You are on page 1of 74



§ 21.1


§ 21.1.1

Prudent employers are making a constant effort to understand the capabilities, and the
possibilities for abuse, of the electronic resources they provide to their employees. Tools
offered by businesses to increase productivity can be misused by employees. The now-routine
business function of providing most employees with access to a high-speed internet
connection, whether hard-wired or via wi-fi, means that employers must be sure that such
access, and other workplace tools, are being used as intended by the employer. The boss who
fails to keep tabs on how her employee is using the company-provided laptop, cameraphone,
Blackberry, or cell phone may find her company — or herself — responsible for the misuse
of these devices.

In 2009, the greatest negative exposure to America’s employers from employees misusing the
twenty-first century workplace tools remains the misuse of Internet access, and improper use
of e-mail. Associated with those dangers is the problem of retention of e-mails and
voicemails. Employers must be vigilant in complying with any industry requirements
concerning the retention of electronic communications, but must also be careful not to keep
such materials too long. E-mail and voicemail continue to constitute an increasing accessible
source of evidence. 1


COPYRIGHT © 2009 LITTLER MENDELSON, P.C. All material contained within this publication
is protected by copyright law and may not be reproduced without the express written
consent of Littler Mendelson.

§ 21.1.2


§ 21.1.2(a)
The Equipment
The equipment in what used to be called “the office” continues to evolve. A recent survey of
employees who use the Internet or e-mail at work found that 61% used a laptop. 2 The
increasing use of laptops is encouraging employees to meet elsewhere in the office, or outside
of it.3 Thirty-eight percent of mobile phones sold worldwide in 2005 were cameraphones —
slightly less than 300 million of them. In 2004, cameraphones represented 14% of all mobile
phone sales.4

Employers must also be wary of employee use of devices not intended to be used in the
workplace, but which could be used — and abused there. Apple iPods, USB sticks, and MP3
players have the capability of copying large amounts of data from corporate networks without
easy detection.5

Mobile e-mail access devices and Personal Digital Assistants (PDAs), like the ubiquitous
BlackBerry, are creating potential liabilities while increasing worker productivity. The
American Physical Therapy Association has warned that the overuse of PDAs can lead to
tendonitis, and swelling, “a condition known as BlackBerry Thumb. . . .”6 To the extent a
company requires employees to use these devices, the company may face liability or workers’
compensation claims related to injuries from the devices.

Not only should employers worry about work-related injuries, but the mobility of today’s
office, with employees seemingly able to work anywhere they can access the Internet from a
laptop, places employers at risk of theft and disclosure of trade secrets and other valuable
intellectual property, not to mention loss of capital assets.7

§ 21.1.2(b)
Employer Monitoring of Employee Use of Electronic Resources
Should employers keep track of how employees are using office technology? Yes. One report
revealed that, although 92% of employees surveyed believed they had never sent an e-mail
which could place their company at risk, 68% of them actually had sent such an e-mail.8

Mary Madden, Networked Workers, Pew Research Center Publications, available at (last visited Jan. 9, 2009).
Karen Rives, Goodbye Cubicle, RALEIGH NEWS & OBSERVER, Jan. 8, 2006.
INTERNETWEEK, Dec. 1, 2005.
Utimaco Advises Increased Security for Mobile Device Use in Workplace, WORLDWIDE COMPUTER
PROD. NEWS, Dec. 20, 2005. See also Jill Schachner Chanen, The Boss Is Watching, available at
Stephanie Armour, Growth of PDA Injuries a Concern for Companies, USA TODAY, Nov. 10, 2006.
See Correy E. Stephenson, Employers Get Tough About Laptop Security, July 31, 2006, available at
Risky Employee E-mail Habits Threaten Business, INFORMATION WEEK, Nov. 16, 2005.



The proportion of employers who audit their employees’ use of Internet access, e-mail, and
voicemail continues to increase, reflecting a growing acknowledgement among employers of
the need to ensure that the tools are being used properly. A recent study found that:

• 66% of employers monitor their Internet connection;

• 65% of employers use software to block websites;
• 12% of employers track blogs to track content;
• 10% of employers monitor social-networking sites;
• 45% of employers track content as keystrokes and time spent at the keyboard;
• 43% of employers store and review computer files. 9

§ 21.1.2(c)
Employee Blogging & Social Networking
From “The Queen of the Sky” to “Opinionistas,” employees’ free online expression of their
feelings and attitudes towards their employers took a leap forward in 2007, and shows no
signs of abating. 10 Along with employee blogging, social networking will be at the forefront
of digitally related issues facing employers. One survey of employers indicates that 40% of
respondents said they would consider data found on social networking websites such as
Facebook and MySpace when making hiring decisions.11 And what employers find can be
amazing. An article in the New York Times described how employers rejected otherwise
promising applicants after reviewing their Facebook sites and finding reference to the
applicant’s sexual escapades and recreational drug use.12

The challenge for employers will be defining permissible and impermissible blogging, then
adopting a policy, educating employees and enforcing the policy. Other difficulties will arise
when attempting to craft policies relating to social networking.

§ 21.1.2(d)

Restrictions on the Use of Cell Phones While Driving

All drivers are prohibited from talking on hand-held cell phones in California, Connecticut,
New Jersey, New York, Washington and the District of Columbia.13 Further, 17 states and the

E-Mail, ‘Net Abuse Is Likely To Get You Fired, WASHINGTONPOST.COM, available at (last visited
Jan. 3, 2009).
See Dooces Wild: How Employers Can Survive the New Technological Poker
Game of Employee Blogging (July 2005), available at
See Brendan I. Kroener, Mr. Know-It-All: Sex Offender Witch Hunt, Facebook Fibs, Radio-Tagged
Deer, Sep. 25, 2007, available at
Alan Finder, For Some, Online Presence Undermines a Resume, N.Y. TIMES, June 11, 2006,
available at http://www.
Governors Highway Safety Association, Cell Phone Driving Laws, available at (last visited Jan. 9, 2009).


§ 21.1.2(e) CHAPTER 21— DIGITAL WORKPLACE 2009

District of Columbia limit or ban the use of cell phones by young or novice drivers.14 In June
2004, ExxonMobil instituted a policy prohibiting the use of cell phones by its employees or
contractors while they are driving.15 Bills were introduced in the legislatures of 37 states in
2005 on the subject of distracted driving, usually including cell phone use. 16 However, 19
states still do not have laws regarding the use of cell phones while driving. 17 Alaska,
California, Connecticut, the District of Columbia, Louisiana, Minnesota, New Jersey and
Washington ban text messaging for all drivers.18 Texas also is considering a similar law that
would prohibit using a PDA while driving a car. Additionally, the Texas law would ban
laptop use and sending text messages while in the driver’s seat.19

§ 21.1.2(e)
E-mail as Evidence
The seminal saga of Zubulake v. UBS Warburg, which is described in detail in § 21.2.1(f)
below, exemplifying the danger of e-mail as evidence, and the monumental challenges to
employers in retrieving and securing it, culminated in 2005 with a whopping $29.2 million
jury verdict in favor of the plaintiff.20 A major factor in the result was the sanctions meted out
by the trial judge against the employer for the employer’s failure to preserve e-mails which
could be used as evidence. 21 This especially is relevant in the modern workplace where
e-mails have replaced memoranda, letters, and other more traditional documents.

§ 21.2


§ 21.2.1


With the steady expansion of the service sector of the economy and the relative contraction of
the manufacturing sector, American business has seen the increasing use of a variety of
technological innovations intended to increase productivity. Today’s employees are expected
to be able to use a personal computer, access and use resources available from the Internet,
send and receive e-mail and voicemail, use cellular telephones and cameraphones, and
participate in videoconferencing, to name but a few of the new tools.

Matt Sundeen, Cell Phones & Highway Safety 2005 State Legislative Update, National
Conference of State Legislatures, 24-34, Appendix C, Aug. 2005, available at phoneupdate05.htm.
Governors Highway Safety Association, Cell Phone Driving Laws, available at (last visited Jan. 9, 2009).
Jury Awards $29.2 Million in Damages to Discharged Equities Saleswoman, Daily Lab. Rep.
(BNA), Apr. 13, 2005, at 449.
See also Matthew E. Sawaya & Stacey R. Eisenstein, Emerging Technology in the Workplace,
21 LAB. LAW. 1-17 (2005).



Businesses spend anywhere from thousands to millions of dollars in acquiring, configuring,

programming, updating, and refining their computer systems. Computer systems acquired by
businesses are configured to allow e-mailing and to provide Internet access for employees for
business purposes. A company’s computer system is one of its most important operational
tools, and frequently contains a major portion of the business’ informational assets.

Most businesses do not allow members of the public free rein to use the company’s physical
assets. Likewise, company management owes it to itself, as well as to the company, to
preserve and enhance the company’s assets by ensuring that the company’s e-mail system,
when used by employees and nonemployees, be used for business purposes only.

As has been historically true with the telephone, employers must promulgate written policies
concerning appropriate and inappropriate employee uses of these tools. Several decades ago,
the question was whether personal calls would be allowed at work using company phones.
Now, the questions have become more multifaceted:

• May an employee use the company computer system to send or receive

non-business-related e-mail? How frequently? Of what kind?
• May an employee store non-business-related information on the company’s
computer system? What kind of information? If the employee password-protects
the non-business information, should the employer be told what that password is?
Does the employee have the option of physically locking the desktop computer?
If so, does management have a key to that lock? Can the drives of an employee’s
desktop computer be accessed remotely? By whom?
• May an employee avoid taking the time to leave the office and shop during the
employee’s lunch break, when the sought item might be found, purchased, and
delivery ordered in a small fraction of the time online, using the company’s
• Does the company’s hardware and software allow “instant messaging” (IMing)?
What is the company’s policy on IMing: Forbidden? Allowed only for personal
conversations? Allowed without restriction?
• Should employees on their breaks or lunch time be permitted, using the
company’s system, to surf the Internet to access:
Online auctions? Stock brokerages?
Music download sites? Chat rooms?
Political sites? News sites?
Game sites? Travel sites?
Job search sites? Gambling sites?
Pornographic sites? Political campaign sites?

If employers do not make affirmative choices on these issues, draft and issue policies, and
ensure that their employees know and understand the policies, employers will have these
questions decided for them, not by themselves, but by a jury, judge, or arbitrator. For
employers not to take action to control their workplace tools is to expose themselves to the
substantial risk that these tools will be misused and abused, at significant cost and, perhaps,
negative publicity to the employers.


§ 21.2.1(a) CHAPTER 21— DIGITAL WORKPLACE 2009

These questions, and their answers, implicate more than just legal liability. With the
additional demands employers are asking employees to assume, employees are pushing back
to demand greater autonomy, and some measure of privacy in the workplace, for the hours
they put in. An employer must weigh the effect on employee morale of a policy which, for
example, allows no personal use of e-mail or Internet access, and allows the employer to
search at any time the employee’s e-mail, Internet access, and voicemails. With increasing
employee job mobility, employers need to retain and motivate their best employees — to
persuade them that their business is a great business for which to work. The cost of recruiting
and replacing a good employee is high, indeed.

§ 21.2.1(a)
Internet Hiring & Recruiting
The risk of fraud and misrepresentation increases when an employer uses the Internet to
recruit. It is much easier to falsify documents and information sent over the Internet. For
example, when looking at an applicant’s transcript on-line, the employer cannot check the
embossed seal to make sure the transcript is authentic. Diploma mills exist that will provide a
person a Ph.D., based solely on “life experience” (cum laude designation thrown in for no
additional charge). 22 Before hiring anyone over the Internet, an employer should meet with
the applicant either face-to-face or live online, and should require documentation that verifies
an applicant’s identity.

In 2005, U.S. Government agencies addressed the use of the Internet as a recruitment tool by
issuing guidelines to current and prospective government contractors on that subject. 23
Effective February 6, 2006, regulations issued by the Office of Federal Contract Compliance
Programs (OFCCP) require that all federal contractors have recordkeeping protocols in place
that will let the government know what Internet resumes were considered, which applicants
were and were not hired, and the race and gender of qualified applicants.24 The goals of these
regulations are to provide clear guidelines dictating which Internet applicants should have
their records kept and to ensure that federal contractors are not discriminating against
minorities and women who apply for jobs on the Internet. 25 To meet the definition of an
Internet applicant under the guidelines, an individual must meet the following four criteria:

• the person expresses interest in employment through the Internet or related

• the person is considered by the contractor for employment in a particular
• the person’s expression of interest indicates that he or she possesses the basic
qualifications for the job; and

Kari Haskell, That’s Dr. Haskell, If You Please, N.Y. TIMES, Mar. 11, 2001, available at
OFCCP Final Rules Guide Contractors on Definition of Internet Job Applicants, Daily Lab. Rep.
(BNA), Oct. 7, 2005, at AA-1.
Available at See also Tresa Baldas, New
Web Hiring Rules Cause Corporate Consternation, NAT’L L. J. (Dec. 7, 2005) available at



• the person at no point in the selection process, prior to receiving a job offer,
removes himself or herself from further consideration or indicates no further
interest in the position.26

The guidelines also require, among other things, that federal contractors ask for the race and
gender of Internet applicants who meet the basic qualifications of the position.27 However, it
is recommended that employers should advise Internet applicants that the request is
voluntary; that the data will be confidential and not made available to hiring officials; and that
the information is being collected solely to comply with recordkeeping requirements of the
nondiscrimination laws and rules. 28 The OFCCP has indicated that federal contractors will be
granted a 90-day grace period to update their internal systems. 29

The EEOC also has issued recordkeeping guidelines for employers who accept applications
through the Internet.30 Although there are some differences between the EEOC’s guidelines
and the OFCCP’s regulations for federal contractors, the issues the two regulatory schemes
are designed to address are the same. The impact that these guidelines will have on
employment litigation is still unknown and continues to be the subject of debate among
employment law experts.31

§ 21.2.1(b)
E-Distribution of Personnel Policies
Many employers distribute employee handbooks, personnel policies, and benefits information
electronically. Electronic distribution offers benefits such as a reduction in copying and
production costs associated with producing a traditional employee manual. However,
electronic distribution is not risk-free. For instance, how does an employer ensure that each
employee reads the manual? How does an employer insure that each employee receives and
reads updates? How does an employer preserve previous copies of the handbook? How does
the company prevent a hacker from modifying the handbook or policies online? Campbell v.
General Dynamics should be considered an example of how not to provide e-mail notification
of policy changes, especially changes that would alter employees’ legal rights.32 The court in
that case noted that the employer did not use any available methods to confirm an employee’s
receipt and understanding of the new policy, such as by a reply e-mail, or even noting “I

Internet Recruiting Raises Unresolved Issues of Potential Discrimination, EEOC Advises, Daily Lab.
Rep. (BNA), Dec. 7, 2005, at A-3.
Internet Rules Will Become Effective Feb. 6, But OFCCP Promises Enforcement Flexibility, Daily
Lab. Rep. (BNA), Jan. 24, 2006, at A-1.
Available at See also Ely A. Leichtling &
Pamela M. Ploor, When Applicants Apply Through the Internet, 30 EMP. REL. L.J. 3 (Autumn 2004).
Tresa Baldas, New Web Hiring Rules Cause Corporate Consternation, NAT’L L.J. (Dec. 7, 2005),
available at See also Internet Recruiting
Raises Unresolved Issues Potential Discrimination, EEOC Advises, Daily Lab. Rep. (BNA), Dec. 7,
2005, at A-3.
Campbell v. General Dynamics Gov’t Sys. Corp., 321 F. Supp. 2d 142, 144 (D. Mass. 2004), aff’d,
407 F.3d 546 (1st Cir. 2005).


§ 21.2.1(c) CHAPTER 21— DIGITAL WORKPLACE 2009

accept” in a return e-mail, let alone holding a meeting announcing the change in policy, with
a sign-in sheet to confirm employees’ attendance. 33

Existing software systems will help employers track which employees have accessed the
handbook and which ones have not. These same tracking systems enable employers to track
employees who have not yet accessed the revised handbook.

