Archive for the ‘Uncategorized’ Category
I no longer actively publish on this blog site. However, readers of this blog or those interested in issues at the intersection of employment law and technology issues can still discuss these issues with me at my new blog, The Michigan Employment Law Advisor. This blog is focused on Michigan and federal employment law issues facing employers and employees.
Additionally, for more information about the legal services my law firm provides, as well as free resources for entrepreneurs, start-ups, and HR professionals, please see my law firm website at Shinn Legal, PLC.
In any event, I appreciate all the readers and comments who participated in the employment law discussions and I look forward to continuing to develop those discussions. Best to you.
In the recent genre of zombie horror movies, the living are infected with a viral agent that transforms them into automations that terrorize and wreak havoc on the living. Ultimately society faces an apocalyptic battle against mobs of lumbering, mindless, flesh-eating, creatures.
It is not uncommon for e-discovery to act as the catalyst for transforming once living, thinking attorneys (often very bright attorneys) into unthinking, legal automations that wreak havoc on e-discovery. But whereas the infected zombies devour the living, zombie-lawyers devour resources, wreak havoc on litigation strategy, and even threaten the ethical mandates upon which the legal profession is based upon.
The court dockets are littered with examples of e-discovery disasters. And certainly among those disasters are circumstances that are beyond the control of attorneys, even exceptional attorneys. But equally true is that a zombie-lawyer was likely the cause behind a number of these disasters. In reviewing court opinions and based on my own experience going back to 2001 in responding to e-discovery issues, this conclusion is justified.
In that time, I’ve worked with a number of great attorneys. But no matter how competent or exceptional those attorneys were in their respective legal corners of the universe, e-discovery was a new area of law for them. Some understood this fact and either got up to speed or relied upon those that had put the time into knowing this area. Others did not.
For those that did not, there were generally two explanations:
First, “conducting” e-discovery was not justified in light of the amount of the dispute and the insurance carrier is not going to pay for that. This explanation was given at a time where there was no option (as if there ever was) to elect to not conduct e-discovery. Similarly, it was explained that litigation strategy consist of working up a litigation file to position it for settlement. There is, however, no “sliding scale” for complying with court and ethical requirements. A $25,000 dispute requires the same adherence to court rules and ethical requirements as a $2.5 million claim.
But what the zombie-lawyer fails to recognize is that technology and e-discovery expertise can significantly bridge the gap between meeting ethical and legal requirements and efficiently conducting discovery. Ironically, these same zombie-lawyers make decisions that routinely increase the amount of litigation cost. Even more troubling are the decisions that could result in a doomsday litigation scenario of spoliation, adverse inferences, and even outright default judgments.
The other explanation is more of a refusal to accept change or acknowledge that e-discovery required a new knowledge base. In this regard, I’ve worked with attorneys who refused to abandon WordPerfect because they didn’t want to learn MS Word. In one instance, an attorney would create documents in WordPerfect scan to PDF, email to the client, have the client make handwritten changes, email/fax back those changes, and then revise the original WordPerfect file.
In another instance, I specifically used the Federal Rules to request that responsive documents be produced in their native digital format or a reasonably usable equivalent to be agreed upon by counsel. The agreement was easily reached and the digital equivalent of over ten-thousands of pages were produced in the initial production. Despite the fact that the production was fully searchable and indexed, a major problem arose with the production. The problem, however, was not between opposing counsel. Instead, the Senior Partner was upset and annoyed to the point of using expletives because he “liked” paper and insisted on sticking with paper. This instance is further noteworthy in that this same attorney would put in hours to learn a file or a relevant substantive area of the law to adequately defend the claims. Unfortunately, hours were mindlessly consumed first printing out the digital production and then actually reviewing, page-by-page, the production.
Regardless of the reason, when it comes to e-discovery, it cannot be ignored because it is inconvenient or expensive. It also cannot be simply a matter of going through the same motions.
Enjoy Halloween this year and try to catch Night Of The Living Dead – the quintessential and classic zombie movie.
Jason Shinn provides e-discovery consulting for business organizations with a focus on litigation preparation, risk reduction or elimination, and attorneys. He has helped organizations save hundreds of thousands of in e-discovery defense costs. He has been asked to consult with a major insurance carrier in creating an e-discovery endorsement and retained as an e-discovery expert in state court litigation. More information is available at http://www.ebusinesscounsel.com.
Fired Employee Makes Unauthorized Changes to Company Website and How to Prevent this From Happening to Your Company
A former employee vandalized the website of his former employer according to a report of the West Bloomfield Beacon. The police were told that the ex-employee was fired July 6 and he allegedly made unauthorized changes to prices and instructor names on the company website. The business owner believes the ex-employee of using old login names to access the company website.
Unfortunately, incidents like this are not isolated. For example, a federal grand jury recently indicted a former employee of the Transportation Security Administration (TSA) for trying to corrupt a database of terrorism suspects in an inside job that many within the information security industry say is a stark reminder of how important it is to track insider access to sensitive data stores. (click here for the full story). This individual planted a virus in his employer’s computer system after learning that he would be fired from his job.
Employers have a number of tools available to pursue rogue individuals who would do harm their business organizations harm. I’ve written about the Computer Fraud and Abuse Act as one such tool (See the Michigan Manufacturing Association’s Insight magazine), for example.
Preventing Digital Sabotage
More importantly, there are a number of steps employers can take before such conduct happens. In fact, employers should have a checklist to follow when an individual is terminated that covers the cancellation of all IT access and related passwords. For a copy of an expansive employee termination checklist, contact me here. Also, I would appreciate hearing about any other measures or best practices that you think should be included on this list. Thanks.
A proposed law in Germany may make it illegal for employers to check out prospective job candidates on Facebook and similar non-career focused social networks, according to TechCrunch.
