Insights

You’ve Got Mail … And You Need to Handle it Lawfully

May 10, 2016

Management Liability/D&O

“Inbox Zero” sounds like a kind of Zen dream. Most of us, however, feel overwhelmed by email. Overwhelming you, it turns out, isn’t the worst thing that your email might do to you. If poorly managed, your email might one day embarrass you or incriminate you.

Email Concept With Girl's Hands

 

The Sony hack is probably one of the most memorable cyber events in recent history—so big that it caused a virtual battle between the United States and North Korea and the premature takedown of what was intended to be a funny movie.

Among the headaches endured by Sony was the exposure of countless confidential emails. Some of these emails contained sensitive business information.

Those that got the most press, however, were filled with embarrassing comments that were never supposed to see the light of day.

Why does this matter to directors and officers of public and private companies?

Because Sony executives aren’t anomalies when it comes to folks using emails to express themselves in less than politically correct ways. After all, the thought goes (assuming there is any thought given), how is anyone going to find out?

The answer:

  1. You might get hacked; and
  2. You might be subject to litigation.

With respect to hacking, security experts are focused on how to increase the strength of the cyber infrastructure.

Another idea, relevant both to hacking or litigation, is to refrain from writing embarrassing emails in the first place. This is great advice.

It’s also really hard to follow if you are both human and occasionally less than perfectly disciplined.

What about just deleting emails? Isn’t this the easiest solution?

Maybe, but it’s not likely to happen. Most people are digital hoarders. People don’t like to delete emails.

Perhaps it’s the fear that one might need that email one day. Or maybe, because storage is cheap and everyone is busy, it’s hard to get around to cleaning up one’s inbox.

The result is that most email inboxes have become a bottomless pit of electronic data. The pit is so deep that the mere idea of sorting through the data is usually unthinkable.

But let’s say you decide to do an email purge: great. But first, make sure no litigation is pending or probable. Otherwise, you might have a spoliation of evidence problem.

Spoliation of evidence refers to the intentional tampering or reckless handling of evidence that is relevant to a legal proceeding.

Spoliation is not only illegal, but also can result in penalties and sometimes, prison time. There are several ways a court would determine how to assess penalties for a violation such as this.

This article at Inside Counsel points out that gross negligence of evidence handling may be met with even more severe sanctions than intentional tampering in some cases.

 

Emails and Spoliation of Evidence

A famous case about spoliation of evidence and email is the story of Frank Quattrone, a Silicon Valley banker. When his investment bank was under subpoena to produce documents relating to an investigation, a certain email exchange raised red flags to a jury examining the case.

The email exchange itself had to do with the document policy at the bank, discussing what was to be kept and what should be destroyed as part of the regular policy. Quattrone sent a memo out that stated he “strongly advised” the recipients of the email to follow standard document purging.

This was enough for a jury to find Quattrone guilty of obstructing justice by hindering a federal probe.

It’s important to point out that a federal appeals court ultimately reversed Quattrone’s conviction on the grounds that the jury had been given improper instructions. Quattrone was granted a new trial (it would have been the third one), but in the end, reached a deferred prosecution agreement involving no jail time.

Most regard Quattrone as ultimately having been exonerated, but not before he suffered years of purgatory. Spoliation is tricky, and the next person with a similar set of facts my not prevail the way Quattrone did.

Anti-spoliation statutes are written broadly. This creates a fraught situation given the vast quantities of emails—not to mention texts and other forms of electronic communications—that are constantly sloshing around us.

As electronic communications continue to proliferate—think social media, e-collaboration rooms and the like—the chance escalates that someone will inadvertently and innocently delete something in a way that a third party will later argue was spoliation.

 

How to Handle Electronic Communications

Does all of this mean we should keep all emails and copies of all social media from the beginning of time, just to be safe?

Not really. Such practices leave a business even more vulnerable if and when a cyber attack occurs. Imagine hackers being able to download every miserable email, post, text, tweet and snapchat everyone at your company ever produced.

It was bad enough with Sony and the estimated 100 terabytes of data that exposed countless confidential matters. You don’t want to be the next Sony.

Your best bet is to have a thorough document retention policy that outlines proper handling for all documents in general—including cyber documents like emails, text, etc. The policy should also detail how the documents should be treated if litigation or an investigation that could lead to litigation is pending or probable.

 

What Should a Document Retention Policy Contain?

Document retention policies must be practical. If your company is only capable of enforcing such a policy sporadically, talk to outside counsel about whether it might be better not to have a policy at all.

Keep in mind that document retention policies can be very complex to create, implement and maintain in every corner of the organization.

When done well, document retention policies can insulate a company from a negative inference that plaintiffs would like a court to draw based on the fact that a company no longer has electronic data.

The cases that showcase the defensible deletion of electronic documents clearly demonstrate the risk mitigation value of following a thoughtful document retention policy.

Whether or not you put it in your document retention policy, it’s important to have a written procedure about how to implement a litigation hold.

A litigation hold notice, also known as a preservation notice, is the way a company communicates to its employees that they should not modify or destroy documents that may be relevant to imminent litigation.

The particulars of each situation will have to be sorted out with the help of outside counsel. However, take the time to write a rough draft of a litigation hold notice, and consider having it reviewed by counsel. Time moves quickly when you are faced with a situation that requires sending out a litigation hold notice. Any steps you can take to plan for this now will help you later.

It’s also important that the general counsel’s office has a line of sight into the scope of electronic data (emails, texts, chats, cloud storage, flash drives, etc.) that a company has. The general counsel’s office will also want to understand (and where appropriate, influence) your company’s policies when it comes to any automatic destruction of electronic data so that this automatic destruction protocol can be interrupted when needed due to imminent litigation.

Even though it’s a bit of an older publication, this short guide by Perkins Coie on creating a document retention policy is very useful.

In closing, emails and other electronic communications are only increasing. A thoughtful approach to handling these communications won’t necessarily help get you to Inbox Zero or free you from the tyranny of too much information. You can, however, take steps to avoid being embarrassed or incriminated by your inbox.

 

The views expressed in this blog are solely those of the author. This blog should not be taken as insurance or legal advice for your particular situation. Questions? Comments? Concerns? Email: phuskins@woodruffsawyer.com.

Was this post helpful?

See all articles by Priya Cherian Huskins, Esq.

All views expressed in this article are the author’s own and do not necessarily represent the position of Woodruff-Sawyer & Co.

Priya Cherian Huskins

Senior Vice President, Management Liability

Editor, Management Liability/D&O

Priya is a recognized expert and frequent speaker on D&O liability risk and its mitigation. In addition to consulting on D&O insurance, she counsels clients on corporate governance matters, including ways to reduce their exposure to shareholder lawsuits and regulatory investigations. Priya serves on the board of an S&P 500 public company and a large private company and has an impressive list of publications, speaking engagements, and awards for her influence and expertise in the industry. 

415.402.6527

LinkedIn

Priya Cherian Huskins

Senior Vice President, Management Liability

Editor, Management Liability/D&O

Priya is a recognized expert and frequent speaker on D&O liability risk and its mitigation. In addition to consulting on D&O insurance, she counsels clients on corporate governance matters, including ways to reduce their exposure to shareholder lawsuits and regulatory investigations. Priya serves on the board of an S&P 500 public company and a large private company and has an impressive list of publications, speaking engagements, and awards for her influence and expertise in the industry. 

415.402.6527

LinkedIn