim-plicity and relevancy of the search terms and search locations that led to the discovery of the documents, and the lack of evidence indicating that Qualcomm had engaged in any mean-ingful oversight of its document production. Qualcomm Inc. v. Broadcom Corp., 2010 WL 1336937 (S.D. Cal. April 2, 2010) (noting that Qualcomm did not appeal the sanctions against it; overturning sanctions against responding attorneys). See also Victor Stanley Inc. v. Creative Pipe, Inc., 269 F.R.D. 497(D. Md. Sep. 9, 2010) (ordering that the individual defendant’s acts of spoliation be treated as contempt of court, and that, as a sanction, he be imprisoned for a pe-riod not to exceed two years, unless and until he paid the plaintiff’s attorneys’ fees and costs).

Additionally, in E.I. du Pont de Nemours and Company v. Kolon Industries, Inc., 2011 WL 1597528 (E.D. Va. April 27, 2011), a misappropriation of trade secrets case against a former employee, the employee claimed Du Pont’s alleged spoliation of evidence denied him access to evidence necessary for his defense. The court denied the former employee’s motion for

Chapter Four


sanctions because the court found that Du Pont “in good faith, took positive steps reason-ably calculated to ensure that information it reasonably believed was relevant at that time was preserved for litigation.” Id. at *49. In the same case, Du Pont later sought sanctions for spoliation of evidence against Kolon Industries. See E.I. du Pont de Nemours and Company v. Kolon Industries, Inc., 803 F. Supp. 2d 469 (E.D. Va. 2011). The court held that sanctions were appropriate because Kolon intentionally and in bad faith deleted files and e-mail after the company learned of the lawsuit. Accordingly, the court issued an adverse inference order informing the jury of Kolon’s deletion of electronic information and permitting the jury to infer that this information would help Du Pont and harm Kolon. The jury subsequently returned a $919 million verdict against Kolon.

h. Rule 45 – Subpoenas. Rule 45 covers the issuance of subpoenas for tangible things, including ESI. The rule was amended to recognize that ESI can be sought from nonparties by subpoena in much the same way that ESI can be sought under Rule 34 from parties and to include an inaccessibility provision similar to that in Rule 26(b)(2)(B). The revised rule pro-vides, among other things, that a person need not produce ESI from sources that the person identifies as not reasonably accessible because of undue burden or cost. On a motion to com-pel discovery or quash a subpoena, the person from whom discovery is sought must show that the information sought is not reasonably accessible because of undue burden or cost. If that showing is made, the court may still order discovery from such sources if the requesting person shows good cause, considering the limitations in Rule 26(b)(2)(C), which balance the costs and potential benefits of discovery.

3. Developing Policies and Procedures Relating to Electronic Discovery. Employers should make proactive efforts to prepare to respond to discovery requests for electronic documents be-fore receiving such requests. Some key policies that should be considered include:

a. Develop Document Retention and Electronic Communication Policies. The first step is to develop document retention and electronic communication policies. Employers should implement a consistent policy for deleting ESI, including old e-mails and instant messages, as long as it is consistent with any regulatory requirements for document retention and can be suspended in the event of litigation. Employers should ensure those who are responsible for responding to discovery requests are familiar with document retention and electronic com-munication policies. Employees should be made aware of these policies and reminded of them on a regular basis.

b. Understand Computer/Electronic Data Storage Processes. Employers should ensure that the individual(s) charged with complying with discovery requests in litigation understand how the company’s computer or electronic data storage processes work and how to imme-diately suspend any automatic deletion of electronic documents. These employees should identify the chain of command with regard to the storage and access of electronic data and should establish a contact person, preferably high in the chain of command, who will be noti-fied when discovery requests for electronic documents are received.

c. Develop Litigation Hold Plan. Most business computers automatically delete documents after a certain period of time. Even backup tapes may be erased as part of this automatic process. Employers should develop a plan for overriding this automatic deletion of documents when litigation is threatened or filed. Actual tests should be run to make sure the procedure for overriding automatic deletion works before there is litigation.

