iWe live in an age of risk, where we hear about catastrophes all too often. Some are natural disasters like Hurricane Katrina; others are manmade. Many we can do very little about. Others, however, we can learn to manage or avoid. But to do that, we need to identify those risks. Businesses protect themselves with appropriate insurance coverage for known risks. Unfortunately, insurance cannot cover everything, and there are two areas of risk that are often ignored: internal investigations and e-mail.
Internal Investigations
Companies conduct internal investigations for many reasons. There may be a complaint of sexual harassment, or perhaps a theft of property or loss of trade secrets. Whatever the reason, there is one hidden danger that should not be overlooked. In the process of determining what happened, a company can inadvertently create "bad facts"—misleading and often untrue documentation that can become harmful evidence.
How does this happen? Quite easily, as it turns out. The person leading the investigation begins gathering facts and interviewing various people, taking detailed notes in the process. Even when this "hearsay" is untrue or only partially true, the notes make it appear that the statements are "fact." The investigator has now created "bad evidence" that could come back to haunt the company in litigation.
So the first thing to keep in mind in any internal investigation is to be careful what you write down. Better yet, before conducting an internal investigation, seek legal advice. If an attorney actually conducts the investigation, the statements compiled might be protected by the attorney-client or work product privilege. More importantly, an attorney can guide the investigation to offer you maximum protection while helping you avoid creating bad facts.
Below are a few simple rules for any internal investigation:
- Seek legal assistance
- Put someone in charge
a. An attorney if possible
b. Outside counsel is best - Freeze all relevant e-mails
- Control the flow of paper
a. Don't put everything in writing
b. Separate fact from speculation - Ensure that confidentiality is actually maintained
- Document the reasons for the investigation
E-Mails
E-mails are another area laced with hidden danger. Obviously, this once-revolutionary form of electronic communication is here to stay, and it is easy to see why. Fast and easy to use, e-mails can reach a huge, widespread audience. They are accessible virtually everywhere and keep people in almost instantaneous contact with each other. As a result, they are often treated like conversation.
An e-mail is seldom revised or reviewed. Rather, the parties quickly compose a message and send it, which can often lead to confusion or miscommunication. For example, it is easy to leave the word "not" out of a sentence. It is also easy to miss a joke or misinterpret the tone or connotation. People often say things in an e-mail that they would not have said if they had given it more thought or written a traditional letter.
Another problem is that e-mails can become an unexpected permanent record that must be produced in litigation. Because e-mails can be found on servers, laptops, backup systems and so on, producing them is often costly and disruptive. If a company does not produce all of its e-mails, the opposing side might seek sanctions or use that failure as evidence that the records contained damaging evidence. On the other hand, if the e-mails are produced, they could become harmful evidence because of the misleading statements, unintended meanings and other "loose talk" that are often contained in those messages.
E-mail Dos and Don'ts
So what can you do about this hidden risk? A company's most effective defense is to enact a policy that controls the use, retention and destruction of e-mails—those contained not only on the company's servers but also on all PCs, laptops, backup tapes and archival systems. The policy should state that only "business record" e-mails (e.g., letters of agreement and third-party correspondence) be kept for any length of time. All other e-mails, especially internal ones, should be deleted every few weeks.
To help you get started, here are a few dos and don'ts:
- Do have a specific e-mail and Internet policy
- Do include a copy in your employee handbook
- Do retain "business record" e-mails, but no others
- Don't enforce the e-mail policy selectively
- Don't conduct secret monitoring
- Don't acquire unnecessary employee information
- Don't engage in non-business-related monitoring
- Don't lose track of the location of your e-mails
- Don't keep everything everywhere forever
An e-mail policy should be part of a larger document retention policy that also covers all other documents—electronic and paper—maintained by the company. Of course, creating your policy is only half the battle. Failing to enforce it presents another hidden risk that must be managed. For far too many companies, this is the hardest risk of them all to manage. If you need assistance in doing so, give us a call.
