Recent Poll of Employee Data Practices Indicate Employers Exposed to Litigation Risks Because of Employee Practices

Expansive Influence of Social Media Applications Creates Unique Electronic Discovery Challenges
September 21, 2017
Court’s Broad Interpretation of “Control” Over Text Messages of a Third-Party Leads to Adverse Inference Discovery Sanction
October 8, 2017

Recent Poll of Employee Data Practices Indicate Employers Exposed to Litigation Risks Because of Employee Practices

share this post via

The management of big data and litigation risks associated with e-Discovery are issues of growing importance.  A recent study suggests that these risks are magnified because of the use of company computer data networks by employees for personal email, social media activity, and web surfing.  The Harris Poll found that many companies have failed to implement policies regarding personal use of electronic devices and networks or to make employees aware of company norms regarding such use.  The results of the poll are concerning in the big data era because email retention policies and similar data risk management policies can determine the outcome of investigations, lawsuits, and regulatory proceedings.

Participants in the poll revealed that a significant number of employees engage in practices that expose companies to data risks.  Some of the most notable findings include the following:

  • 47 percent sent personal emails using the companies Wi-Fi.
  • 45 percent surfed the internet for personal reasons.
  • 40 percent engaged in text messaging through the company Wi-Fi network.
  • 23 percent used their employer’s Wi-Fi to communicate through personal messaging apps.
  • 22 percent used the company internet to engage in social media activity.
  • 20 percent sent personal photographs over the company network.
  • 10 percent sent videos over an employer’s Wi-Fi.

This widespread use of company data systems and devices by employees for personal purposes exposes employee private information to accidental disclosure and leaves employers at-risk of liability for inadvertent disclosure.  Although 98 percent of respondents in the poll indicated that they placed a high value on privacy, their actions show a disconnect between their attitudes and behavior in the workplace.

The poll results also revealed that far too many businesses have either failed to adopt proper data management practices or to instruct employees regarding such practices.  Participants indicated that 63 percent of their employers adopted no written data policies or failed to make employees aware of any such practices or procedures.

This failure to adopt and implement data risk management policies can increase company exposure to liability or compromise litigation strategy.  For example, a Delaware judge hit a corporate defendant with $3 million in sanctions plus costs because the company deleted emails relevant to litigation.  Similarly, a commercial airline carrier was subject to multiple discovery sanctions in the amount of $2.7 million for failure to preserve emails.

Employee information that would otherwise be confidential or privileged can be subject to discovery when it is shared over a company network.  Generally, parties can waive attorney-client privilege by exposing third-parties to the information.  Employees sometimes use company Wi-Fi to send emails or instant messages, transmitting sensitive information about financial issues, legal problems, or medical histories.  Disclosure of otherwise protected information over a company Wi-Fi network might result in a waiver of attorney-client privilege or loss of other legal protections afforded to confidential information.  Employees should never engage in communication with their attorney via email, messaging, or social media through the use of their company Wi-Fi or network.

Companies can mitigate the risk associated with data breaches during discovery and spoliation of evidence issues by adopting data management procedures and making sure employees understand these policies.  Businesses can mitigate the risks associated with big data in the workplace by taking the following steps:

  • Ensure that employees are informed they might not have a right to privacy when using computers and other electronic devices in the office.  A privacy policy regarding personal communications of employees in the workplace should be implemented and consistently enforced.
  • Develop and implement a clear policy regarding use of company Wi-Fi, networks, and devices for emailing, messaging, and social networking.
  • Create a data retention policy that can be defended in discovery disputes should litigation arise.
  • Use training and education programs to ensure that employees understand their responsibilities regarding data retention.

While these practices cannot completely eliminate the risk of liability, companies with comprehensive implemented data management programs can limit their exposure to liability.

Comments are closed.