d. Review Archiving Technologies. Employers should review their company’s archiving technologies to ensure that electronically stored information can be recovered in the event of litigation, as well as serving backup and disaster recovery purposes.

e. Develop Notification Procedures. Companies should have a plan to notify employees of document preservation obligations and the imposition of a litigation-hold on information when

Chapter Four


litigation is pending or imminent. IT groups should understand that a delay in enacting the company’s preservation plan can result in deleted data (and possible claims of spoliation of evidence, with attendant imposition of sanctions, if the company utilizes an auto-delete mail function and it continues to operate). Employees must be trained on the notification plan and tests should be conducted with some regularity in order to assure effective functionality.

f. Address Inadvertent Storage Issues. Employers should determine whether data is be-ing stored inadvertently, such as on individual PCs or portable electronic devices such as smart phones, or backups from PCs and devices even after it has been deleted from corpo-rate archives.

g. Protect Confidentiality. Employers should develop a policy for identifying and labeling electronic communications and electronically stored information as confidential, privileged, or work-product, as appropriate. The policy should include provisions for storage of confidential or privileged communications to help protect confidentiality and limit access to these docu-ments.

III. OTHER ISSUESA. Risks of internal Computer Fraud. While large data breaches by professional hackers have captured the headlines lately, the unpleasant reality is employers may face a greater risk of data theft from employees than outside hackers. In a recent study conducted by Symantec, half of the employees surveyed stated that they transfer work to their home computers using personal e-mail accounts such as Google, which may be less secure than employer-provided e-mail. Others admit-ted to transferring work to cloud-sharing apps such as drop-box without permission and transferring data to their personal tablets or smartphone. Most concerning, however, is that half of the employ-ees who left or lost their jobs stated they took confidential information with them, and 40 percent stated they plan to use it in their next job. See Denise Deveau, Data threat as much an internal threat as it is external, Financial Post, Feb. 21, 2013, http://business.financialpost.com/2013/02/21/data-theft-as-much-an-internal-threat-as-it-is-external/. Additionally, the FBI’s website reports a number of recent cases of employee theft of trade secrets that resulted in criminal convictions. For example, Wen Chyu Liu, a retired research scientist, was sentenced in January 2012 to 60 months in prison, two years supervised release, a $25,000 fine and was ordered to forfeit $600,000. Liu was convicted in February 2011 of stealing trade secrets from his former employer and selling them to companies in China. http://www.fbi.gov/about-us/investigate/counterintelligence/the-insider-threat. Yuan Li, a former research chemist with a global pharmaceutical company, was sentenced to 18 months in prison after she pled guilty to stealing her employer’s trade secrets and making them available for sale through her own company. For over three years, Li accessed her company’s in-ternal database and downloaded information to her personal computer. Id. Kexue Huang was sen-tenced to 87 months in prison for theft of trade secrets and economic espionage after he delivered stolen trade secrets from two different U.S. employers to companies in Germany and China. The aggregated loss from the U.S. companies was between $7 million and $20 million. As discussed in the Data Privacy chapter, implementing strong security measure can help prevent some incidents of employee theft. Additionally, while the FBI will not become involved in most acts of employee theft or fraud, there are some state and federal laws that may provide some protection for employers.

1. Computer Fraud and Abuse Act. The Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, et seq., prohibits certain types of conduct relating to computers. Section 1030(a)(2) prohib-its obtaining, without authorization, information from private computers that are used in interstate commerce. Section 1030(a)(4) prohibits accessing a protected computer, without authorization, with the intent to defraud and obtain something of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any one-year period. The CFAA does not define authorization. There are two lines