§ 21.2.1(c)
The Growth of E-Training
The need for training employees in the Information Age will only intensify. To retain good
employees and recruit additional quality assistants, employers must accept that training of
employees represents an investment, not a cost. One team of futurists notes that major
American companies believe that each single dollar invested in training to expand the skill
sets of current employees produces anywhere from $20 to $30 in profits.34 The same authors
predict, “A substantial portion of the labor force will be in job retraining programs at any

The Internet has dramatically improved the area of training and education in the workplace by
introducing an innovative way to provide workplace training: — “webinars.” Employees can
now receive training via the Internet on a wide range of topics — from avoiding sexual
harassment to balancing the company’s bank account.36

Internet-delivered training is more convenient than traditional training. Sending employees to

training seminars disrupts the workplace and is difficult to organize. Internet-delivered
training is also less expensive. None of the travel costs associated with sending employees to
training seminars is associated with Internet-delivered training. Internet training may seem
expensive at first, but it saves money over the long run. Companies that use Internet-delivered
training report impressive cost savings.

Internet-delivered training might decrease an employer’s risk of being sued for negligent
training if such training can be shown to be more effective than traditional training.
Internet-delivered training can be effective in part because it allows an employee to learn at
her own pace. If she does not understand something, she can study it until she comprehends
it. In addition, Internet-delivered training provides an ongoing source of education. Anytime
the employee has a question, she can consult the Internet-training program for a refresher

Id. at 145.
Marvin J. Cetron & Owen Davies, Trends Now Changing the World: Technology, the Workplace,
Management & Institutions, FUTURIST, Mar./Apr. 2001, available at
On November 14, 2006, the California Fair Employment and Housing Commission (FEHC) adopted
final Assembly Bill 1825 (A.B. 1825) regulations for the California sexual harassment training law.
CAL. GOV’T CODE § 12950.1. The regulations are codified at California Code of Regulations (CCR)
§ 7288.0, under a new heading “Harassment Training and Education.” A.B.1825 requires employers
who do business in California, and who have more than 50 employees, to provide biannual training to
all supervisors on how to prevent sexual harassment in the workplace. The training requirement
includes “classroom or other effective interactive training.” A standard that may be satisfied by some
online training course. CAL. GOV’T CODE § 12950.1(a). See also James M. Brodie, In the Game: The
Virtual World Offers a Low-Cost, Low-Risk Learning Environment for Employees, HRMAGAZINE, at
91, Dec. 2005 (use of simulation technology). See also Chapter 15 of THE NATIONAL EMPLOYER®.



course.37 Many online training programs require the person taking the program periodically to
answer questions correctly in order to proceed through the program.

Keeping track of which employees have been trained is easier to do when Internet-delivered
training is used. An Internet-based training program can record which employee logs on and
exactly when that employee logs on and off. Thus, an employer can tell if an employee
logged off halfway through the training session. An employer who sends its employees to a
traditional training seminar may not be aware if an employee walks out in the middle of the

While Internet-delivered training makes it easier for an employer to track which employees
have received training, it also can make it harder for an employer to verify that the employee
who claims to have taken the training is the person who actually took it. There are several
things an employer can do to avoid problems like these. For instance, an employer can require
employees who receive training over the Internet to utilize digital signatures. A person can
write his or her signature on a pad which is an accessory to the computer, as is done more
frequently in in-person retail credit card transactions. The sender of a message signs a
digitizing tablet. This signature is then compared to the signature in the master template that
is stored in the computer database to ensure that it is indeed a valid signature.

For detailed information regarding training requirements, see Chapter 15 of THE NATIONAL

§ 21.2.1(d)
Internet-Induced Job Terminations & Eliminations
The problems for employers of unauthorized use of e-mail and the Internet are not academic
concerns. A study conducted by the American Management Association and The ePolicy
Institute found that one fourth of employers have terminated employees for misusing e-mail
and one third of employers have terminated employees for misusing the Internet. 38 Not
surprisingly, just a few employees abusing the e-mail system can have wide-ranging
ramifications. In 2000, Dow Chemical Co. fired 74 employees in Midland, Michigan and
Freeport, Texas, and disciplined 435 other employees at those locations, who had e-mailed
pornography and violent images from company computers.39 Those employees who
downloaded, saved and distributed the offensive material were fired. Employees who simply
opened and deleted offensive material were not reprimanded. The termination of employees
for downloading pornography from the Internet and storing it on their office computer has
routinely been upheld.40

The relative effectiveness of e-learning as compared to face-to-face training remains a judgment that
is hotly contested. See generally, Patricia Wallace, THE INTERNET IN THE WORKPLACE: HOW NEW
TECHNOLOGY IS TRANSFORMING WORK 191-214, ch. 8 (“E-Learning”) (Cambridge Univ. Press 2004).
E-Mail, ‘Net Abuse Is Likely To Get You Fired, WASHINGTONPOST.COM, available at (last visited
Jan. 3, 2009).
Dow Fires 50 After E-mail Investigation, July 28, 2000, available at; Chemical
Company Fires 24 Texas Employees for Violating E-mail Policies, Sept. 14, 2000, at
See, e.g., Sherrod v. AIG Healthcare Mgmt. Servs., Inc., 2000 U.S. Dist. LEXIS 1626 (N.D. Tex.
Feb. 7, 2000) (plaintiff’s sex discrimination claim defeated by her admission of downloading Internet
pornography). See also No UI Benefits for Worker Who Downloaded Porno onto Employer’s Computer


§ 21.2.1(d) CHAPTER 21— DIGITAL WORKPLACE 2009

In another variation on this theme, in Urofsky v. Gilmore, the Fourth Circuit Court of Appeals
upheld, against constitutional challenge by state university professors, a Virginia statute
prohibiting state employees from using state computers to access sexually explicit material on
the Internet for work-related purposes without prior permission. 41 The professors had
challenged the Virginia statute on two grounds. They first contended that the statute violated
their right to free speech. The court of appeals ruled against them on this theory, noting that
they were speaking as government employees, not as citizens speaking on matters of public
concerns. The professors also contended that, as individual professors and academic
researchers, they had additional academic freedom rights requiring the unfettered access to
such Internet sites. The majority of the appellate court responded to that argument by holding
that “to the extent that the Constitution recognizes any right of ‘academic freedom’ above and
beyond the First Amendment right to which every citizen is entitled, the right inheres in the
University, not in individual professors, and is not violated by the terms of the” state statute.42

The Burden of Netsurfing on the Conduct of Business

Employee use of the Internet for non-work-related purposes is inappropriate, but
understandable. Social e-mailers feel that the activity makes them happy, doesn’t negatively
affect their productivity, and keeps them engaged. 43 Personal use of the Internet during work
hours, however, is a significant problem that may very well cause an employer to terminate
an employee. Employers should stress in their policies that improper use of the Internet and
all other workplace technology is strictly prohibited and will not be tolerated. (Sample
provisions and sample policies can be found at the end of this chapter.)

NLRA Considerations
Unionized and non-unionized employers who have no policies concerning the use of the
company’s e-mail systems and Internet access are at risk that nonmanagement
communications concerning possible unionization of the workforce would be protected by

The NLRB has continued to fine-tune its judgments on when an employer’s e-mail policy,
and its enforcement (or nonenforcement) of that policy, can violate the National Labor
Relations Act (NLRA). Several recent cases provide examples of how the NLRB analyzes the
availability to employees of an employer’s e-mail system to determine the extent to which the
employer may be required to allow third-party access and use — including by unions and for
union purposes.

System, Daily Lab. Rep. (BNA), May 17, 2004, at A-8; Ex-Judge May Testify in O.C. Porn Case, L.A.
TIMES, Sept. 19, 2003 (California trial court judge had been charged with seven counts of possessing
child pornography on his office computer; he resigned with criminal charges pending). The Child
Pornography Prevention Act (18 U.S.C. § 2252A) prohibits the knowing transport, distribution and
receipt of child pornography through interstate commerce, such as by the use of the Internet via
personal computer. Thus, unless an employer takes immediate action (18 U.S.C. § 2252A(d)(2)), the
employer could be found criminally liable to any downloaded or stored “kiddie porn” on an
employee’s office laptop or computer hard drive.
216 F.3d 401 (4th Cir. 2000).
Id. at 410.
Sally McGrane, A Little E-mail (Or a Lot of It) Eases the Workday, N.Y. TIMES, Mar. 8, 2001,
available at



In Cintas Corp. v. NLRB, the court held that an employee handbook, which the court held
prevented employees from discussing bonuses and wages, violated the NLRA, even for
employees not represented by a union.44

Similarly, in Guard Publishing Company, the issue was whether the company’s blanket ban
on the use of its communications systems for proselytizing or solicitation for commercial or
political causes, outside organizations, or non-job-related solicitations, violated
section 8(a)(1) of the NLRA as the policy was applied.45 The employee challenging the
company’s policy was a copy editor but also served as the local union president. She used her
office computer and internet access for both work and non-work-related purposes, including
union communications. Her employer first disciplined her for sending an e-mail from her
office computer to about 50 employees advising them of an upcoming union rally. Her second
disciplinary warning resulted from her sending two e-mails from the union office to
employees at their office e-mail addresses: the first discussed how to dress to demonstrate
support for a union position; and the second expressed support for the union entry in a local

The evidence tended to show that both line employees and their managers used the
company’s e-mail system for both business and nonbusiness purposes. The NLRB held that
an employer is permitted to choose what categories of communications to allow and disallow,
provided that the distinction is not premised on or motivated by antiunion animus. As
examples, the NLRB explained that an employer could lawfully draw the line between:
(1) charitable solicitations and noncharitable solicitations; (2) personal solicitations (e.g., the
sale of a car) and commercial solicitations (e.g., Avon products); and (3) personal invitations
and organizational invitations, even if this had an incidental effect of barring union-related
communications. But an employer may not use this line-drawing exercise as a subterfuge for
suppressing union-related e-mail communications.

Accordingly, when promulgating a new or revised e-mail policy, employers should have
legitimate, nondiscriminatory justifications for their rationales. Examples include preserving
server space, protecting against computer viruses and minimizing company liability for
employees’ inappropriate e-mails.

Another NLRA issue involves using e-mail for protected, concerted activity against the
employer. In one case, an employer was found to have violated the NLRA when it fired an
employee for e-mail-related misconduct.46 In that case, an officer of the company sent an
e-mail announcing changes to the company’s bonus system and invited employees to share
their views regarding the changes. In response, an employee sent a detailed e-mail message to
his fellow employees criticizing the changes. When the employer learned of this e-mail, it
demanded that the employee write a memorandum stating that he had behaved improperly.
The employee refused to do this and was terminated. The NLRB held that the termination
violated the NLRA because the employee had engaged in concerted activity when he used the
e-mail system to enlist support for his opposition to the changes in the bonus system.

This issue is not restricted to e-mail, and could easily arise in other contexts. For example, an
employee could post his opposition to company policy on Internet message boards or in
Internet chat rooms. An employer wishing to terminate an employee for such conduct must
make sure the termination would not violate the NLRA.

No. 05-1305 (D.C. Cir. Mar. 16, 2007).
351 N.L.R.B. No. 70 (2007).
Timekeeping Sys., Inc., 323 N.L.R.B. 244 (1997).


§ 21.2.1(e) CHAPTER 21— DIGITAL WORKPLACE 2009

§ 21.2.1(e)

Monitoring, Searching & Retrieving Employees’ Electronic Work

Employers are continuing to refine their efforts to strike a balance among employee privacy,
productivity, and potential liability in employees’ use of Internet access and e-mail. Products
allowing varying degrees and purposes of employer monitoring of Internet usage are in
continuous development by software engineers. One product allows an employer to enter an
employee’s hourly wage, and the program calculates the company’s cost and lost productivity
as a result of inappropriate Web surfing.47

Another concern of employers, in addition to avoiding liability for sexual harassment cases is
their concern about the use of company resources in a manner which affects both employee
productivity and the use of company bandwidth resources.48 Products can analyze large
e-mail files and image attachments for nude or pornographic content. Other products are
being developed which would allow employers to monitor employees’ e-mail with increasing
specificity, although effective e-mail monitoring is quite complicated. As libraries
considering the use of filters for their public computers have found, separating the violent and
pornographic wheat from the permissible or harmless Internet chaff is far from a science.

Employers with international operations will need to maintain a constant eye on changing
regulations in this area. For example, in March 2005, the French Data Protection Authority
issued a guide concerning employers’ use of geo-localization systems to track the location of
their employees. 49

§ 21.2.1(f)
The Employer’s Evolving & Expanding Duty to Preserve
Electronically Stored Information
As individuals and corporations increasingly do business electronically — using computers to
create and store documents, make deals, and exchange e-mails — the universe of
discoverable material has expanded exponentially. The more information there is to discover,
the more expensive it is to discover all the relevant information until, in the end, “discovery is
not just about uncovering the truth, but also about how much of the truth the parties can
afford to disinter.”50

The five orders issued in Zubulake v. UBS Warburg L.L.C.,51 served as a legal icebreaker on
the issues of the nature and scope of electronic discovery of the electronic workplace, leading
contemporary demands for evidence embodied in electronic technology through the sheet ice

Sandra Swanson, Beware: Employee Monitoring Is on the Rise, INFORMATION WEEK, Aug. 20, 2001,
at 57ff.
French Data Protection Commission Issues GPS Employee Monitoring Guidelines, Daily Lab. Rep.
(BNA), Apr. 1, 2005, at A-4.
Zubulake v. UBS Warburg L.L.C., 217 F.R.D 309, 311 (S.D.N.Y. 2003) (“Zubulake I”) (internal
citations omitted).
Zubulake I; Zubulake II, 91 230 F.R.D. 290 (S.D.N.Y. May 13, 2003); Zubulake III, 216 F.R.D. 280
(S.D.N.Y. Aug. 6, 2003); Zubulake IV, 220 F.R.D. 212 (S.D.N.Y. 2003); Zubulake V, 229 F.R.D. 422
(S.D.N.Y. 2004).



of traditional discovery concepts. Plaintiff Laura Zubulake was hired by UBS Warburg as a
senior equities trader.52 At the time of her termination, she was earning compensation of
approximately $650,000 a year.53 Zubulake sued her former employer for gender
discrimination and retaliation under federal, New York state, and New York City law. 54 In the
course of the discovery process, she demanded that the defendant produce e-mail exchanges
held in defendant’s hardware and storage data. As a securities firm, UBS was required by the
Securities and Exchange Commission to maintain extensive e-mail backup and preservation
protocols.55 Zubulake justified her demand in part on her estimate that, if she were to prevail
on all her claims, her estimated damage recovery would be $13 million, exclusive of any
punitive damages or attorneys’ fees.56

UBS Warburg refused to provide all the discovery demanded by Zubulake. The employer
contended that simply to retrieve and review the backup tapes required to search for e-mails
responsive to her discovery demand would cost about $300,000,57 not counting attorney time
necessary to review the retrieved e-mails to determine whether any of the material was
privileged from disclosure. UBS Warburg maintained that the plaintiff would have to bear the
extraordinary expenses the employer would incur in retrieving the e-mails from archived

In Zubulake I, the court set forth a list of seven factors to be considered in determining the
circumstances under which the cost to the producing party of complying with demands for
discovery of electronic media may be shifted to the demanding party:

• the extent to which the request is specifically tailored to discover relevant

• the availability of such information from other sources;
• the total cost of production, compared to the amount in controversy;
• the total cost of production, compared to the resources available to each party;
• the relative ability of each party to control costs and its incentive to do so;
• the importance of the issues at stake in the litigation; and
• the relative benefits to the parties of obtaining the information. 58
The court cautioned that each factor is not equal in weight.59 The court concluded that, taking
the factors into consideration, the employer was required to produce all responsive e-mails on
its active servers or on its optical disks at its expense. It would also be required to produce, at
its expense, responsive e-mails from any five backup tapes, selected by the employer, and to

Zubulake I, 217 F.R.D. at 312.
Zubulake III, 216 F.R.D. at 281. The court commented: “Most people do not earn $650,000 a year.”
Id. at 288.
Zubulake I, 217 F.R.D. at 312.
Id. at 314.
Id. at 311-12 n.9.
Id. at 313.
Id. at 322. The seven factors were developed in part by modifying eight factors proposed for the
same purpose in Rowe Entertainment, Inc., v. William Morris Agency, Inc., 205 F.R.D. 421, 429
(S.D.N.Y. 2002).
Zubulake I, 217 F.R.D. at 322-23.


