Chapter Three EMPLOYER CHALLENGES AND POTENTIAL … 3... · • Possible reduction of risks of...

Chapter Three

Copyright © 2016 FordHarrison LLP. All rights reserved.67

Chapter Three

EMPLOYER CHALLENGES AND POTENTIAL LIABILITY IN THE ELECTRONIC WORKPLACE

Em

ployer Challenges

and Potential Liability

in the Electronic

Workplace

Chapter Three



Table of Contents

I. THE SOCIAL MEDIA CHALLENGE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71A. The Use of Social Media in Recruiting and Hiring . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

B. Monitoring and Regulating Employees’ Social Media Activities. . . . . . . . . . . . . . . . . . 72

C. Sugggestions for Social Networking Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

D. Discovery of Employees’ Social Networking Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

II. RETENTION, STORAGE, AND PRODUCTION OF ELECTRONICALLY STORED INFORMATION (ESI). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80A. Retention of E-Mails and Other ESI as Business Records . . . . . . . . . . . . . . . . . . . . . 80

B. Document Retention and Detruction Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

C. Production of ESI in Litigation Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

III. OTHER ISSUES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87A. Risks of Internal Computer Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

B. Defamation Claims Based on Electronic Communications . . . . . . . . . . . . . . . . . . . . . 92

C. Electronic Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Chapter Three



Katie Parham, [email protected], Chapter Editors

I. THE SOCIAL MEDIA CHALLENGESocial media has quickly become a vital part of everyday life. There are now more than 750 million active users of social media. Some of the more popular social media platforms include: Facebook; Google Plus; LinkedIn; Twitter; YouTube; Instagram; Pinterest; Flickr; Tumblr; Vine; and Reddit, among many, many others. Social media is not merely social, however, as more and more businesses are recognizing that social media platforms can be valuable marketing and communication tools. However, the use of social media has created new and daunting challenges for employers, not the least of which is the blurring of the line between employees’ personal and professional lives.

A. Use of Social Media in Recruiting and Hiring. According to an article in U.S. News & World Report, a 2015 CareerBuilder survey of more than 2,000 hiring managers and human resource professionals reveals that 52 percent of employers use social networking sites to research job candidates. Hannah Morgan, 10 Ways Social Media Can Help You Land a Job, U.S. News & World Report (Money), Sep. 10, 2015, http://money.usnews.com/money/careers/slideshows/10-ways-so-cial-media-can-help-you-land-a-job. While it is always desirable to make hiring decisions based on the most relevant and useful information available, employers should exercise discretion in whether and how they utilize social media in recruiting and hiring.

1. Use of Social Media to Recruit Candidates. The reality is that more and more potential candidates are using the internet and social media to look for open positions, to research com-pany information on potential employers, and to post resumes, job search, and other career experience information that they know will be viewed by potential employers. Thus, progressive employers can utilize social media to post information about open positions, career opportuni-ties, benefits, and general company information, as well as other information designed to inform and lure the best candidates. Many companies now have their own LinkedIn accounts, Facebook pages, and Twitter sites through which they can share information about their company.

Employers should also expect that increasing numbers of potential candidates are visiting those social media sites to research and learn about potential jobs, research the company, and make decisions about whether they want to work there. Informative, targeted, and clever use of social media by employers can assist in reaching more and attracting better candidates.

In the latest generation of social media recruiting/job seeking, sites like the “online social job so-lution” and CareerArc Social Recruiting (formerly TweetMyJobs.com) integrate with social media profiles to allow employers to post job openings and to distribute those job openings to potential candidates who are matched based on their social media profiles. CareerArc interfaces with Facebook, Twitter, LinkedIn and major job search engines to provide this information.

2. Use of Social Media to Gather Information About and Screen Applicants. Largely gone are the days of walk-in applicants completing paper applications and sitting down for a face-to-face interview. While the temptation is to gather as much information as you possibly can about each job candidate, the reality is that the internet and social media make information (some reli-able, some not) so accessible that employers must make decisions about how much information they really want on candidates, how they should go about getting it, and how they should avoid getting information they really should not have or simply do not want.

Chapter Three


Some positives of utilizing social media to gather information on candidates may include:

• Allowing the employer to verify the application and resume information provided;

• Enabling the employer to make better, more informed hiring decisions by providing more information about the candidate;

• Possible revelation of areas of concern about the applicant’s judgment and/or potential for negatively impacting the company’s image/brand;

• Possible reduction of risks of negligent hiring lawsuits; and

• Reduced costs by hiring the best employees up front.

Some negatives or potential pitfalls of utilizing social media to gather information on candidates may include:

• Social media information is not always reliable;

• It may reveal characteristics or protected status upon which you may not lawfully make employment decisions, and thus, you are better off not knowing at that time (e.g., age, race, national origin, disability, genetic information, sex/sexual orientation, pregnancy, religion, union or other protected activities, etc.); and

• Violating your own policy by accessing improper social media sites.

The risks of using social media in connection with hiring decisions is demonstrated in Gaskell v. Univ. of Kentucky, 2010 WL 4867630, at *9 (E.D. Ky. Nov. 23, 2010), which the plaintiff claimed the University refused to hire him for the position of founding director of an astronomical observatory because of his religion in violation of Title VII. The plaintiff was the leading candidate for the posi-tion until members of the hiring committee discovered a paper on his personal website entitled Modern Astronomy, the Bible, and Creation. Subsequently, members of the committee discussed the “scientific integrity” of the paper with members of the biology department, which expressed concern about his “creationist” views. The chair of the search committee complained in an e-mail that the plaintiff was being denied the job because of his religion and stated that “no objective observer could possibly believe the decision was based on any reason other than religion.” Id. at *8. The court held that these statements, if true, were direct evidence of discrimination. The court also found other evidence that the plaintiff’s religious beliefs played a role in the decision to reject him for the position. Thus, the court denied the employer’s motion for summary judgment. In this case, the information regarding the plaintiff’s religious beliefs most likely would not have surfaced had a member of the search committee not accessed the plaintiff’s personal website. Reviewing a candidate’s social media page presents similar risks.

Employers who choose to use social media to gather information on or screen applicants should (a) create a standardized procedure for HR personnel to follow; (b) apply that procedure consis-tently; (c) document decisions made based on legitimate concerns uncovered via social media; (d) use social networking sites as late in the hiring process as possible; and (e) have someone other than the decision-maker conduct the search and instruct him or her to report only limited, nonprotected information.

B. Monitoring and Regulating Employees’ Social Media Activities. Like other electronic infor-mation systems that employees may use at or in conjunction with their work, employers must de-termine how to deal with social media use at the workplace and by its employees outside the work-place. Although the technology is new, generally speaking, employers may often simply apply their existing policies, procedures and work rules when dealing with social media.

1. Legitimate Reasons to Monitor or Regulate. With respect to monitoring social media ac-tivities of employees, some reasons an employer may want to monitor or regulate such activi-ties include increasing productivity, efficiency and performance; reducing drains on company IT systems; identifying leave of absence abuse (e.g., an employee on Family and Medical Leave

Chapter Three


Act (FMLA) leave acting inconsistently with medical restrictions, moonlighting, posting vacation photos etc.); monitoring company image or brand; ensuring compliance with fair trade, advertis-ing laws and regulations; identifying/investigating claims of harassment or discrimination; and monitoring compliance with confidentiality and noncompetition agreements. See, e.g. Amway Global v. Woodward, 744 F. Supp. 2d 657 (E.D. Mich. 2010) (enforcing arbitration award against an ex-employee for breach of a nonsolicitation agreement through blog postings; deferring to the arbitrator’s conclusion that the employee engaged in mass solicitation by posting his reasons for joining a competitor on a blog with 100,000 viewers).

2. Legal Implications of Monitoring or Regulating Social Media Use. Courts have begun to grapple with the ways in which the legal statutes and principles discussed above relating to monitoring (e.g., the Electronic Communications Privacy Act (ECPA), Stored Communications Act (SCA), Wiretap Act, invasion of privacy claims and Fourth Amendment claims) apply to use of social media.

a. SCA. In Ehling v. Monmouth-Ocean Hosp. Serv. Corp., 961 F. Supp. 2d 659 (D.N.J. 2013), a federal trial court in New Jersey held that Facebook wall posts that are configured to be private are covered by the SCA. The SCA protects against unauthorized access to stored electronic communications and records. See 18 U.S.C. §§ 2701-2711. The court held that such posts are: (1) electronic communications; (2) transmitted via an electronic communication service; (3) in storage; and (4) if configured to be private, not accessible to the general public. The court noted that unlike e-mail, Facebook wall posts are not held somewhere temporarily before they are delivered; rather, the website itself is the final destination. However, because Facebook stores posts for backup purposes, the court found that they are in electronic stor-age for the purposes of the SCA. The court also held that when users make their Facebook posts private, the wall posts “are configured to be private” for the purposes of the SCA. In this case, however, the court held that the employer was not liable because the inappropriate Facebook post was shown to management by an employee who was a Facebook “friend” of the plaintiff. Since the person who accessed the post was an authorized user who shared the post voluntarily and without coercion from management, the court held that authorized user exception applied to this case.

