Site icon Big Men On Content

Is eDiscovery Creating a Pandora’s Box?

Strange things happen when you put an attorney together with a self proclaimed computer nerd, especially when that computer nerd finds himself working in eDiscovery.  I’m not sure when this scenario started formulating in my head.  I was expecting those around me in the legal field to punch holes in this but instead I got possible validation with case law.  Even stranger still, I heard there may already be an existing case pending.

My scenario stems from the general corporate monitoring of email and ends in a lawsuit worth $100 of millions.  The case has nothing to do with product liability and everything to do with wrongful death.  It’s simply a case of murder.  And again, this is a work of fiction.

Setting the Stage
I think this can only happen in the United States.  As those of us employed in major company, and growingly in the mid-tier now, employers routinely monitor employee email.  The Electronic Communications Privacy Act made it federally legal for companies to monitor emails.  I will not debate the legitimacy of this, for it is the law.  Nor will I attempt to interpret this.  With monitoring, companies have growingly focused on these emails. 

Of course those of you reading this in some countries you know there are no issues here.  In many countries, such as Scandinavian countries, email is private communications between to individuals, like phone conversations.  Monitoring those communications requires cause, due process, and an order.

Reports from over four years ago, indicate that over 50% of companies monitor employee emails.  Today I believe that number to be over 80%.  Many companies simply monitor all employee emails.  Some, instead of looking for items of material nature, monitor all emails, for instance job hunting.  In extreme cases, some employers are even known to monitor voice mails.  It is here where my story begins.

The Story Begins
The story begins with an elicit affair between two employees.  The two have an affair for over a year communicating, on occasion, through the company email and voicemail systems.  The company, ignores this because both are managers and work in different departments. 

After a year, the mistress catches the man with another woman, not his wife, but a new younger mistress.  This infuriates female employee.  The fuse is further lit after a confrontation and a liaise faire attitude to the situation.  The woman decides to teach him a lesson.

The woman begins researching hiring a hit man using the company’s laptop, as she has no PC of her own.  In time she finds someone through the Internet and starts an email thread with them.  No NBC Dateline story here.  The woman is able to hire a hitman.  Unfortunately for her, she gets caught and spends the rest of her life in prison.  But the story does not end here.

The Corporate Spin
Losing her husband, the wife decides to open a civil suit, against her husbands employer.  The claim?  negligence.  It is known that her husband’s employer monitors all employee emails.  In court, it came up that that the mistress has used her company laptop and email account to hire the hitman. 

The wife’s attorney argues that the company should have discovered the emails and warned her husband and more appropriately the police of the mistress’ actions.  The attorney further stipulates that had the employer acted on the information gathered in their monitoring, the man would still be alive.  Having been killed at age 40, the cases asks for damages equal to his salary through his planed retirement and punitive damages.

The company alleges that they are not able to monitor the emails for such matters.  Yet during the trial a review of the email archive shows the email threads between the mistress and the hitman.  Further still, it is shown that the company was able to support several discovery matters involving emails and had also taken action on company matters that were discovered through email monitoring.  The company continued to state that this was not their responsibility. 

In the end the case went to the plaintiff and the company was ordered to pay damages and significant punitive damages. 

Coming Up With My Fictional Verdict
Some will say that hey this can’t happen.  But here’s the thing.  There is case law that shows the exact case to be true.

The first area of case law is around restaurant’s liability for serving alcohol.  We have heard of cases where a restaurant was sued for serving drinks to a patron later caused an accident.  The restaurant and the servers can be held liable for serving those drinks.  Further still, a restaurant can not argue that they had too many patrons to monitor all of them.  Restaurant have been found liable for their patron’s actions.

This goes even further when you look at negligent retention, where a company retains an employee even though they have knowledge of the potential criminal acts.  This is found under the doctrine of “respondeat superior” where an employer is responsible for the actions of its employees during the performance of their tasks.  My favorite example is that of the pizza delivery driver causing an accident while trying to meet a delivery guarantee. 

It is through these case laws and doctrines that I come up with the hypothesis that some day in the not so distant future an employer will be sued for the criminal acts of an employee that were made visible to the employer through their monitoring of employee emails.

Great Story But What Does This Mean?
Much like the early days of the internet, today there is little corporate governance in archiving.  It is shocking what different and adamant beliefs companies have to archiving, especially email.  Some say they keep everything.  Other keep nothing.  I even had a case where I was told a company was going to strip all metadata so it isn’t easy to find a message during discovery.

Let get the first issue out of the way.  Ralph Losely said it best.  “If you’re doing things right you have nothing to hide.”  Do accounting classes teach you how to keep two sets of books?  Start with good governance process that ensure what needs to be kept is being kept.  eDiscovery is about documenting that you did things right not hiding things you do wrong.  What are those documentation requirements?  Every company is different.  There is no one size fits all governance process.  I’ll touch on some in later articles.

But in my example the company itself did nothing wrong.  By monitoring every email a company sets itself to be privy to individual conversations.  Even a psychiatrist must break doctor patient confidentiality if they believe someone is in imminent harm.  Search filters can track which emails need to be maintained.  But the real question is does a company need to read every employee’s every email?

Choosing to monitor all employee communication comes at a cost that is not just financial in implementation.  The hidden cost is that while you reduce the risk in one area, you still create it in another.  Approaching eDiscovery in an uninformed, save and monitor everything approach could create a bigger problem than the one you sought to solve.  All of that information locked away just waiting for the right set of circumstances to unleash its destructive power

Pandora’s Box was presented to corporate world with the Electronic Communications Privacy Act.  Whether a company opens the box and monitors evry employee email is a question of archival governance.

Exit mobile version