§ 21.2.1(f) CHAPTER 21— DIGITAL WORKPLACE 2009

report the results of that search, including time and money spent, in an affidavit. When it
received that report, the court would then decide whether further discovery from the
remaining 89 backup tapes was justified and, if so, at whose expense. 60

In July 2003, the court reviewed the employer’s affidavit. Based on the information contained
in it, the court ordered that Zubulake had to pay a quarter of the estimated total cost of
restoring archived data ($166,000), though the employer would pay the bulk of the cost.61 The
court also ordered that the employer would have to bear, alone, any costs, including attorney
and paralegal time, associated with reviewing the retrieved data to determine whether a
privilege from disclosure might be asserted (costs which the employer estimated at

In October 2003, the court wrote a fourth order in the case, this one addressing the costs of
retrieving e-mail and the consequences to the employer of having deleted previously stored
e-mails. The court noted that:

Once a party reasonably anticipates litigation, it must suspend its routine document
retention/destruction policy and put in place a “litigation hold” to ensure the preservation of
relevant documents.63

Zubulake sought sanctions against her former employer of:

• having the employer bear the complete cost of storing the monthly backup tapes
(not 75% of the cost, as ordered in Zubulake III);
• an adverse inference jury instruction concerning the missing e-mails; and
• having the employer bear the costs of redeposing certain individuals on the
subject of the deleted e-mails.64
The court denied the request to reallocate the cost-shifting, noting that the missing e-mails
had already been considered a factor in allocating the costs.65 The court also denied the
adverse inference instruction, concluding that Zubulake had not satisfied the requisite burden
of proof to show that the employer had a culpable state of mind, and that the missing
information was relevant to or supported a party’s claim or defense. 66 Finally, the court in
Zubulake IV did find that UBS Warburg should bear the cost of limited redepositions of some
witnesses concerning the missing e-mails.67

The final major pretrial order resulted from the limited redepositions of certain employer
witnesses by the plaintiff. As a result of the re-depositions permitted by the court’s decision
in Zubulake IV, the plaintiff presented evidence that one key e-mail had been irretrievably
lost, and that others were likely lost.

Id. at 324.
Zubulake III, 216 F.R.D. at 283, 289.
Zubulake IV, 220 F.R.D. at 218.
Zubulake IV, 92 Fair Empl. Prac. Cas. (BNA) 1543.
Id. at 1546.
Id. at 1547.
Id. at 1548.



Zubulake V addressed “counsel’s obligation to ensure that relevant information is preserved

by giving clear instructions to the client to preserve such information and, perhaps more
importantly, a client’s obligation to heed those instructions.”68 The court found that even
though UBS’ counsel alerted the company at the outset to preserve all possible relevant
e-mail, and make an ongoing effort to do so, some company representative deleted relevant
e-mails. “Other employees never produced relevant e-mails.”69

In the court’s view, the culpability for late-produced and never-produced e-mail evidence did
not lie solely on the shoulders of the company and found that UBS’ counsel:

• failed to request retained information from one key employee;

• failed to give the litigation hold instructions to another employee;
• failed to adequately communicate with another employee about how she
maintained her computer files; and
• failed to safeguard backup tapes that might have contained some of the deleted
e-mails. 70
The court in Zubulake V, with this additional information now available, revisited the
plaintiff’s request for sanctions for the employer’s failure to produce evidence, and for
destruction of evidence. It concluded that the employer’s counsel must take the following
steps to ensure compliance with the evidentiary preservation obligation:

• Issue a “litigation hold” at the outset of litigation, or whenever litigation is

reasonably anticipated.
• Communicate directly with the “key players” in the litigation concerning the
preservation duty, and periodically remind them that the duty still applies.
• Instruct all employees to produce electronic copies of their relevant active files.
• Identify and secure all backup media which the party is required to retain.71
Applying these standards to the facts as developed in Zubulake, the court reasoned that UBS
“deleted the e-mails in defiance of explicit instruction not to [do so].”72 The court found that
the company’s spoliation of evidence was willful, and that the lost e-mails were presumed to
be relevant.73

For the actions of the employer and its counsel in failing to preserve relevant evidence, the
court concluded that the plaintiff would be entitled to a jury instruction allowing the jury to
draw an inference adverse to the employer concerning the contents of the deleted and lost
e-mails, the employer was ordered to pay the costs of any depositions or re-depositions
required by the late production of e-mails, and the employer was ordered to pay the cost’s of

Zubulake V, 229 F.R.D. at 424.
Id. at 433-34.
Id. at 436.
Zubulake V, 229 F.R.D. at 436.


§ 21.2.1(g) CHAPTER 21— DIGITAL WORKPLACE 2009

Zubulake’s motions seeking sanctions against the employer.74 The jury instruction was
obviously a factor in the judgment of more than $29 million for the plaintiff.

In a postscript to Zubulake V, the court warned:

Now that the key issues have been addressed and national standards are
developing, parties and their counsel are fully on notice of their responsibility
to preserve and produce electronically stored information.75

The five Zubulake orders are a bracing reminder of the evidentiary significance of e-mail to
today’s businesses, and the costs and other consequences of using, storing, and not deleting it.
The quintet of orders makes clear that it will be the responsibility of both the employer and
the employer’s counsel to identify, secure, and retain all possibly relevant electronic
evidence, on pain of being subject to sanctions for their failure to do so.76

§ 21.2.1(g)
The 2006 Amendments to the Federal Rules of Civil Procedure &
Their Impact on Electronic Discovery
Employers should take note of significant amendments to the Federal Rules of Civil
Procedure that became effective on December 1, 2006. Zubulake broke the legal ice
surrounding the nature and scope of electronic discovery of the electronic workplace — the
2006 amendments signal the crystallization of this area of law. Increased regulation brings
more obligations for employers and their counsel, but it also means more clarity. For
example, attorneys are now required to disclose electronically stored information (ESI) at the
initial disclosure stage to the same extent that disclosure of paper documents is required. 77
The amendments also include ESI within the “documents” and “things” that must be
produced in response to a request for production.78 Employers should carefully consider the
2006 amendments, which shine a light down the path to minimizing risk and proper handling
of ESI.

Scheduling Orders & ESI

As amended, Federal Rule of Civil Procedure 16 provides that a scheduling order may
address matters related to the discovery of ESI and may include any agreement between the

Id. at 437.
Id. at 440.
See also Heather Smith, Companies Try to Corral Electronic Evidence Before They Need It, CORP.
COUNSEL, June 23, 2004 (describing various corporate approaches to organizing and reviewing
electronic evidence before storage); THE SEDONA GUIDELINES: BEST PRACTICE GUIDELINES &
FOR ADDRESSING ELECTRONIC DOCUMENT PRODUCTION (Jan. 2004), both available at Employers should, of course, remain aware of how the costs of
producing electronic evidence will be allocated between the requesting and responding parties. For
example, California’s discovery provision on the issue starts with the assumption (which may be
rebutted) that the cost of production shall be borne by the requesting, not the producing party. See
Toshiba Am. Elecs. Components, Inc. v. Superior Court (Lexar Media, Inc.), 124 Cal. App. 4th 762
FED. R. CIV. PROC. 26(a).
FED. R. CIV. PROC. 34(a).



parties concerning the assertion of privilege after privileged information or work product has
been produced. 79

At the required “meet and confer” session, the parties should discuss: (1) preservation of ESI,
including the balance between the need to preserve relevant evidence and the need to
continue routine operations that may result in the automated destruction of ESI; (2) the cost of
preserving ESI that is not reasonably accessible; (3) the form(s) of production; and (4) any
agreement concerning the production of information that is privileged or work product. To
the extent applicable, these topics should be discussed with respect to paper documents as
well. One goal of these discussions should be to identify areas of dispute that can be resolved
at the scheduling conference before costly and time-consuming searches and productions
occur. Other areas of discussion include the following: (1) the parties’ information systems;
(2) the subject matter and time frame of discovery; (3) the sources of information to be
searched; (4) the types of ESI that are and are not reasonably accessible; and (5) the costs of

Production of ESI that Is “Not Reasonably Accessible”

An employer is not required to produce ESI that is “not reasonably accessible” because of
undue burden or cost.80 The employer must identify in its responses to requests for production
the source of ESI that has not been searched or produced because of undue burden or cost. If
the plaintiff moves to compel, the employer then has the burden of showing that the
information is “not reasonably accessible.” Even so, the court may still compel production if
the plaintiff shows that the probative value of the evidence would be high and it is not
available from any other source. If the court orders production, the court may allocate the cost
of production between the parties and specify other terms and conditions for the discovery.

Information that is “not reasonably accessible” for purposes of this rule typically will include
deleted files, information stored on back-up tapes created for disaster-recovery purposes,
information that will require legacy hardware or software to retrieve, and dynamic databases.
To be “not reasonably accessible,” the information must be difficult to access for all
purposes, not just for a particular litigation.

Responses to requests for production should: (1) identify what source(s) of ESI was not
searched because it was not reasonably accessible; (2) explain the burdens and costs of
providing the discovery; and (3) indicated the likelihood of finding responsive information on
such sources. The court will balance the burden and cost of locating, restoring and retrieving
ESI from the source where it is stored against the likely benefit, taking into account the needs
of the case, the amount in controversy, the parties’ resources, the importance of the issues at
stake in the litigation, and the importance of the proposed discovery in resolving those issues.
If a court permits a plaintiff to take discovery to obtain evidence in an effort to rebut the
employer’s assertions of burden or cost, such discovery might consist of sampling the
challenged source, inspecting hardware or software, or deposing an individual with
knowledge of the responding party’s information systems.

The parties can agree that disclosure of privileged information per se does not waive the
attorney-client privilege or work-product protection (a “clawback agreement”). The parties also can
agree that the responding party will produce all ESI in its possession; the receiving party will select the
documents believed to be discoverable; and the responding party will then review only the selected
documents for privilege (a “quick peek agreement”).
FED. R. CIV. PROC. 26(b)(2)(B).


§ 21.2.1(g) CHAPTER 21— DIGITAL WORKPLACE 2009

Assertions of Privilege After Putatively Privileged Information Has Been

An employer producing privileged information may assert protection from discovery after
producing the information by notifying the plaintiff of the claim and the basis for it.81 The
plaintiff then may not use or disclose the information, but must promptly return, sequester or
destroy the putatively privileged information, pending resolution of the claim. To challenge
the claim, the plaintiff must submit the information under seal to the court for a determination
whether the information is protected.

This amendment was driven by the high cost of reviewing ESI for privileged information and
the increased risk of inadvertent disclosure when privileged information is contained in
embedded data and/or metadata, but applies also to paper documents and information in
electronic form. The amended rule only establishes a procedure for resolving claims of
privilege and work-product protection after putatively protected information has been
produced; the amended rule does not alter the substantive law of privilege or waiver.

Production of ESI in Lieu of Responding to an Interrogatory

In lieu of answering an interrogatory that seeks information contained in business records, the
employer may instead produce the ESI that contains such information.82 To take advantage of
this option with respect to ESI, the employer may be required to provide some combination of
technical support, information on application software, or other assistance.

The Form(s) for Producing ESI

The plaintiff may specify the form(s) in which ESI is to be produced. 83 The employer must
state its objections to the requested form(s) in its responses to the requests for production, and
the form(s) in which it intends to produce ESI. If the request does not specify the form(s) for
producing ESI and there is no agreement or order on that subject, ESI may be produced in the
form in which it ordinarily is maintained or in a reasonably usable form. Accordingly, an
employer may not translate ESI from the form in which the information ordinarily is
maintained into another form that is more difficult or burdensome to use by the plaintiff —
for example, by removing a search function — even if the alternative form still would be
reasonably usable. Employers are not required to produce the same ESI in more than one

Safe Harbor for Good Faith, Routine Destruction of ESI

The amended rule establishes a safe harbor from sanctions for the destruction of ESI because
of the routine, good-faith operation of an electronic information system. 84 This rule applies to
data destruction by automatic features that are essential to the functioning of the electronic
information system, such as programs that recycle storage media used for short-term disaster
recovery purposes, automatic overwriting of “deleted” information, programs that
automatically change metadata to reflect the most recent uses, and programs that
automatically discard data that has been accessed within a specified period of time. The rule
applies as well when the employer’s data is stored on a third-party’s information system, for
example, benefits administration information stored by the plan’s third-party administrator.

FED. R. CIV. PROC. 26(b)(5)(B).
FED. R. CIV. PROC. 33(d).
FED. R. CIV. PROC. 34(b).
FED. R. CIV. PROC. 37(f).


B. TELECOMMUTING § 21.2.2(a)

The good faith requirement means that an employer cannot take advantage of the routine
operation of an electronic information system to thwart discovery obligations by allowing
automated destruction to continue for the purpose of destroying specific stored information
that the party is required to preserve. Factors that the court most likely would consider in
evaluating good faith include: (1) the cost and/or burden of interrupting or disabling the
automated destruction process; (2) the availability of the information from another source;
(3) the steps taken by the employer to implement the litigation hold; (4) specificity of the
plaintiff’s preservation request; and (5) whether the court had entered a preservation order, or
the parties had reached an agreement regarding preservation, before the destruction occurred.

In exceptional circumstances, the court may impose sanctions even if the loss of data is the
result of the routine, good faith operation of an electronic information system — for example,
when automated destruction, though in good faith, results in serious prejudice to the plaintiff
because potentially important information was destroyed.

§ 21.2.1(h)
Wage & Hour Issues
The informality and cooperation of Internet activities can lead to employment situations that
fall afoul of traditional regulation. In 2001, three individuals sued America Online, Inc.,
claiming that they should have been paid the minimum wage for work they did as
“volunteers” in chat rooms that AOL offered to subscribers. The plaintiffs filed suit under a
state statute allowing class action procedural benefits, and requiring the disgorgement of
profits by a company found in violation of it.85

§ 21.2.2

§ 21.2.2(a)
Although many employers are anxious to consider the possibility of telecommuting for some
positions, not all positions are susceptible to telecommuting. Some EEOC trial attorneys
objected when that agency’s inspector general suggested that the position of trial attorney
could be a “telework” position. 86 In addition, at least one commentator has suggested that
“telecommuting appears to be magnifying the existing gender segregation and hierarchy in
the paid labor market because employers have developed . . . types of telecommuting
arrangements that affect men and women differently.”87

Courts continue to apply familiar standards to the new twists of working afar. The New York
Court of Appeal has held that an employee of a New York company who resided in Florida
was barred from making a claim for unemployment benefits in New York after her
termination. The court reasoned that “physical presence” is the determining factor in deciding

California “Volunteers” Sue AOL to Recover Wages for Chat Room Work, Daily Lab. Rep. (BNA),
Oct. 31, 2001, at A-10.
Mandatory Telework Proposal Raises Ire of Trial Attorneys for Ignoring Job Reality, Daily Lab.
Rep. (BNA), Mar. 5, 2003, at A-8.
Michelle A. Travis, Equality in the Virtual Workplace, 24 BERKELEY J. EMP. & LAB. L. 283, 285


§ 21.2.2(b) CHAPTER 21— DIGITAL WORKPLACE 2009

whether an applicant is eligible for unemployment benefits, and that “[u]nemployment has the
greatest economic impact on the community in which the unemployed individual resides.”88

§ 21.2.2(b)
Telecommuting, Virtual Workers & Teams on the Internet
The digital workplace is most evident in the increased reliance on telecommuting and other
flexible work arrangements. As technology evolves, the physical space known as “the office”
is becoming less and less important. A growing number of workers start their workdays well
before their daily commute, and continue to work after they return home in the evening. 89
Currently, approximately 12 million employees work from home more than eight hours per
week. 90 This number is expected to be 14 million in 2009. Notably, Best Buy, Co. is radically
reshaping its workplace by switching to what it calls a “results-only work environment.” 91
Under its rules, employees are judged on performance, not hours, and no employee is
required to be in the office. 92

Telecommuting is an attractive option for employees because it often provides increased

flexibility and greater control over the employees’ work environment. The federal
government has been a leader in encouraging public sector employers to consider the option
of telecommuting (also known as telework). Benefits to employers include increased
productivity, reduced tension levels, and improved quality of life. 93 Telecommuting also
reduces traffic congestion, air pollution, and energy consumption. Additionally, enabling
employees to telecommute elevates job satisfaction, lowers turnover, reduces stress,
contributes to work/life balance, and strengthens job performance. 94 Employees avoid the
costs and stresses of commuting, incur reduced expenses for work attire, and can more easily
make childcare arrangements.