The proposed law, however, would not make it illegal to “google” or otherwise conduct Internet searches of applicants – but employers would be required to disregard information that is either too old or outside of a candidate’s control. Further, social networks focused on professional purposes, e.g., LinkedIn, would be permissible.
I am more of an expert on German beer than German law. And I have not reviewed this particular proposed German law so I am not in a position to intelligently speak on whether or how practical this “Anti-Facebook” law would be once implemented.
But the genesis for this “Anti-Facebook” law does provide a good off-ramp for US employers to address legal risks associated with using social media to research applicants.
Among those risks, an employer may learn about information that may later become a cornerstone in a discrimination lawsuit. Consider if a decision-maker’s social media research revealed that an applicant is in a protected class under federal or state laws. Such information may be disclosed through photos showing a person’s race, information about a person’s religious affiliations, or that an applicant is pregnant. Whether this information was a determining factor in the adverse hiring decision will be answered against the factual backdrop that the employer checked the applicant’s profile and was therefore aware of the particular fact creating the protected class under state for federal law. Now this knowledge, by itself, may not be enough to carry the day in regard to an employment claim, but it is a tangible piece of evidence a plaintiff’s lawyer will certainly point to in supporting that claim.
Or an employer – union and non-union – may open itself up to an unfair labor practice claim. Specifically, Section 7 of the National Labor Relations Act (NLRA) protects employees (unionized and non-unionized workplaces), who engage in “concerted activities for the purpose of collective bargaining or other mutual aid or protection.” 29 U.S.C. § 157. Such activities include the right to discuss terms and conditions of employment, and criticizing their employers when communicating with co-workers and third parties. In the social media context, courts have held that employee comments critical of their employers made through social media channels while discussing union activity may trigger concerted activity protections. See Konop v. Hawaiian Airlines, Inc., (2002) (comment critical of employer’s union negotiation tactics held protected).
The Take-away for Employers: Implement a Social Media Plan & Engage Employees to Make sure it is Followed
The preceding risks are only a few of many examples of risks that employers should consider in assessing the benefits and burdens of social networking sites as they relate to employees. For a more in-depth analysis of these risks, feel free to contact me. Also click here (free registration required) for a free copy of a social media policy. Click here for a prior post about obtaining employee buy-in when it comes to implementing your social media policy. I am also curious to know how many employers implement a “social media” protocol into their hiring and recruiting policies. Thanks for your input.
A number of my blog posts have discussed the importance of having an employee policy applicable to social media – think Facebook, LinkedIn and MySpace. These posts have generally discussed specific risks that employers are exposed to as a result of the increased use of social media by employees. Click here (Another Reason for Employers to be Wary of Social Media – Unfair and Deceptive Acts) and here (Digital Security Report: Social Networking Sites Expand Risks for Employers) for representative posts.
I recently ran across a phenomenal video, Social Media Revolution, that brilliantly puts into perspective the significance of social media (a big thanks to Wizard Media’s Jimena Cortes for sharing this video).
Also, a recent study tries to quantify the impact social media has on employers. The study by the Network Box (article discussing the report is available here) notes that 6.8% of all business internet traffic going to Facebook. This means that approximately 7 times out of 100, the site visited by an employee at an average business is Facebook.
There is no single best approach for managing social media risks. Similarly, there is no single best approach for leveraging the opportunities presented by social media. It is important, however, to take a broad view so that you can operate in full awareness of the risks and opportunities in determining what role social media will play when it comes to your business and employees. With such an awareness, the risks can be managed to best serve your commercial endeavors.
Click here and sign up for the Client Alerts (right column) and select the HR 2.0 Alert, to receive updates on Social Media and other employment matters, including a free Social Media Employee Policy .
Among the cyber-crime victims coming forward is a law firm that filed suit against the Chinese government (Click here for the full story from Wired’s Threat Level). In fact, the Wired article notes that “If you’re a law firm and you’re doing business in places like China, it’s so probable you’re compromised and it’s very probable there’s not much you can do about it.” The types of threats that such law firms and other companies face are called Advanced Persistent Threats (APT). An APT attack is distinctive in that they are rarely detected by antivirus and intrusion programs. Further, these attacks are espionage focused. In other words, APT hackers attempt to take business intelligence, e.g., files, e-mails, etc., rather than financial or customer data, which serves as a precursor for identity theft. For an in depth, yet very readable discussion about APT attacks, click here (also a Dark Reading post).
Equally dangerous as APT hackers or other cyber-criminals is the current or former rogue employee. For example, a federal grand jury recently indicted a former employee of the Transportation Security Administration (TSA) for trying to corrupt a database of terrorism suspects in an inside job that many within the information security industry say is a stark reminder of how important it is to track insider access to sensitive data stores. (click here for the full story originally posted at Dark Reading. ).
The preceding FBI report and stories illustrate that business organizations should assume that an attempt will be made to compromise their IT infrastructure. I’ve talked with various IT security professionals about what are the appropriate steps to prevent APT or other cyber-attacks. Unfortunately, the general and unsatisfying response has been to the effect of if someone wants in bad enough and has the resources, they will get into your network. The sophistication and resources of some of the high-profile of cyber-victims (Google, Marathon Oil, ExxonMobil, and ConocoPhillips, to name a few), would seem to confirm this conclusion.
And many remedies available to business organizations are only available after the fact (Click here for prior post discussing theft of business assets and Computer Fraud and Abuse Act). But when it comes to discharging employees, low-tech and common sense go a long way in preventing near disasters like that allegedly committed by the former TSA employee: Make sure your termination process first removes all access to sensitive information, databases, e-mail, etc., and then terminate the individual – not the other way around. Such steps are especially important when the employee has administrative rights to the IT infrastructure.