The management of big data and litigation risks associated with e-Discovery are issues of growing importance. A recent study suggests that these risks are magnified because of the use of company computer data networks by employees for personal email, social media activity, and web surfing. The Harris Poll found that many companies have failed to implement policies regarding personal use of electronic devices and networks or to make employees aware of company norms regarding such use. The results of the poll are concerning in the big data era because email retention policies and similar data risk management policies can determine the outcome of investigations, lawsuits, and regulatory proceedings.
Participants in the poll revealed that a significant number of employees engage in practices that expose companies to data risks. Some of the most notable findings include the following:
This widespread use of company data systems and devices by employees for personal purposes exposes employee private information to accidental disclosure and leaves employers at-risk of liability for inadvertent disclosure. Although 98 percent of respondents in the poll indicated that they placed a high value on privacy, their actions show a disconnect between their attitudes and behavior in the workplace.
The poll results also revealed that far too many businesses have either failed to adopt proper data management practices or to instruct employees regarding such practices. Participants indicated that 63 percent of their employers adopted no written data policies or failed to make employees aware of any such practices or procedures.
This failure to adopt and implement data risk management policies can increase company exposure to liability or compromise litigation strategy. For example, a Delaware judge hit a corporate defendant with $3 million in sanctions plus costs because the company deleted emails relevant to litigation. Similarly, a commercial airline carrier was subject to multiple discovery sanctions in the amount of $2.7 million for failure to preserve emails.
Employee information that would otherwise be confidential or privileged can be subject to discovery when it is shared over a company network. Generally, parties can waive attorney-client privilege by exposing third-parties to the information. Employees sometimes use company Wi-Fi to send emails or instant messages, transmitting sensitive information about financial issues, legal problems, or medical histories. Disclosure of otherwise protected information over a company Wi-Fi network might result in a waiver of attorney-client privilege or loss of other legal protections afforded to confidential information. Employees should never engage in communication with their attorney via email, messaging, or social media through the use of their company Wi-Fi or network.
Companies can mitigate the risk associated with data breaches during discovery and spoliation of evidence issues by adopting data management procedures and making sure employees understand these policies. Businesses can mitigate the risks associated with big data in the workplace by taking the following steps:
While these practices cannot completely eliminate the risk of liability, companies with comprehensive implemented data management programs can limit their exposure to liability.