Real benefits are also apparent to an employer’s bottom line. The General Services
Administration estimates that telecommuting employees are 20% more productive than their
in-office counterparts. Best Buy Co., has seen an increase in productivity of 35%, a drop in
voluntary turnover from over 16% to zero, and a 13% to 18% increase in orders processed by
people who are not working in the office over those who are in the office. 95 Other benefits
include savings on real estate costs. As companies consider implementing a digital workplace
to improve productivity, however, they should carefully evaluate the full impact that new

In re Allen, 767 N.Y.S.2d 682 (mem.) as reported in Unemployment Insurance: Florida
Telecommuter Cannot Collect Jobless Benefits from New York, Court Says, Daily Lab. Rep. (BNA),
July 9, 2003, at A-2.
Jennifer Blum Feldman, Upgrade Your Remote Control, HR MAGAZINE, Dec. 2007.
Eva Tahmincioglu, The Quiet Revolution: Telecommuting, MSN.COM, available at
Michelle Conlin, Smashing the Clock, BUSINESS WEEK, Dec. 11, 2006, available at
Study Highlights Telework Successes, OPM [U.S. Office of Personnel Management] Press Release,
June 15, 2001, available at
Ravi S. Gajendran & David A. Harrison, The Good, the Bad, and the Unknown About
Telecommuting: Meta-Analysis of Psychological Mediators and Individual Consequences, 92 J. OF
APPLIED PSYCHOL. 1524, 1524 (2007).
See Michelle Conlin, Smashing the Clock, BUSINESS WEEK, Dec. 11, 2006, available at


B. TELECOMMUTING § 21.2.2(c)

technology will have on their workforce. (A list of components to consider for a successful
telecommuting policy is included as subsection C at the end of this chapter.)

§ 21.2.2(c)
Telecommuting as an Accommodation Under the ADA
The Internet has had a significant impact on the issue of disability in the workplace,
particularly on what reasonable accommodations an employer may be required to provide for
disabled employees. With increasing frequency, employees who are, or are perceived to be,
disabled under the Americans With Disabilities Act (ADA) have either requested or
demanded that they be allowed to telecommute as a reasonable accommodation. And more
and more courts are scrutinizing the possibility of allowing employees to telecommute as a
reasonable accommodation. The burden remains, practically speaking, on the employer to
demonstrate clearly that telecommuting is not feasible, if that is the employer’s ultimate

As with most ADA claims, the courts’ decisions concerning the employers’ limits of
reasonable accommodation are extremely fact-intensive, meaning it is difficult to formulate a
general rule.96

Presence as an Essential Job Function Under the ADA

For those employees who cannot work at the employer’s place of business due to a disability,
telecommuting is sometimes an attractive solution. The question, then, is whether an
employer is required under the Americans with Disabilities Act (ADA) to permit a disabled
employee to telecommute as a reasonable accommodation. An associated question will be
whether physical presence at an office is an essential job function. Courts have taken varying
and unpredictable routes of analysis when presented with such cases.97 The answer to the
questions raised above generally depends on the facts of the specific situation.

Another potential discrimination problem that arises under the ADA is not as obvious. Some
groups advocating for the disabled have argued that employers will use telecommuting to
isolate and hide them from society. These groups charge that employers will go beyond
accommodation and use technology to make the disabled invisible to society. Their fear is
that employers will place disabled people in telecommuting centers or at home because of the
way they look or the way they act while in the work environment. In this instance, the groups

See, e.g., Smith v. Bell Atlantic, 63 Mass. App. Ct. 702 (2005). See also Court Rules Disabled Phone
Worker Entitled to Work-at-Home Accommodation, Daily Lab. Rep. (BNA), June 24, 2005, at A-3;
Computer Software Unavailable at Home; State Did Not Unlawfully Discriminate By Denying Request
to Work at Home, Daily Lab. Rep. (BNA), Aug. 22, 2001, A-6; (termination of state employee with
spina bifida who requested to work exclusively from home did not violate ADA; state agency argued
successfully that employee needed to be present in the office to perform essential job functions); Court
Rejects Telecommute Accommodation, Daily Lab. Rep. (BNA), May 4, 2001 at A-2.
See Thomas J. Kapusta, When Must Employer Offer Qualified Disabled Employee or Applicant
Opportunity to Change Employee’s Workplace or Work at Home as Means of Fulfilling Reasonable
Accommodation Requirement, 133 A.L.R. Fed. 521 (1996); Dawn R. Swink, Telecommuter Law: A
New Frontier in Legal Liability, 7 AM. BUS. L.J. 857 (2001); Todd M. Keebaugh, The Virtual Office:
Practical Considerations in Establishing & Implementing a Telecommuting Program, 16 ACCA
DOCKET 16 (Sept./Oct.1998); Kristen M. Ludgate, Telecommuting & The Americans with Disabilities
Act: Is Working at Home a Reasonable Accommodation?, 81 MINN. L. REV. 1309 (1997); Audrey E.
Smith, The “Presence Is an Essential Function” Myth: The ADA’s Trapdoor for the Chronically Ill,
19 SEATTLE U. L. REV. 163 (1995).


§ 21.2.2(d) CHAPTER 21— DIGITAL WORKPLACE 2009

argue that the ADA’s purpose of mainstreaming disabled persons into the workforce will be

§ 21.2.2(d)
Issues When Telecommuters Work in Multiple Jurisdictions
Once an employer ceases to be limited by physical office space, he or she can employ
workers from all over the world. However, having virtual teams made up of workers in
different states and possibly even different countries creates complicated jurisdictional issues.
In some instances, information lawfully released in one state may not be lawfully received in
another state. Similarly, monitoring an employee may be lawful when done in the home
office but unlawful in the out-of-state satellite office where the employee works. Many states
have different or unsettled laws regarding privacy, confidentiality, monitoring, and
surveillance. Thus, employers must know an ever-increasing number of different state and
local employment and labor laws. Furthermore, employees or their attorneys may engage in
forum shopping by carefully studying both the law of the state in which the employee is
found, and the law of each state in which the employer is found, and make a determination as
to where a lawsuit may be most favorably received. Some of these concerns can be addressed
in a carefully worded employment contract, but the potential for jurisdictional disputes and
conflict-of-law issues is considerable.

Employers who send information between countries face the same problems. Employers must
be cognizant of the other country’s labor and employment laws, especially that country’s laws
regarding privacy. The U.S.-based employer should not, and cannot, assume that all countries
view privacy and other employment law issues in the same manner as in the United States.
(For more information on the European Union Directive on Data Privacy, see Chapter 19 of

Generally, individuals and entities are subject to the laws of their states of residence, and are
subject to being sued there. For natural persons, one is a resident of the state in which one
lives and works. Business entities are residents of the state in which they are organized, and
also of every state in which they are engaged in continuous and systematic activity. A
corporation is also likely to be a resident of every state where its employees, including
telecommuters, live and regularly work. Residents can be sued in courts in their states of
residence on any type of claim. The claim does not need to have any relation to the state. For
example, an employee who telecommuted from his home office in Pennsylvania was allowed
to prosecute his race discrimination claim in that state, over the objections of the employer,
who sought to move the action’s venue to its offices in Virginia.98

Traditionally, the laws of the state in which the employee actually works have governed the
working relationship.99 This may be changing, however, in part due to technologies that now
permit an employee to work from a home office hundreds or thousands of miles from the
employer’s place of business. Increasingly, employers are able to hire employees who live
and perform their work in a different state, or in another country. As a result, courts and
employers must struggle with the question of which state’s laws to apply to the employment

Telecommuter from Pennsylvania to Virginia May Bring Race Case at Site of Home Office, Empl.
Discrim. Rep. (BNA), Mar. 9, 2005, at 296. See generally Jason H. Eaton, The Effect of Use or Alleged
Use of Internet on Personal Jurisdiction in, or Venue of, Federal Court Case, 155 A.L.R. FED. 535
See, e.g., In re Allen, 767 N.Y.S.2d 682 (mem.).


B. TELECOMMUTING § 21.2.2(e)

§ 21.2.2(e)

Workers’ Compensation & the Telecommuter

The issue of employees working at remote locations and at home through telecommuting
raises an entire host of questions under the workers’ compensation remedial scheme.
Particularly for employees working in the home, it may be very difficult to determine when
these preconditions for workers’ compensation exist. The issues of causation and proof will
also become increasingly complex. As an example, if an employee trips while walking down
a staircase at home and the employee’s “office” is at home, was the employee acting in the
course of employment while traveling down the stairs? Or what happens when a
telecommuter gets up from his or her home workstation to get a cup of coffee, and then slips
and falls in the kitchen? Is the employee covered by the employer’s workers’ compensation
insurance in any of these instances?

Traditionally, the employer’s workers’ compensation carrier does not cover accidents that
occur off the employer’s premises. However, when an employee performs a specific task at
home at the employer’s request, the employee is covered by workers’ compensation.
Additionally, an employee who is expected to operate out of his or her own home is covered
if he or she is injured while in the course of employment.100

And what about accidents between the telecommuter’s home and the employer’s place of
business? Normally, an employee is not covered for an injury that occurred while the
employee was on his or her way to work. However, there are exceptions to this rule,
particularly when the employee has a secondary worksite at home. In that case, an injury
occurring on the way between work and the secondary (home) worksite is covered, as travel
between worksites is considered compensable. The question then arises — when is the home
a “secondary worksite,” so that travel between the home and office qualifies as travel between
worksites? Generally, courts consider the regularity of the work done at home, whether
working at home is more than just a convenience for the employee, and whether there is
business equipment in the home.

One case provides an example of how a worker’s compensation administrative judge decided
the claim of a telecommuter. Melissa Bigelow worked as a US Airways account manager
from a basement office in her parents’ home. She claimed that she slipped and fell, injuring
her shoulder, on the steps leading from the basement as she was in the process of going to a
“pop-in” appointment with one of the employer’s clients. The judge denied the claim on the
grounds that Bigelow’s account of the scheduling and occurrence of the appointment did not
meet her burden of proof, especially in light of conflicting evidence provided by the times of
various telephone calls.101

See generally Health, Safety Needs of Telecommuters Generally Not Understood by Employers,
Daily Lab. Rep. (BNA), Sept. 15, 2003, at A-7 (workplace health and safety risks to offsite workers
include physical injuries from improperly designed work stations; physical and psychological stresses
from the longer work hours telecommuters tend to observe; higher rates of injuries from auto collisions
for so-called “road warriors,” such as field sales and service professionals; physical and psychological
stresses from inefficient break and recovery times; physical injuries from poorly designed work
environments; psychological stresses from isolation, limited social support, time pressures, and higher
work loads; and psychological stresses because of inadequate support for the technologies necessary to
complete job-specific duties).
See the decision in Bigelow v U.S. Airways where the judge finds that the “[c]laimant here did not
provide persuasive and credible evidence that she was momentarily departing her employment with the


§ 21.2.2(f) CHAPTER 21— DIGITAL WORKPLACE 2009

§ 21.2.2(f)

Wage & Hour Issues When Employees Work from Home

The virtual workplace also raises several issues under wage-and-hour law. How does an
employer determine and record the hours of work of a nonexempt employee working in his or
her home, including time spent reviewing and responding to e-mail on company-issued
personal digital assistants (PDAs), laptops, or cellphones? How will break period and meal
period requirements be enforced for nonexempt employees? How will “regular work hours”
be established for purposes of determining whether training time is outside such hours and
thus, possibly noncompensable? How long must a “break” be for an employee working at
home before it becomes non-compensable time? How does an employer monitor and control
overtime? How, when, and where will wages be paid? Will travel time to a company facility
be non-compensable commute time or compensable travel time between worksites? How will
partial days of absence from work be calculated for exempt employees whose employers
require use of paid leave in such situations? Should an exempt employee, who logs on his/ her
computer for five minutes to answer a question from work before leaving for a day of
personal business, be paid for a full day’s salary? These issues are certainly not
insurmountable, but an employer contemplating work by telecommuters needs to address
these issues or run the risk of facing considerable liability.

Employers may be subject to additional regulation if the nonexempt telecommuter’s work

falls within the definition of homework as used under the Fair Labor Standards Act (FLSA).
Homework is defined as the production of goods “in or about a home, apartment, tenement, or
room in a residential establishment,” regardless of the source of the materials used by the
homeworker.102 Nonexempt employees performing homework must be paid minimum wage
and overtime as required by the FLSA. The FLSA also has specific recordkeeping
requirements applicable to employees performing homework. Further, employers in certain
industries must obtain certificates for homework and must fill out an employee handbook that
specifies, among other things, the number of hours worked. The FLSA’s definition of
homework and its corresponding regulations clearly focus on industrial manufacturing
employees. The definition, however, is arguably broad enough to include many
telecommuters. Employers must consider the impact of these laws on any telecommuting

Several states, including California, Connecticut, Hawaii, Illinois, and New York have laws
similar to the FLSA that regulate certain types of work performed in the home. Several of the
statutes appear limited to homework involving industrial manufacturing. As mentioned in the
discussion above, however, many of the statutes are written broadly enough that they may be
applied to home technology and the work performed utilizing this technology. The state laws
vary in the amount of regulation imposed on employees who perform regulated homework.
Most require the employer and the employee to obtain permits and certificates for the
homework. Other states, such as Illinois, require that the employee’s home work area have
proper ventilation and specifies the cubic feet of airspace an employee must have in the work
area. Further, most of the laws require a certain amount of recordkeeping for the homeworker.
Employers should consider these state homework laws in relation to their telecommuting

intent to return to her employment.” Claim No. 2592159, at 15 (Pa. Dept. of Lab & Ind., Bureau of
Workers’ Comp. Aug. 31, 2004).
29 C.F.R. § 530.1(d).



The traditional factors used to determine when on-call time is work time will also need to be
reevaluated for the nonexempt telecommuters. In general, whether on-call time is
compensable depends on whether the employee can use the time effectively for his or her
own purposes. 103 Federal regulations state that if an employee is required to wait for a call to
work at the employer’s premises or any location other than the employee’s home, all waiting
time must be counted as hours worked. The considerations in determining whether on-call
time is work time include the employee’s freedom of movement, the frequency of calls to
return to work, response-time requirements, and equipment transportation.

The changing context of the working environment for telecommuters will obviously require
alterations in the traditional analysis of an employee’s workday. Employers may need to
reexamine policies and training methods to address when and how employees handle work
while telecommuting, traveling, or on call for the employer. Supervisors, too, should
understand the repercussions of assigning work for subordinates to perform outside of the
workplace. For additional information regarding the FLSA, see Chapter 22 “Federal
Compensation Law” of THE NATIONAL EMPLOYER®.

§ 21.2.3


§ 21.2.3(a)
E-mail & Internet Access Abuse
E-mail offers enormous benefits to employers and employees. It encourages intra-company
communication, increases productivity, and reduces the need for inefficient telephone calls,
paper memos, and face-to-face meetings. However, because the use of e-mail is now
embedded into normal workplace practices, the risk of liability from e-mail statements is also
just as routine. Due to its informal nature and perceived impermanence, people often use
e-mail to send messages that may be inappropriate or too candid to “put in writing.” Most
e-mail systems create a complete record of the communication, capturing the exact text that
users send and receive. Additionally, e-mail records usually store information regarding their
transmission and receipt, including the names of the sender and recipient, the dates and time
that the messages were sent and received, and an acknowledgment that the e-mail was
retrieved. This information may be of great value in demonstrating what personnel were
involved in making particular policy decisions, and what officials knew, and when they knew
it. The lesson is clear: digital communications generally remain stored indefinitely on a hard
drive or disk, waiting to be found by a computer consultant during a lawsuit filed by a former

A good example of employee e-mail misuse is Peter Chung, who was briefly employed by a
global equity company. Ten days after his assignment to Seoul, in an e-mail to fellow
employees with the subject line “Living Like A King,” Chung exulted in his lavish,
company-provided accommodations, and in his purported romantic successes with “hot
chicks.” His e-mail detailed his apartment’s many fine features, including the number of
bedrooms and why he would need them, and his incipient exhaustion of his formerly large

Feldman, supra, note 89.


