Transcript Slide 1

2007 Employment
Practices & Fiduciary
Liability Symposium
THE IMPACT OF THE ELECTRONIC REVOLUTION ON EPLI
Moderator: Joseph A. Starr, Partner, Lipson, Neilson, Cole, Seltzer & Garin, P.C.
Panelists: Adam Deutsch, President, Synergy Intelligence Holdings
Jason Fogg, Managing Claims Attorney, Monitor Liability Managers, Inc.
Paul A. Sullivan, RPLU, CPCU, Vice President, Hartford Financial Products
Los Angeles ~ May 7 & 8, 2007
THE ELECTRONIC
REVOLUTION
• A company with 1,000 employees will likely produce as many
as 100,000 e-mails every business day.
• The Digital Evidence Project of the American Bar
Association’s Information Security Committee estimates that
over 11 trillion
e-mail messages will be sent during 2007.
• The Sedona Conference estimates that:
– At least 93 percent of information is first generated in
digital format;
– 70 percent of corporate records may be stored in
electronic format; and
– 30 percent of electronic information is never printed to
paper
THE NEW
E-DISCOVERY RULES
•
A Brief Overview of Changes to the Federal Rules of Civil Procedure
–
Rule 16 encourages the parties to address in the initial scheduling order
the issues surrounding discovery of Electronically Stored Information
(“ESI”). Rule 26(f) directs the parties to discuss the discovery of ESI
during their discovery planning conference and to consider issues
including the capabilities of the various computer systems used by the
parties, the form or forms in which ESI could be produced, whether the
information is “reasonably accessible” and the preservation of
discoverable ESI.
–
Rule 26(b)(2)(B) provides that a party need not provide discovery of ESI
that it identifies as not reasonably accessible because of undue burden
or cost, although such information is subject to preservation. The burden
is on the producing party to show that the information is not reasonably
accessible, and courts may still order discovery if the requesting party
can show good cause, and the costs are outweighed by the potential
benefits of providing the ESI.
THE NEW
E-DISCOVERY RULES
–
Rule 34(a) allows the requesting party to specify form(s) in which ESI will
be produced. When the requesting party does not specify the form, the
responding party must produce ESI in the form in which it is ordinarily
maintained or a form that is reasonably usable, but may not produce it in
a form less useful or searchable than the form in which it is normally
maintained.
–
Rule 37, which provides for sanctions when a party fails to make
disclosures or cooperate in discovery, is amended to address the
operation of computer systems, which are often designed to
automatically delete or overwrite ESI after a specified period of time or
when certain data volume limit is reached. Rule 37(f) provides that a
court generally may not sanction a party under the rules for failing to
produce information. Notably, the steps taken by a party to effectively
implement a litigation hold are considered in deciding whether a party
acted in good faith. Additionally, the committee notes explain that
implementation and design are considerations for evaluating whether the
operation was routine and in good faith.
DOCUMENT & DATA
RETENTION POLICIES
• Balancing Storage Issues Against the Destruction of
Evidence:
– Most e-mail retention policies balance the desire to delete
messages with a company’s compliance requirements,
business needs and other factors.
– Many firms save e-mail for finance and senior executives
for seven years to comply with Sarbanes-Oxley.
– Human Resources save messages for five years to comply
with federal regulations such as OSHA and the FMLA.
• Loss Control:
– Why aren’t insurers asking about document retention
policies on their applications?
* Soft vs. Hard Market?
THE “BIG” QUESTION:
HOW MUCH IS THIS
GOING TO COST?
•
A Sample Fee Schedule for Computer Forensics and E-Discovery
– Computer Forensics
* Computer forensics examiner - $200/hour
* “Cloning” a 300 GB Hard Drive - $500
* Forensic Preservation and Extraction (500 GB) $4,000, per drive
–
E-Discovery
* Extraction, e.g., keyword searching - $560 per GB
* “Native Production”
Native Document, metadata, text - $840 per GB
– Native Document, metadata - $560 per GB
– Metadata, text - $560 per GB
* TIFF Production - $0.06 per TIFF
* Other Fees
– Tape Restoration – “Call”
– Password Cracking – “Call”
–
• English Translation – Please!
