The Internet and electronic communication are two of the
most wondrous things of late 20th and 21st Century. Internet
and computer use have exploded in the past 20 years. According to David Houle, Entering the
Shift Age, ( Sourcebooks, Inc. 2013)
in 1985 there were 25,270,000 computers
in use in the U.S. In 2005 there were
203,700,000 computers in use in the U.S.
Internet users for the same period jumped from 190,000 users to
205,327,000 users. There is reason to
think that the last nine years have been more explosive.
Although the benefits of technology may have increased,
the dangers of misuse or careless use have also increased. There are two dangerous tools of technology
that can come back to bite you: emails
and social media.
Emails. I
have warned about the danger of emails in the past. For some bizarre reason people will say
things in emails that they would never say in a personal or telephone
conversation. They will also send an
email without the normal review and re-reading that most people use in writing
letters. The result is legally dangerous.
Examples follow:
·
A close golfing buddy of a male bank senior
executive sends an email containing a sexually explicit joke to the
executive. The executive then sends the
email on to three other bank employees. This is not the first or only such email. A
female assistant to one of the three employees intercepts the email. About a month later she is fired. She claims sexual discrimination and a
pattern and practice of sexual harassment and discrimination. The EEOC starts its investigation and asks
for the email and any others like it.
Although the bank has a policy against engaging in, sending or
transmitting inappropriate emails the policy has never been monitored or
enforced. The email and others like it
are produced to the EEOC.
Possible Solution: There are no easy ways to enforce policies on
inappropriate email or transmitting offensive emails. Having Information Technology (“IT”)
personnel “police” emails is probably ineffective and distasteful to everyone
. Education of management and key personnel is
the best option. Regular training
concerning the policy and other IT policies would be helpful and could be
combined with sexual harassment training—an important educational and defensive
legal tool.
·
Change the example above slightly. It is three years later. The EEOC drops its
investigation. The fired employee takes
a severance payment and admits she had no other evidence but the emails. The
golfing senior executive attends the regular IT/HR training on inappropriate
emails. When he receives an email from
his golfing buddy he labels it as junk or otherwise deletes it without a sign
that it has been sent on or even read. After the three years has elapsed a clerical
employee then complains that a supervisory employee in her branch has
inappropriately touched her, made sexually inappropriate comments to her and
otherwise harassed her. The supervisory employee is one of the
employees who was sent the sexually explicit email three years ago by the golfing
senior executive. The complaining
employee has heard about the old emails.
She files suit. Her attorney asks
for the email and all others like it from five years back. The bank has no “retention” policy under
which classes of documents, such as old emails, are removed from the computer
system and from archives after a certain time.
The bank has to produce the old damaging emails.
Possible
Solution. Approve a good “retention”
policy for emails which permits the bank
to destroy old email records, provided that litigation is not threatened or
pending which will call for their production. Banks, or any business, are
permitted to destroy or delete old documents, records and emails when they are
not needed or regulatory requirements permit.
The production of damaging emails kept too long and for no business
purpose has damaged many well-known businesses.
Old emails drafted in haste or without thought, can be very damaging and
easily misconstrued. Twenty years ago Bill Gates’ old emails proved invaluable to
the U.S. Government in its antitrust action against Microsoft. Although the retention policies in automobile
manufacturing are different from most business,
the recent GM recall history and those responsible for it, were pieced
together from GM engineering department and legal department emails dating back
to 2002.
Federal and New
Mexico regulations do not set email retention guidelines, except the OCC has
said that some emails which are important to a transaction should be retained. A good email retention policy should include
the following, or variants : (1)
computer users’ emails should be deleted
or removed from computer hard drives after six months; (2) the deleted emails
are then archived for a period of not more than two years from creation, and
computer users can retrieve them upon request ; (3) after two years they are
deleted or destroyed from the archive; (4) if a lawsuit is threatened or brought
during the two year period, a “hold” is put on all emails concerning the
threatened litigation, but all other emails in archive are deleted or
destroyed. I understand that most email
records that are deleted or destroyed from the archive do not really
“disappear”, but the cost of retrieval and the difficulty of retrieval is great.