§ 21.2.3(b) CHAPTER 21— DIGITAL WORKPLACE 2009

supply of condoms. The e-mail was forwarded to company managers, and Chung was, very
shortly thereafter, a former employee. 104

Thus, it is imperative that employers make clear to employees the permissible and
impermissible use of company e-mail. In the case of AUTOLIV ASP, Inc., v. Utah
Department of Workforce Services, the employees seeking to obtain unemployment benefits
had transmitted more than 30 e-mails with sexually explicit text, photos and videos. At the
administrative hearing, the employees admitted that they sent the sexually explicit e-mails,
and that they were aware of the company’s antiharassment policy. The state agency awarded
them unemployment benefits, determining that the fired employees were terminated without
just cause because they were unaware of the company’s e-mail policy.105 While the reviewing
appellate court reversed this determination, concluding that the employer did not have to
prove knowledge of the policy by the fired employees if their actions constituted “a flagrant
violation of a universal standard of behavior,” the company expended enormous resources to
succeed in this case.

The case of Intel Corp. v. Hamidi is a classic example of e-mail abuse: a disgruntled former
employee sent periodic mass e-mailings to thousands of current employees, warning them
about potential layoffs and telling them not to trust management. The company sued to stop
the e-mails. The trial court held that the mass e-mails constituted trespass and issued a
preliminary injunction that prohibited the employee from sending any additional e-mail
messages to current employees at work.106 The granting of the injunction was affirmed on
appeal; however, the California Supreme Court later held that the legal theory on which the
employer was granted an injunction against the former employee by the trial court was not
supported by adequate evidence of threatened or actual harm. 107

§ 21.2.3(b)
E-mail & Other Electronic Evidence
Courts are allowing the discovery in litigation of backup systems consisting of dozens of
archive tapes, as the Zubulake cases108 demonstrate. Such discovery can be dangerous to
employers, because computer users often put messages into e-mail communications that they
would never put into writing on real documents. Also, e-mail exists longer than most users
realize. Whenever an employee sends a message over the company’s network, generally
several copies of the message are stored on file servers before being transferred to archive
tapes. E-mail can be more permanent than a paper communication. Paper documents can be
shredded or discarded, but it is far more difficult to destroy e-mail messages. Even after the
“Delete” key is hit, most e-mail systems store messages on a centralized backup file for an
indefinite period of time. Mainframe backups also make retrieving e-mail records much easier
than retrieving lost paper records.

Rob Walker, And They Told Two Friends . . . : Sexual Boasting & the Internet Don’t Mix, N.Y.
TIMES, June 3, 2001, available at
38 P.3d 979 (Utah Ct. App. 2001).
Intel Corp. v. Hamidi, 15 Individual Empl. Rts. Cas. (BNA) 464 (Cal. Super. Ct. Apr. 28, 1999)
(injunction granted) on appeal, Intel Corp. v. Hamidi, 94 Cal. App. 4th 325 (2001), review granted and
opinion depublished by superceding opinion, 30 Cal. 4th 1342 (2003).
Intel Corp. v. Hamidi, 30 Cal. 4th 1342 (2003).
See discussion above at § 21.2.1(f).



Employers should bear in mind that once they hit the “Delete” key, the message has not
necessarily been irretrievably erased. When a user sends an e-mail message, the user is
creating a digital file that is stored on the company’s hard drive. The information on the hard
drive may be stored for months, or even years. The information remains on the hard drive
until the computer runs out of “new” (i.e., unused) space, at which time the computer system
will start to fill in (overwrite) the spaces where the deleted files formerly existed. This can
take months, or even years. Alternatively, an employer can “clean out” the hard drive, thus
erasing all deleted files.

Employers should beware of two pitfalls when cleaning out a computer hard drive. First,
unless an expert performs the operation, the computer files may still exist. Second, employers
should not suddenly decide to clean out a hard drive when litigation is looming, or the
employer risks being accused of the purposeful destruction (“spoliation”) of evidence.109

The increased role of e-mail in litigation presents serious problems. E-mail messages are
easier to falsify than are handwritten or signed documents. Also, lawyers’ requests for digital
evidence have made the already burdensome discovery process even more onerous for
companies, as there are few limits to what lawyers can demand during discovery. The
defendant is usually required to pay for the process of cataloguing or sorting its own records.
When this process involves retrieving millions of pages of e-mail stored on hard drives or
optical disks, the costs can exceed hundreds of thousands of dollars before the case even
reaches trial.

The discovery of e-mails, however, is not without limitations. In Williams v. Mass. Mutual
Life Insurance Co., the plaintiff, an African American, alleged that the company had a policy
of enforcing disciplinary actions as pretext to the termination of African American
employees.110 That policy, according to the plaintiff, was memorialized in an e-mail — an
e-mail the plaintiff had possessed at one time but thereafter lost. In an attempt to recover the
evidence, the plaintiff sought to have the court appoint a forensic computer expert to examine
the employer’s computer systems. His request was roundly rejected by the court, compelling
it to note that relief he sought “was based not only on uncorroborated evidence, but curiously,
on a document which [p]laintiff himself claims to have had in his possession but which he
can no longer locate.”111

There are, however, cases that suggest a party may be, at least, partially responsible for the
costs incurred in retrieving such material in response to discovery requests.112 In Toshiba
America Electronic Components, Inc., plaintiff Lexar Media sued Toshiba America (TAEC)
and its parent company Toshiba Inc., for misappropriation of trade secrets, breach of
fiduciary duty, and unfair competition. Lexar served TAEC with a request for production of
documents consisting of 60 categories of documents, including “electronic mail” and “other
forms of electronically or magnetically maintained information.” After TAEC produced
20,000 pages of documents, a dispute arose as to which party was responsible for the cost of

See, e.g., Wiginton v. CB Richard Ellis, 2003 U.S. Dist. LEXIS 19128 (N.D. Ill. Oct. 24, 2003)
(employer’s adherence to electronic items destruction policy, and destruction of electronic evidence
notwithstanding plaintiffs’ counsel’s request that employer retain all electronic records and materials
relevant to lawsuit, is evidence of employer’s bad faith); Zubulake v. UBS Warburg, (“Zubulake V”)
229 F.R.D. 422 (S.D.N.Y, 2004) (sanctions imposed against company for not preserving electronic
documents once it was aware of potential litigation).
226 F.R.D. 144, 145 (D. Mass 2005).
Toshiba Am. Elec. Components, Inc. v. Superior Court (Lexar Media, Inc.), 124 Cal. App. 4th 762


§ 21.2.3(b) CHAPTER 21— DIGITAL WORKPLACE 2009

recovery of additional responsive material stored on TAEC’s computer backup tapes. The
court held that California Civil Discovery Act “shifts to the discovering party the expense of
translating a data compilation into usable form.” However, the court pointed out that its
“conclusion does not mean that the demanding party must always pay all the costs associated
with retrieving usable data from backup tapes” and that the demanding party is expected to
pay only the reasonable expense for a necessary translation. 113

Federal courts also utilize several tests in determining whether a demanding party is
responsible for the costs of obtaining “e-discovery.” For example, in Wiginton v. CB Richard
Ellis, Inc., the court ordered a putative class of female employees to pay 75% of the costs to
restore and search backup tapes for e-mails.114

The scope of e-mail discovery that will be allowed by a court is not always predictable. In
Morgan v. Federal Home Loan Mortgage Corporation, an employee suing for discrimination
and retaliation was permitted discovery of the defendant-employer’s investigation of “racist
‘ebonics’ e-mail messages.”115 However, the court allowed discovery only as to the alleged
decision makers who had authorized the employee’s termination, not for the e-mails of all
persons in the agency.

More and more employment law cases turn on some form of e-mail or other electronic

• A sexual harassment plaintiff’s motion in limine that defendant employer be

barred from presenting evidence that plaintiff downloaded pornography from her
office computer and e-mailed it to a company manager was denied although the
employer was denied the ability to introduce the contents of the pornography into
evidence. 116
• An employee was terminated in part because of the employee’s harassment of a
fellow manager by means of an anonymous e-mail.117
• A secretary was terminated for poor performance, including excessive personal
e-mail at work. The e-mails at issue were coarse and vulgar. The secretary was
discharged in part because her coworkers resented performing her job
responsibilities while she was e-mailing for nonbusiness purposes. 118
• An employer legitimately demoted a manager because of the manager’s
destructive e-mail comments, even though the comments were never spoken. 119

Fortunately for employers, courts are beginning to recognize that employers may regulate the
use of their electronic resources and that employees do not automatically have an expectation
of privacy in documents and communications created, received, saved or sent over the
employer’s electronic systems. Where an employer maintains e-mail policies stating that

Wiginton v. CB Richard Ellis, Inc., 229 F.R.D. 568 (N.D. Ill. 2004); Rowe Entm’t, Inc. v. William
Morris Agency, Inc., 205 F.R.D. 421 (S.D.N.Y. 2002).
197 F.R.D. 12, 14, 16-17 (D.D.C. 2000).
Dufresne v. J.D. Fields & Co., 2001 U.S. Dist. LEXIS 296 (E.D. La. Jan. 11, 2001), review granted
and affirmed by Dufresne v. J. D. Fields & Co., 66 Fed. Appx. 525 (5th Cir. 2003).
Connell v. Consolidated Edison Co. of N.Y., 109 F. Supp. 2d 202, 203-04, 210 (S.D.N.Y. 2000).
Tiberino v. Spokane County, 13 P.3d 1104 (Wash. Ct. App. 2000).
Erickson v. Farmland Indus., Inc., 271 F.3d 718, 722 (8th Cir. 2001).



documents and electronic communications are not confidential and that the employee has no
personal privacy right in this information, the employee may not be able to claim the
information is privileged. 120

The court in In re Asia Global Crossing, Ltd. identified four factors to determine whether an
employee’s electronic communications are privileged: (1) does the corporation maintain a
policy banning personal or other objectionable use; (2) does the company monitor the use of
the employee’s computer or e-mail; (3) do third parties have a right of access to the computer
or e-mails; (4) did the corporation notify the employees, or was the employee aware, of the
use and monitoring policies.121

Voicemail messages, when authenticated, are routinely used as evidence in cases such as
sexual harassment.122 Voicemail poses unique evidentiary difficulties. Unlike e-mail, there is
usually no record of the “sender” having left a voicemail, so it is the recipient’s data storage
which must be accessed and searched. In addition, voicemail has few immediately useful
built-in search capabilities. However, the development of voicemail archiving technology
means that businesses will face decisions going forward on the manner in which voicemails
may or should be archived, and at what cost. Courts remain unpredictable in ruling whether or
not voicemails should be maintained as evidence, and the manner and cost allocation of
voicemail discovery. 123

§ 21.2.3(c)
High Tech Unlawful Harassment
The digital workplace often is the genesis for harassment claims. Sexually offensive e-mail
and voicemail messages are now routinely used by plaintiffs as corroborative evidence of a
hostile work environment.

An employer’s provision of Internet access has been and will continue to be used by
employees to harass other employees. Some employees download obscene material onto
employer systems or allow pornographic materials to appear on their office computers. The

Scott v Beth Israel Med. Ctr. Inc., 2007 N.Y. Misc. LEXIS 7114 (2007 NY
Slip Op. 27429, Oct. 17, 2007) (employee’s e-mails to counsel were not privileged because employer’s
computer use policy prohibited personal use and was posted on the employer’s intranet): Long v.
Marubeni Amer. Corp., 2006 U.S. Dist LEXIS 76594 (S.D.N.Y. Oct. 19, 2006) (employees’ e-mails to
counsel were not privileged because employer’s computer use policy stated employees have no privacy
right in messages sent via its e-mail system and employees received annual reminders of computer
usage policy); Kaufman v. SunGard Inv. Sys., 2006 U.S. Dist. LEXIS 28149 (D.N.J. May 10, 2006)
(employees e-mails to counsel were not privileged because employer had policy that all electronic
communications were subject to monitoring.
322 B.R. 247, 257 (Bankr. S.D.N.Y. 2005).
See, e.g., Teal v. Chicago Sun-Times, Inc., 2001 U.S. Dist. LEXIS 20859 (N.D. Ill. Dec. 13, 2001)
(employee’s voicemails to another employee discussing sexual activities used to defeat claim of
environmental sexual harassment on element of unwelcomeness). See also Veazey v. Communications
& Cable, Inc., 194 F.3d 850 (7th Cir. 1999) (company suspected plaintiff, who was employed by
defendant, had left a hostile and threatening anonymous message on the voicemail of another
employee; company discharged plaintiff after he refused to provide his superiors with a tape-recorded
voice exemplar of him reading a transcript of the threatening voicemail message).
Steven C. Bennett, Voicemail: The Latest Front in the E-Discovery Wars, N.Y. L. J. (Nov. 21, 2002)
(citing inter alia, Martin H. Redish, Electronic Discovery & the Litigation Matrix, 51 DUKE L.J. 561,
628 (2001)); Jonathan M. Redgrave & Erica J. Bachmann, Electronic Discovery: Recent Views on Cost
Shifting, 49 FED. LAW 36 (2002).


§ 21.2.3(c) CHAPTER 21— DIGITAL WORKPLACE 2009

open viewing of sexually explicit websites may be sufficient to create a “hostile working
environment.” For instance, a female Chicago police officer filed a sexual harassment lawsuit
claiming that she was exposed to pornographic images on general use computers at work and
that her coworkers laughed at her reaction to the pornography. The court allowed her case to
proceed to trial based, in part, on her being exposed to the pornography.124

§ 21.2.3(c)(i)
Cyber-stalking, the use of electronic communication to harass, threaten, or pursue a victim, is
increasing as a form of workplace harassment and violence. Law enforcement agencies
estimate that electronic communications are a factor in 20% to 40% of all stalking cases. 125
Currently, 44 states have laws that explicitly include electronic forms of communication
within their stalking or harassment laws, and those states without explicit electronic
communication provisions may apply their general antistalking laws to electronic
communication. 126 States that do not have explicit cyber-stalking laws as of January 2009 are:
Idaho, Kentucky, Nebraska, New Jersey, New Mexico, and the District of Columbia.127

In 1996, the federal Interstate Stalking Act was enacted, which makes it a crime for any
person to travel across state lines with the intent to injure or harass another person.128 In 2000,
as part of the Violence Against Women Act, the federal Interstate Stalking Act was amended
to include stalking that occurs by mail, telephone or Internet. 129 Other federal legislation that
addresses cyber-stalking has been introduced recently, but no such measures have been

Cyber-stalking watchdog organizations report that cyber-stalking frequently occurs in the

workplace, either because the perpetrators are unhappy with management or coworkers, or
because they have been fired or not hired in the first place. In addition, many cases are
reported when employees feel they have been passed over for a promotion or raise, or denied
a vacation, personal day or other benefit. 131 Cyber-stalking has also been reported in
situations where a business or employee acting on its behalf, either with or without approval,
targets a competitor or its employees. These situations are generally treated as commercial
crimes and are often the subject of litigation between competitors. It may also become the
basis for actions before regulatory agencies such as the Securities and Exchange Commission,
the Federal Trade Commission or state consumer protection agencies.132

Williams v. City of Chicago, 325 F. Supp. 2d 867 (N.D. Ill. 2004).
National Conference of State Legislatures, State Computer Harassment or “Cyber-Stalking” Laws,
Mar. 29, 2007, available at (listing each state’s
stalking and cyber-stalking provisions).
18 U.S.C. § 2261A.
47 U.S.C. § 223.
National Center for Victims of Crime, Cyberstalking, available at



Tragically, some cyber-stalking cases have ended in murder among other crimes. For example:

• A 44-year-old community college business manager was found guilty of two

felony charges of stalking a 14-year-old girl he met in a chat room for teenagers.
Notwithstanding the girl’s testimony that their relationship and “cyber-sex” were
voluntary, the defendant became the first person convicted in Vermont of
cyber-stalking. 133
• A defendant used the computer expertise of a coworker to create an anonymous
website to defame the defendant’s former girlfriend, including photographs of
her, her home and business addresses and telephone numbers, and her alleged
sexual interests. The defendant’s conviction for aggravated harassment was
affirmed. 134
• A cyber-stalker was convicted of attempting to set up a rape of his victim by
posing as the victim over the Internet. He was alleged to have forged e-mail and
postings on “personals” websites, claiming to be the victim and stating that she
had fantasies of being raped. Six men appeared at the victim’s home in response
to the forged postings and e-mail. The case against the cyber-stalker was the first
prosecution under California’s revised anti-stalking law to include threats by
e-mail, pagers, and other forms of electronic communication.135 The defendant
was sentenced to six years in prison.136
• An obsessed admirer of a New Hampshire dental assistant paid $45 to an online
data broker to obtain her Social Security number and the name of her employer,
then tracked down and murdered her.137

§ 21.2.3(c)(ii)
Defamation encompasses any false and unprivileged communication, either oral or written,
that has a tendency to injure a person in his or her occupation or reputation. Libel, a type of
defamation, is a tort consisting of a false and malicious publication printed for the purpose of
defaming someone.