Chapter Four


of cases interpreting the meaning of authorization under the CFAA. See, e.g., Guest-Tek Interac-tive Entm’t, Inc. v. Pullen, 665 F. Supp. 2d 42 (D. Mass. 2009) (discussing the split of authority interpreting the term “without authorization” under the CFA). Some courts have held that without authorization means conduct by outsiders who do not have permission to access the plaintiff’s computer in the first place. Other courts have held, however, that an employee accesses a com-puter “without authorization” for the purposes of the CFAA whenever the employee, without the employer’s knowledge, acquires an interest that is adverse to that of his employer or is guilty of a serious breach of loyalty.

a. Cases Finding Defendants Originally Authorized to Access Computer did not Act Without Authorization. In LVRC Holdings v. Brekka, 581 F.3d 1127(9th Cir. 2009), the Ninth Circuit held that the defendant did not violate the CFAA when he e-mailed work documents to his home computer, regardless of whether he did so to further his personal business in-terests rather than to further the interests of the employer. According to the court, when an employer authorizes an employee to use a company computer subject to certain limitations, the employee remains authorized to use the computer even if the employee violates those limitations. The court found that no language in the CFAA “supports LVRC’s argument that the authorization to use a computer ceases when an employee resolves to use the computer contrary to the employer’s interests.” Further, the court held that “nothing in the CFAA sug-gests that a defendant’s liability for accessing a computer without authorization turns on whether the defendant breached a state law duty of loyalty to an employer.” See also United States v. Nosal, 676 F.3d 854 (9th Cir. 2012) (rejecting the Government’s broad construction of the CFAA to include employees who exceed authorized access on their employer’s computer because it would improperly include employees who innocently engage in harmless, social pastimes at work. “Minds have wandered since the beginning of time and the computer gives employees new ways to procrastinate by g-chatting with friends, playing games, shopping or watching sports highlights.” The imposition of criminal liability on such employees would be improper.); WEC Carolina Energy Solutions LLC v. Miller, 687 F.3d 199 (4th Cir. 2012) (finding that two employees who downloaded their employer’s proprietary information and used it to obtain work for a competitor following their resignation did not access a computer without authorization or exceed their authorized access in violation of the CFAA even though their actions violated the employer’s policy prohibiting the downloading of proprietary and confidential information to a personal computer; the court acknowledged that its conclusion would likely disappoint employers hoping to reign in rogue employees but stated that it was unwilling “contravene Congress’s intent by transforming a statute meant to target hackers into a vehicle for imputing liability to workers who access computers or information in bad faith, or who disregard a use policy”); Dresser-Rand Co. v. Jones, 957 F. Supp. 2d 610 (E.D. Pa. 2013) (employees who accessed their work laptops and downloaded thousands of documents to external storage devices did not violate the CFAA because they were authorized to access their work computers and did not hack them; the court held that the fact that they subse-quently misused the files they downloaded did not give the employer a remedy under the CFAA); Black & Decker, Inc. v. Smith, 568 F. Supp. 2d 929, 934-37 (W.D. Tenn. 2008) (“[The employee] was permitted access to [the employer’s] network and any information on that net-work. The fact that [the employee] did not have permission to subsequently misuse the data he accessed by sharing it with any of his former employer’s competitors is another matter that may be circumscribed by a different statute.”); Shamrock Foods Co. v. Gast, 535 F. Supp. 2d 962, 967 (D. Ariz. 2008) (“A violation for accessing ‘without authorization’ occurs only where initial access is not permitted. And a violation for ‘exceeding authorized access’ occurs where initial access is permitted but the access of certain information is not permitted.”); Diamond Power Int’l v. Davidson, 540 F. Supp. 2d 1322, 1342 (N.D. Ga. 2007) (a violation of the CFAA “does not depend upon the defendant’s unauthorized use of information, but rather upon the defendant’s unauthorized use of access”); Brett Senior & Asc., PC v. Fitzgerald, 2007 WL 2043377 (E.D. Pa. July 13, 2007) (holding that that an accountant who used his computer

