Computer Forensics and Technology Expert: Managing the Risky Business of Company Email
As an employer, Human Resources Director, or Risk Management Supervisor, ask yourself this question: “Do our employees think about the legal risk of sending communications over the Internet?” If you’re like most companies, your answer would be, “It’s highly unlikely.” It is a very common problem in the workplace for an employee to believe that their electronic communications are transient, temporary, and once deleted, untraceable and therefore harmless.
The fact is that email, faxes, and even cell phones leave a trail. Just one email sent by your employee to the employee of a different company goes through an average of four different computer systems. This creates a trail that makes the email real, traceable, and permanent.
As an industry leader in computer and technology forensics for the past 20+ years, we have documented, during examination of electronic systems, employees frequently saying/saving things in emails or storing things on a computer that they would never say in nowhere. plus. Whether an employee deletes a potentially harmful or inflammatory email, or even an employee deletes an email on her behalf, protects no one. In fact, in the end it could harm everyone involved.
If an employee complaint or misconduct has reached the level where you, as the owner/supervisor, need to consult an expert in computer forensics and technology, one of the first areas reviewed is document deletion and/or emails. These items cause red flags during an equipment scan, and the original items can and most likely will be found and/or reconstructed. It is very important to understand that intentional destruction of evidence is a felony and, if proven, could land one in jail.
An example of a computer message in a brief case dates back to the infamous trial of some members of the Los Angeles police for the 1991 beating of Rodney King. One of the officers created a computer message that read: “…I haven’t hit anyone that hard in a long time.” This obviously became admissible in court.
A more recent example is one where we as a company were retained in a defamation case. The slanderer was using the Internet to post messages on a public bulletin board that were defamatory and libelous against a competitor in the same field. This person felt that using “anonymous” emails and postings would enhance his own standing within the same professional community. What the label did not have was the traceability of emails to his home, cell phone and company computer systems. We were able to locate the electronic trail and with this information obtain, on behalf of the client, a court order to seize the equipment for the purpose of imaging the electronic systems. As a result, to keep the matter private, the libel agreed to a major settlement out of court.
As the owner/supervisor, it behooves you to consider and take great care in educating your employees on what should and should not be put in writing. In addition, it is also up to you to make your employees aware of how the written word is transmitted when it is read.
We have now asked and answered two very important questions. First, most employees do not consider the legal risk of electronic communications. Second, as an owner/supervisor why it is crucial that you understand the potential legal ramifications. The remainder of this article is dedicated to helping you create and/or update your current policies.
In today’s litigious society, both large and small companies must have company policies. These policies have traditionally covered areas from dress codes to vacation policies. In the last five years, companies have begun to adopt IT policies, usually found in the employee handbook. As a professional IT and forensic technology company, when we are called to examine hard drives and/or servers due to a company suspecting misuse of the systems, we also discuss the company’s IT policies with the appropriate IT supervisor or manager. .
In many cases we have found that most policies do not adequately cover what is necessary in the age of computers and electronic communications. Companies must have a very clear policy on email and technology use. One of the biggest ones that is often not covered, and unfortunately to the detriment of the employer, is the email retention policy. Since many industries are governed by different and specific federal and/or state statutes about how long information must be retained, your policy should reflect these guidelines.
The policy should be as specific as possible about what types of communications are maintained and for how long. Make it clear that there are business and legal reasons for the company to keep such information. Information from emails, as well as from other electronic systems, can be used in many types of cases, including: harassment, discrimination, antitrust, retaliation, Americans with Disabilities Act, insider trading, accounting fraud, inappropriate disclosure of trade secrets and more.
REMEMBER- Intentional destruction, of any kind, of evidence relevant to a current or pending lawsuit contained in the email or email attachment, is a felony and, if proven, could land you in jail.
As the owner/supervisor, take a moment to review your current IT or company technology policy. If your company doesn’t currently have an IT or technology policy, get one! While you will need to ensure that your individual business needs are met, the following are some topics to consider including in your usage feeds:
- Electronic Information Ownership
- Monitoring the use of technology
- Acceptable use of company technology.
- acceptable happy
If you currently hold meetings with your employees or publish a company newsletter, these are great places to educate your employees. Take advantage of these opportunities to let them know that there are certain things to keep in mind when sending or responding to emails. Employees should be advised to exercise caution and not make statements that could be considered a legal conclusion. Let your employees know that they need to use knowledge and experience within the company by picking up the phone and calling their supervisor or the Human Resources Department.
When educating your employees about the content of an email or using other forms of traceable electronic technology, train the employee to ask these simple questions:
- Should I put this in the email or should I call?
- Would I write this knowing that it can exist forever?
- Would you put this on a postcard and mail it?
- Would I like to see this printed in the newspaper?
- Would I like this to get into the hands of my company’s competition?
- Would I want this to get into the hands of my worst enemy?
Electronic communications are not transient, temporary or untraceable. Email is evidence. Education and proper policies go a long way in preventing both employees and the employer from ending up in a potential lawsuit trying to explain the written word.