Defamation can arise in the imprudent broadcast by a manger of accusations against an

employee which may be both inflammatory and overbroad. For example, in Meloff v. New
York Life Insurance Co., an employee claimed that her supervisor had defamed her by
circulating an e-mail message to several employees stating that the plaintiff had been fired for
engaging in credit card fraud.138 The message read:

We found it necessary today to terminate Phyllis Meloff, who used her

corporate American Express card in a way in which the company was

Bruce Dickson, Former College Manage Found Guilty in Internet Stalking, COMMUNITY C. WK.,
Oct. 29, 2001, at 9.
People of the State of N.Y. v. Kochanowski, 719 N.Y.S. 2d 461 (N.Y. Sup. Ct. 2000).
CAL. CODE CIV. PROC. § 527.8(b)(3) (e-mails included as one form of a course of conduct that may
constitute stalking and justify a TRO or injunction for civil harassment). People v. Dellapenta,
No. BA177445 (L.A. Super. Ct. 1999).
Adam Cohen, Internet Insecurity, TIME, July 2, 2001, at 44-52, available at
51 F.3d 372 (2d Cir. 1995).


§ 21.2.3(c) CHAPTER 21— DIGITAL WORKPLACE 2009

defrauded. Phyliss [sic] had approx [sic] 27 years with New York Life, and
whom we considered to be a valued associate. This action reflects our
commitment [sic] to ‘adhere to the highest ethical standards in all our
business dealings.’ I send this to you for your own information.139

In a classic example of how a manager should not use e-mail, the author of the e-mail sent it
to one other manager. The recipient, in turned decided to forward it to four other managers,
one of whom forwarded it to five of his subordinates — and one of those e-mails was
misaddressed, and so went to an unintended recipient.

The appellate court ruled that Meloff had presented enough evidence to entitle her to a trial
on her claim. In the subsequent jury trial, the jury awarded the employee $250,000 in
compensatory damages, and $1 million in punitive damages against her former employer on
her defamation claim. Although the trial judge overturned the jury’s award, the Second
District Court of Appeals concluded the judge’s action was erroneous, and remanded the case
for a jury determination of the impact of the manager’s accusation of fraud on the average
person. 140

Employers may also be held liable for defamatory statements made by their employees. In a
2006 case involving a linguist stationed in Afghanistan, the linguist’s supervisor sent a
derogatory and offensive e-mail about the linguist to another supervisor.141 Although the
employer immediately repudiated the offensive statement and disciplined the supervisor who
sent the e-mail, the employer was nonetheless liable to the linguist for defamation. 142
Although the Court found that the steps the employer took to discipline the offending
supervisor insulated the employer from punitive damages, the employer was still found liable
for the subsequent improper access of the e-mail by another employee. 143

Even electronic communications made in the normal course of business may give rise to
defamation claims. In one case, an employee brought a defamation claim against her former
employer based on allegedly false statements made in e-mails during an internal investigation
of the employee’s conduct, and during an unemployment benefits hearing after her
discharge.144 In affirming summary judgment in favor of the employer, the Seventh Circuit
Court of Appeals held that the former employee failed to present evidence suggesting the
statements were false.145 However, the court noted that under state law, statements are
sufficiently published for defamation purposes when they are recited in an interoffice
document, such as an investigative memorandum regarding whether an employee’s
employment should be terminated.146

Damaging Blogs Created by Disgruntled Current & Former Employees

Dissatisfied employees can now easily create their own blogs to express their anger. These
websites can be very damaging to a business. Employees use their blogs to complain about

Meloff v. New York Life Ins. Co., 240 F.3d 138 (2d Cir. 2001).
Gavrilovic v Worldwide Language Res., Inc., 41 F. Supp. 2d 163, 171 (D. Me. 2006).
Id. at 184.
Ptasznik v St. Joseph Hosp., 464 F. 3d 691, 698 (7th Cir. 2006).
Id. at 698 n.6.



their alleged mistreatment, to invite others who have experienced similar treatment to post
their stories, and to urge people to think twice before purchasing the employer’s products,
using the employer’s services, or eating at the employer’s restaurant. In addition to
complaining about companies on these websites, creators of these sites also often use them to
start untrue rumors about companies.

Exploding onto the national landscape during the 2004 presidential elections,
blogs — short for web logs — are, in essence, daily web diaries posted on the internet by
anyone for everyone’s viewing. An estimated 175,000 blogs are started every day and, in
early 2007, there were approximately 63.7 million blogs on the Internet.147 Blogs can alarm
an employer when its employees use them to direct anger, vent frustration, or air criticism
about the company.

A 22-year-old computer programmer hired by Google, for example, authored a blog that
unfavorably compared his employer’s health care plan to arch-rival Microsoft. 148 He also
asserted on the blog that the company’s offerings of free food were designed to entice
workers to work past dinner. On learning of the blog, Google fired the programmer.
Similarly, Harvard University fired one of its administrative coordinators for including in her
work e-mail signature a link to her personal website.149 Her website contained a blog about
her supervisors’ alleged “anal retentive control freakishness” and “random [episodes of]
freaking out.”150

Not all employees, however, easily submit to terminations over their blogging. A former
Delta flight attendant — the self-proclaimed “Queen Of The Sky”151 — filed suit in an
Atlanta federal court claiming sex discrimination. 152 She claimed that while the airline
company terminated her for alleged inappropriate pictures on her personal blog (one picture
featured the attendant with her Delta uniform blouse partly unbuttoned and exposing a
glimpse of her bra), it did not punish her male colleagues who had potentially insensitive
materials on their own websites. 153

Recently, blogs have presented a new issue for employers: whether an employer can limit its
employees’ access to blogs through the employer’s computer and Internet service. The State
of Kentucky is currently being sued by a state employee who is challenging the state’s
decision to prohibit state employees from accessing blogs, including their own personal
blogs, from state-owned computers.154

Jerome P. Coleman & Andrea Greenblatt-Harrison, Employee Blogs: Recognizing the Reality, 762
PRACTICING L. INST. 561, 563, Oct. 2007.
Kate M. Jackson, Mixing Blogging with Work Can Lead to Unemployment, BOSTON GLOBE, July 3,
2005, at G1.
Mike Tierney, Ex-Flight Attendant Sues Delta Over Blog, ATLANTA J. CONST., Sept. 8, 2005, at 1E.
See also Pam Lambert, Blogged Out of Their Jobs: Web Tattlers Like Nadine Haobsh and Ellen
Simonetti Discover that Loose Lips Can Prompt Pink Slips, PEOPLE WKLY., Aug. 8, 2005, at 107; Mike
Tierney, Ex-Flight Attendant Sues Delta Over Blog, ATLANTA J. CONST., Sept. 8, 2005, at 1E (EEOC
issued Simonetti a right-to-sue letter on her sex discrimination claim); Paul Berger, Blogging the Firm,
N.Y. TIMES, Nov. 6, 2005.
Nickolas v. Fletcher, 2007 U.S. District LEXIS 23843 (E. D. Ky. Aug. 9, 2007).


§ 21.2.3(d) CHAPTER 21— DIGITAL WORKPLACE 2009

Blogs also have impacted the nature and course of litigation. A powerful example of how
blogs can harm a party’s interest during discovery appears in the matter of In re Zyprexa
Injunction.155 In that case, the defendant pharmaceutical company faced some 30,000
personal injury lawsuits. Several individuals conspired, in violation of the court’s protective
order, to disseminate confidential documents obtained during discovery. Many of these
documents ended up posted and discussed in blogs.156 Although the court enjoined certain
people and entities from further dissemination of the leaked documents, the defendant
suffered irreparable harm in the marketplace. 157

§ 21.2.3(d)
Liability Exposure to Employers of Employee Cell Phone Use
Connecticut, the District of Columbia New Jersey, New York, and Washington have banned
individuals from speaking on handheld cell phones while driving. 158 In 2007, New Jersey and
Washington also became the first states to ban sending text messages with a cell phone while
driving. 159 During the last five years, lawmakers in every state, Puerto Rico, and the District
of Columbia have considered legislation related to cell phone use in cars or distracted
driving. 160 Employers with international operations and employees should be aware that at
least 40 countries ban the use of handheld phones while driving.161 Similarly, the California
Association of Employers recommended that employers develop a cell phone policy requiring
employees pull off the road before conducting business by phone. 162

The exposure to employers (and employees) to liability for an employee’s unsafe cell phone
use is exemplified by the civil and criminal prosecution of an attorney from a law firm in
northern Virginia. The attorney was driving home one night, allegedly using her cellular
telephone for business purposes. While doing so, her car struck and killed a teenage girl
walking along the edge of the highway. The attorney pled guilty to felony hit-and-run driving,
and was sentenced to a year in jail. The parents of the young victim filed a wrongful death
lawsuit against the attorney, her husband, and the law firm that employed the attorney at the
time. 163 The teenager’s family received a $2 million verdict against the attorney; the law firm
settled earlier for an undisclosed sum. 164

In light of prohibitions enacted by certain jurisdictions on the use of handheld cellular phones
by drivers, some companies have severely restricted, or banned entirely, cell phone use by
their employees while performing work-related functions. Contrary to what many people
assume, available studies to date indicate no significant differences in distraction between the

474 F. Supp. 2d 385 (E.D.N.Y. 2007).
Id. at 408.
Id. at 429-30.
Cell Phones & Driving, Insurance Information Institute (Oct 2007), available at phones.
National Conference of State Legislatures, Cell Phones and Highway Safety, 2006 State Legislative
Update, Mar. 2007, available at phoneup.htm.
See Cell Phones & Driving, supra note 158.
Tom Jackman, Bitterness Nearly Rivals Grief[:] Fears that Justice Won’t Prevail in Hit-and-Run
Case Fuel Father’s Effort, WASH. POST, Oct. 23, 2000, at B1.
Top Virginia Verdicts: $2 Million – Hit and Run/Death, VA. LAW. WKLY, Jan. 24, 2005.



use while driving of handheld or hands-free cellular telephones. The primary distraction,
according to these studies, is the conversation itself while driving, not the physical
manipulation of the cellular telephone. 165

In June 2007, the First Circuit Court of Appeals affirmed partial summary judgment for an
injured motorist against a company whose employee was found 100% liable for causing an
accident while talking on his cell phone in the course and scope of his employment. 166 The
court relied on the following facts in determining the employer was vicariously liable for the
employee’s accident: (1) the employer provided the employee with the cell phone; (2) the
employee regularly conducted business on behalf of the company on the phone while driving;
(3) the employee was conducting business on behalf of the company when the accident
occurred; (4) the employee’s use of his cell phone directly contributed to the accident; and
(5) the employer did not have any policies prohibiting driving while conducting business

In December 2004, an employer settled a civil suit in Georgia’s Fulton County Superior Court
for $5 million in a case where the plaintiff sued the driver’s employer for injuries the plaintiff
received when the defendant ran into the plaintiff’s car while the defendant was engaged in a
work-related cell phone call.168

In 2001, a Miami-Dade County Circuit Court jury returned a $20.9 million verdict against the
employer of a salesman who was talking to a client on a cellular phone seconds before his
Ford Explorer hit another car, seriously injuring its 79-year-old passenger. The company’s
liability was predicated on the legal principle that the salesman, by talking with a client on the
phone when the accident occurred, was acting within the scope of his employment. 169

§ 21.2.3(e)
As companies increasingly make more transactions over the Internet, the risk to employers
increases. With the high volume of monetary transactions taking place over the Internet,
technologically savvy individuals are finding ways to engage in cyber-theft against
employers. Even if the thieves are unsuccessful with their intended victim, they can cause
tremendous damage to others. One hacker, who stole credit card data and was rebuffed by the
victim company in his blackmail attempts, published the credit card data of hundreds of
cardholders on the Internet. 170

A related phenomenon is identity theft, which is frequently committed over the Internet. In
such offenses, one person gathers, without authorization, critical identifying information
about another individual, such as name, date of birth, Social Security number, and credit card

The Complete Cell Phone Guide: The Distraction Factor, CONSUMER REP., Feb. 2002, at 18, 20; see
also Do Cell Phones Blind Drivers?, CNET.COM (Jan. 27, 2003) (drivers using cell phones had slower
reactions than drivers not using them).
Ellender v. Neff Rental, Inc., 965 So. 2d 898, 900 (1st Cir. 2007).
Id. at 902.
Cell Phones and Driving, Insurance Information Institute (Nov. 2006), available at phones. See also, Mike Tierney, Hang Up and Drive:
Firms Take a Look at Cell Liability, KNIGHT RIDDER/TRIBUNE BUS. NEWS, Feb. 28, 2005.
Sally Roberts, Employers Held Liable for Accidents, BUS. INS., Dec. 24, 2001, at 3.
Hacker Posts Credit Card Info, Jan. 10, 2000,


§ 21.2.3(e) CHAPTER 21— DIGITAL WORKPLACE 2009

information. This information can then be entered on the Internet by the unauthorized
gatherer as “proof” of identity, and used to make purchases, contracts, and other
representations.171 A famous case of identity theft involved a suspect with 25 prior arrests
who was employed as a restaurant busboy in New York City. He used the Forbes 400 list and
his local library computer to access credit histories, obtain credit card numbers, and make
purchases in the names of such luminaries as Steven Spielberg, Martha Stewart, George
Lucas, Oprah Winfrey, and Ross Perot.172 Complaints of identity theft make up nearly
40% — the highest proportion by far — of all consumer complaints registered with the
Federal Trade Commission.173

Examples of employees’ abuse of their employers’ information and systems are increasing

• Fearing that a layoff may affect him, a former employee of a health services
company planted a “logic bomb” in his employer’s computer system that was
designed to wipe out critical data stored on more than 70 servers. The “bomb”
was scheduled to “detonate” on the employee’s birthday and would have affected
many critical databases, including a patient-specific drug interaction conflict
database that pharmacists check before dispensing medication. It also would have
affected clinical analyses, billing, managed care processing, corporate financial
record, and employee payroll record databases. Fortunately, the company
uncovered the “bomb” before it “detonated.” The employee pled guilty to
transmitting computer code with the intent of causing damage in excess of $5,000
and faces up to 10 years in prison and a $250,000 fine. 174
• In November 2005, a former employee was convicted in U.S. District Court in
Texas of conspiring to sabotage the computer network belonging to his former
employer, American Flood Research (AFR). The defendant and others sabotaged
AFR’s computers so they stopped functioning and deleted critical information,
thereby preventing AFR from conducting business. The defendant and others also
programmed AFR computers to erase evidence of their attacks. Damage to AFR
exceeded $600,000.175
• After being asked to resign, a former employee at a computer and
telecommunications company remotely shut down portions of the company’s

Sean B. Hoar, Identity Theft: The Crime of The New Millennium, 49:2 U.S. ATTY’S BULL. 14-24
(Mar. 2001), available at
Bob Sullivan, ID Theft Victims Get Little Help, Feb. 10, 2003, available at
FTC Releases Top 10 Consumer Fraud Complaint Categories, Jan. 25, 2006, available at
Former Systems Administrator Admits Planting “Logic Bomb” In Company Computers, Sept. 19,
2007, (press release from N.J. U.S. Attorney’s Office) available at
Plano Mann Convicted of Computer Sabotage, (press release from the U.S. Attorney
for the Eastern District of Texas). See also Federal Jury Convicts Former Technology Manager of
Computer Hacking Offense: Defendant Found Guilty of Placing Computer Time Bomb On Employer’s
Network Following Employment Dispute, http://www,
(press release from the U.S. Attorney for the Northern District of California; a former computer
engineer placed a “time bomb” in employer’s computer after being placed on performance
improvement plane; damages exceeded $100,000).



