Suppose an e-mail from your company’s in-house attorney
instructs you to preserve all documents related to an ex-employee who is
threatening to sue the company for wrongful termination. In the days before
smartphones and cloud storage, that would have been a relatively limited
exercise: Paper documents would be set aside, and files on the company server
would be backed up. But work-related data can be stored in many places today,
including on employees’ personal devices. Are you required to preserve such
data?
A close call?
Costco Wholesale recently faced that issue in an employment
discrimination and retaliation lawsuit. During discovery (the pretrial exchange
of evidence), the employee asked Costco to produce text messages from the
personal cell phones of two coworkers who mentioned him or his allegations.
Costco objected on the grounds that the discovery request required it to invade
the privacy of its employees, and there was no indication that they sent
inappropriate text messages or used their personal phones for work purposes.
The court denied the employee’s request, determining that Costco didn’t have
possession, custody, or control of the text messages. Cotton v. Costco
Wholesale Corp., 2013 WL 3819974 (D. Kan., July 24, 2013).
Although the court ruled that the employer had no duty to
produce information stored on its employees’ personal devices, the outcome
might have been different if the facts were changed even slightly. Moreover,
courts in other jurisdictions might have taken a contrary approach.
There’s an APPS for that
The law in this area is far from clear, but following the
guidelines below will help employers address e-discovery issues in policies
applicable to personal electronic devices. An easy way to remember the
guidelines is to think of the acronym “APPS.” Follow the APPS guidelines to
avoid getting caught off guard by e-discovery requests:
Access: Reserve the right to access personal devices that
store work-related data. Access is crucial if the company is legally required
to collect and produce data from an employee’s personal devices.
Permission: Clearly specify which personal devices, if any,
employees are authorized to use for work-related purposes. Consider keeping a
log of authorized personal devices and require employees to update the log
whenever they start using a new authorized device or retire an existing one.
Your company’s document retention policy should extend to authorized devices.
Privacy: Notify employees that they should have no
expectation of privacy with regard to data stored on a personal device if they
use the device for work purposes. That prevents your company from being liable
for invasion of privacy if you need to search the contents of an employee’s
personal device to respond to a discovery request.
Segregation: If
possible, segregate work-related content on personal devices from personal
content. Segregation can be implemented with software solutions, but if that
isn’t feasible, at a minimum, instruct and train employees who use a personal
device for work how to keep their personal information separate from the work
data stored on the device. For example, you should prohibit employees from
saving work- related data in a personal cloud storage account.
Source: HR
Hero
No comments:
Post a Comment