Computer and Technology Forensics Expert: Managing the Risky Business of Company E-Mail

Photo of author
Written By RobertMaxfield

Lorem ipsum dolor sit amet consectetur pulvinar ligula augue quis venenatis. 

As an employer, Human Resources Director, or Risk Management Supervisor, ask yourself this question: “Do our employees think about the legal risk of sending communications over the internet?” If you are like the majority of companies, your answer would be, “It is highly improbable”. It is a very common problem amid the work place, for an employee to believe their electronic communications are transient, temporary and, once deleted, untraceable and therefore, harmless.

The fact is e-mail, faxes and even cellular phones leave a trace. Just one e-mail sent from your employee to the employee of a different company passes through an average of four different computer systems. This creates a trail making e-mail real, traceable, and permanent.

As an industry leader in Computer and Technology Forensics for the past 20 plus years, we have documented, during the examination of electronic systems, employees who frequently say/save things into e-mails or store on a computer, things they would never say anywhere else. Either having an employee delete a potentially damaging or inflammatory e-mail or even an employee deleting an e-mail on their own, does not protect anyone. In fact, it could in the end harm everyone involved.

If a complaint or inappropriate conduct of an employee has risen to the level where you as an owner/supervisor, need to consult a Computer and Technology Forensics expert, one of the first areas checked is for deleted documents and/or e-mails. These items cause red flags during an examination of equipment, and the original items can and most likely will be found and/or reconstructed. It is very important to understand that the intentional destruction of evidence is a felony, and if proven, could land one in jail.

An example of computer message in a court case dates back to the infamous trial of some of the Los Angeles Police being tried in the 1991 beating of Rodney King. One of the officers created a computer message stating, “… I haven’t beaten anyone that bad in a long time.” This obviously became admissible in court.

See also  Student Group Travel to Washington DC Is Educational and Affordable

A more recent example, is one in which we as a company were hired in a libel case. The libeler was using the internet to post messages on a public bulletin board that were both slanderous and libelous against a competitor in the same field. This person felt that by using “anonymous” e-mails and postings, this would increase their own standing within the same professional community. What the libeler didn’t count on was the traceability of the e-mails to their home, cell phone and company computer systems. We were able to locate the electronic trail, and with this information obtain, on behalf of the client, a court order to confiscate the equipment in order to create image copies of the electronic systems. As a result, in order to keep the issue private, the libeler agreed to a significant out of court settlement.

As an owner/supervisor, it is left to you to consider and take great care in educating your employees in what should or shouldn’t be put in writing. In addition, it is also up to you to make your employees aware how the written word is conveyed when read.

We have now asked and answered two very important questions. First, the majority of employees do not consider the legal risk of electronic communications. Second, as an owner/supervisor why it is crucial you understand the potential legal ramifications. The remainder of this article is devoted to assisting you in creating and/or updating your current policies.

In today’s litigious society, company’s both large and small should have company policies. These policies have traditionally covered areas from dress codes to vacation policies. Within the past five years companies have begun adopting IT policies, generally found within the employee handbook. As a professional Computer and Technology Forensics company, when we are called in to examine hard drives and/or servers due to a company suspecting the improper use of systems, we also discuss the company’s IT policies with the appropriate supervisor or IT manager.

See also  Opportunities for Obtaining an Education and Career in Engineering

In many cases we have found that most policies do not adequately cover what is necessary in the computer and electronic communication age. Companies should have a very clear e-mail and technology use policy. One of the more important ones usually not covered, and unfortunately to the detriment of the employer, is an e-mail retention policy. Since many industries are governed by different and specific federal and/or state statutes on how long information must be retained, your policy should reflect these guidelines.

The policy should be as specific as possible in what types of communications are kept and how long. Make it clear there are both business and legal reasons for the company keeping such information. Information from e-mails as well as other electronic systems can be used in many types of cases, including: harassment, discrimination, antitrust, retaliation, Americans with Disabilities Act, insider trading, accounting fraud, improper trade secret disclosure and more!

REMEMBER- The intentional destruction, of any kind, of evidence relevant to a current or pending lawsuit contained in the e-mail or e-mail attached document, is a felony, and if proven, could land one in jail.

As an owner/supervisor, take a moment to examine your current IT or company’s technology policy. If your company doesn’t currently have an IT or technology policy-get one! While you will need to insure the individual needs of your company are met, following are some topics of what you should consider including in your usage polices:

  • Electronic information ownership
  • Monitoring of technology use
  • Acceptable use of company technology
  • Acceptable content
See also  Securing DataOps - The Case for Satori

If you currently hold meetings with your employees or publish a company newsletter, these are excellent venues to use to educate your employees. Utilize these opportunities to let them know there are certain things they should be aware of when sending or responding to e-mails. Employees should be counseled to be cautious and to not make statements that can be considered a legal conclusion. Let your employees know they should utilize the knowledge and expertise within the company by picking up the phone and calling their supervisor or Human Resource Department.

When educating your employees about the content of an e-mail or using other forms of traceable electronic technology, train the employee to ask themselves these simple questions:

  • Should I put this in e-mail or should I call?
  • Would I write this down knowing that it may exist forever?
  • Would I put this on a postcard and mail it?
  • Would I want to see this printed in the newspaper?
  • Would I want this to get into the hands of my company’s competition?
  • Would I want this to get into the hand of my worst enemy?

Electronic communications are not transient, temporary or untraceable. E-mail is evidence. Education and proper policies go a long way to keep both employees and the employer from ending up in a potential lawsuit trying to explain the written word.