From: Staffing

Technology provides many options for employers to streamline operations and increase efficiency.  Additionally, as the workforce continues to change, with Baby Boomers retiring and Millennials entering the workforce at a high rate, the impact and necessity of technology becomes vital to a business’ success.  Empirical evidence clearly shows that Millennials, who grew up in the electronic age, expect to use technology in the workforce for everyday activities, from surfing the internet for information to onboarding.  Companies that wish to get ahead in the race to attract and retain the best and brightest new talent must embrace technology in its every day operations.  From a human resources and legal perspective, this continual influx of new technology creates many practical implications that must be well-considered and addressed.  When considering any new technology, the company needs to consider not only the expectations of the newest generation, but also the expectations of the older generations.  Before making any changes, the company should do a thorough analysis as to the impact the technology will have and how the current and future workforce will embrace the new technology.  Additionally, the company should consider the pros and cons of using the new technology, both from a business operations perspective and an employee relations perspective.  Finally, the company needs to anticipate the likely legal ramifications of the new technology, and develop policies and procedures to best protect the company from those dangers.

Documentation

Accurate and up-to-date personnel files, time records and payroll information can assist employers in tracking the workforce, organizing hiring and retention decisions, and protecting their organizations from liability.  Many employers are creating and/or storing these documents electronically.  With the increased reliance on emails and other electronic communication systems, companies are frequently faced with the problem of “information overload”, which can slow down their operating systems or increase costs due to storage.  Failure to properly maintain these documents can lead to unnecessary litigation.  Employers are encouraged to have a written document retention policy that governs the storage and maintenance of all records, including electronic ones.  Having such a policy will allow companies to comply with applicable recordkeeping laws and can help to keep the costs of litigation in check.

Importance of Having a Document Retention Policy

A document retention policy is extremely important so that companies can manage their paper and electronic files.  From a litigation perspective, a document retention policy provides protection to the company in the event documents have been properly purged and are no longer available for production.  Of course, having a policy, in and of itself, is not sufficient; that policy needs to be followed.  If the employer fails to have the information referenced in its own policy for the requisite period, adverse consequences are likely.  Specifically, it is possible that a judge may instruct a jury that it may infer the relevant records were destroyed, perhaps to conceal damaging evidence, when the documents are not maintained as required in the policy.  Additionally, sanctions and significant monetary penalties may be imposed.  A claim of spoliation can significantly add to the already high costs of litigation.  On the other hand, if a company does not have a three-year old email that was purged pursuant to a document retention policy, the company can be protected from any adverse inference.

How Long to Keep Documents

Whether electronic or paper, some categories of information must be retained for a minimum period by law.  For a detailed outline of federal employment recordkeeping requirements, please see Appendix 1.  When there is no legal requirement, discretion should be exercised when deciding how long to retain documents.  Long retention periods may be wise because the information retained may provide the evidence needed for defense in litigation.  However, some organizations may elect to only retain certain documents, such as e-mails, for a short time period—such as 30, 60 or 90 days—to keep down the volume of material on their system or to minimize their production obligation during a lawsuit.  Courts recognize that employers do not have a duty to retain every scrap of information produced by the organization and some information that is no longer needed may be destroyed.

When in doubt, employers should retain records for the longest applicable statute of limitations.  This will ensure that the employer has all necessary personnel files, emails, policies and other documents required if a lawsuit is filed.  For instance, if an employer is aware of a potential or pending employee charge with the EEOC, the employer must keep the employee’s records for four years, which is the longest applicable statute of limitations under either Federal or Florida law.  Likewise, if an employer receives a demand letter from an employee requesting unpaid wages, the employer must keep the employee’s records for at least three years, which is the longest applicable statute of limitations under the Fair Labor Standards Act.

How eDiscovery is Changing Document Retention

Ninety-eight percent of information created today is digital and stored electronically.  eDiscovery, a term used to describe the exchange of electronic information during a lawsuit, has caused a great deal of confusion in the legal system.  Some key points to know about electronic document retention are outlined below:

A Document is a Document

For litigation purposes, electronic documents are no different than any other documents. They must be maintained and produced during discovery just like tangible, paper documents.  Unless otherwise requested or ordered by the court, electronic information may be produced in the form in which it is maintained in the ordinary course of business or in a form that is reasonably usable.