While “authorized user immunity” may shield employers from liability where express or implied consent is given to access social media, civil and criminal penalties are available against employers who gain unauthorized access to employees’ personal electronic com-munications and data. In Pure Power Boot Camp v. Warrior Fitness Boot Camp, LLC, 587 F.Supp.2d 548 (S.D.N.Y. 2008), summary judgment granted in part, denied in part, 759 F. Supp. 2d 417(S.D.N.Y. 2010), judgment entered, 813 F. Supp. 2d 489 (S.D.N.Y. 2012), an employer maintained a broad computer use policy stating that: (1) employees had no right of personal privacy in any matter stored in or created on the company’s system, inclusive of personal e-mail accounts accessed on the company’s system; and (2) that computer usage was subject to monitoring without additional notice. The employer accessed the employee’s personal Hotmail account by using the password the employee had saved on his company computer, which was stored on the employer-owned hard drive. The employer also accessed the employee’s Gmail and another e-mail account through information it obtained from the Hotmail account. The court held that the employer’s actions violated the SCA, reasoning that, “If [an employee] had left a key to his house on the front desk at [his workplace] one could not reasonably argue that he was giving consent to whoever found the key to use it to enter his house and rummage through his belongings.” Id. at 561. The court held that if the employer only read information available to it on its own system, it would not have violated the SCA. But, by going further into the actual Gmail and Hotmail accounts, the employer committed a violation. Employers thus must be careful about accessing employee private areas of social media sites, such as Facebook, even if the employee’s password is saved on the employer’s system. See also Rodriguez v. Widener Univ., 2013 WL 3009736 (E.D. Pa. June 17, 2013) (de-

Chapter Three


nying motion to dismiss former employee’s ECPA and SCA claims against former employer based on improper access of the former employee’s Facebook images; it was not clear how the former employer gained access to the images and the court was unwilling to hold as a matter of law that Facebook images are generally available to the public).

b. Nondiscrimination/Harassment Statutes. Although employers should be cautious about attempting to regulate employees’ social media activities conducted outside of the workplace or that are not work-related, employers must also prohibit discrimination and harassment that occurs via social media and must promptly address any such claims. In Espinoza v. County of Orange, 2012 WL 420149 (Feb. 9, 2012) (unpublished opinion, not citable), a California Court of Appeals discussed how employers should respond to reports of employee harass-ment that occur via social media. In that case an employee who was born without fingers on his right hand sued his employer, the Orange County Probation Department, for disability harassment. The employee claimed he was harassed both in the workplace and through employees’ blog posts made on personal blogs that were not work related. Some of the blog posts referred to the employee’s hand as a “claw,” called him a “rat,” and contained threats of physical harm. Upon receiving the complaint, the employer discovered many employees were accessing the blog from the employer’s computers using generic login passwords. The employer then blocked employee access to the blogs through the use of generic user names and passwords. However, it did not attempt to block access to the blogs through the use of personal passwords.

The employer argued that it should not be liable for harassment since the employee volun-tarily viewed the blog postings and the alleged “blogging” misconduct did not occur in the workplace. However, the court found that “[e]valuating the blog postings and the acts in the workplace as would a reasonable person in plaintiff’s position, the evidence established suf-ficient harassing and threatening comments and conduct to satisfy the severe or pervasive test.” Id. at *10. Additionally, the court rejected the employer’s argument that it was not liable because it maintained a written anti-harassment policy and blocked access to the blog. The court held that “the blog continued for eight weeks after defendant began investigating … And, although it did block the generic logins, defendant did not block access of those using personal passwords, which it had the ability to do.” Id. at *11. The court also found it significant that, even though several managers were informed about the harassment and potential ha-rassers, the employer never interviewed anyone, including plaintiff and the individually named harassers. Id. Lastly, the court rejected the employer’s attempt to rely on the New Jersey Supreme Court decision in Blakey v. Continental Airlines, Inc., 164 N.J. 38 (2000), which held that employers are not required to monitor their employees’ private communications. The court reasoned that Blakey merely established that employers must take effective measures to end co-worker harassment that occurs “in settings that are related to the workplace” when they know or have reason to know that such behavior is part of a pattern of harassment oc-curring in the workplace – which, it held, is what happened in Espinoza. Id. at *6.

In Montone v. City of Jersey City, 2013 WL 6764525, at *14 (N.J. Super. Ct. App. Div. Dec. 24, 2013), the appellate court reversed the lower court’s grant of summary judgment on the plaintiff’s claims of harassment under the New Jersey Law Against Discrimination based on harassing comments her supervisor allegedly made on an independent website the employer (the city of Jersey City) did not control. The court noted that while “employers do not have a duty to monitor private communications of their employees,” they “do have a duty to take ef-fective measures to stop co-employee harassment when the employer knows or has reason to know that such harassment is part of a pattern of harassment that is taking place in the workplace and in settings that are related to the workplace.” Id. (citing Blakey v. Continental Airlines, Inc., 164 N.J. 38, 62 (2000)). The court further noted that under Blakely, it is possible for harassment outside of the workplace to have a sufficient impact on the workplace that the employer has a duty to address it. Id. For example, if employees post harassing workplace-

Chapter Three


related comments to an internet forum that the employer does not control, the employer may still have a duty in appropriate circumstances to police the forum, depending on whether the forum is so closely related to the workplace environment and beneficial to the employer that it is essentially part of the workplace. Id. In Montone the court held that the employer did not derive substantial benefit from the website, as required by Blakely to impose liability based on the comments made on the website. However, the court held “while defendants lacked authority to regulate the NJ.com website itself, they may still have had a responsibility under their own standards to determine whether the postings constituted off-site or off-duty disre-spect or harassment of a fellow officer, which the Department’s manual prohibited.” The court of appeals held that the trial court erred in applying Blakely to the defendant as if it were a private employer without addressing the employer’s obligation under its own policies.

c. National Labor Relations Act (NLRA). Section 7 of the NLRA protects the right of em-ployees to engage in “protected concerted activity” regardless of whether the employer is unionized. Thus, social media activities of employees that constitute “protected concerted activity” are protected by Section 7, and it could be a violation of the NLRA to discipline or discharge an employee for comments in social media. The National Labor Relations Board (NLRB) has been extremely active in deciding cases alleging that employers have engaged in unfair labor practices by promulgating overly broad social media policies and/or disciplining or discharging employees for social media activities that constituted protected concerted activi-ties. Interestingly, most of the NLRB cases have involved nonunion workplaces.

(1) Protected Concerted Activity. The NLRB General Counsel has issued two reports summarizing cases involving social media issues, which are available on the Board’s web site at http://www.nlrb.gov. According to a press release issued by the Board, the report underscores two points: (a) employer policies should not be so sweeping that they prohibit the kinds of activity protected by federal labor law, such as the discussion of wages or working conditions among employees; and (b) an employee’s comments on social media are generally not protected if they are mere gripes not made in relation to group activity among employees. For more information on unfair labor practices, please see the NLRA’s Impact on the Workplace Chapter of the SourceBook.

The case law is quickly developing in this area so it is difficult to articulate hard and fast rules. However, the following analysis should assist employers when considering potential discipline or discharge based on social media activities:

• First, the employer should ask the threshold question of whether the conduct im-pacts the workplace. If it is a matter of purely personal concern unrelated to the workplace, no action should be taken.

• Second, is the employee using or posting on social media a supervisor? If so, super-visors do not have the same Section 7 rights as nonsupervisory employees to en-gage in protected concerted activity. A supervisor’s posts, however, may have NLRB implications if they infringe upon employees’ Section 7 rights. (See the Surveillance discussion below.)

• Third, is the communication “protected concerted activity” under the NLRA? “Pro-tected” activity includes concerns regarding, wages, terms or conditions of work, the work environment, or that is the result of a labor dispute. “Concerted” activity would encompass activity between two or more employees addressing the employer, two or more engaging in dialogue, a single employee inviting dialogue from other em-ployees, and a single employee authorized to speak on behalf of other employees. In Hispanics United of Buffalo, Inc., 359 NLRB No. 37 (Dec. 14, 2012), the NLRB af-firmed the decision of an Administrative Law Judge (ALJ), which held that a nonprofit organization unlawfully discharged five employees who had posted comments on Facebook in response to a co-worker’s complaint about their job performance. The

Chapter Three


Board held that “there should be no question that the activity engaged in by the five employees was concerted for the ‘purpose of mutual aid or protection’ as required by Section 7.” Id. at *2. The Board also held that the actions of the five employees were concerted as defined by the relevant case law because they “were taking a first step towards taking group action to defend themselves against the accusations they could reasonably believe [the co-worker] was going to make to management.” Id. The Board also found that the discussions were protected under the NLRA be-cause it has “long held that § 7 protects employee discussions about their job per-formance,” which is what the Facebook comments addressed. See also Three D, LLC d/b/a/ Triple Play Sports Bar v. NLRB, 2015 WL 6161477 (2d Cir. Oct. 21, 2015) (affirming NLRB’s determination that an employer violated the NLRA by discharging two employees for their participation in a Facebook discussion in which they com-plained about perceived errors in the employer’s tax withholding calculations). The court affirmed the Board’s determination that one employee’s “like” of a wall post and another employee’s use of a profane epithet toward the employer took place in the course of a discussion of their tax treatment, and thus were protected. The court also found that the Board’s determination that the employees’ Facebook activity “did not lose the protection of the Act simply because it contained obscenities viewed by customers accords with the reality of modern-day social media use.” Id. at *3. In Laurus Technical Institute, 360 NLRB No. 133 (June 13, 2014), rev. dismissed, 2015 WL 1606896 (March 16, 2015), the Board adopted an ALJ’s determination that a col-lege’s no gossiping policy and its termination of an employee for violating the policy violated the NLRA. The policy defined gossiping as: “1) Talking about a person’s personal life when they are not present; 2) Talking about a person’s professional life without his/her supervisor present; 3) Negative, or untrue, or disparaging com-ments or criticisms of another person or persons; 4) Creating, sharing, or repeating information that can injure a person’s credibility or reputation; 5) Creating, sharing, or repeating a rumor about another person; and 6) Creating, sharing or repeating a rumor that is overheard or hearsay.” The college fired an employee for soliciting her co-workers to go work for a competitor. Subsequently, the college fired another employee for discussing the first employee’s discharge, in violation of the no gossip-ing policy. The ALJ held that the policy was “overly broad, ambiguous, and severely restricts employees from discussing or complaining about any terms and conditions of employment” and a violation of the NLRA. See also Design Technology Group, d/b/a/ Bettie Page Clothing, 361 NLRB No. 79 (Oct. 31, 2014)1 (terminating employ-ees for Facebook posts complaining about and disparaging a supervisor and criticiz-ing the employer’s lack of response to their complaints about the supervisor violated the Act because the employees were engaging in protected concerted activity and their Facebook complaints “were complaints among employees about the conduct of their supervisor as it related to their terms and conditions of employment”).