Chapter Four


to copy information about his previous employer’s clients to share with his new employer did not violate the CFAA; the accountant did not exceed his authorized access because he did not “obtain any information that he was not entitled to obtain or alter any information that he was not entitled to alter” since he was allowed full access to information contained in the BSA computer system until his departure. The court held that unauthorized access or exceeding authorization is key to a finding of liability under the CFAA.); Int’l Ass’n of Machinists & Aero. Workers v. Werner-Matsuda, 390 F. Supp. 2d 479 (D. Md. 2005) (CFAA was designed to pre-vent illegal access to a database, not the “larceny” of data from a database that was accessed legally); SecureInfo Corp. v. Telos Corp., 387 F. Supp. 2d 593 (E.D. Va. 2005) (finding that ac-cess was fully authorized and therefore no CFAA claim was stated). See also United States v. Rodriguez, 628 F.3d 1258, 1263 (11th Cir. 2010) (distinguishing LVRC holdings because the employee in this case was told he was not authorized to obtain personal information from the employer’s (the Social Security Administration) database for other than business reasons and the employee acknowledged that his access of the information was not for business reasons, thus there was no question his access of the information was unauthorized).

b. Cases Finding Defendants Originally Authorized Acted Without Authorization. An-other line of cases holds that an employee accesses a computer “without authorization” for the purposes of the CFAA whenever the employee, without the employer’s knowledge, ac-quires an interest that is adverse to that of his employer or is guilty of a serious breach of loyalty. See, e.g., Int’l Airport Ctrs., L.L.C., v. Citrin, 440 F.3d 418, 419 (7th Cir. 2006) (employer should be permitted to proceed with complaint that ex-employee violated CFAA by installing secure-erasure program that permanently deleted files on his employer-provided laptop; facts alleged, if true, showed that employee acted without authorization when he deleted files that would have incriminated him and other files that were the employer’s property, in violation of his duty of loyalty to the employer); Guest-Tek Interactive Entertainment, Inc. v. Pullen, 665 F. Supp. 2d 42 (D. Mass. 2009).

In Guest-Tek, the court permitted the plaintiffs to proceed with their claims that the defendant violated the CFAA when he surreptitiously transposed thousands of Guest-Tek computer files onto his personal USB device and allegedly used them to launch a competing company. See also Nilfisk-Advance, Inc. v. Mitchell, 2006 WL 827073 (W.D. Ark. 2006) (the defendant “ex-ceeded any authorization he had when he e-mailed the files to his personal computer with the alleged purpose of misappropriating the information contained in them”); HUB Group, Inc. v. Clancy, 2006 WL 208684 (E.D. Pa. 2006) (use of information to aid subsequent employer exceeded authorization access); Int’l Sec. Mgmt. Group, Inc. v. Sawyer, 2006 WL 1638537 (M.D. Tenn. 2006) (“There is no dispute that [the defendant] exceeded his authority when he e-mailed [to competitors] documents that [the plaintiff] considers proprietary”); George S. May Int’l Co. v. Hostetler, 2004 WL 1197395 (N.D. Ill. 2004) ([the defendant’s] authorization did not extend to removing copyrighted materials from the computer system for his personal benefit or that of a competitor); but see Nucor Steel Marion, Inc. v. Mauer, 2010 WL 5092774 (D.N.H. Dec. 7, 2010) (plaintiff failed to allege facts sufficient to meet either the unauthorized access or exceeds authorized access elements of a CFAA claim where the complaint did not allege that the ex-employee ever acquired an interest that was adverse to that of his employer or was guilty of a serious breach of loyalty at any time before he downloaded and e-mailed company data from his work computer) (citing Guest-Tek).

In Eagle v. Morgan, 2012 WL 4739436 (E.D. Pa. Oct. 4, 2012), the court entered judgment in favor of the employer on a former employee’s CFAA claim in a dispute over the ownership of the employee’s LinkedIn account created during the scope of her employment. The Court ruled that the employee’s allegations of the loss of potential business opportunities, goodwill, and/or interference with customers are not cognizable losses under the CFAA, even though it was undisputed that the employee lost control of the LinkedIn account after she was termi-nated. See also Rajaee v. Design Tech Homes, Ltd., 2014 WL 5878477, at *1 (S.D. Tex. Nov.