Preserving Electronic Information Is Vital

The pitfalls of failing to adequately preserve “electronic evidence” such as e-mails and instant messages are increasing.  In perhaps the most notable case, the employer’s failure to preserve electronic evidence in a discrimination case led to an “adverse inference” jury instruction that the missing documents were favorable to the plaintiff.  The result was a $29 million verdict for the plaintiff.  Zubulake v. U.S. Warburg LLC, (2003).  In 2006, Morgan Stanley & Co. was hit with a verdict of $1.5 billion, in large part because of an “adverse inference” jury instruction due to the firm’s failure to comply with the Court’s orders regarding electronic discovery.

The “Safe Harbor” Provision

The Federal Rules of Civil Procedure have a “Safe Harbor” provision that protects against sanctions where a party has lost, altered or destroyed relevant electronic evidence “in good faith.”  The good faith inquiry will focus on the party’s knowledge that the information was relevant to the matter in litigation, the party’s efforts to preserve the information and whether the information was lost, altered or destroyed despite the party’s efforts to preserve it.

Develop a Protocol For Preservation of Electronic Evidence

Litigation may be likely to occur if the employer has knowledge of employee complaints of illegal treatment, demand letters from attorneys, administrative charges or threats of litigation.  When an employer becomes aware that litigation is likely, management should immediately notify legal counsel.  Counsel and Human Resources should then identify the “Key Players.”  At a minimum, Key Players will always include the following:

1. The employee(s) making the complaint
2. All alleged discriminators/wrongdoers
3. All witnesses to events that make up the employee’s claim
4. All decisionmakers, including upper-level managers who “rubber stamp” a decision, Human Resources and counsel

Other individuals who do not fit into these categories may be key players, depending on the circumstances of the particular case.

Once the key players are identified, a written “litigation hold” should be placed on any electronic files (including but not limited to e-mails and instant messages) from the key players.  The “hold” should warn recipients to preserve all such documentation regarding the employee and the relevant subject matter, and the consequences of failure to do so.  Employees, including the key players, should be warned that failure to comply with the “litigation hold” may result in disciplinary action, up to and including discharge.

Counsel and Human Resources should meet with IT personnel to determine how to make the “litigation hold” as automatic as possible so that it is not necessary to rely on individuals, some of whom may not be “computer literate” or, worse, may have a vested interest in destroying documentation.  The employer’s IT department or consultant, in consultation with counsel, should conduct a broad “search” for relevant files and then preserve the results.  Back-up tapes or disks with potentially relevant information should be given to counsel or stored separately and clearly marked so that they are not written over, or “recycled.”

Internet and Computer Policy

One of the biggest changes brought about by technology is the use of computers and the internet.  Employers are constantly struggling with the issue of whether to allow employees personal access.  Employers are oftentimes concerned about the loss of productivity if employees can use their computer for personal reasons.  On the other hand, employers know that many employees will expect the ability to do so and not allowing some access may adversely impact employee morale.  Regardless of where an employer comes out on this issue, all employers should consider implementing a policy concerning the use of the company’s computers and servers when conducting both company and personal business.  Whether the policy allows limited personal use or strictly prohibits the same, many employees mistakenly believe that they have an expectation of privacy in their use of the computer and/or internet.  Providing written notice of the company’s internet and computer policy is vital in defeating any potential privacy claim.  Employees should be notified of this policy, informed of the guidelines and understand that there is no expectation of privacy on their work computers or any programs accessed on their company computers.  Employers should clearly communicate that the security of e-mail and other internet communications (including instant messaging) is not guaranteed.  Additionally, the policy should note that communications through the employer’s workstations and computers are subject to monitoring or inspection at any time.  The technology policy should also address how passwords should be used and how access to various programs is managed.  Employees should be required to disclose their passwords to Human Resources or the office manager to facilitate access.  While these steps will not ensure that employees stay on task, they will provide much needed security for the employer.