–
One Megabyte of Data = 1,000 to 1,400 of printed
pages
–
One Gigabyte of Data = 100,000 to 140,000 printed
pages
–
Five Banker Boxes = 15,000 pages
–
1 PC Hard Drive = Five to 10 Banker Boxes of Paper
–
One 650 DLT Backup Tape = 500 Banker Boxes of
Paper
–
(Over One Million Pages)
Some Examples of
E-Discovery Costs
•
AAB Joint Ventures v United States, 2007 WL 646157
(Fed. Cl., February 28, 2007)
–
The estimated cost of restoring backup tapes to retrieve e-mails cost between
$85,000 and $150,000.
–
Defendant’s decision to transfer the e-mails to back-up tapes does not exempt
Defendant from its responsibility to produce relevant e-mails.
–
To determine if cost-shifting to the requesting party was appropriate, the Court
employed the marginal utility test – the Court must balance the likelihood that
restored documents will prove relevant to the instant litigation with whether the cost
of restoration places an undue burden on Defendant.
–
Court found:
*
$85,000-$150,000 is small in comparison to the amount of the suit, which is over $30 Million.
*
This does not include the costs associated with having defense attorneys sort through emails to identify those that are responsive to Plaintiff’s discovery requests.
*
Solution: a phased approach (starting with one-fourth of the total back-up tapes) where
Defendant restores a portion of the back-up tapes from specified periods from the Plaintiff.
Then the Court can engage in a more meaningful benefit-burden analysis before
determining whether to require cost-shifting or cost-sharing.
–
Quinby v WestLB A.G., No. 04 Civ. 7406, 2006 WL 2597900 (S.D.N.Y.,
September 5, 2006
*
–
Defendant incurred $226,266.60 restoring and searching inaccessible e-mails
of six former employees.
Murphy Oil USA, Inc. v. Flour Daniel, Inc.
Plaintiff requested e-mails from more than 700 employees.
* The e-mails had been saved to 93 back up tapes and cost the organization six
months and $6.2 million to restore.
*
–
Best Buy Stores, L.P. v. Developers Diversified Realty Corp., 207 WL 333987
(D. Minn., Feb. 1, 2007)
*
Defendant cannot make conclusory statements that the cost of retrieval of
electronic documents from an electronic archive may be prohibitive.
•
According to the Chicago law firm of Vedder, Price, Kauffman & Kammholz, the
cost of retrieving and reviewing e-mail can be as much as $2.00 per message.
•
Neal Rubin, senior litigation counsel at Cisco Systems, asserts that the cost of ediscovery is $1,200 for every person who has information relevant to a case.
Most Judges need to be educated regarding the technical aspects of e-discovery.
•
IMPACT UPON SETTLEMENT
OF A CLAIM
•
The cost and difficulty of producing e-documents has led – and will lead – to
some opposing counsel to begin using e-discovery as a legal tactic,
increasing their e-discovery requests to place financial and hardship burdens
upon defendants.
•
The New Smoking Gun?
–
Metadata – data about data, i.e., who created a document, who edited it,
when changes were made and what changes were made
–
Metadata mining
•
Adverse Jury Instructions
•
Re-thinking removal to federal court?
–
State Courts are Not Far Behind
*
–
E.g., April 21, 2007, the State Bar of Michigan Representative Assembly
addressed the issue of whether the Michigan Court Rules should be amended
to address the discovery of electronically stored information in a manner similar
to the recently adopted Federal Rules of Civil Procedures pertaining to
electronic discovery.
Common Law
PROACTIVE MEASURES
•
Identify elements of the information technology system that are important for
litigation holds and e-discovery.
•
Companies must move towards archive systems that easily retrieve e-mails
and attachments.
–
E.g., EnCase Enterprise eDiscovery Suite (Guidance Software).
*
Cost prohibitive?
•
Allocating responsibility for implementing holds and producing records.