Chapter Four


11, 2014) (granting summary judgment on plaintiff’s CFAA claim alleging he lost “600 busi-ness contacts collected during the course of his career, family contacts (many of which are located overseas and some are related to family business), family photos, business records, irreplaceable business and personal photos and videos and numerous passwords” when his employer remotely wiped his personal iPhone, which he also used for work, after the plaintiff was discharged. The court held that the plaintiff failed to show he sustained $5,000 in cogni-zable loss under the CFAA.).

c. Damages. The CFAA permits prevailing employers to recover compensatory damages and obtain injunctive relief. Additionally, the CFAA provides for criminal sanctions, including penalties and/or a prison sentence of up to 10 years. The recovery against those found to have violated the CFAA may be significant and can include cost of conducting a loss estima-tion, restoring the system to the condition it was in before the illegal act, and any lost revenue.

2. Use of Trespass Laws to Prohibit Excessive External E-Mail. Some employers have used state trespass laws to protect themselves from excessive e-mail from disgruntled former employ-ees; however, the California Supreme Court has held that California’s law prohibiting trespass to chattels does not encompass an ex-employee’s use of the employer’s internal e-mail system, where that use did not damage the company’s computer system or impair its functions. See Intel Corp. v. Hamidi, 71 P.3d 296 (Cal. 2003). The court noted that the decision does not mean that Internet communications deserve any type of special immunity, but merely that individuals suing under the trespass to chattel law in California cannot prevail unless they can show that there is some injury to the plaintiff’s personal property or legal interest in that property.

3. State Computer Crimes Laws May Prohibit Unauthorized Computer Access and Theft. For example, Florida’s Computer Crimes Act (FCCA), provides that:

A person commits an offense against users of computers, computer systems, computer net-works, or electronic devices if he or she willfully, knowingly, and without authorization:

(a) Accesses or causes to be accessed any computer, computer system, computer net-work, or electronic device with knowledge that such access is unauthorized;

…

Fla. Stat. § 815.06(1). Access is defined as “to approach, instruct, communicate with, store data in, retrieve data from, or otherwise make use of any resources of a computer, computer system, or computer network.” Fla. Stat. § 815.03. Florida Statute § 815.04(4) addresses violations re-lated to the taking of intellectual property:

A person who willfully, knowingly, and without authorization discloses or takes data, programs, or supporting documentation that is a trade secret… or is confidential as provided by law residing or existing internal or external to a computer, computer system, computer network or electronic device commits an offense against intellectual property.

Florida’s statute makes it a felony to disclose or take data that constitutes intellectual property. Fla. Stat. § 815.05.

In Willoughby v. State, 84 So.3d 1210 (Fla. 3d DCA 2012), the court upheld a criminal convic-tion against a former employee who, while she was employed and allegedly for work purposes, transmitted a confidential client list from her employer’s computer system to her laptop in viola-tion of a signed express written instruction that she not do so. The Willoughby case involved an employee of a human services agency that had transmitted her employer’s confidential trade secret documents to her laptop, thus implicating the above section related to intellectual property crimes. Specifically, the document transferred was a “client trust fund master list,” and Willoughby claimed that she transmitted the information to her personal laptop for work-related purposes. Subsection (6) of § 815.06 clarifies that the section “does not apply to any person who accesses his or her employer’s computer system… when acting within the scope of his or her lawful em-

Chapter Four


ployment.” Because Willoughby was authorized to access her employer’s computer network, the Third District Court of Appeal held that the state failed to prove her conduct violated Fla. Stat. § 815.06. However, the court affirmed Willoughby’s conviction under Fla. Stat. 815.04, taking intel-lectual property. Although Willoughby argued that she did not have malicious intent in download-ing the employer’s information, the court held that the state only had to show that her conduct was willful, knowing, and without authorization. The court noted that Willoughby was repeatedly informed she could not obtain any of the data from her employer’s network. Because she trans-ferred files without authorization, her conviction was affirmed.