However, in Karl Knauz Motors, Inc., 358 NLRB No. 164 (N.L.R.B. Sept. 28, 2012), the Board upheld the termination of an employee whose Facebook posts mocked an accident on his employer’s property. The case was tried before an ALJ, who held that the plaintiff was fired because of his offensive, unprotected accident-related Facebook postings. The Board unanimously adopted the ALJ’s conclusion that the plaintiff was lawfully terminated for his offensive Facebook postings. The ALJ had also held that sarcastic Facebook comments made by the plaintiff concerning a sales event the employer hosted were protected under Section 7. The Board did not rule on this issue.

1 The Board affirmed the ALJ’s decision for the reasons stated in the Board’s earlier decision, which was vacated in accordance with NLRB v. Noel Canning, 134 S. Ct. 2550 (2014).

Chapter Three


• Fourth, even if social media activity is “protected concerted activity,” is the conduct: (a) so opprobrious or egregious that it renders the employee “unfit” for further ser-vice to employer (e.g., maliciously defamatory); or (b) so disloyal that it is no longer entitled to protection? If so, it loses its Section 7 protection and discipline can be imposed. See Endicott Interconnect Tech. v. NLRB, 453 F.3d 532 (D.C. Cir. 2006) (reversing NLRB determination that employee engaged in protected activity when he posted a disparaging message about employer in a chat-room sponsored by a local newspaper; communication was so disloyal that it was not protected and employee was lawfully discharged).

• Fifth and similarly, even if otherwise protected, does the social media activity violate or implicate another policy, law, or contract such as the employer’s policies relating to nondiscrimination/harassment, workplace violence, disclosure of trade secrets or confidential information, computer usage, or code of conduct? If so, and assuming the policies are not overbroad, the employer can argue that it would have discharged the employee even in the absence of the protected behavior and discipline may be imposed.

Employers should review their policies to ensure they are not overly broad, as the NLRB has found several policies unlawfully overbroad when applied to social media. The following analysis is used by the Board in ruling on policies: (a) Does the policy explicitly restrict Section 7 protected concerted activities? (b) If the policy does not explicitly restrict such activities, then (i) would employees reasonably construe the language to prohibit Section 7 activity? (ii) was the rule promulgated in response to union activity? or (iii) has the rule been applied to restrict the exercise of Section 7 rights? Lutheran Heritage Village-Livonia, 343 NLRB 646, 647 (2004).

For example, in In re American Medical Response of Connecticut, Inc., Case No. 34-CA-12576 (filed October 27, 2010) the NLRB alleged that the company’s social media policy, which, among other things, prohibited employees from “making dispar-aging, discriminatory or defamatory comments when discussing the Company or the employee’s superiors, co-workers and/or competitors” was overly broad and inter-fered with employees’ exercise of their right to engage in protected concerted activity under the NLRA. The parties settled the charge shortly before the scheduled Board hearing. Although the full terms of the settlement were not disclosed, in a press release issued February 7, 2011 the NLRB stated that the employer has agreed “to revise its overly-broad rules to ensure that they do not improperly restrict employees from discussing their wages, hours and working conditions with co-workers and oth-ers while not at work, and that they would not discipline or discharge employees for engaging in such discussions.” Any policy that the Board reasonably believes could be construed by employees to infringe their Section 7 rights will be held overbroad.

• Sixth, what discipline, if any, is appropriate and consistent with prior precedent for the same type of behavior outside the social media context? Finally, consider wheth-er any policy revision or clarification may be appropriate.

(2) Surveillance. Guidelines for employer conduct prohibited by Section 8 of the NLRA, such as surveillance of employees’ union organizing efforts, apply equally in the context of social media. An employer is free to observe employees participating in union or other pro-tected concerted activities when those employees are doing so openly and in public. But it is an unfair labor practice when an employer engages in surveillance of union or organiz-ing activity, or when it creates the “impression of surveillance.” In Magna Int’l Inc., 2001 WL 1603861 (N.L.R.B. March 9, 2001), after viewing a photo of an employee organizing committee posted on a union’s public website, a supervisor told an employee that he “liked her picture.” While visiting the public area of the website and viewing open union activity

Chapter Three


was not unlawful surveillance, the supervisor’s comment to the employee conveyed the impression that he was keeping track of her union activities and thus created an unlawful impression of surveillance. Id. The same principles apply to visits to employee or union blogs, Facebook pages, and other social media sites.

d. First Amendment. The Fourth Circuit has held that a sheriff may have violated the First Amendment when he fired two employees for liking an opposing candidate’s Facebook page. “Once one understands the nature of what Carter did by liking the Campaign Page, it be-comes apparent that his conduct qualifies as speech. On the most basic level, clicking on the ‘like’ button literally causes to be published the statement that the User ‘likes’ something, which is itself a substantive statement.” Bland v. Roberts, 730 F.3d 368 (4th Cir. 2013), as amended Sep. 23, 2013.

However, in Shepherd v. McGee, 986 F. Supp. 2d 1211 (D. Or. 2013), the court held that Face-book comments by a child protective services caseworker that disparaged clients and irrepa-rably impaired her workplace effectiveness, her credibility, and her impartiality as a witness provided a legitimate basis for her termination that outweighed her First Amendment rights. The court noted that the plaintiff’s comments did not strike at the heart or core of the First Amendment given her own characterization of them as “humorous and ironic” and “joke[s].” Id. at 1221. As such they were on the periphery of First Amendment protection because they were banter rather than speech intended to help the public actually evaluate the perfor-mance of a public agency. Id. The court further held, assuming the posts were entitled to First Amendment protection, they were not distributed to the public or the media but were targeting a smaller audience and were not at the core of First Amendment protection. Id. at 1222. Ac-cordingly, the government had more deference in determining whether the speech at issue interfered with its operations or with the employee’s ability to effectively perform her duties. The court held, “when weighing the respective interests in this case, the balance unquestion-ably tips in favor of DHS.” Id. See also Gresham v. City of Atlanta, 542 F. App’x 817 (11th Cir. 2013) (affirming summary judgment on plaintiff’s claim she was retaliated against in violation of the First Amendment because of comments she made on her Facebook page criticizing another officer; the court held that the legitimate interest of the employer (the Atlanta police department) in maintaining discipline and good working relationships amongst its employees outweighed the plaintiff’s interest in venting her frustration with her superiors).

e. State Laws. Some states have enacted laws prohibiting employers from requesting so-cial media passwords from applicants or employees or otherwise demanding access to em-ployees’ social media accounts. For example, New Jersey’s law prohibits discrimination and retaliation against individuals who refuse to provide or disclose their user name, password or otherwise provide access to a personal account on a social networking site. Other states that have enacted social media laws include Arkansas, California, Connecticut, Illinois, Maryland, Michigan, Montana, New Mexico, Oregon, Tennessee, Utah, Virginia and Washington. For the most current information on state social media laws, please see the National Conference of State Legislatures website, http://www.ncsl.org/research/telecommunications-and-informa-tion-technology/state-laws-prohibiting-access-to-social-media-usernames-and-passwords.aspx.

C. Suggestions for Social Networking Policies. Generally, the implementation of a social net-working policy should be a team effort that includes various departments such as human resources, IT/IS, marketing and internal social media users. The team should determine what view the compa-ny will take of employees’ use of social networking media – total ban? Some tolerance for personal use? General curbs on business-related content? Recognize a business need? Embrace? The team should also determine what will be included in the term “social media” – business networking sites vs. social (personal) networking sites; blogging sites; photo sharing sites; or business contact sites. The team should also assess the impact on other policies and agreements such as restrictive covenants and computer usage policies.

Chapter Three


Although all policies must take into consideration an employer’s specific needs, employers need to be wary of these common pitfalls in social networking policies which have been found to violate the NLRA and infringe on Section 7 rights:

• Do not broadly prohibit employees from “[m]aking disparaging comments about the compa-ny through any media, including online blogs, other electronic media or through the media.” Use examples to clarify exactly what kinds of behaviors you are prohibiting – e.g. harassing and discriminatory comments; defamatory comments in violation of state law.

• Do not broadly prohibit the use of company logos. Employees have a Section 7 right to use their employer’s name or logo in conjunction with protected concerted activity. Employer may, however, prohibit the use of company logos and trademarks for commercial purposes.

• Do not broadly prohibit disclosure of confidential or proprietary information, as this can include information regarding the terms and conditions of employees’ employment. Use examples of exactly what kinds of information employees are prohibited from disclosing, such as trade secrets, client lists, new product information, stock information, merger infor-mation, etc.

• Some other common mistakes include stating:

“You should never share confidential information with another team member unless they have a need to know the information to do their job.”

All posts must be “completely accurate, not misleading and not reveal nonpublic informa-tion.”

“Contact legal if you do not know if something should be posted.”

“Do not reveal personal information about other employees.”

Lastly, while it will not render a facially overbroad policy lawful, employers are encouraged to include a saving clause in their social networking policies, such as, “[The] Social Media Policy will be ad-ministered in compliance with applicable laws and regulations (including Section 7 of the National Labor Relations Act).”