system. This resulted in the loss of computer and telecommunications services,

including access to 911 emergency services in four major cities. He pled guilty to
knowingly causing the transmission of information to a computer used in
interstate commerce and intentionally causing damage to that computer without
authorization. As a result of his plea, he faces a maximum sentence of ten years
in prison and a fine up to $250,000.176
• A former network manager at a software company struck back at his former
employer by changing passwords on company e-mail accounts, reading the
company president’s e-mails and causing e-mails to be rejected. A California
federal court sentenced the employee to four months of home detention,
200 hours of community service, three years of probation, and ordered him not to
use, without permission, any computer during the probationary period.177
• A law firm paralegal downloaded an electronically created and stored trial plan
developed by a team of lawyers at a cost of several million dollars, and attempted
to sell it via e-mail to representatives of the opposing party in the lawsuit. The
paralegal was sentenced to more than two years in prison.178
• Two Cisco System employees accessed the company’s computers to generate for
themselves almost $8 million in company stock. After apprehension and
conviction in the fall of 2001, each employee received a prison sentence of
almost three years.179
• Ten employees at a private investigation company were indicted by a federal
grand jury in December 2007 for illegally obtaining confidential tax, medical and
employment information, and then selling that information to others. The
employees gathered confidential information on more than 12,000 individuals
across the country. If found guilty on all counts, the employees could face up to
32 years in prison. 180

In addition to direct threats from employees, employers are also at risk from cyber-theft
targeting their employees and customers. Online criminals have become increasingly
sophisticated. In 2007, antivirus vendor F-Secure added 250,000 new signatures to its
malware database, which is as many as the company added in its first 20 years combined. 181
This explosion of malware is attributed to cyber-thieves perfecting automated tools; examples
include changing the appearance of dangerous downloads as often as every five minutes and

Norcross Man Pleads Guilty To Hacking Former Employer’s Computer and Telecommunications
System, Sept. 26, 2007, (press release from Northern Georgia District U.S. Attorney’s Office) available
Henry K. Lee, Daily Digest, THE S. F. CHRON., Dec. 1, 2005, at C2.
Manhattan Paralegal Sentenced for Theft of Litigation Trial Plan, (press release from the U.S. Attorney
for the Southern District of New York).
Former Cisco Sys., Inc. Accountants Sentenced for Unauthorized Access to Computer System to
Illegally Issue Almost $8 Million in Cisco Stock to Themselves, (press release from U.S. Attorney
for the Northern District of California).
U.S. Attorney’s Office for the Western District of Washington News Release, Ten Indicted for
Pretexting in “Operation Dialing for Dollars,” Dec. 6, 2007, available at
Ryan Singel, Report: Cybercrime Stormed the Net in 2007, Dec. 7 2007, available at security/news/2007/12/2007_security.


§ 21.2.3(e) CHAPTER 21— DIGITAL WORKPLACE 2009

piggybacking a user when he or she logs into legitimate websites, such as secured company
and banking websites.182

A growing tool of cyber-thieves is botnets, which are collections of compromised computers

ordered remotely by a hacker to send spam or launch denial-of-service attacks.183 For
example, Storm botnet, which started in January 2007 by criminals in Eastern Europe
targeting U.S. companies and individuals, uses e-mails about current events to trick users into
installing malware through attachments and directing users to websites that automatically
download malware without the user’s knowledge. 184 Storm botnet also uses technology to
render it immune to elimination. An example of such technology’s reverse attack on
investigative computers, flooding them with torrents of useless traffic when researchers are
trying to investigate.185

The U.S. Department of Justice has started to prosecute cyber-thieves who use botnets for
identity theft. In November 2007, a computer security consultant agreed to plead guilty to
accessing protected computers to conduct fraud, disclosing illegally intercepted electronic
communications, wire fraud, and bank fraud. The consultant installed malware to intercept
communications to PayPal and similar websites to acquire access to bank accounts,
compromised Microsoft operating systems to get personal information stored in the
computer’s secured storage area, and defrauded an internet advertising company. 186

For more information on the U.S. Department of Justice’s efforts against cyber-crime, see

Sometimes hackers are not so much interested in obtaining direct benefits from an employer’s
computers, as in thwarting the computer’s functionality. Businesses can be vulnerable to
“distributed denial of service” (DDOS) attacks that “overwhelm websites and stop them from
communicating with other computers.”187

Congress continues to develop statutes allowing criminal prosecution of persons engaged in

cyber-crimes, including:188

• Omnibus Crime Control and Safe Streets Act of 1968 (also known as the
“Wiretap Act”)189
• Electronic Communications Privacy Act of 1986190
• Computer Fraud and Abuse Act191

Attorney’s Office for the Central District of California, Computer Security Consultant Charged with
Infecting Up to a Quarter Million Computers that Were Used to Wiretap, Engage in Identity Theft,
Defraud Banks, Dec. 9, 2007, (press release U.S. Attorney’s Office for the Central District of
California) available at
Neal K. Katyal, Criminal Law in Cyberspace, 149 U. PENN. L.R.103 (Apr. 2001).
Aaron Burstein, Annual Review of Law and Technology: III. Cyber Law: Cybercrime, 18 BERKELEY
TECH. L.J. 313, 333-34 (Summer 2003).
18 U.S.C. §§ 2510-2511.
18 U.S.C. §§ 2510-2522, 2701-2716, 3121-3127.



• Digital Millennium Copyright Act 192

• The USA PATRIOT Act193 which modified the application of Title III of the
Wiretap Act to voicemail
For more information about the applicable federal laws related to specific types of unlawful
online conduct and the section of the Department of Justice with the subject-matter expertise,
see appendix A of the Department of Justice’s “Prosecuting Computer Crimes” Manual.194

§ 21.2.3(f)

Employer’s Surreptitious Accessing of Employee Website

Employers must be careful not to overreach or overreact in responding to work-related
websites set up by employees. A case demonstrating the dangers to employers of interfering
with employees’ work-related websites is the unusual Ninth Circuit case of Konop v.
Hawaiian Airlines, Inc.195 In that case, the plaintiff (Konop), an airline pilot, created a secure
website on which he posted bulletins critical of his employer, its officers and the pilots’ union
of which he was a member. Among other content, the website suggested that visitors to his
website consider alternative union representation. The plaintiff controlled access to his
website by utilizing user names and passwords, which he provided to selected persons. The
plaintiff did not provide passwords or user names to airline managers or to union

An airline vice president was given permission by a pilot — who had not visited the site — to
use his user name and password to access the site. When Konop found out that his website
had been accessed by the vice-president, he filed suit.

The Ninth Circuit’s first opinion reversed the district court’s grant of summary judgment in
favor of the airline on the plaintiff’s claims of violation of the Wiretap Act, the Stored
Communications Act (SCA), and the Railway Labor Act (RLA). 196 The appellate court held
that triable issues of material fact existed as to whether the employer had violated the acts in
question by using false pretenses to access the plaintiff’s secure website. The appellate court
allowed the employee’s case to proceed toward trial. The opinion was reissued by the court in
2002.197 The net result was to allow those portions of the plaintiff’s claims based on the
employer’s alleged violations of the SCA and RLA to proceed to trial.

18 U.S.C. § 1030.
Pub. L. No. 105-304, 112 Stat. 2860 (1998) (codified in various sections of title 17 of the United
States Code).
Pub. L. No. 107-56, 115 Stat. 272 (2001).
Available at
236 F.3d 1035 (9th Cir. 2001), op. withdrawn, 302 F.3d 868 (9th Cir. 2002).
45 U.S.C. §§ 151-88.
302 F.3d 868, cert denied, 537 U.S. 1193 (2003).



§ 21.2.4


Employers should take steps to ensure that their systems are being properly used. One step
courts have found persuasive is to give employees notice that their use of company systems
may be monitored by the employer at any time to ensure compliance with company policy. 198
(For more suggestions, see the “Practical Recommendation” and “Essential Tools” sections at
the end of this chapter.)

Some employees still do not realize that Internet “surfing” leaves a digital trail. For example,
an Internet provider may automatically record each individual’s use of websites, news groups,
and e-mails. A user’s Web browser creates files that record all of a user’s interactions. Copies
of downloaded data including pictures may also be stored in cached files. Thus, employees
who use the internet leave a trail that employers can track to discover where that employee
has been in cyberspace.

Most employers now choose to be more proactive in tracking employee internet and network
usage by purchasing and installing a firewall or similar solution. These solutions can lock
down access to specified internet resources, including web pages, and monitor network usage
and Internet access. Firewalls and similar solutions also help prevent outside attacks on an
employer’s network. Employers should regularly audit their internal networks and internet
security systems to ensure they understand how their employees are accessing and using the

Employers are starting to take advantage of new technologies for surveillance and electronic
monitoring of employees. Employers now have the technology to monitor an employee’s
conversations, computer keystrokes, performance standards, and whereabouts on a
minute-by-minute basis. When used, these tracking systems can operate to the benefit of
employers by reinforcing policies on proper Internet usage. For example, the city of Tampa
disciplined 44 city employees for sending e-mails containing nudity and sexually explicit
photographs from their work computers. Of the 44 reprimanded, 19 were from the Tampa
police department.199

In addition to preventing inappropriate behavior, employers have created value by monitoring

employee communications to gain a better understanding of the informal networks that exist
within their respective companies. Technology that allows employers to monitor and track
how employees communicate and who they communicate with gives employers a better grasp
on their true organizational network. One study by McKinsey & Company, a consulting firm,
identified and studied informal corporate networks and argued that these networks show more
about how a company is actually run than the typical hierarchical organization chart.200 The

See generally Eric P. Robinson, Big Brother or Modern Management: Email Monitoring in the
Private Workplace, 17 LAB. LAW. 311-26 (Fall 2001).
Ellen Gedalius, City Punishes 44 Workers Over E-mail Lewdness, TAMPA TRIB., Apr. 19, 2005, at
Lowell Bryan, Eric Matson, & Leigh Weiss, Harnessing the Power of Informal Employee
Networks: Formalizing A Company’s Ad Hoc Peer Groups Can Spur Collaboration And Unlock Value,
4 MCKINSEY Q. (2007).



study argued that new corporate structures should be developed to harness the power of these
informal networks. 201

Also, a study by Booz-Allen, another consulting firm, argued that companies should be more
rigorous “in their methods for managing human communications.”202 This study describes,
among other case studies, how one international corporation mapped its internal social
network through monitoring how employees communicated within the corporation.203 After
completing its analysis, the company transferred key employees who were communication
hubs to increase cross-country and office collaboration. 204 Based on these changes, the
company’s “business unit increased revenues 22 percent while simultaneously lowering the
‘cost of poor quality’ metric by 66 percent. Additionally, productivity improved by 20 percent
and customer dissatisfaction dropped by 24 percent.”205 These informal networks could only
be identified by monitoring and examining how employees communicate and who they
communicate with.

An employer’s rights in this area are, however, limited. The same federal and state laws
discussed in the preceding section with regard to searching voicemail and e-mail message
systems apply equally to monitoring. Moreover, some states, including California and
Connecticut, have laws forbidding employers from surveilling and monitoring employees in
certain circumstances.

Employers who monitor employee use of the Internet must not violate the privacy rights of
their employees. First and foremost, employers must reduce employees’ expectations of
privacy in the workplace. 206 In United States v. Simons, the Fourth Circuit held that an
employee did not have a reasonable expectation of privacy with regard to any of his Internet
activity at work.207 Thus, his rights were not violated when his employer searched his
computer workstation and found illegal pornographic images. The court found that the
employee had no expectation of privacy because the employer had a policy that clearly stated
the employer would monitor Internet use.

Similarly, in United States v Ziegler, the Ninth Circuit held that an employer who installed a
firewall, monitored its employees’ computer usage and apprised its employees of the
company’s monitoring efforts, maintained control of an employee’s computer located in a
private office.208 Even though the employee downloaded personal files onto his work

Tim Laseter & Rob Cross, The Craft of Connection: Organizational Network Analysis Is Helping
Companies Share Knowledge Worldwide, One Natural Broker at a Time, 44 STRATEGY + BUSINESS, at
Id. at 4.
See generally 92 A.L.R. 5th 15 (expectation of privacy in Internet communications).
206 F.3d 392 (4th Cir. 2000). See also United States v. Thorn, 375 F.3d 679 (8th Cir. 2004), vacated
on other grounds, Thorn v. United States, 543 U.S. 1112 (2005), and reinstated by United States v.
Thorn, 413 F.3d 820 (8th Cir. 2005) (employee had no expectation of privacy in use of office computer
and file cabinets where pornography discovered after an unrelated search).
474 F.3d 1184, 1191-92 (9th Cir. 2007).



computer, the court held that the employer could consent to government agents entering the
private office, removing the computer hard drive, and copying that drive. 209

Simons and Zeigler illustrate the need for drafting, promulgating, and enforcing clear
electronic resources policy. Such a policy must expressly state that the employer has the right
to monitor all computer and Internet use, and that the employee has no expectation of privacy
with regard to his or her company-issued computer or the use of that computer. The policy
should be disseminated to all employees and the employer should explain the policy to its
employees. Employees regularly should be reminded that the employer has the right to access
e-mail and all files stored on a company computer. (See below for sample provisions that can
be included in an electronic resources policy. Also, a list of items of information that can be
gathered by a company to assist its counsel in obtaining injunctive relief against harassing
e-mails appears as subsection E under the “Essential Tools” section at the end of the chapter.)

Employers should keep in mind that others may be monitoring their employees’ work
e-mails, even if the employer is not. Federal prosecutors have steadfastly defended their
option to obtain cell phone records which disclose the location of the cell phone (and the
person who may be in possession of it) — sometime without probable cause. 210

§ 21.2.5


§ 21.2.5(a)
Spamming: Inundating the Company E-mail System
Beginning in the later 1990’s, courts increasingly faced questions concerning the rights of an
Internet Service Provider (ISP) or a company to control the volume of e-mail into a business,
or to control or restrict access to company employees via company e-mail systems. Many
employers now use spam filters, also known as anti-spam software, to weed out most junk
e-mail. But the problem has not been resolved. According to one study, the cost of spam per
employee is $712 per year in lost productivity, for a total annual cost of $70 billion to all U.S.
employers.211 While these filters do not solve the problem, they provide a first line of defense
and have shown marked improvement in quality and effectiveness over the last few years.

For employers who are subject to e-mail based attacks, the legal issue in many of these cases
is framed by a tort concept which, until recently, had fallen into disuse: trespass to chattels.
ISPs in companies faced with a deluge of unwanted e-mails (“spamming”) would claim that a
“spamming sender” was liable under the theory of trespass to chattels, a doctrine originally
used to redress a person’s losses when another hunted, chased, injured, or killed the victim’s
livestock. 212

A chattel is essentially one’s personal property. Accordingly, a trespass to chattel may be

committed by intentionally using or intermeddling with a person’s personal property.213 Most

Tresa Baldas, Cell Phone Tracking Challenged, NAT’L L. J. (Jan. 18, 2006).
Privacy and Security Law, Volume 6 No. 18, p. 698, ISSN 1538-3431 (Apr. 30, 2007).
Intel Corp. v. Hamidi, 94 Cal. App. 4th 325, 330-31, (2001), review granted and op. depublished by
superceding opinion, 30 Cal. 4th 1342 (2003).



instances of trespass to chattels involve actual impairment of the chattel’s physical condition,
quality or value to the possessor, as distinguished from a minor affront to the owner’s dignity
as possessor.214 “[T]he tort has reemerged as an important rule of cyberspace.”215

In Intel v. Hamidi,216 the California Supreme Court held that an employer could not obtain an
injunction under a theory of trespass to chattels against a former employee who sent six
separate e-mails to over 200,000 current employees. Over a 21-month period, former
employee Ken Hamidi sent the e-mails to company e-mail addresses. In his e-mails, Hamidi
complained about his termination and urged current employees to visit his personal website
that listed further grievances.

Intel responded by demanding that Hamidi cease and desist from his electronic
communications to Intel employees using their Intel e-mail addresses. When Hamidi refused,
Intel sought and obtained an injunction against Hamidi based on the theory of “trespass to
chattels.” Hamidi appealed. The appellate court affirmed the issuance of the injunction,
holding that the company did not need to show it suffered damages as a result of Hamidi’s
e-mails. Intel only needed to show that Hamidi had accessed Intel’s e-mail system without
proper authorization.