The burden and cost is usually always borne by the requesting party. From experience I prefer the shorter times I
have outlined but within reason the
periods are within management discretion.
Robert Childs is Chief Operating Officer of CAaNES, a New Mexico company
offering nationwide security services to banks and others. He has years of experience with retention
systems. When asked about the ease of
retrieval of taped archived emails, Childs stated that “restoring is not necessarily difficult, though it can be time
consuming. One would need to know the dates / date ranges to look for,
find the correct backup tape for that time period, and search for the emails in
question, and restore the email files to a restore location…”. The process is not expensive, aside from the
time expended, and the difficulty increases with the age of the emails sought,
Childs added.
·
In the renewal of a complex loan with an impending due date, a
bank’s loan officer sends numerous emails to the borrower. The emails discuss the bank’s many unsettled
terms for the renewal, including potential interest rates, term of the renewed
loan to value ratios, additional real estate collateral, etc. The negotiations are not entirely cordial
because the customer is in a business threatened by reductions in government
contracts. Negotiations break down. The bank reluctantly has to notify the
customer that although it will give the business 30 days after the due date to
find a new loan, the bank will move to collect and foreclose if the loan is not paid. The customer’s lawyer writes the loan officer. The lawyer states that from the loan
officer’s emails the bank agreed to a renewal of the loan on terms favorable to
the customer. The lawyer says that unless
the bank agrees to the terms set forth in the lawyer’s letter (based upon the
emails) she will file suit within ten days.
The renewed loan terms were
never approved by the bank’s loan committee or President and there was no
written loan commitment signed by the bank and customer.
Possible
Solution. I recommend that all bank loan
personnel emails bear a standard end-of-email sentence similar to the standard
statement most businesses use concerning the email recipient’s getting an email
in error. The standard loan personnel
end-of-email statement should recite in “plain English” that nothing in the
email message is binding on the bank or is a contract unless approved by a loan committee, appropriate senior
executive management, the Board or by a signed commitment letter. In my experience, not all banks use such a
simple precaution. Some of the large
national banks appear not to use such precautionary measures. In New Mexico First American Bank uses a
workable standard statement concerning its loan officers not binding the bank
unless certain conditions are met. My
experience my be incomplete, but I think First American may be in the minority
in using such precautionary statements in their loan officer’s emails
communications.
Social Media. Social Media can be as dangerous as emails but
the experience is limited, but growing.
Some dangerous legal areas for
social media are now clear. First, any
company policy that purports to set how employees can use their personal social
media accounts runs the strong risk that the National Labor Relations Board
will find that policy to be an unfair labor practice. You do not have to be unionized since the
National Labor Relations Act applies generally to all employers. The NLRB has prosecuted several companies for
having policies which appear generally benign because they might interfere with
“protected concerted activity.” Second,
using social media for screening prospective job applicants has hidden
dangers. Bob Tinnin, a New Mexico expert
in employment law, warns in the June 24 edition of hero© line (HRHero.com),
that using social media may have serious legal consequences. For example, if you use social media do not
be selective. If you are too selective
you risk charges of discrimination under state and federal law. If you have the social media searches done by
a contractor, you will probably be subject to the FCRA and may have to notify
rejected applicants of the use of the social media, furnish a copy of the media
on which you relied and a statement of FCRA rights. You may also violate state law. A 2013 New Mexico statute prohibits employers from requesting social media passwords for job purposes. Again, under certain circumstances you might run afoul of the National Labor Relations Act, depending on how you use the social media. In short, given the risks and problems, Tinnin advises against using social media in employment screening. [The reader should be aware that Bob Tinnin is the founder and senior partner of Tinnin Law Firm, a firm with which I am associated.]
Do Good,
MARSHALL G MARTIN
Tinnin Law Firm
505-228-8506 (cell)
505-768-1500 (office)
