Defending The Digital Workplace

An ebusinesscounsel.com publication

Posts Tagged ‘E-mail

Free Pass for Attorneys when it comes to “Monumental” E-Discovery Violations?

The E-Discovery Team (courtesy of Mr. Losey) reported that the Qualcomm Order concerning whether six attorneys would be personally sanctioned for discovery misconduct relating to their defense of their corporate client came down (click here for Mr. Losey’s post). Here is a link to the April 2, 2010 Order. If you’re short on time, read the image that accompanies this post – it reaches the same conclusion.

For those that have not followed or forgotten about this e-discovery saga, it arose out of an order sanctioning Qualcomm and a number of its outside attorneys for failing to produce tens of thousands of relevant and responsive documents during its patent suit against Broadcom.

These documents also consisted of emails and documents that undercut Qualcomm’s position at trial (I hate it when the facts get in the way). Taking a page from the Watergate playbook, Qualcomm then attempted to cover up these documents after they emerged at a critical point in the trial. But at the end of the day, Qualcomm was ordered to pay Broadcom $8,568,633.24 and found that six attorneys personally contributed to what the Court described as a “monumental discovery violation.” See Qualcomm Inc. v. Broadcom Corp. 2008 WL 66932, 13 (S.D.Cal. 2008).

Around March 2008, the case was remanded to the Magistrate Judge for additional consideration and, specifically, to provide the sanctioned attorneys an opportunity to defend their actions. With the benefit of this second-go-around, the finding that these attorneys contributed to a “monumental discovery violation” might have been a little harsh. Or in the words of the Court’s Order declining to hold those six attorneys responsible:

There still is no doubt in this Court’s mind that this massive discovery failure resulted from significant mistakes, oversights, and miscommunication on the part of both outside counsel and Qualcomm employees. The new facts and evidence presented to this Court during the remand proceedings revealed ineffective and problematic interactions between Qualcomm employees and most of the Responding Attorneys during the pretrial litigation, including the commission of a number of critical errors. However, it also revealed that the Responding Attorneys made significant efforts to comply with their discovery obligations. After considering all of the new facts, the Court declines to sanction any of the Responding Attorneys.

While the Qualcomm attorneys were eventually exonerated (although, this may be a quintessential Pyrrhic victory for the attorneys and law firm involved – see this article) it is likely that this case will continue to be the equivalent of “Kaiser Soze” for the legal community, i.e.,  “a spooky story” told as a reminder of what could happen to an attorneys who doesn’t comply with his or her ethical and legal obligations. Right … what could happen ….

In any event, the “major errors”highlighted by the magistrate’s April Order are instructive for both in-house and outside counsel. The first “fundamental problem” was “an incredible breakdown in communication,” which “contributed to all of the other failures.” Other specific failures recognized by the court included a failure to present evidence establishing that any attorney (in-house or outside counsel) explained the legal issues to the appropriate employees or discussed collection procedures; the failure to obtain sufficient information to understand the relevant computer systems; and the failure of any attorney to take on a supervisory responsibility for verifying that the necessary discovery was conducted.

Written by Jason Shinn

April 6, 2010 at 4:47 pm

Will Your Company E-mail Policy Eliminate Litigation?

iStock_000003283183XSmallA recent federal court decision provides a text book example of how company e-mail policies when drafted and implemented properly can reduce or otherwise eliminate litigation.

Factual Background:

The plaintiff, Kevin Sporer contended that his former employer, United Air Lines invaded his privacy by viewing a pornographic video attached to an e-mail that Sporer sent from his work account to his personal account. Sporer also contended that United wrongfully terminated his employment. Sporer was a supervisor at the time of the discharge.

Sporer received an e-mail entitled “Amazing oral talent!!!!!!!!!!” on his work e-mail account from a friend. Sporer then sent this e-mail from his work computer, over United’s server, to his personal e-mail account. The trial court noted that the e-mail “contained a pornographic movie of a woman orally copulating a man in various acrobatic positions.” (Imagine if you were the judge explaining to your significant other: “Honestly, honey, I have to watch this for work.”).