4. Steps That May Protect the Employer from Disgruntled Former Employees. Employers can take certain steps that may help protect them from sabotage or preserve evidence if the employee sues because of his termination.

• Preserve the ex-employee’s computer hard drive. In cases in which litigation or an agency charge may result from the termination, employers should consider preserving the ex-em-ployees computer hard drive instead of reassigning the computer to another employee. If storage space makes storing the hard drive impractical or if the storage time is likely to be lengthy, consider having a forensic specialist create a copy of the hard drive. It is important that this is done correctly, by an individual familiar with forensic procedures, to ensure the data is properly preserved so that it can be used in any subsequent litigation.

• Preserve the employee’s electronic mail. The employee’s inbox should be preserved sepa-rately from files recovered from the deleted e-mails, so that it clear which e-mails the em-ployee deleted before termination.

• Examine the hard drive (after steps have been taken to preserve all relevant data) to deter-mine whether the employee used a scrubbing or cleaning program on the computer.

• Implement and monitor good computer security procedures, such as unique passwords, frequent changing of passwords, activity and access logging, logging off when leaving a workstation, and backing up and maintaining security logs.

• Consider using spyware to monitor employee computer usage. Such spyware not only tracks employee computer usage, but some types can also detect the installation of unapproved software that may be installed to smuggle documents through steganography (the process of hiding information within other information) or digital watermarking. These technologies can be used by employees to hide employer information such as customer lists, business plans, or other confidential information in innocuous looking files such as family photos that are e-mailed from work to home by the employee before his or her departure. Because such hidden data within a photo file is imperceptible to the eye, as is the alteration made to the photo, a reviewer of the data cannot detect its existence without special software and/or access to the unaltered original file.

• Conduct an exit interview that covers an employee’s use of laptops, home computer for work, USB drives and PDAs and make sure all company information is retrieved. As a part of the exit procedure, have the departing employee sign a statement to the effect that he has not removed any files, including files, or other property of the employer.

B. Defamation Claims Based on Electronic Communications

1. Defamation Generally. In its most basic sense, defamation occurs whenever a speaker or writer communicates a false statement to a third person and that statement injures the reputation of the person identified in the statement. The defamation is called libel if it is written or other-wise tangible and slander if it is spoken. Although the two may differ slightly in some technical respects, for the purposes of these materials, both are treated as one issue.

2. Elements of Defamation. The essential elements of defamation are as follows:

Chapter Four


a. a false and defamatory statement, i.e., a statement that injures the reputation or com-munity standing of another person or discourages others from associating with that person;

b. concerning the plaintiff;

c. that is “published” or communicated to a third party;

d. with fault amounting to at least negligence (some states have not required a showing of fault or negligence if the plaintiff is a private person and the defendant is not a member of the media); and

e. with proof of damages or a presumption of damages to the plaintiff as a matter of law.

Generally, whether statements contained in an e-mail are defamatory depends on state law governing defamation claims. In some cases, statements have been held to be subject to a qualified privilege if made in good faith, with an interest to be upheld, limited in scope to that interest, on a proper occasion and publicized in a proper manner. Additionally, most states apply a qualified privilege to communications made as part of internal investigations, provided publication is not made to persons who do not have a legitimate interest in the information.

3. Cases Addressing Defamation Claims.

a. Under California law, e-mail communication between employees who were responsible for processing job applications was privileged, and thus could not form the basis of the ap-plicant’s libel claim. See West’s Ann. Cal. Civ. Code 47(c); Jensen v. Prudential Financial, 130 F. App’x 914 (9th Cir. 2005).

b. In Brown v. Westaff (USA), Inc., 301 F. Supp. 2d 1011 (D. Minn. 2004) (applying Minnesota law), the court held that a former employer was not liable for defamation for e-mails sent to human resources personnel within the context of an investigation of employee wrongdoing where the court found that the e-mail communications were privileged and were not made with actual malice.

