e-commerce LAW & STRATEGY - Heymann & Partner, Rechtsanwälte

More documents

Recommendations

Info

‘Hotmail’ continued from page 3 to e-mail me at any time. No security issues like my WH (White House) email.” Would your IT department tolerate that attitude from a staffer unhappy with the rules of your record-retention program or acceptable-use policy? Certainly not, since the reaction of opposing discovery counsel, or a court, might mirror that of the legislators who investigated the RNC, such as Rep. Henry Waxman (D-CA), who bluntly (but accurately) described the behavior of the White House staffers as “using the nongovernmental accounts specifically to avoid creating a record of the communications.” He also cited an instance in which a lobbyist had warned against using the “official” White House e-mail system, because “to put this stuff in writing in their e-mail system ... might actually limit what they can do to help us.” A Clinton-era staffer with similar clarity labeled this behavior as “operating official business off the official systems” — the very risk run by private firms that allow use of personal email accounts for business. From a practical perspective, you would be lucky if an opposing counsel finding any of these land mines in discovery gave you a chance to call your carrier to discuss settlement before seeking sanctions from the court. HOW ‘CONVENIENCE’ CAN CAUSE PROBLEMS In an era when firms adopt carefully drafted record-retention policies, and e-mail and Internet-usage, policies to protect the firm against improper use of those resources by a rogue employee, allowing your firm’s staffers and executives alike to bypass those protections, like the White House officials, would make it hard to persuade a court to grant your firm the benefits of those policies. After all, the White House and RNC had to cope only with the requirements of the 1978 Presidential Records Act, which requires that sufficient records be kept “to assure that the activities, deliberations, decisions, and policies that reflect the performance of (the President’s) con- 4 stitutional, statutory, or other official or ceremonial duties are adequately documented and that such records are maintained” (www.archives.gov/ about/laws/presidential-records. html). Private businesses, in contrast, must adhere to the stringent demands of Sarbanes Oxley and other regulatory acts — not to mention the after-the-fact scrutiny of the class-action plaintiffs’ bar. In particular, the recently adopted amendments to the Federal Rules of Civil Procedure (“FRCP”) impose strict standards for the storage and destruction of e-mail, and duties to produce it in litigation. With all of this alternative e-mail, it is fortunate, on the one hand, that the rules do not impose a duty to locate every possible electronic record, such as a critical e-mail that is not on the firm’s own system. “A party need not provide discovery of electronically stored information from sources that the party identifies as not reasonably accessible because of undue burden or cost.” On the other hand, however, the rules’ protection for those unable to produce relevant information, particularly that which has been destroyed or which is not maintained, do not provide a defense for casual failure to maintain records. “Absent exceptional circumstances, a court may not impose sanctions under these rules on a party for failing to provide electronically stored information lost as a result of the routine, good-faith operation of an electronic information system.” (Emphasis added.) If a firm knowingly permits those generating potential evidence — that is, everyone in the business who uses e-mail — to avoid the firm’s own systems for assembling that evidence, whether intentionally or not, then those defenses might be unavailable. The oversight might have been what many people responding to inquiries about the oversight would call “routine,” but almost certainly not “good faith operation.” No one wants to fall into such a fact-specific question as to whether the cost of not requiring every employee to adhere to a record-retention policy requiring use e-Commerce Law & Strategy ❖ www.ljnonline.com/alm?ecomm of the company’s own e-mail system was an “undue burden.” In fact, beyond the impact of the new rules, consider the practical burdens on an IT department facing a discovery demand, if use of the firm’s information-management software, systems and procedures is “optional” for those who prefer not to deal with it, and instead choose to use a personal e-mail address outside the system for their business correspondence. As mentioned above, responding to discovery requests might require assembling information from outside providers, either voluntarily (such as by requiring the employee to back up everything from the outside system into the document-management system), or by subpoena to a third party (at an unnecessary expense). Busy employees might not even keep copies of recent e-mail, much less of older correspondence. Implementation of a retention policy cannot be handled on a single server, as the IT staff may prefer, but will require them, at a minimum, to clean manually the memory of each affected user’s computer to eliminate records of saved mail. Of course, that work won’t purge anything from the service provider’s own servers and stored email — all of which an adverse party can obtain with relative ease — or from employees’ home computers or laptops that haven’t been synchronized with the system. THINGS CAN GO BUMP IN THE NIGHT IT management also becomes a nightmare. Monitoring employees’ communications for objectionable content or activity, or for unauthorized transmission of proprietary information, becomes something like trying to catch raindrops with a sieve. Restoring data after a disaster, or locating the work of an employee who maybe left the firm before data was needed for litigation, becomes problematic. Data restoration assumes that the IT department can reconstruct all of the third party e-mail sources that the departed staffer used (whether or not the former employee shared that information, continued on page 5 June 2007