A few minutes after transmitting the email to his personal e-mail account, Sporer emailed his friend that sent the e-mail: “Thank you for the spiritual lift. However, I need you to use my home E-mail address…. Apparently United Air Lines, Inc. has a strict computer security policy and these babies will get me fired.”

During a routine audit (yes, employers actually do this), United’s Information Security department came across the pornographic e-mail Sporer sent to his personal e-mail account, which eventually resulted in Sporer’s discharge for violating United’s e-mail policy.

The E-mail Policy:

UAL’s e-mail policy provided, in relevant part:

Message content must always be professional. It is strictly prohibited to transmit or store any messages or data that compromises or embarrasses the Company, contains explicit or implicit threats, obscene, derogatory, profane or otherwise offensive language or graphics, defames, abuses, harasses, or violates the legal rights of others.

United’s Information Security Policy also prohibited the transmission of obscene, derogatory, profane or otherwise offensive language or graphics. United’s information security policies are established to: “(1) protect the company’s investment in its human and financial resources expended to create its systems; (2) safeguard its information; (3) reduce business and legal risk; and (4) maintain public trust and the reputation of the company.” Under the heading “Privacy and Monitoring,” United’s Electronic Communications Standards provides:

The company reserves the right to monitor all e-mail on the company e-mail system-In other words, as an employee you should assume no right of privacy on e-mail transmitted on the company system. In addition, and messages sent or received, for business or personal reasons, may be disclosed to law enforcement officials or third parties without your prior consent.

Sporer admitted to having received reminders about United’s e-mail policy and that he understood that the content of his emails should not be less than professional. In fact, to turn on and use his work computer, Sporer had to click “OK” to clear the Warning Notice, informing him that the computer system is monitored.

Plaintiff’s Arguments Against Discharge

Sporer argued that his termination was wrongful because it was in violation of his right to privacy and in violation of a federal statute (18 U.S.C. § 2511, et seq.), which prohibits the interception and disclosure of wire, oral (Amazing or otherwise), or electronic communications. An invasion of privacy claim under California law requires a plaintiff to demonstrate: “(1) a legally protected privacy interest; (2) a reasonable expectation of privacy in the circumstances; and (3) conduct by defendant constituting a serious invasion of privacy.” Hill v. National Collegiate Athletic Assn., 7 Cal.4th 1, 39-40, 26 Cal.Rptr.2d 834, 865 P.2d 633 (1994). The Court quickly dismissed Sporer’s invasion of privacy claim noting that in 2001, “more than three-quarters of this country’s major firms monitor, record, and review employee communications and activities on the job, including their telephone calls, e-mails, Internet connections, and computer files.” Id. at 451, 117 Cal.Rptr.2d 155. The court further noted that there can be serious consequences for employers who do not monitor their employee’s communications and activities on the job. Id. at 452 n. 7, 117 Cal.Rptr.2d 155. Further, the advance notice that United monitored computer use for compliance with its policies, including a prohibition against use for “obscene or other inappropriate purposes,” and Sporer having an opportunity to consent to such monitoring, further undercut any reasonable expectation of privacy. Additionally, and this is a key point for employers, United had a policy of monitoring its employee’s computer use, warned employees that they had no expectation of privacy on e-mail transmitted on the company system, and provided its employees with a daily opportunity to consent to such monitoring. In light of these facts, the Court found that Sporer had no reasonable expectation of privacy in the use of his work email.