c. In Bates v. Variable Annuity Life Ins. Co., 200 F. Supp. 2d 1375 (N.D. Ga. 2002) (applying Georgia law), the court held that statements contained in an e-mail regarding a discharged employee, which was sent to corporate managers who had reason to receive the information, were privileged. Accordingly, the court held that the employee who sent the message and his employer were not liable for defamation.

d. In Lian v. Sedgwick James of New York, Inc., 992 F. Supp. 644 (S.D.N.Y. 1998) (apply-ing New York law), the court found that no reasonable jury could find that an e-mail sent by a company supervisor was defamatory and, accordingly, granted the employer’s motion to dismiss. The subject e-mail stated that the supervisor and the plaintiff had agreed that the plaintiff would begin to seek employment outside of the company. The plaintiff claimed that no such agreement had been reached and that the e-mail defamed him. The plaintiff resigned and sued the employer for libel per se (a writing that tends to disparage a person in the way of his office, profession, or trade). The court concluded that the terms of the e-mail were suscep-tible to only one meaning, and that a reasonable person would not find the e-mail susceptible of a defamatory meaning. Accordingly, the court granted summary judgment in favor of the employer.

e. In Mills v. Wex-Tex Industries, Inc., 991 F. Supp. 1370 (M.D. Ala. 1997) (applying Alabama law), the court found that a plaintiff failed to establish that her supervisor was liable for defa-mation where there was no proof that the defamatory statement was made to a third party; ac-cordingly, the plaintiff’s former employer was not liable for defamation. In this case, the plaintiff read a statement on her supervisor’s computer, which stated that she had a mental problem. The court held that to show defamation, a plaintiff must prove that a false and defamatory statement was communicated, without privilege, to a third party, with fault amounting to at

Chapter Four


least negligence and either actionability of the statement irrespective of special harm (ac-tionable per se) or the existence of special harm caused by the publication of the statement (actionable per quod). The court concluded that since there was no evidence of an actionable harm from the statement and since there was no publication of the statement, summary judg-ment was appropriate because the former employer could not be held vicariously liable when its company supervisor was not liable for defamation.

C. Electronic Signatures

The Uniform Electronic Transactions Act, which has been adopted by a number of states, provides that a contract, record, or signature cannot be denied legal effect or enforceability solely because it is in electronic form. The Act also provides that if a law requires a record to be in writing and requires a signature, an electronic record and electronic signature satisfy the law. The Act defines electronic signature as “an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.” To receive the protec-tion of the Act, the parties should agree to conduct transactions by electronic means. Generally, this requirement is satisfied if the employee provides an electronic signature for each transaction. The Act requires that the electronic record, document, contract and signature be created in a form that ensures the integrity, security, and confidentiality of the document. This process must be designed to prevent or detect any changes to a record or contract following an electronic signature. The em-ployee must be able to print a copy of the record or contract for his or her own record. The employer must also take steps to ensure that information regarding an employee’s medical and confidential files remains confidential.

A failure to ensure the confidentiality of medical records or personally identifiable information could cause an employer to be in violation of certain federal or state laws. Additionally, an employee may attempt to challenge the authenticity of an electronic record by claiming it was altered after he or she signed it.

Employers interested in using electronic records may want to consider providing, at the start of employment or at the beginning of the use of electronic records, an acknowledgment and consent to the use of electronic records. Such employers should also ensure that sufficient safeguards are in place to protect the privacy of an employee’s password for his or her electronic signature, as well as all confidential information maintained in electronic format. Additionally, employers should check the laws of the states in which they have employees because state laws governing electronic sig-natures vary.

Chapter Four EMPLOYER CHALLENGES AND POTENTIAL … 4... · 2015-05-15 · • Possible reduction of...

Documents

Transcript of Chapter Four EMPLOYER CHALLENGES AND POTENTIAL … 4... · 2015-05-15 · • Possible reduction of...