Document review, doc review, discovery, e-discovery, or – my favorite – e-disco is generally regarded as the worst part about being a junior litigation associate. You get thousands or hundreds of thousands of documents (emails, spreadsheets, contracts, photos, instant messages, texts, you name it!) to review. Working in-house presently, this job is slightly more interesting because I actually know the people whose emails, IMs, etc. I have the pleasure to read.
Given the various additional channels our employees are able to communicate, like Teams, and the fact that the DOJ has announced its intention to more expansively investigate federal construction contractors, my company is revamping its compliance program. And part of the compliance revamp includes how we will be ensuring compliance across the various additional channels. The short of it is that we will be training employees on the public nature of their communications (in case you didn’t know: your communications on your company’s devices are property of the company and are completely discoverable in litigation, unless protected by some sort of privilege (like attorney-client or attorney work product privilege)) and clarifying the approved uses of the various additional channels (like any prudent employer, we do not condone doing business over text messages and, like any sane legal department, do not want to (a) read and (b) produce your text messages).
All this being said, you may be wondering why the H-E-double-hockey-sticks do I care and will this girl EVER stop blabbing about legal nonsense?
To answer your questions: (a) because as managers of companies you should be aware of the liability of your employees’ use or misuse of internet-connected or any similar technology and (b) not yet, sorry!
First, let’s talk about the two main legal bases under which a company can be held liable for its employees’ use or misuse of internet-connected or any similar technology. There are two legal bases under which a company can be held liable for its employees/ use or misuse of Internet-connected (or any similar) technology: (1) the doctrine of ratification and (2) the doctrine of respondeat superior:
(1) The Doctrine of Ratification
An employer may be liable for an employee’s willful and malicious actions under the principal of ratification. An employee’s actions may be ratified after the fact by the employer’s voluntary election to adopt the employee’s conduct by, in essence, treating the conduct as its own. The failure to discharge an employee after knowledge of his or her wrongful acts may be evidence of supporting ratification.
For example, in Fines v. Heartland, Inc., an employee sued her employer after being sexually harassed and defamed by another employee. There, the sexually harassed employee claimed that her employer ratified the misconduct because her employer delayed in discharging the harassing employee. The court found that by coming to a decision and taking action to discharge the employee within four business days, the company did not ratify the misconduct.
As follows, it is imperative for companies to maintain tight compliance policies that allow for swift considerations of misconduct so as to avoid the consequences of the Doctrine of Ratification
(2) The Doctrine of Respondeat Superior
Under the Doctrine of Respondeat Superior, an employer is vicariously liable for its employees’ torts committed within the scope of the employment. To hold an employer vicariously liable, the plaintiff must establish that the employee’s acts were committed within the scope of the employment. An employer’s vicarious liability may extend to willful and malicious torts. An employee’s tortious act may be within the scope of employment even if it contravenes an express company rule. But, the scope of vicarious liability is not boundless: an employer will not be held vicariously liable for an employee’s malicious or tortious conduct if the employee substantially deviates from the employment duties for personal purposes. Thus, if the employee ‘inflicts an injury out of personal malice, not engendered by the employment’ or acts out of ‘personal malice unconnected with the employment,’ the employee is not acting within the scope of employment.” Fines v. Heartland, Inc. (quoting White v. Mascoutah Printing Co.).
For example, in Fines v. Heartland, Inc., the sexually harassed employee also claimed that her employer was liable under the doctrine of respondeat superior. There, the employer’s handbook stated that “office computers were to be used only for business and not for personal” and that “use of office equipment for personal purposes during office hours constituted misconduct for which the employee would be disciplined.” Id. The court found that such provisions put employees on notice that certain behavior was not only outside the scope of their employment but was an offense that could lead to being discharged. Accordingly, the court found that since the harassing employee’s purpose for sending harassing company emails over company property was “purely personal,” there were no grounds for finding the employer liable under the doctrine of respondeat superior because “there mere fact that they were coworkers is insufficient to hold [the employer] responsible for [the harassing employee’s] malicious conduct.” Id.
It is, thus, important for companies to clearly define the scope of employment, or at least what does not fall under the scope of employment, so as to put employees on notice that certain behavior is outside the scope of their employment and avoid the consequences of the Doctrine of Respondeat Superior.
Second, if you’re still reading, let’s talk about what you – as a manager – can do to help minimize liability exposure. Want to take a guess? Hint, I said it earlier… Yes, that’s right! You should help facilitate changes and additions to the employee manual. (To be clear, it is advisable to consult an attorney (I’ll be able to help in Fall 2022), your company’s compliance officer (if s/he exists), and your company’s HR director.)
Your goals in revising your company’s employee manual in order to minimize liability exposure should be to (a) clarify ownership and monitoring of technology, (b) ensure that the company’s technology is used only for business purposes, and (c) make the policies reflected in the manual effective and enforceable. These goals can be achieved by (1) ensuring that there is no expectation of privacy and (2) dispelling risks of waiver by following the newly-stated employee manual:
(1) Ensure that there is no expectation of privacy by clearly stating that the technology is property of the company and that the company reserves the right to monitor the use of the technology at any time.
This may be accomplished by writing a clear policy that (a) requires a signed statement acknowledging employees’ understanding of the company’s policies, (2) defining key terms such as “monitoring,” and (3) warning employees that deleted computer files may be searched.
The tort of invasion of privacy occurs when a party intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, if the intrusion would be highly offensive to a reasonable person. Courts aptly consider that “the judiciary risk error by elaborating too fully on the implications…of emerging technology before its role in society has become clear. Hogan v. East Shore School (quoting City of Ontario v. Quon, 560 U.S. 746 (2010) (noting that “rapid changes in the dynamics of communication and information transmission are evident not just in the technology itself but in what society accepst as behavior” and that “many employers expect or at least tolerate personal use of such equipment because it often increases worker efficiency”).
For example, in Hogan v. East Shore School, a private school discharged a teacher after uncovering that he was using his employer-provided computer to gamble. There, the employee (the teacher) sued, claiming that the school had invaded his privacy. There, the court affirmed the trial court decision that, as a matter of law, the employee had no expectation of privacy.
(2) Avoid the risk of waiver by following the newly stated employee manual.
It is important to remember that if you’re going to talk the talk, you have to walk the walk. Precedent states that an employer may be assumed to have abandoned or changed even a clearly written company policy if it is not enforced or if, through custom and practice, it has been effectively changed to permit the conduct forbidden in writing but permitted in practice.
For example, in Hogan v. East Shore School, the court found that there was “no reason to believe that a waiver was created when [a school’s employee] handbook was re-issued annually with the same warning [which] reserved the right to monitor use of the computer equipment.” Id.
Employers should, thus, ensure that they follow their newly-instated employee manual closely—both administratively (updating annually) and procedurally (through custom and practice). The DOJ similarly inquires into this when investigating corporations.
In short, your boss (or at least your legal department/outside counsel) can and should read your emails in the face of litigation and perhaps to uphold general compliance that would pass muster under the DOJ’s guidelines for corporate investigations. You should consult legal counsel before altering your code of conduct – and you may just happen to know someone who can help with that already!
*The information provided on this post does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this blog are for general informational purposes only. Information on this website may not constitute the most up-to-date legal or other information. This post contains links to other third-party websites. Such links are only for the convenience of the reader, user or browser; the author does not recommend or endorse the contents of the third-party sites.
**Readers of this post should contact their attorney to obtain advice with respect to any particular legal matter. No reader, user, or browser of this site should act or refrain from acting on the basis of information on this site without first seeking legal advice from counsel in the relevant jurisdiction.