Sporer’s contention that United violated the federal statute (18 U.S.C. § 2511) by monitoring his work e-mail also failed. The statute excludes surveillance of communications where there is consent. The Court construed “consent” to express and implicit consent and that implied consent may be inferred “from surrounding circumstances indicating that the [party] knowingly agreed to the surveillance.” Id at 116-117. Circumstances showing consent will ordinarily include “language or acts which tend to prove … that a party knows of, or assents to, encroachments on the routine expectation that conversations are private.” Id. at 117. In regard to Sporer, he had been repeatedly informed that United monitored use of its computers, including emails and he had to click “OK” to clear the Warning Notice informing him that the computer system is monitored. Sporer also knew from past experience that United monitors work e-mail accounts. In fact, he was previously disciplined for sending an e-mail with a sexual video from his work account to his personal account. And the e-mail Sporer wrote to his friend minutes after he received the inappropriate email made clear that Sporer was aware of United’s strict computer policy and that United monitored work email accounts. The Court, therefore, found that because Sporer knew his work e-mail account was not private and was being monitored by United his consent to such monitoring may be implied. Accordingly, United did not violate 18 U.S.C. § 2511 by monitoring Sporer’s work e-mail account.

The Take-Away:

While monitoring employer provided e-mail accounts is (or should be) the norm, courts can reach conflicting decisions as to when and under what circumstances such monitoring is permissible. See How Far Can Employers Go in Reading Employee E-mail? For this reason, it is important for employers to reduce the risk that a Court will “second guess” such monitoring. The Sporer/United decision provides a text book roadmap for “getting it right” when it comes to employer e-mail policies and employee monitoring. In that regard, a few “take-aways” are as follows:

  1. Have a written policy: Employers must have a written e-mail policy that explains how company e-mail should be used. The overall theme of this policy should be that e-mail must be used for business purposes. Ideally, this e-mail policy will be part of an overall technology policy that establishes a road map with respect to the intended use of IT resources and what is prohibited. For example, limitations for accessing certain Websites and restrictions for loading unauthorized software into the company IT environment. See “How High Can Damages go for Unlicensed Software Use.
  2. Writing the Email Policy: Your e-mail policy will depend upon your organizational needs. Generally it makes sense to get input from upper management in drafting a policy that supports the company’s overall mission. IT professionals can make recommendations as to what is technologically possible. And human Resource professionals should also be consulted because the policy will affect every employee. Equally important are recommendations from legal counsel. Aside from selfish job security motivations, legal counsel will provide valuable insight as to what is permitted, what is not permitted, and overall compliance recommendations. While not required, getting input from employees increase the chances of the policy ultimately being followed by employees.
  3. Communicate and Explain the Policy: Employers must communicate the policy to all stakeholders, including employees. It is also a good practice to document the employee has read and understands the policy by obtaining signed acknowledgment forms.
  4. Communicating the Policy is not a One Time Event: While it is not necessary, periodically communicating the existence of the policy is a good practice. First, it is a reminder to employees of what is expected in regard to e-mail/technology use and what is prohibited. Second, if your company ever needs to rely upon it in litigation, it just “looks better” if an employee was “reminded” about the policy. For example, United’s log-in procedure required employees to click a button (“OK”) to clear the notice that the employee’s email may be monitored. In other instances, employers have actually displayed random provisions of their overall employee policy at the log in screen, which also had to be cleared through clicking a button similar to “OK.” This random display also directed the employee to a link for the full policy for more information.
  5. Providing an Employee Out: It is a fact of Internet life that unsolicited e-mail is a given (I’m always amazed at how many women are waiting to hear from me or the number of Nigerian businessmen that need my assistance). And a lot of this unsolicited email is along the lines of the “Amazing” video of the pseudo-acrobat. Accordingly, chances are an employee will receive an e-mail that violates the company’s e-mail use policy. In that event, make sure employees understand what is expected, e.g., deleting it, contacting a supervisor., contacting IT, or whatever reporting requirements that are determined to be appropriate. Applying this to Mr. Sporer’s situation, his mistake was not in receiving the email, but rather forwarding it on to his personal email account and then deleting it. Presumably had he just deleted the email he would not have violated the policy. This goes back to effectively communicating what is expected of employees.

For more information on comprehensive technology policies or specific questions about e-mail policies, please feel free to contact me.

Follow

Get every new post delivered to your Inbox.