D. Discovery of Employees’ Social Networking Sites. Social media must not be overlooked as a potential source of discoverable and relevant information. Reid v. Ingerman Smith LLP, 2012 WL 6720752, at *1 (E.D.N.Y. Dec. 27, 2012) (“there is no dispute that social media information may be a source of relevant information that is discoverable”). The court in EEOC v. Original Honeybaked Ham Co. of Ga., 2012 WL 5430974, at *1 (D. Colo. Nov. 7, 2012), described social media content as an “Everything About Me” folder that is voluntarily shared with others and compelled the produc-tion of “all necessary information to access any social media websites” used by the plaintiffs over the relevant period. Similarly, in the court in Caputi v. Topper Realty Corp., 2015 WL 893663, at *8 (E.D.N.Y. Feb. 25, 2015), ordered the plaintiff “to preserve all of her Facebook activity for the dura-tion of [the] litigation.” In EEOC v. Simply Storage Mgmt., 270 F.R.D. 430, (S.D. Ill. May 11, 2010), the court held that certain communications and images from a sexual harassment plaintiff’s social networking sites (MySpace and Facebook) were relevant to her claims of emotional distress based on the alleged harassment and, accordingly, were discoverable. Additionally, in Romano v. Steel-case, Inc., 907 N.Y.S.2d 650 (N.Y. Sup. Ct. 2010), in a nonemployment case, a New York court held that the defendant was entitled in discovery to access the plaintiff’s current and historical Facebook and MySpace pages and accounts, including previously deleted information, on the basis that information to be found there could prove to be inconsistent with her claims of injuries and loss of enjoyment of life. Although discovery issues are decided on a case-by-case basis, as this decision indicates, there could be situations in which the discovery of a plaintiff’s personal web site, Face-book page, or other social networking sites could be appropriate.

Chapter Three


II. RETENTION, STORAGE, AND PRODUCTION OF ELECTRONICALLY STORED INFORMATION (ESI)A. Retention of E-Mails and Other ESI as Business Records. With the passage of the 2006 amendments to the Federal Rules of Civil Procedure pertaining to ESI, definitive policies regarding the retention, storage, and destruction of business information are more critical than ever to avoid costly sanctions in the event of litigation. A duty of preservation of business information arises from the common law and has been confirmed by case law. See, e.g., Zubulake v. UBS Warburg, LLC, 220 F.R.D. 212, 220 (S.D.N.Y. 2003) (identifying specific steps of preservation that are anticipated such as imposing a litigation hold on the company’s document retention policy; questioning whether to take possession of back-up tapes; notifying “key players” of the need for preserving documents and the responsibility to continue to preserve relevant documents; and a periodic reminder to all employees to preserve relevant documents). See also In re Pfizer Inc. Sec. Litig., 288 F.R.D. 297, 313 (S.D.N.Y. 2013) (“Evidence that must be preserved includes documents, electronically stored information, and physical evidence that the party knows or reasonably should know is relevant to claims or defenses in the action, is reasonably calculated to lead to the discovery of admissible evidence, or is reasonably likely to be requested during discovery.”).

The failure to fulfill the duty of preservation can and has resulted in serious sanctions available under Rule 37 of the Federal Rules of Civil Procedure and under the inherent power of the court to manage the litigation. Sanctions have ranged from large amounts of money, some in the millions of dollars, to dismissal of claims or defenses.

B. Document Retention and Destruction Policy. All employers should have a written document retention and destruction policy that has been formulated with the input of the operations, human resources, IT, and legal departments. The policy should outline what ESI should be retained for ordinary business purposes, how long it should be retained, when and how ESI is deleted in the or-dinary course of business, what ESI should be retained for disaster back-up purposes and for how long, and how normal deletion processes can be suspended if litigation is reasonably anticipated.

C. Production of ESI in Litigation Discovery.

1. ESI Is Discoverable and May be Admissible. ESI generally is discoverable during litigation. See, e.g., Zubulake v. UBS Warburg, LLC, 2003 WL 21087884 (S.D.N.Y. May 13, 2003) (“elec-tronic documents are no less subject to disclosure than paper records”). Unfortunately, many employees are not as careful with electronic communications such as e-mails and instant mes-sages (IMs) as they would be with more formal types of written communications. The result is that e-mails the sender may have thought were deleted may be produced during discovery and may be admissible against the employer at trial.

The determination of whether ESI is admissible depends on several factors. Like other types of evidence, ESI must be relevant (i.e., have a tendency to make some fact of consequence to the litigation more or less probable than it otherwise would be); authentic (that it is what it purports to be); and, if offered for its substantive truth, not hearsay (unless covered by an applicable hearsay exception). ESI must also be an original or acceptable duplicate (i.e., “best evidence”) or meet an exception (Federal Rules of Evidence 1001 through 1008). Additionally, its probative value must outweigh any unfair prejudice (Federal Rule of Evidence 403). The court’s decision in Lorraine v. Markel Am. Ins. Co., 241 F.R.D. 534 (D. Md. 2007) contains a thorough analysis of the admis-sibility of ESI. According to the court,

[C]onsidering the significant costs associated with discovery of ESI, it makes little sense to go to all the bother and expense to get electronic information only to have it excluded from evidence or rejected from consideration during summary judgment because the proponent cannot lay a sufficient foundation to get it admitted. The process is complicated by the fact that ESI comes in multiple evidentiary “flavors,” including e-mail, Web site ESI, internet postings, digital photographs, and computer-generated documents and data files.

Chapter Three


In Lorraine, the parties were unable to supply the evidentiary foundation needed for the court to rely upon various e-mails and other ESI offered in support of and in opposition to an arbitrator’s award.

2. Federal Rules of Civil Procedure Regarding Discovery of ESI.

a. Rules 16 and 26 – Parties Must Give Early Attention to Electronic Discovery Issues. Rules 16 and 26 require early attention to electronic discovery issues. Rule 16 provides that scheduling orders may include provisions for discovery of ESI and any agreements the par-ties reach for asserting claims of privilege or of protection as trial preparation material after production. Rule 26(a) includes ESI in the category of documents that must be disclosed to the opposing party without a request.

Rule 26(f), which requires the parties to have a planning conference to discuss the case, the possibility of settlement, and to develop a discovery plan, requires the parties to discuss the preservation of discoverable ESI. Under the rule, the parties must specifically address, among other things, any issue relating to the discovery or disclosure of ESI, including the form in which it should be produced. The focus in Rule 26(f) on ESI gives the parties the chance, early in the litigation, to discuss the parties’ information systems and develop a dis-covery plan that takes into account the capabilities of those systems.

The provision directing the parties to address the form in which ESI will be produced coin-cides with Rule 34(b), which was amended to permit the requesting party to specify the form or forms in which it wants electronically stored information produced. If the requesting party does not specify a form, Rule 34(b) directs the responding party to state the form it intends to use in the production. In Cenveo Corp. v. Southern Graphic Sys., 2009 WL 4042898 (D. Minn. Nov. 18, 2009), the court held that the production of documents in PDF format was not re-sponsive to a document request for documents in “native format.” The court held that the term “native format” is unambiguous, thus the requesting party was not required to define it. The producing party failed to object to producing documents in their native format, and failed to state the form of production, but instead unilaterally produced the documents in PDF format. Accordingly, the court ordered the party to produce the requested documents in their native format. Subsequently, the court ordered sanctions of $100,000 against Southern Graphics for spoliation of evidence. Cenveo Corp. v. Southern Graphic Systems, Inc., 2010 WL 3893680 (D. Minn., June 18, 2010), adopted, Cenveo Corp. v. Southern Graphic Systems, Inc., 2010 WL 3893709 (D. Minn., Sep. 30, 2010).

b. Litigation Hold. In addition to addressing the form in which electronically stored informa-tion is produced, Rule 26(f) also instructs the parties to discuss the preservation of ESI. The preservation of ESI is essential, especially in light of automated backup systems that auto-matically overwrite information on a regular basis.

This means that the employer and employment counsel need to meet early in the case to discuss the role of ESI in the dispute, where ESI is located in the client’s computer system, and specifically the location of ESI relating to key players in the litigation, including any data on laptops, handheld communication devices, and home computers used for work.

Employers should designate the IT personnel responsible for working with counsel on these issues and ensuring compliance with litigation hold instructions. The failure to timely institute written litigation holds and/or failure to engage in appropriate collection efforts after the duty to preserve arises may result in the imposition of sanctions. See, e.g., Hawley v. Mphasis Corp., 302 F.R.D. 37, 46 (S.D.N.Y. 2014) (“an obligation to preserve evidence arises when a party ‘has notice that the evidence is relevant to litigation or when a party should have known that the evidence may be relevant to future litigation.’ … Even in the absence of a discovery order, a court may impose sanctions on a party for misconduct in discovery under its inherent power to manage its own affairs. … However, a court may not impose sanctions under its in-

Chapter Three


herent power unless the party has “acted in bad faith, vexatiously, wantonly, or for oppressive reasons.”) (citations omitted).

In addition to IT, the litigation hold should be sent to all personnel who might have relevant ESI. The notice should provide personnel with the guidance necessary to meaningfully fulfill the directive and follow-up reporting procedures:

• advise as to the nature of the potential litigation;

• include the relevant date range;

• provide contact information for a person who can answer questions concerning the hold;

• provide a date by which preservation objectives must be met; and

• require personnel targeted as potentially having relevant documents to report back their findings (i.e., when a search was conducted, what areas were searched, the means used, what was found and what measures were taken to preserve anything potentially relevant).

c. Rule 26(b)(2) – Addressing Discovery of Electronic Information that is not Reason-

ably Accessible.