•
Establishing procedures for disseminating information and regular reminders
regarding what and how information must be preserved.
•
Litigation Strategies:
–
Plaintiff’s laptop computer and e-mails – a “gold mine” of information
–
“Overwhelm” Plaintiff with E-Discovery Production
–
Computer Fraud & Abuse Act (CFAA) – filing a counterclaim for leverage
UNDERWRITING THIS RISK
• Proactive vs. Reactive – is this on EPL underwriters
radar screen yet?
–
Impact upon the average cost of a claim (defense
costs and settlement/verdict)
–
Examination of an employer’s policies and
preparedness for an e-document production
* Does this happen?
–
Are brokers willing to ask these questions in the
current market?
–
How much of this is driven by the market?
INVASION OF PRIVACY
CLAIMS IN THE ERA OF THE
“ELECTRONIC
WORKPLACE”
• Invasion of Privacy Claims
–
Covered claims under EPLI policies
–
Small percentage of all claims
–
Will the evolution of the “electronic workplace”
impact frequency of claims?
•
The Law
–
Nearly every communication in the workplace (with certain
important exceptions) is private where the employee has a
“reasonable expectation of privacy”
–
Common Law Invasion of Privacy Claims (Four Types):
* Intrusion upon a person’s seclusion or solitude, or private affairs;
* Public disclosure of embarrassing private facts about an individual;
* Publicity which places an individual in a false light in the public eye;
and
* Appropriation, for another’s advantage, of an individual’s name or
likeness.
* This creates a case-by-case analysis, i.e., does a particular
circumstance give rise to an expectation of privacy so that intrusion
by the employer would be objectionable to a reasonable person?
• Lowering the Expectation of Privacy
–
How does an Employer/Insured deal with E-mail,
Internet, Cell phone, Pager abuse without intruding
upon an employee’s reasonable expectation of
privacy?
–
Lower the expectation of privacy
–
Develop and implement an effective Privacy Policy
–
The policy should be comprehensive and include
substantial penalties if managers or supervisors
disclose sensitive employee information even if they
legally may have had access to that information.
•
Example Policy Language
–
The policy should include the following language (or something similar)
with regard to e-mail usage
No Expectation of Privacy. No one should assume that any material is private.
Despite system features that give the appearance of privacy - including
passwords and the apparent ability to delete messages - messages are not
necessarily private.
* Electronic communications may not be secure. The security of electronic files
on shared systems often approximates that of a document placed in an
unsealed envelope - generally respected, but easily read by someone
determined to do so. Accordingly, you should assume that your messages may
be heard or read by someone other than the intended recipient. Even when a
message is deleted, it still may be backed-up elsewhere or it may be possible
to recreate the message. As a result, electronic messages are increasingly
proving to be key documents sought through the discovery process in civil and
criminal litigation.
* All e-mail is company property and the company reserves the right to monitor
the e-mail system
*
•
Case Law Re: Invasion of Privacy in the Electronic Workplace:
–
Information/E-mails Stored on Computers in the Workplace
*
Former employee filed lawsuit against former employer alleging violation of
Fourth Amendment privacy rights for having aided federal authorities in child
pornography investigation against him by providing the employee's laptop
computer. The Court held that employee had no reasonable expectation of
privacy in his laptop files where employer announced it could inspect any
laptop furnished to its employee at any time. Muick v. Glenayre Electronics,
280 F.3d 741, 743 (7th Cir., 2002).
*
District Court denied Defendant's motion to suppress evidence of child
pornography seized from his work computer based upon employee's lack of
any reasonable expectation of privacy of information stored on work computer
where employer repeatedly warned employee that his computer activities were
subject to monitoring. United States v. Bailey, 272 F. Supp 2d 822, 824 (D.
Neb, 2003).