Company Issued Cell Phones

While cell phones and smart phones can promote employee productivity, employers must also be aware that they can pose certain dangers, especially when confidential or proprietary information is stored on or accessed by the device.  In order to protect the privacy of information on company-issued devices, certain security measures need to be taken.  Certain documents should be password protected so that if transmitted electronically, the information cannot be automatically viewed.  Human Resources, Legal, IT and Operations should work together to create a list of documents which must be password protected, as well as a protocol for the transmission of such documents.  Additionally, employees should be required to have a password on their phone so that its access will be limited.  Further, certain measures should be taken so that IT can access the device and wipe the contents of it in the event the device is lost.

Another issue that arises with the use of company-owned devices is the ability of the company to monitor information and emails.  A recent case in Ohio, Lazette v. Kulmatycki and Cellco Partnership, d/b/a Verizon Wireless, found that an employer could be sued under the Stored Communications Act after it monitored personal emails on a company-owned device.  In that case, the company had told the employee she could use the device for personal email, which she did.  Upon leaving the company, the employee thought she had wiped the device before she returned it to the company.  The supervisor saw that the now-former employee had not actually wiped her personal email account and read approximately 48,000 personal emails.

The Stored Communications Act (SCA) bars a third party from intentionally accessing “without authorization a facility through which an electronic communication is provided”.  The SCA carriers criminal penalties and fines.  While the law was originally intended to allow the authorities to bring charges against hackers, its use in the employment context is rising.

All companies that provide cell phones to their employees should consider a policy addressing issues such as those raised by the Lazette case.  Specifically, a company policy needs to address the employee’s use of and expectation of privacy regarding all company equipment, including cell phones.  In order to prevent running afoul of the SCA, the employer should receive express consent in the form of a signed document if they intend to monitor such devices.

Employee-Owned Cell Phones and Personal Devices

Many companies do not provide company cell phones but rather allow their employees to use their own personal devices at work and/or for work related reasons.  The obvious benefit of such a practice is the cost associated with providing cell phones to employees.  However, there are risks associated with allowing employees access to company information thorough their personal devices. There are privacy concerns regarding employees accessing company information from their own devices that should be considered.  If an employee has access to a company system through his phone, the employee likely also has access to confidential information, trade secrets and private personally identifiable data on customers and/or employees.  This can raise serious concerns if the information is not adequately protected by the employee or if the employee is terminated.   As previously mentioned, one step that should be taken to protect sensitive and private information is the use of passwords in the documents themselves.

In addition, many companies are developing “Bring Your Own Device” (BYOD) policies.  These policies should contain guidelines on who may access company information, including email, from their personal devices, and place clear restrictions on the use of such information.   In addition, the policy should make clear that employees are expected to maintain the confidentiality of all company information and data contained on their personal devices.  Further, companies should have a plan in place to wipe all emails generated through the company’s email system and confidential information which is maintained on a personal device at the time of termination or in the event the device is lost.  A company’s IT department should have a process in place so that it can be immediately implemented in these events.

An additional avenue for liability relates to employees who use their device for work related functions while driving.  While most states have laws preventing texting and driving, an employer’s policy should also address this issue.  Failure to do so could result in liability in the event of an accident.  For example, the City of Palo Alto, California settled a lawsuit for 1.5 million dollars as the result of a 2006 automobile accident caused by a city worker who ran a red light while reaching for his cell phone instead of keeping his eyes on the road and his hands on the steering wheel. The plaintiff, Silvio Obregon, suffered unspecified “debilitating spinal injuries” caused by the negligence of city worker, Rubin Salas.  Obregon v. The City of Palo Alto.  While a policy is not guaranteed to prevent accidents or protect the employer in the event of an accident, it is an additional safeguard prudent employers should use.  Specifically, the policy should forbid employees from texting or emailing while driving for work reasons, and also prevent employees from sending/reading any work-related emails or texts while driving at any time.  The policy should also address whether employees are permitted to use a cell phone to talk while driving, whether a hands-free device is required or whether the employee must pull over to use the cell phone.

Finally, any policy addressing the issue of cell phones and other devices must also contain an express prohibition against harassment, discrimination and retaliation.  Such a provision allows the employer to raise a defense of inappropriate use of technology in violation of corporate policy as well as the use of technology outside the scope of employment.  A policy of this nature puts employees on notice that such devices are not to be used to further a harassing or abusive working environment.