(1) Undue Burden or Cost. Under Rule 26(b)(2) “[a] party need not provide discovery of electronically stored information from sources that the party identifies as not reasonably accessible because of undue burden or cost. On a motion to compel discovery or for a protective order, the party from whom discovery is sought must show that the information is not reasonably accessible because of undue burden or cost. If that showing is made, the court may nonetheless order discovery from such sources if the requesting party shows good cause, considering the limitations of Rule 26(b)(2)(C).” Considerations for determin-ing whether the burden and cost of producing information that is not reasonably accessible are justified if the circumstances of the case include: (a) the specificity of the discovery request; (b) the quantity of information available from other and more easily accessed sources; (c) the failure to produce relevant information that seems likely to have existed but is no longer available on more easily accessed sources; (d) the likelihood of finding relevant, responsive information that cannot be obtained from other, more easily accessed sources; (e) predictions as to the importance and usefulness of the further information; (f) the importance of issue at stake in the litigation; and (g) the parties’ resources. “[A] discovery request may be denied if, after assessing the needs of the case, the amount in controversy, the parties’ resources, the importance of the issues at stake in the action, and the importance of the discovery in resolving the issues, the court finds that there exists a likelihood that the resulting benefits would be outweighed by the burden or expenses imposed as a consequence of the proposed discovery.” Conn. General Life Ins. Co. v. Earl Scheib, Inc., 2013 WL 485846 at *2 (S.D. Cal. Feb. 6, 2013) (citing Takacs v. Union County, 2009 WL 3048471, 1 (D.N.J. 2009)). “The purpose of this rule of proportionality is to guard against redundant or disproportionate discovery by giving the court authority to reduce the amount of discovery that may be directed to matters that are otherwise proper subjects of inquiry.” Id. In Scheib, the court granted the defendant’s motion for protective order after the defendant presented evidence that the expense of producing e-mail from 19 different accounts in response to the plaintiff’s request for production outweighed the amount at issue in the case. The court held that the expense associated with responding to the dis-covery was too great when weighed against what was at stake in the litigation.

(2) When is Cost-Shifting Appropriate? Before the implementation of the amended Rules of Civil Procedure, courts varied with regard to how to address the costs of produc-ing information that is not reasonably accessible. In Zubulake v. UBS Warburg LLC, 216 F.R.D. 280 (S.D.N.Y. 2003), the court noted that under the Federal Rules of Civil Procedure

Chapter Three


(pre-revision), cost-shifting is appropriate only when inaccessible data is sought. But see Toshiba America Electronic Components, Inc. v. Superior Court of Santa Clara County, 21 Cal. Rptr. 3d 532, 537, 541 (Cal. 6th App. 2004) (holding that California law requires the party seeking production to bear this cost, which Toshiba estimated at between $1.5 and $1.9 million; although the California rule requires the requesting party to pay the cost of translating a data compilation into usable form, it is for the trial court to decide the reason-ableness and necessity of the cost).

In Zubulake, the court set forth a seven-factor test to be used to determine when cost-shifting is appropriate:

• The extent to which the request is specifically tailored to discover relevant informa-tion;

• The availability of such information from other sources;

• The total cost of production, compared to the amount in controversy;

• The total cost of production, compared to the resources available to each party;

• The relative ability of each party to control its costs and its incentive to do so;

• The importance of the issues at stake in the litigation; and

• The relative benefits to the parties of obtaining the information.

216 F.R.D. at 284.

Cost of Attorney Review: In Zubalake, the court held that the responding party should al-ways bear the cost of reviewing and producing electronic data once it has been converted into an accessible form. 216 F.R.D. 280, 290.

In Shevlin v. Phoenix Life Ins. Co., 2012 WL 1981793 (D.N.J. June 1, 2012), the court vacated a magistrate’s order shifting the cost of production of ESI, including the cost of attorney review, to the plaintiffs. In that case, the estimated cost of searching, retrieving and processing the ESI was approximately $14,750, while the estimated cost to review the documents for responsiveness and privilege was between $250,000 and $300,000. The district court noted that the Third Circuit had not yet ruled on the issue of whether a court may shift the cost of attorney review of ESI from the producing party to the requesting party. The court also noted:

[O]ther courts are split on the issue. Compare In re Aspartame Antitrust Litig., 817 F. Supp. 2d 608, 615 (E.D. Pa. 2011) (awarding post-trial costs and finding that “‘[b]ecause a privi-lege screen is simply a keyword search for potentially privileged documents, we award that cost as well”) and Peskoff v. Faber, 251 F.R.D. 59, 61 (D.D.C. 2008) (noting that the Court “has the discretion … to shift all or part of the costs of production to the requesting party”) with Major Tours, Inc. v. Colorel, 2009 WL 3446761 at *6 (D.N.J. Oct. 20, 2009), aff’d on other grounds, 720 F. Supp. 2d 587 (D.N.J. 2010), reconsideration denied 2010 WL 3906350 (Sept. 29, 2010) (“The Court will not Order plaintiffs to share the cost of defen-dants’ privilege and relevancy review … Fairness dictates that defendants pay this cost.”) and Zubulake v. UBS Warburg LLC, 216 F.R.D. 280, 290 (S.D.N.Y. 2003) (“the responding party should always bear the cost of reviewing and producing electronic data once it has been converted to an accessible form.”).

Id. at *2. The district court vacated the magistrate’s order and directed him to more fully announce the findings of fact and conclusions of law that support the decision to shift the cost of attorney review of ESI from the producing party. Id. at *3.

Note that under Rule 26(b)(2)(B), a party cannot produce inaccessible ESI and then seek reimbursement for the cost of production. See Cason-Merenda v. Detroit Medical Center, 2008 WL 2714239 (E.D. Mich. July 7, 2008) (refusing to order requesting party to bear

Chapter Three


50 percent of the cost of production of allegedly inaccessible ESI where producing party never identified the ESI as inaccessible or filed a motion for protective order).

d. Procedure for Assertion of Privilege After Production. The potentially large volume of electronic data means it will be difficult if not impossible to conduct a page-by-page privilege or confidentiality review, as would be conducted on paper documents. Thus, there is an in-creased likelihood of inadvertent production of privileged information in the production of ESI. Federal Rules of Civil Procedure 16 and 26, as well as Federal Rule of Evidence 502 address this issue. Rule 16 provides that the court may include in the scheduling order any agreement the parties reach for asserting claims of privilege or protection as trial-preparation material after production. Thus, the parties could reach agreements such as “claw back” agreements, where the parties agree that production without intent to waive privilege or protection is not a waiver as long as the responding party identifies the documents mistakenly produced. The documents should be returned under these circumstances.

Rule 26(b)(5)(B) sets forth a specific procedure to be followed in the event of inadvertent production:

If information is produced in discovery that is subject to a claim of privilege or protection as trial-preparation material, the party making the claim may notify any party that received the information of the claim and the basis for it. After being notified, a party must promptly return, sequester, or destroy the specified information and any copies it has and may not use or disclose the information until the claim is resolved. A receiving party may promptly pres-ent the information to the court under seal for a determination of the claim. If the receiving party disclosed the information before being notified, it must take reasonable steps to retrieve it. The producing party must preserve the information until the claim is resolved.

Federal Rule of Evidence 502 was meant to ease fears that companies could accidentally waive attorney-client or work-product protections when they turn over reams of electronic data during litigation. The rule imposes uniform federal standards regarding such waivers. Subsection (a) deals with intentional waivers of otherwise protected materials “in a Federal proceeding or to a Federal office or agency.” Waivers extend to undisclosed materials if the waiver was intentional, what was disclosed and undisclosed concern the same subject mat-ter, and the materials “ought in fairness” be considered together. Subsection (b) deals with inadvertent production of otherwise protected or privileged material in state or federal pro-ceedings. It provides that there is no waiver if the disclosure was inadvertent, reasonable steps were taken to prevent disclosure, and reasonable steps were promptly taken to rectify the disclosure, including, if applicable, following Federal Rule of Civil Procedure 26(b)(5)(B). Note that Subsection (b) can operate independently of any party agreement.

Subsection (c) addresses disclosures in state proceedings. Assuming there is no controlling state order, inadvertent disclosure is not a waiver in a federal proceeding if the disclosure would not have been a waiver if it had been made in the federal proceeding and if the disclo-sure “is not a waiver under the law of the State where the disclosure occurred.”

Subsection (d) provides that, “[a] Federal court may order that the privilege or protection is not waived by disclosure connected with the litigation before the court – in which event the dis-closure is also not a waiver in any other Federal or State proceeding.” This provisions means that parties can enter into claw back and quick peek agreements, without fear that by doing so they will waive protection elsewhere.

Subsection (e) states that agreements between parties in federal proceedings bind only the parties. Subsection (f) states that Rule 502 is binding in diversity actions pending in federal courts “even if State law provides the rule of decision.” Subsection (f) also states that Rule 502 “applies in State proceedings and to Federal courts.” See also Rhoads Indus. Inc. v.

Chapter Three


Building Materials Corp. of America, 254 F.R.D. 216 (E.D. Pa. Nov. 14, 2008) (analyzing case under Federal Rule of Evidence 502, finding that party waived the privilege for electronic files which were not logged in accordance with Rule 26(b)(5)’s mandatory logging requirement; privilege was not waived for logged electronic files – the court found that the disclosure was inadvertent and, while the disclosing party’s steps to prevent disclosure and rectify error were not reasonable, the interests of justice nevertheless favored the disclosing party), clarified, Rhoads Indus. v. Bldg. Materials Corp. of Am., 254 F.R.D. 238 (E.D. Pa. 2008).

e. Rule 33(d) – Response to Interrogatories. Rule 33(d) permits parties to respond to interrogatories by producing business records. This rule has been amended to include ESI information in the category of business records that can be produced in response to an inter-rogatory.

f. Rule 34 – Production of Documents. This rule requires parties to produce documents and things and permit entry on land for inspection and other purposes and has been revised to include the production of ESI. The revised rule permits the requesting party to specify the form in which it wants the ESI produced. If the producing party objects to the specified form or if no form was specified, the producing party must state the form it intends to use when it responds to the document request. The rule also states that if a request does not specify the form or forms for producing ESI, the responding party must produce the information in the form or forms in which it is ordinarily maintained or in a form or forms that are reasonably useable. The comments to the revised rule note that the option to produce ESI in a reasonably usable form does not mean that the responding party can convert this information to a form that makes it more difficult or burdensome for the requesting party to use the information ef-ficiently in litigation. Further, a party need not produce the same ESI in more than one form.