‘Hotmail’ continued from page 4 and passwords, with tech support), and obtain access to them (perhaps without passwords or subscriber IDs). Even scrupulous staffers who keep different accounts to separate work and personal e-mail may err at times, and use the personal account for business (and provide an opening for opposing counsel’s discovery fishing expedition). In fact, even so-called normal business can be compromised when employees rely on alternative e-mail services, whether an online one, or private accounts such as an AOL address. Such services often have limits on the size and types of messages that can be transmitted; a company account can also have limits, but at least the company can set them to permit the size and type of messages typically encountered in the business. While normal text messages would rarely be blocked for exceeding the permitted limits, attachments of the size common today — such as multimedia or .PDF files — may well be prohibited. While these limits can be worked around by breaking the file into smaller chunks, it is certainly less convenient. Worse, a critical message might be delayed or bounced unexpectedly. At best, time may be lost until the sender gets the error message, and arranges another way of sending it; at worst, business opportunities may be lost, or key dates missed. Another problem could occur when the company loses control of critical business information because that information is outside the company’s records and control. Channeling all work through a company-controlled account at least preserves the firm’s access to critical information, such as contact data for those with whom the employee — and her successors — must correspond. Customers and vendors might send business-related messages — or orders — to an employee’s own address, which the company might never see if the employee leaves, or chooses not to forward back to her former employer. Worse yet, those messages might be formal notices given under a contract — rarely a harbinger of good news — that require immediate action, which never comes because no one saw the message. The inability to monitor employee e-mail could be a particular concern with a disloyal employee, who might be contemplating leaving for a competitor because confidential information could go out the door unrestricted by any oversight software the company might have in place. (Again, alternative e-mail might be only the tip of the iceberg in protecting electronic assets — a determined thief could do the same damage with a $10 flash drive, or an omnipresent iPod holding business data rather than music on its massive hard drive.) At a minimum, using a “company” address for all formal notices, rather than an employee’s home address, could prevent some of these problems (as long as someone is checking the “notice” e-mail inbox regularly). INVENTION CAN BE THE MOTHER OF NECESSITY Yet there might be legitimate reasons for employees to occasionally use outside e-mail accounts for business, or at least to have them available as needed. During potential outages of the firm’s servers, whether due to technical bugs or natural problems (such as storm or power outage), an alternative e-mail account (despite the possible costs it may create for IT management and in litigation) is a much cheaper backup system than paying the certain costs of maintaining a full-blown backup capability 24/7. Traveling employees might find it easier to connect in public places or hotspots to an online account than to find an Internet provider capable of allowing access to the firm’s secure network through a protected connection (especially when traveling in remote areas where any Internet connection is welcome). Some employees might not have sufficient hardware or bandwidth to access the company email from home, so online accounts let them work during evenings and weekends despite those limitations. Of course, these arguments can be nothing but rationalizations — in the RNC case, the White House claimed that the RNC accounts had been created “to avoid using government resources for political purposes,” while its Democratic opposition saw the only purpose of the accounts as “an attempt to avoid scrutiny” when employees were discussing matters such as the firing of U.S. Attorneys. Also, just announcing a policy requiring that all e-mail be done through an account provided by the firm might not be enough to dissuade the CEO who really wants his or her Hotmail. For example, in the RNC case, the existence of a federal law, and oversight by the lawyers employed by the White House, was not enough to stop the human instinct to get business done in the easiest, cheapest, way, and the way that appears to be least regulated. It is human nature to do what must be done today — using a non-company e-mail account — and sort out the ramifications later. Similarly, even with policies in place to direct messages into the “official” e-mail, those who really want to avoid creating a record can simply turn to the “traditional” lowtech ways of avoiding leaving a trail of their activity. Crooks have always known to hold live conversations, face to face, rather than put something in writing (including an e-mail) or to speak on a phone (or leaving a voice-mail message) that might be recorded. (Voice-mail discovery itself has become a rapidly emerging discipline.) Policies against online accounts, then, simply become a way to educate unsophisticated employees who don’t know the problems created by the convenience of not using the firm’s systems, and to discourage them from such activity. WHEN IN DOUBT, JUST DON’T DO IT The RNC’s problems also highlight the importance, in an era of virtually perpetual storage of electronic communications and enhanced discovery rights under the recently revised federal rules, of simply not creating unnecessary documents: Just because it might be easier to e-mail someone, it may nonetheless not be wise, especially if a phone call will continued on page 12 June 2007 e-Commerce Law & Strategy ❖ www.ljnonline.com/alm?ecomm 5
Page 1 and 2: LAW JOURNAL NEWSLETTERS On the Razr
Page 3: When the CEO Wants His ‘Hotmail
Page 7 and 8: Internet Expands Trademark Infringe
Page 9 and 10: Mobile Marketing continued from pag
Page 11 and 12: M OVERS & SHAKERS PHILLY E-COMMERCE

e-commerce LAW & STRATEGY - Heymann & Partner, Rechtsanwälte

Create successful ePaper yourself

Delete template?

Save as template?