*
Former employee filed lawsuit against former employer alleging invasion of privacy claiming
that it improperly obtained information concerning employee's eBay account (including eBay
transactions) during company investigation of employee for fraud. Court held that no
reasonable expectation of privacy in records (including eBay account and password)
accessed through employer's server if employer advised its employees that their computer
activities on the office system were monitored. Campbell v. Woodard Photographic, Inc., 433
F. Supp 2d 857, 861-62 (N.D. Ohio, 2006).
*
Former employee file employment discrimination case against former employer alleging
invasion of privacy relative to employer's review of employee's computer and e-mail records
for purposes of ascertaining alleged inappropriate conduct. Court held no invasion of
privacy based upon New York's limited right of privacy law and in the absence of any
common law of privacy. Chimarev v. TD Waterhouse Investor Services, Inc, 280 F.Supp 2d
208 (S.D.N.Y., 2003).
*
Employee sued former employer for invasion of privacy based upon former employer's
having accessed files employee stored in his "personal" folder of employer's computer
network and remotely determining the address of the websites employee visited while at
work (including her personal Internet e-mail account). Magistrate recommended that no
reasonable expectation of privacy existed relative to employee's use of employer's
computers and computer network. Thygeson v. U.S. Bancorp, unpublished Findings and
Recommendation of Magistrate of the U.S. District Court, District of Oregon dated
September 15, 2004 (Docket No. CV 03 467 ST).
*
Former employees filed lawsuit following discharge from their employer alleging
invasion of privacy relative to employer’s review of employees' "sexually explicit" emails contained in personal [password-protected] folders on company's computer
system. Court held that employees had no reasonable expectation of privacy where
they admitted knowing employer had ability to look at e-mail on company's Intranet
system, and knew they had to be careful about sending e-mails [based upon
company's e-mail policy]. Garrity v. John Hancock Mut. Life Ins. Co., unpublished
Memorandum of U.S. District Court, District of Massachusetts dated May 7, 2002
(Docket No. 00-12143-RWZ)
*
Employee sued former employer for invasion of privacy based upon former
employer's review and dissemination of e-mail to third parties stored in passwordprotected "Personal Folders" application on work computer. At time of employer's
interception of the employee's e-mails, plaintiff employee had been suspended
(pending investigation) into accusations of sexual harassment and "inventory
questions." The Texas Court of Appeals held that "a reasonable person would not
consider Microsoft's interception of these communications to be a highly offensive
invasion" and "the company's interest in preventing inappropriate and unprofessional
comments, or even illegal activity, over its e-mail system would outweigh McLaren's
claimed privacy interest in those communications." McLaren v. Microsoft Corp.,
unpublished opinion of the Texas Court of Appeals dated May 28, 1999 (Docket No.
05-97-00824-cv), p. 5.t
•
•
Co-Worker Reading Another Co-Worker's E-mail in Workplace:
–
Former employee filed suit against former employer and former coworker alleging,
inter alia, invasion of privacy based upon former co-worker reading former
employee's e-mail after she stepped away from her desk. Without determining
whether reading someone's e-mail could give rise to a cognizable invasion of
privacy claim (and thus leaving open the possibility), the Eighth Circuit affirmed
dismissal of claim based upon insufficient evidence as to whether former co-worker
actually did the act complained of by former employee. Powell v. Yellow Book USA,
Inc., 445 F.3d 1074, 1080 (8th Cir., 2006).
E-mails Disseminated by Employer to Other Employees:
–
Employee filed suit against Employer for false light invasion of privacy for sending
two e-mails to company employees containing seminar attendance information. The
information stated that Plaintiff had attended "The Essentials of Communicating with
Diplomacy and Professionalism" seminar implying to a reasonable person that
Plaintiff "was hard to work with, was difficult to communicate with,...had engaged in
workplace misconduct regarding his interaction with his co-workers and managers,
and had negative interpersonal skills, and had negative personality traits." Court
held that plaintiff employee failed to state a claim for false light invasion of privacy
absent any allegation that seminar information was false or that said information
would highly offensive to a reasonable person as required under Arizona law.
Hunley v. Orbital Sciences Corp, -- S.W. 2d -- (D. Ariz., 2007) (March 29, 2007),
p. 2.
Questions?