The comments to the revised rule note that a request for the discovery of “documents” should be understood to encompass ESI unless discovery in the case has clearly distinguished between ESI and documents. The revised rule also makes it clear that parties may request an opportunity to test or sample materials sought under Rule 34, in addition to inspecting or copying them.

g. Rule 37 – Sanctions for Failure to Make Disclosures or Cooperate in Discovery. Amendments to Federal Rule of Civil Procedure 37(e) took effect December 1, 2015. Under the pre-amendment rule, absent exceptional circumstances, a court could not impose sanc-tions on a party for failing to preserve ESI lost as a result of routine, good-faith operation of an electronic information system. The pre-amendment rule did not specifically state when courts should issue spoliation sanctions or when more severe sanctions (such as entry of default judgment) should be awarded. The amended rule provides a framework for analyzing spolia-tion claims. The amended Rule 37(e) provides:

(1) Failure to Preserve Electronically Stored Information. If electronically stored infor-mation that should have been preserved in the anticipation or conduct of litigation is lost because a party failed to take reasonable steps to preserve it, and it cannot be restored or replaced through additional discovery, the court:

(a) upon finding prejudice to another party from loss of the information, may order measures no greater than necessary to cure the prejudice; or

(b) only upon finding that the party acted with the intent to deprive another party of the information’s use in the litigation may:

(A) presume that the lost information was unfavorable to the party;

(B) instruct the jury that it may or must presume the information was unfavorable to the party; or

(C) dismiss the action or enter a default judgment.

Chapter Three


The advisory committee notes to the new rule state that it will only apply to ESI, not to spolia-tion of tangible evidence. Under the new rule, a court must determine if the lost evidence can be recovered or replaced before ordering any curative measures. Additionally, an order of more severe measures such as default judgment, an unfavorable jury instruction or adverse presump-tion can only be ordered if the court finds that the party intended to deprive the other party of the information’s use in the litigation. The cases below address spoliation sanctions prior to the amendment of Rule 37(e). In some cases, analysis under the amended rule could have resulted in a different outcome. However, in others, such as the Victor Stanley case, where the conduct was so egregious that its factual situation likely will rarely, if ever, be repeated, the outcome prob-ably would be the same under the amended rule.

In Qualcomm Inc. v. Broadcom Corp., 2008 WL 66932 (S.D. Cal. Jan. 7, 2008), vacated in part on other grounds, 2008 WL 638108 (S.D. Cal. March 5, 2008), a federal district court in California awarded over $8 million in sanctions against the plaintiff in a patent infringement trial because the plaintiff failed to produce 46,000 relevant documents while producing 1.2 million marginally relevant documents. In determining that Qualcomm intentionally withheld documents, the court emphasized that the suppressed documents directly contradicted a key argument advanced by Qualcomm in pretrial motions and throughout trial and supported a defense asserted by Broadcom. Id. The Court also stressed the quantity of suppressed documents, the ease with which Qualcomm ultimately was able to locate the documents, the simplicity and relevancy of the search terms and search locations that led to the discovery of the documents, and the lack of evidence indicating that Qualcomm had engaged in any meaningful oversight of its docu-ment production. Qualcomm Inc. v. Broadcom Corp., 2010 WL 1336937 (S.D. Cal. April 2, 2010) (noting that Qualcomm did not appeal the sanctions against it; overturning sanctions against responding attorneys). See also Victor Stanley Inc. v. Creative Pipe, Inc., 269 F.R.D. 497 (D. Md. Sep. 9, 2010) (granting default judgment against the defendant on plaintiff’s copyright infringe-ment claim and ordering that the individual defendant’s acts of spoliation be treated as contempt of court, and that, as a sanction, he be imprisoned for a period not to exceed two years, unless and until he paid the plaintiff’s attorneys’ fees and costs).

Additionally, in E.I. du Pont de Nemours and Company v. Kolon Industries, Inc., 2011 WL 1597528 (E.D. Va. April 27, 2011), a misappropriation of trade secrets case against a former employee, the employee claimed Du Pont’s alleged spoliation of evidence denied him access to evidence nec-essary for his defense. The court denied the former employee’s motion for sanctions because the court found that Du Pont “in good faith, took positive steps reasonably calculated to ensure that information it reasonably believed was relevant at that time was preserved for litigation.” Id. at *49. In the same case, Du Pont later sought sanctions for spoliation of evidence against Kolon Industries. See E.I. du Pont de Nemours and Company v. Kolon Industries, Inc., 803 F. Supp. 2d 469 (E.D. Va. 2011). The court held that sanctions were appropriate because Kolon intentionally and in bad faith deleted files and e-mail after the company learned of the lawsuit. Accordingly, the court issued an adverse inference order informing the jury of Kolon’s deletion of electronic information and permitting the jury to infer that this information would help Du Pont and harm Kolon. The jury subsequently returned a $919 million verdict against Kolon.

h. Rule 45 – Subpoenas. Rule 45 covers the issuance of subpoenas for tangible things, including ESI. The rule was amended to recognize that ESI can be sought from nonparties by subpoena in much the same way that ESI can be sought under Rule 34 from parties and to include an inaccessibility provision similar to that in Rule 26(b)(2)(B). The revised rule pro-vides, among other things, that a person need not produce ESI from sources that the person identifies as not reasonably accessible because of undue burden or cost. On a motion to com-pel discovery or quash a subpoena, the person from whom discovery is sought must show that the information sought is not reasonably accessible because of undue burden or cost. If that showing is made, the court may still order discovery from such sources if the requesting person shows good cause, considering the limitations in Rule 26(b)(2)(C), which balance the costs and potential benefits of discovery.

Chapter Three


3. Developing Policies and Procedures Relating to Electronic Discovery. Employers should make proactive efforts to prepare to respond to discovery requests for electronic documents be-fore receiving such requests. Some key policies that should be considered include:

a. Develop Document Retention and Electronic Communication Policies. The first step is to develop document retention and electronic communication policies. Employers should implement a consistent policy for deleting ESI, including old e-mails and instant messages, as long as it is consistent with any regulatory requirements for document retention and can be suspended in the event of litigation. Employers should ensure those who are responsible for responding to discovery requests are familiar with document retention and electronic com-munication policies. Employees should be made aware of these policies and reminded of them on a regular basis.

b. Understand Computer/Electronic Data Storage Processes. Employers should ensure that the individual(s) charged with complying with discovery requests in litigation understand how the company’s computer or electronic data storage processes work and how to imme-diately suspend any automatic deletion of electronic documents. These employees should identify the chain of command with regard to the storage and access of electronic data and should establish a contact person, preferably high in the chain of command, who will be noti-fied when discovery requests for electronic documents are received.

c. Develop Litigation Hold Plan. Most business computers automatically delete documents after a certain period of time. Even backup tapes may be erased as part of this automatic process. Employers should develop a plan for overriding this automatic deletion of documents when litigation is threatened or filed. Actual tests should be run to make sure the procedure for overriding automatic deletion works before there is litigation.

d. Review Archiving Technologies. Employers should review their company’s archiving technologies to ensure that electronically stored information can be recovered in the event of litigation, as well as serving backup and disaster recovery purposes.

e. Develop Notification Procedures. Companies should have a plan to notify employees of document preservation obligations and the imposition of a litigation-hold on information when litigation is pending or imminent. IT groups should understand that a delay in enacting the company’s preservation plan can result in deleted data (and possible claims of spoliation of evidence, with attendant imposition of sanctions, if the company utilizes an auto-delete mail function and it continues to operate). Employees must be trained on the notification plan and tests should be conducted with some regularity in order to assure effective functionality.

f. Address Inadvertent Storage Issues. Employers should determine whether data is be-ing stored inadvertently, such as on individual PCs or portable electronic devices such as smart phones, or backups from PCs and devices even after it has been deleted from corpo-rate archives.

g. Protect Confidentiality. Employers should develop a policy for identifying and labeling electronic communications and electronically stored information as confidential, privileged, or work-product, as appropriate. The policy should include provisions for storage of confidential or privileged communications to help protect confidentiality and limit access to these docu-ments.

III. OTHER ISSUESA. Risks of internal Computer Fraud. While large data breaches by professional hackers have captured the headlines lately, the unpleasant reality is employers may face a greater risk of data theft from employees than outside hackers. In a recent study conducted by Symantec, half of the employees surveyed stated that they transfer work to their home computers using personal e-mail

Chapter Three


accounts such as Google, which may be less secure than employer-provided e-mail. Others admit-ted to transferring work to cloud-sharing apps such as Dropbox without permission and transferring data to their personal tablets or smartphone. Most concerning, however, is that half of the employ-ees who left or lost their jobs stated they took confidential information with them, and 40 percent stated they plan to use it in their next job. See Denise Deveau, Data threat as much an internal threat as it is external, Financial Post, Feb. 21, 2013, http://business.financialpost.com/2013/02/21/data-theft-as-much-an-internal-threat-as-it-is-external/. Additionally, the FBI’s website reports a num-ber of recent cases of employee theft of trade secrets that resulted in criminal convictions. For exam-ple, Wen Chyu Liu, a retired research scientist, was sentenced in January 2012 to 60 months in prison, two years supervised release, a $25,000 fine and was ordered to forfeit $600,000. Liu was convicted in February 2011 of stealing trade secrets from his former employer and selling them to companies in China. http://www.fbi.gov/about-us/investigate/counterintelligence/the-insider-threat. Yuan Li, a for-mer research chemist with a global pharmaceutical company, was sentenced to 18 months in pris-on after she pled guilty to stealing her employer’s trade secrets and making them available for sale through her own company. For over three years, Li accessed her company’s internal database and downloaded information to her personal computer. Id. Kexue Huang was sentenced to 87 months in prison for theft of trade secrets and economic espionage after he delivered stolen trade secrets from two different U.S. employers to companies in Germany and China. The aggregated loss from the U.S. companies was between $7 million and $20 million. As discussed in the Data Privacy Chapter of the SourceBook, implementing strong security measures can help prevent some incidents of employee theft. Additionally, while the FBI will not become involved in most acts of employee theft or fraud, there are some state and federal laws that may provide some protection for employers.

1. Computer Fraud and Abuse Act (CFAA). CFAA, 18 U.S.C. § 1030, et seq., prohibits certain types of conduct relating to computers. Section 1030(a)(2) prohibits obtaining, without authoriza-tion, information from private computers that are used in interstate commerce. Section 1030(a)(4) prohibits accessing a protected computer, without authorization, with the intent to defraud and obtain something of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any one-year period. The CFAA does not define authorization. There are two lines of cases interpreting the meaning of authorization under the CFAA. See, e.g., Guest-Tek Interactive Entm’t, Inc. v. Pullen, 665 F. Supp. 2d 42 (D. Mass. 2009) (discussing the split of authority interpreting the term “without authorization” under the CFAA). Some courts have held that without authorization means conduct by outsiders who do not have permission to access the plaintiff’s computer in the first place. Other courts have held, however, that an employee accesses a computer “without authorization” for the purposes of the CFAA whenever the employee, without the employer’s knowledge, acquires an interest that is adverse to that of his employer or is guilty of a serious breach of loyalty.

a. Cases Finding Defendants Originally Authorized to Access Computer Did Not Act

Without Authorization. In LVRC Holdings v. Brekka, 581 F.3d 1127(9th Cir. 2009), the Ninth Circuit held that the defendant did not violate the CFAA when he e-mailed work documents to his home computer, regardless of whether he did so to further his personal business in-terests rather than to further the interests of the employer. According to the court, when an employer authorizes an employee to use a company computer subject to certain limitations, the employee remains authorized to use the computer even if the employee violates those limitations. The court found that no language in the CFAA “supports LVRC’s argument that the authorization to use a computer ceases when an employee resolves to use the computer contrary to the employer’s interests.” Further, the court held that “nothing in the CFAA sug-gests that a defendant’s liability for accessing a computer without authorization turns on whether the defendant breached a state law duty of loyalty to an employer.” See also United States v. Nosal, 676 F.3d 854 (9th Cir. 2012) (rejecting the Government’s broad construction of the CFAA to include employees who exceed authorized access on their employer’s computer because it would improperly include employees who innocently engage in harmless, social

Chapter Three


pastimes at work). The court in Nosal noted, “[m]inds have wandered since the beginning of time and the computer gives employees new ways to procrastinate by g-chatting with friends, playing games, shopping or watching sports highlights.” Id. at 860. Thus, the court held that imposition of criminal liability on such employees would be improper. Id. See also WEC Caro-lina Energy Solutions LLC v. Miller, 687 F.3d 199 (4th Cir. 2012) (finding that two employ-ees who downloaded their employer’s proprietary information and used it to obtain work for a competitor following their resignation did not access a computer without authorization or exceed their authorized access in violation of the CFAA even though their actions violated the employer’s policy prohibiting the downloading of proprietary and confidential information to a personal computer; the court acknowledged that its conclusion would likely disappoint employers hoping to reign in rogue employees but stated that it was unwilling “contravene Congress’s intent by transforming a statute meant to target hackers into a vehicle for imputing liability to workers who access computers or information in bad faith, or who disregard a use policy”); Dresser-Rand Co. v. Jones, 957 F. Supp. 2d 610 (E.D. Pa. 2013) (holding that employ-ees who accessed their work laptops and downloaded thousands of documents to external storage devices did not violate the CFAA because they were authorized to access their work computers and did not hack them; that the employees subsequently misused the files they downloaded did not give the employer a remedy under the CFAA); Black & Decker, Inc. v. Smith, 568 F. Supp. 2d 929, 934-37 (W.D. Tenn. 2008) (“[The employee] was permitted access to [the employer’s] network and any information on that network. The fact that [the employee] did not have permission to subsequently misuse the data he accessed by sharing it with any of his former employer’s competitors is another matter that may be circumscribed by a dif-ferent statute.”); Shamrock Foods Co. v. Gast, 535 F. Supp. 2d 962, 967 (D. Ariz. 2008) (“A violation for accessing ‘without authorization’ occurs only where initial access is not permitted. And a violation for ‘exceeding authorized access’ occurs where initial access is permitted but the access of certain information is not permitted.”); Diamond Power Int’l v. Davidson, 540 F. Supp. 2d 1322, 1342 (N.D. Ga. 2007) (holding that a violation of the CFAA “does not depend upon the defendant’s unauthorized use of information, but rather upon the defendant’s unau-thorized use of access”); Brett Senior & Asc., PC v. Fitzgerald, 2007 WL 2043377 (E.D. Pa. July 13, 2007) (holding that that an accountant who used his computer to copy information about his previous employer’s clients to share with his new employer did not violate the CFAA; the accountant did not exceed his authorized access because he did not “obtain any infor-mation that he was not entitled to obtain or alter any information that he was not entitled to alter” since he was allowed full access to information contained in the BSA computer system until his departure. The court held that unauthorized access or exceeding authorization is key to a finding of liability under the CFAA.); Int’l Ass’n of Machinists & Aero. Workers v. Werner-Matsuda, 390 F. Supp. 2d 479 (D. Md. 2005) (holding that the CFAA was designed to prevent illegal access to a database, not the “larceny” of data from a database that was accessed legally); SecureInfo Corp. v. Telos Corp., 387 F. Supp. 2d 593 (E.D. Va. 2005) (finding that ac-cess was fully authorized and therefore no CFAA claim was stated). See also United States v. Rodriguez, 628 F.3d 1258, 1263 (11th Cir. 2010) (distinguishing LVRC holdings because the employee in this case was told he was not authorized to obtain personal information from the employer’s (the Social Security Administration) database for anything other than business reasons, and the employee acknowledged that his access of the information was not for busi-ness reasons, thus there was no question his access of the information was unauthorized).

b. Cases Finding Defendants Originally Authorized Acted Without Authorization. An-other line of cases holds that an employee accesses a computer “without authorization” for the purposes of the CFAA whenever the employee, without the employer’s knowledge, acquires an interest that is adverse to that of his employer or is guilty of a serious breach of loyalty. See, e.g., Int’l Airport Ctrs., L.L.C., v. Citrin, 440 F.3d 418, 419 (7th Cir. 2006) (permitting employer to proceed with complaint that ex-employee violated the CFAA by installing secure-erasure program that permanently deleted files on his employer-provided laptop; the facts alleged, if

Chapter Three


true, showed that the employee acted without authorization when he deleted files that would have incriminated him and other files that were the employer’s property, in violation of his duty of loyalty to the employer); Guest-Tek Interactive Entertainment, Inc. v. Pullen, 665 F. Supp. 2d 42, 46 (D. Mass. 2009) (permitting the plaintiffs to proceed with their claims that the defendant violated the CFAA when he surreptitiously transposed thousands of Guest-Tek computer files onto his personal USB device and allegedly used them to launch a competing company) HUB Group, Inc. v. Clancy, 2006 WL 208684 at *4-5, (E.D. Pa. 2006) (finding allegations that former employee accessed confidential information to aid his subsequent employer were sufficient to state a claim under the CFAA, but dissolving temporary injunction against former employee because the plaintiff failed to show irreparable harm or the likelihood of success on the mer-its of its claim); Int’l Sec. Mgmt. Group, Inc. v. Sawyer, 2006 WL 1638537 at *21 (M.D. Tenn. 2006) (“There is no dispute that [the defendant] exceeded his authority when he e-mailed [to competitors] documents that [the plaintiff] considers proprietary,” thus, for purposes of injunc-tive relief, the plaintiff established a likelihood of success on the merits of the CFAA claim but the court denied the motion for a preliminary injunction barring further violation of the CFAA because the plaintiff failed to demonstrate the other factors necessary for injunctive relief); George S. May Int’l Co. v. Hostetler, 2004 WL 1197395 at *3 (N.D. Ill. 2004) (denying motion to dismiss CFAA claim, holding, “[the defendant’s] authorization did not extend to removing copyrighted materials from the computer system for his personal benefit or that of a competi-tor”); but see Nucor Steel Marion, Inc. v. Mauer, 2010 WL 5092774 at *4 (D.N.H. Dec. 7, 2010) (plaintiff failed to allege facts sufficient to meet either the unauthorized access or exceeds authorized access elements of a CFAA claim where the complaint did not allege that the ex-employee ever acquired an interest that was adverse to that of his employer or was guilty of a serious breach of loyalty at any time before he downloaded and e-mailed company data from his work computer) (citing Guest-Tek).

In Eagle v. Morgan, 2012 WL 4739436 (E.D. Pa. Oct. 4, 2012), the court entered judgment in favor of the employer on a former employee’s CFAA claim in a dispute over the ownership of the employee’s LinkedIn account created during the scope of her employment. The court ruled that the employee’s allegations of the loss of potential business opportunities, goodwill, and/or interference with customers are not cognizable losses under the CFAA, even though it was undisputed that the employee lost control of the LinkedIn account after she was ter-minated. Id. at *5-6. See also Rajaee v. Design Tech Homes, Ltd., 2014 WL 5878477, at *1 (S.D. Tex. Nov. 11, 2014) (granting summary judgment on plaintiff’s CFAA claim alleging he lost “600 business contacts collected during the course of his career, family contacts (many of which are located overseas and some are related to family business), family photos, business records, irreplaceable business and personal photos and videos and numerous passwords” when his employer remotely wiped his personal iPhone, which he also used for work, after the plaintiff was discharged. The court held that the plaintiff failed to show he sustained $5,000 in cognizable loss under the CFAA.).

c. Damages. The CFAA permits prevailing employers to recover compensatory damages and obtain injunctive relief. Additionally, the CFAA provides for criminal sanctions, including penalties and/or a prison sentence of up to 10 years. The recovery against those found to have violated the CFAA may be significant and can include cost of conducting a loss estima-tion, restoring the system to the condition it was in before the illegal act, and any lost revenue.

2. State Computer Crimes Laws May Prohibit Unauthorized Computer Access and Theft. For example, Florida’s Computer Crimes Act (FCCA), provides that:

A person commits an offense against users of computers, computer systems, computer net-works, or electronic devices if he or she willfully, knowingly, and without authorization:

(a) Accesses or causes to be accessed any computer, computer system, computer net-work, or electronic device with knowledge that such access is unauthorized;

…

Chapter Three


Fla. Stat. § 815.06(1). Access is defined as “to approach, instruct, communicate with, store data in, retrieve data from, or otherwise make use of any resources of a computer, computer system, or computer network.” Fla. Stat. § 815.03. Florida Statute § 815.04(4) addresses vio-lations related to the taking of intellectual property:

A person who willfully, knowingly, and without authorization discloses or takes data, pro-grams, or supporting documentation that is a trade secret … or is confidential as provided by law residing or existing internal or external to a computer, computer system, computer network or electronic device commits an offense against intellectual property.

Florida’s statute makes it a felony to disclose or take data that constitutes intellectual property. Fla. Stat. § 815.04(5).

In Willoughby v. State, 84 So.3d 1210 (Fla. 3d DCA 2012), the court upheld a criminal convic-tion against a former employee who, while she was employed, and allegedly for work purposes, transmitted a confidential client list from her employer’s computer system to her laptop in viola-tion of a signed express written instruction that she not do so. The Willoughby case involved an employee of a human services agency that had transmitted her employer’s confidential trade secret documents to her laptop, thus implicating the above section related to intellectual property crimes. Specifically, the document transferred was a “client trust fund master list,” and Willoughby claimed that she transmitted the information to her personal laptop for work-related purposes. Subsection (6) of § 815.06 clarifies that the section “does not apply to any person who accesses his or her employer’s computer system … when acting within the scope of his or her lawful em-ployment.” Because Willoughby was authorized to access her employer’s computer network, the Third District Court of Appeal held that the state failed to prove her conduct violated Fla. Stat. § 815.06. However, the court affirmed Willoughby’s conviction under Fla. Stat. 815.04, taking intel-lectual property. Although Willoughby argued that she did not have malicious intent in download-ing the employer’s information, the court held that the state only had to show that her conduct was willful, knowing, and without authorization. The court noted that Willoughby was repeatedly informed she could not obtain any of the data from her employer’s network. Because she trans-ferred files without authorization, her conviction was affirmed.

3. Steps That May Protect the Employer from Disgruntled Former Employees. Employers can take certain steps that may help protect them from sabotage or preserve evidence if the employee sues because of his termination.

• Preserve the ex-employee’s computer hard drive. In cases in which litigation or an agen-cy charge may result from the termination, employers should consider preserving the ex-employee’s computer hard drive instead of reassigning the computer to another employee. If storage space makes storing the hard drive impractical or if the storage time is likely to be lengthy, consider having a forensic specialist create a copy of the hard drive. It is important that this is done correctly, by an individual familiar with forensic procedures, to ensure the data is properly preserved so that it can be used in any subsequent litigation.

• Preserve the employee’s electronic mail. The employee’s inbox should be preserved separately from files recovered from the deleted e-mails, so that it clear which e-mails the employee deleted before termination.

• Examine the hard drive. Examine the employee’s hard drive (after steps have been tak-en to preserve all relevant data) to determine whether the employee used a scrubbing or cleaning program on the computer.

• Security Procedures. Implement and monitor good computer security procedures, such as unique passwords, frequent changing of passwords, activity and access logging, logging off when leaving a workstation, and backing up and maintaining security logs.

• Monitoring Employees. Consider using spyware to monitor employee computer usage. Such spyware not only tracks employee computer usage, but some types can also de-

Chapter Three


tect the installation of unapproved software that may be installed to smuggle documents through steganography (the process of hiding information within other information) or digital watermarking. These technologies can be used by employees to hide employer information such as customer lists, business plans, or other confidential information in innocuous look-ing files such as family photos that are e-mailed from work to home by the employee before his or her departure. Because such hidden data within a photo file is imperceptible to the eye, as is the alteration made to the photo, a reviewer of the data cannot detect its existence without special software and/or access to the unaltered original file.

• Conduct an Exit Interview. Conduct an exit interview that covers an employee’s use of laptops, home computer for work, USB drives and PDAs and make sure all company in-formation is retrieved. As a part of the exit procedure, have the departing employee sign a statement to the effect that he has not removed any files, including files, or other property of the employer.

B. Defamation Claims Based on Electronic Communications.

1. Defamation Generally. In its most basic sense, defamation occurs whenever a speaker or writer communicates a false statement to a third person and that statement injures the reputation of the person identified in the statement. The defamation is called libel if it is written or other-wise tangible and slander if it is spoken. Although the two may differ slightly in some technical respects, for the purposes of these materials, both are treated as one issue.

2. Elements of Defamation. The essential elements of defamation are as follows:

a. a false and defamatory statement, i.e., a statement that injures the reputation or com-munity standing of another person or discourages others from associating with that person;

b. concerning the plaintiff;

c. that is “published” or communicated to a third party;

d. with fault amounting to at least negligence (some states have not required a showing of fault or negligence if the plaintiff is a private person and the defendant is not a member of the media); and

e. with proof of damages or a presumption of damages to the plaintiff as a matter of law.

Generally, whether statements contained in an e-mail are defamatory depends on state law gov-erning defamation claims. In some cases, statements have been held to be subject to a qualified privilege if made in good faith, with an interest to be upheld, limited in scope to that interest, on a proper occasion and publicized in a proper manner. Additionally, most states apply a qualified privilege to communications made as part of internal investigations, provided publication is not made to persons who do not have a legitimate interest in the information.

3. Cases Addressing Defamation Claims.

a. In Brown v. Westaff (USA), Inc., 301 F. Supp. 2d 1011 (D. Minn. 2004) (applying Minnesota law), the court held that a former employer was not liable for defamation for e-mails sent to human resources personnel within the context of an investigation of employee wrongdoing where the court found that the e-mail communications were privileged and were not made with actual malice.

b. In Bates v. Variable Annuity Life Ins. Co., 200 F. Supp. 2d 1375 (N.D. Ga. 2002) (applying Georgia law), the court held that statements contained in an e-mail regarding a discharged employee, which was sent to corporate managers who had reason to receive the information, were privileged. Accordingly, the court held that the employee who sent the message and his employer were not liable for defamation.

Chapter Three


c. In Lian v. Sedgwick James of New York, Inc., 992 F. Supp. 644 (S.D.N.Y. 1998) (applying New York law), the court found that no reasonable jury could find that an e-mail sent by a company supervisor was defamatory and, accordingly, granted the employer’s motion to dis-miss. The e-mail stated that the supervisor and the plaintiff had agreed that the plaintiff would begin to seek employment outside of the company. The plaintiff claimed no such agreement had been reached, and the e-mail defamed him. The plaintiff resigned and sued the employer for libel per se (a writing that tends to disparage a person in the way of his office, profession, or trade). The court concluded the terms of the e-mail were susceptible to only one meaning, and a reasonable person would not find the e-mail susceptible to a defamatory meaning. Ac-cordingly, the court granted summary judgment in favor of the employer.

d. In Mills v. Wex-Tex Industries, Inc., 991 F. Supp. 1370 (M.D. Ala. 1997) (applying Alabama law), the court found that a plaintiff failed to establish that her supervisor was liable for defa-mation where there was no proof that the defamatory statement was made to a third party; ac-cordingly, the plaintiff’s former employer was not liable for defamation. In this case, the plaintiff read a statement on her supervisor’s computer, which stated that she had a mental problem. The court held that to show defamation, a plaintiff must prove that a false and defamatory statement was communicated, without privilege, to a third party, with fault amounting to at least negligence and either actionability of the statement irrespective of special harm (ac-tionable per se) or the existence of special harm caused by the publication of the statement (actionable per quod). The court concluded that since there was no evidence of an actionable harm from the statement and since there was no publication of the statement, summary judg-ment was appropriate because the former employer could not be held vicariously liable when its company supervisor was not liable for defamation.

C. Electronic Signatures.

The Uniform Electronic Transactions Act (the Act), which has been adopted by a number of states, provides that a contract, record, or signature cannot be denied legal effect or enforceability solely because it is in electronic form. The Act also provides that if a law requires a record to be in writ-ing and requires a signature, an electronic record and electronic signature satisfy the law. The Act defines electronic signature as “an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.” To receive the protection of the Act, the parties should agree to conduct transactions by electronic means. Generally, this requirement is satisfied if the employee provides an electronic signature for each transaction. The Act requires that the electronic record, document, contract and signature be created in a form that ensures the integrity, security, and confidentiality of the document. This pro-cess must be designed to prevent or detect any changes to a record or contract following an elec-tronic signature. The employee must be able to print a copy of the record or contract for his or her own record. The employer must also take steps to ensure that information regarding an employee’s medical and confidential files remains confidential.

A failure to ensure the confidentiality of medical records or personally identifiable information could cause an employer to be in violation of certain federal or state laws. Additionally, an employee may attempt to challenge the authenticity of an electronic record by claiming it was altered after he or she signed it.

Employers interested in using electronic records may want to consider providing, at the start of employment or at the beginning of the use of electronic records, an acknowledgment and consent to the use of electronic records. Such employers should also ensure that sufficient safeguards are in place to protect the privacy of an employee’s password for his or her electronic signature, as well as all confidential information maintained in electronic format. Additionally, employers should check the laws of the states in which they have employees because state laws governing electronic sig-natures vary.

Chapter Three EMPLOYER CHALLENGES AND POTENTIAL … 3... · • Possible reduction of risks of...

Documents

Transcript of Chapter Three EMPLOYER CHALLENGES AND POTENTIAL … 3... · • Possible reduction of risks of...