The California Supreme Court reversed and held that an injunction should not have been
issued based on a theory of trespass to chattels. The court held that the tort of trespass to
chattels requires proof of actual damages, and that Intel’s claimed loss of productivity is not
the type of damage for which the tort provides a remedy. Instead, to prevail on a claim of
trespass to chattels, a plaintiff must prove that the offending conduct:

• damaged the property itself — in this case, Intel’s computer software and
hardware; or
• impaired the functioning of the property — as applied to e-mail, for example,
used material amounts of computer storage or drained away processing power.

The court acknowledged that an injunction based on a theory of trespass to chattels remains
an appropriate remedy when an e-mailer floods a computer system with e-mail to the point
where the incoming e-mails have a quantifiable negative impact on the system itself. The
court ruled that because Intel could not show that Hamidi’s e-mail barrage had damaged
Intel’s computer system or impaired the system’s functioning, Intel could not obtain an
injunction based on a theory of trespass to chattels. The court did note that an employee or
former employee who engages in tortious speech can be sued under a variety of theories
(besides trespass to chattels), such as defamation, unreasonable disclosure of private facts,
intentional interference with business relationships, and intentional infliction of emotional

RESTATEMENT (SECOND) OF TORTS § 218, com. h, at 422.
Intel v. Hamidi, 30 Cal. 4th 1342 (2003).
The plaintiff, Mr. Hamidi, had other excitement in his life in 2003 in addition to being a party in a
California Supreme Court case. As a candidate, he finished in 40th place in the October 7, 2003, recall
election for Governor of California – 4,201,650 votes behind Arnold Schwarzenegger.


§ 21.2.5(b) CHAPTER 21— DIGITAL WORKPLACE 2009

§ 21.2.5(b)

Union’s Use of the Internet for Organizational Purposes

The digital workplace creates unique problems for the unionized employer. Problem areas
include privacy issues, swiftly changing job roles, skills and duties, different measures of
productivity, the need for constant training to keep up with new technology, and the ability of
the employer to utilize flexible work relations such as telecommuting. Key union concerns in
the telecommuting area are fairness in performance reviews for telecommuters, the level of
technical and support available, overtime and other wage-and-hour issues, electronic
monitoring and employee privacy, a shift toward using contract personnel for piece work
assignments, and the union’s ability to continue to represent workers at remote locations.

Although union membership overall continues its decades-long decline as a percentage of the
American workforce, unions are increasingly using the Internet as a union-organizing tool.
Cyber-organizing is heralding a new era in union organizing. The Internet is being used to
make information about unions available to employees around the country. The AFL-CIO’s
“Internet community” offers a wide variety of experiences, services, and links. For example,
the link at the site to “Your Rights @ Work” provides information
concerning various forms of workplace discrimination, remedies for on-the-job injuries, and
applicable environmental regulations.

The website also provides information on forming a union. The Communication Workers of
America, styling itself as “The Union for the Information Age,” has a website which posted
daily bargaining updates during strikes.218 The site reported traffic of 20 times the monthly
average of “unique visitors” to the site. 219 And more websites and blogs are being created.
Sites such as “communicate or die” are designed to “build a network of passionate individuals
who are serious about discussing and developing solutions that allow unions to realize the full
potential of internet technology.”220 (For a more extensive discussion about union organizing
in the digital workplace, see Chapter 32 “Union Organizing” of THE NATIONAL EMPLOYER®.)

The major unions use their home pages to post information about union organizing efforts
and to target a particular employer as part of a corporate campaign. Instead of attempting to
make house calls or merely sending out mailers, union organizers are able to directly contact
employees interested in unionizing via e-mail and postings on the Internet. Employees can
also use the Internet to download union authorization cards. Expect to see an increased use of
blogs and wikis (collaborative websites that can be directly edited by anyone with access) as
tools for union organizing in the immediate future.

Union Information Widely Available on the Internet

Numerous “how to unionize” websites exist, complete with information on labor organizing,
union election procedures, examples of unfair labor practices, and news about other
organizing efforts. Employers should expect that unions will use more dynamic web pages
such as wikis and blogs to keep their members, and potential members, current on the latest

Silja J.A. Talvi, Unions Take to the Web, CHRISTIAN SCI. MONITOR, Jan. 29, 2001, at 14.
220 For examples of other blogs and collaborative websites, see also, and for international sites see; and



news and tactics. 221 Many unions now provide strictly confidential “Unionize Your
Workplace” forms for anyone interested in receiving information on organizing a union. Such
forms ask for the inquiring employee’s address, phone number, e-mail address, type of work
and number of employees. Once completed, these quick and easy forms are sent off to the
union with a mere click of the mouse. This new union tactic of using the Internet is an
especially effective strategy for reaching knowledge workers, “Generation X,” and
“Generation Y.” Unions continue to develop alternative methods of drawing Internet surfers
to their sites to look and stay. In January 2005, the AFL-CIO created a new section on its
website seeking information on ways to increase the strength of the labor movement.222 On
the other hand, just as disgruntled employees create antiemployer websites and blogs,
dissident union members also create websites posting unfavorable information about their

Employers troubled by the fact that their employees are using company time and
company-provided Internet access to obtain union information do have the right to prohibit
access to such information during work hours. However, in order to avoid violations,
employers must make sure to prohibit employees from accessing any and all
non-work-related information on the Internet, not just union information. Case law continues
to define how the NLRA will be applied to union organizing over the Internet. Until the law
becomes clearer, employers should be cautious and consult counsel before making any
important decisions.

An employee’s right to organize and to discuss organization with other employees generally
do not give nonemployee organizers the right to enter an employer’s property to discuss
union organizing. Usually, nonemployees may not enter an employer’s premises to engage in
union organizing except where the employees live and work beyond the reach of reasonable
union efforts to communicate with them. This raises the issue that an employer with a
dispersed workforce, perhaps because of telecommuting, might be obligated to give unions
the right to reach employees by e-mail.

Organizing by E-mail
E-mail and computer technologies may change all of these rules. Unions increasingly use
e-mail as a method of disseminating information. E-mail somewhat resembles the posting of
messages on a conventional bulletin board, but differs because non-work-related e-mail
messages are not easily detected. While e-mail is a powerful communications tool for
companies, it is also a powerful communications tool for union organizers.

E-mail differs from traditional letters and flyers in several important ways in the union
organizing context. Employers are less likely to know of e-mail messages as they pass
through the computer system, whereas employers present at the workplace could observe
literature distribution, or can readily see notices posted on conventional bulletin boards.
Furthermore, e-mail messages do not physically litter an employer’s property. This aspect is
important, as courts permit employers to ban employees from distributing literature in
working areas because such distribution may litter the employer’s premises and raise a hazard
to production. E-mail does not necessarily pose such a risk to an employer’s property. It has
been argued that e-mail poses a different, and equally troublesome burden on employers.

See United Federation of Teachers webpage at and National Air Traffic
Controllers Association webpage at http://the
AFL-CIO Creates Website Section Devoted to Discussions on Strengthening Movement, Daily Lab.
Rep. (BNA), Jan. 4, 2005, at A-9.


§ 21.2.5(b) CHAPTER 21— DIGITAL WORKPLACE 2009

E-mail impinges on the rights of employers even more than the distribution of literature,
because e-mail uses employers’ hardware, time, and resources, and constantly interferes with
work functions. Furthermore, allowing non-work-related information to pass through
company e-mail slows down the entire e-mail system. Thus, a 2007 decision by the NLRB
held that employees do not have a statutory right to use their employer’s e-mail system for
section 7 purposes. 223 The Board held that an employer’s policy that prohibited
“non-job-related solicitations” did not violate section 8(a)(1).224

But employers should apply any policy that restricts the use of company e-mail
consistently.225 An employer that does not regularly enforce a restrictive e-mail policy to
curtail noncompany e-mails but prohibits its employees from using e-mail for union purposes
may commit an unfair labor practice. 226 For example, one company promulgated an e-mail
policy that restricted use of the e-mail system to company purposes.227 But other than
enforcing the policy to prevent union activity, the company only applied the policy in two
incidents related to pornography. 228 The record contained numerous examples of messages
unrelated to the employer’s business, including use by hourly employees and managers to
convey news related to their personal lives, arrange social events, and to inform employees
about charities. 229 The Fourth Circuit Court of Appeals held that restriction of the union’s
access to the company’s e-mail system, while others were allowed unfettered access, is an
unfair labor practice that is prohibited by the NLRA. 230

The Media General ruling, however, may be based on outdated Board law. 231 In Guard
Publishing Co. the NLRB modified Board law concerning discriminatory enforcement. The
NLRB noted that to find a section 8 violation, there must be a “disparate treatment of
activities or communications of similar character because of their union or other Section
7-protected status.”232 Thus, an employer could properly distinguish between charitable
solicitations and noncharitable solicitations, between solicitations of a personal nature and
solicitations for the commercial sale of a product, between invitations for an organization and
invitations of a personal nature. The Board concluded that “the fact that union solicitations
would fall on the prohibited side of the line does not establish that the rules discriminate
along Section 7 lines.”233 Guard Publishing suggests employers may carefully control the use
of their internal e-mail systems for organizing purposes while allowing their employees to use
the system for certain personal purposes without violating the Act.

Guard Publ’g Co., 351 NLRB No. 70 (Dec. 16, 2007).
See id.; NLRB v. Honeywell, Inc., 722 F. 2d 405, 406-07 (8th Cir. 1983); E.I. DuPont de Nemours &
Co., 311 NLRB 893, 919, n.4; Media Gen. Operations, Inc. v NLRB, 225 Fed. Appx. 144, 148 (4th Cir.
Media General, 225 Fed. Appx. at 147-48.
Guard Publ’g Co., 351 NLRB No. 70 (Dec. 16, 2007).



§ 21.2.5(c)

Employer Response to Defamatory Websites

Varian Medical Systems, Inc. v. Delfino,234 provides one example of how an employer can
fight back against websites on which former employees are posting defamatory statements
about a company and its managers. Delfino and another former Varian employee posted more
than 13,000 spiteful and derogatory messages about Varian and two of its managers on
Internet bulletin boards. The posting included allusions that the managers were engaged in
pedophiliac activities, were mentally ill, manipulative liars and hallucinating neurotics.
Varian sued, and the defendants defended their posting as permitted under the First
Amendment protection for free speech. The defendants also maintained that they would
continue the postings until the managers died. 235 At trial, Varian and the managers were
awarded $775,000 in damages and a broad injunction against the defendants.

When the defendants appealed the trial court judgment, the appellate court affirmed the award
of damages. In its decision, the court of appeal rejected the defendants’ theory that Internet
hyperbole could not be considered defamatory, and that the written defamatory posting were
properly characterized as libel, not slander (which requires proof of special damages). 236 The
court characterized the totality of the defendants’ postings as not comments on matters of
public concern (as urged by the defendants), but a “vicious personal vendetta.” The appellate
court concluded that some, but not all, portions of the injunction issued by the trial court were
invalid as prior restraints on the defendants’ lawful exercise of their free speech rights.237

§ 21.3


§ 21.3.1


One: Develop & Implement a Comprehensive Electronic Resources Policy for
Your Workplace
In recent years, e-mail and voicemail policies have become commonplace. It is now time to
establish a comprehensive electronic resources use policy, encompassing e-mail, voicemail,
internet access, cell phones, pagers, PDAs, laptops, and the use of headphones while
performing work functions. Sample provisions appear at the end of this chapter. An electronic
resources use policy is more than a good idea — it is a legal necessity. Employees must

113 Cal. App. 4th 273 (2003), rev’d, 35 Cal. 4th 180 (2005) (new trial ordered due to procedural
error at the trial court level); see also John Morris, Julie Carpenter, Jody Kelly, 2 INTERNET L. B PRAC.
§ 24:13 (2007).
Varian Med. Sys., Inc., 113 Cal. App. 4th at 283.
Id. at 295-96.
Id. at 313-14.



understand how the employer intends for electronic resources to be used in the workplace.
Can an employee visit during a break using the Company computer and Internet
connection? What sites can be visited? When? What material can be downloaded?

A comprehensive electronic resources policy will help answer the above questions and many
more. However, it is insufficient to merely have a well-developed policy. The policy needs to
be implemented, explained, understood clearly by management, available, and enforced.
Fortunately, the Internet provides a channel for making the policy available and answering
questions about it.

Failure to consider and adopt an electronic resources use policy is the equivalent of failing to
renew your organization’s liability insurance policy. If your company does not establish,
promulgate, and enforce such a policy, it will almost certainly in the coming years have the
unpleasant and avoidable experience of explaining that oversight to a judge, jury or arbitrator.

Two: Conduct a Use Audit of Your Electronic Resources

In developing the above policy and determining its implementation and enforcement, it is
necessary to define how the electronic resources are being used in your current workplace and
its business purpose. Each organization is unique, while at the same time has many common
problems. An audit provides an introduction to what will be required. Sample questions
include the following:

• How many employees have access to the Internet?

• Is Internet access always through company-provided computers? PDAs?
Laptops? Cell phones?
• Are employees using the Internet through their own home computers, but for
company business?
• How much time do your employees spend on the Internet? (You may be
surprised by the answer.)?
• How well defined are the business objectives associated with Internet use?
• Is employees’ Internet use unrestricted?
• Is there any legitimate reason why employees would be visiting sexually explicit
websites? Auction sites? Gambling sites?
• What requests for Internet access has the company received?
• What complaints have been reported?
• What commercial activities are taking place on the Internet as authorized by the
• What security precautions have been developed? Is there training on the use of
the Internet?
• What are the workplace privacy expectations of your workforce?
• How were these expectations shaped?
• Are Internet materials routinely downloaded? How are they distributed (if this



• What plans exist for an expanded role for the Internet in your workplace during
the next six months? The next year? Beyond?
• Is there a plan to use voice recognition software?
• How are disabled users accommodated in access to and use of the organization’s
Internet and other electronic resources?
• Is encryption available?
• How do employees identify themselves online for work purposes?
• Can employees use the Internet without giving their identity?
• If a website is reached that requires a credit card for access, can the employee use
a personal card and seek reimbursement?
• Is a manager’s authority necessary to make a payment over the Internet?
• Who maintains the company website?
• How is the website integrated into the operations of the company?
• Is training offered over the Internet (“webinars”)?
• What health and safety issues have been identified with Internet use?
• Is employee access or use of instant messaging restricted?
• Who will be allowed cellular telephones for business use? At whose expense?
Will the employer have the right to monitor usage? If the cell phone is a
hand-held device, will the employer permit its active use by an employee for
company purposes while driving? (Note that such use is now illegal in California,
Connecticut, New Jersey, New York, Washington and the District of Columbia,
and may be soon in other areas.) Will employees be allowed camera phones at
company expense? If so, will there be any restrictions on employees’ use of the
camera feature at all?
• Will employees be allowed to listen to the radio or music using headphones or
comparable devices while performing company business? While driving on
company business?

Before such an audit is activated, your corporate attorneys should evaluate the implications of
collecting the above information. Recognize that if the gathered information is not privileged,
a plaintiffs’ attorney could subpoena the results (e.g., to show that disabled workers are not
accommodated as required by the ADA).

Once collected, the audit information provides the basis on which an action plan can be
developed. Additionally, an existing policy can be modified or an initial policy created based
on the current use of the electronic resources. Most importantly, such a review will likely
identify the areas where abuse is occurring and suggest the need for corrective action.

Three: Conduct an Electronic Resources Training Program

Organizations routinely have training sessions concerning the proper use of software. A
program on how the company envisions the use of the Internet in the workplace should be
included in one or more of these sessions. This program should include a review of the
electronic resources policy. A copy of the agenda for the program as well as each
participant’s receipt of the policy should be documented. If a violation of the policy occurs,



the employee will be on record as having received the policy and having had an explanation
of what was expected and prohibited. The most important benefit of this process is that
employees will use the Internet in a manner intended by the company. The secondary benefit
is the ability to discipline employees should that become necessary.

Essential learning programs are currently available through in-person instruction and
train-the-trainer sessions. In the near future, training programs will be available over the
Internet on how to lawfully use the Internet. 238

Four: Consider Monitoring Employee Use of the Business’s Electronic

Having established a state-of-the-art electronic resources policy and educated the workforce
on its provisions, the policy requires enforcement. It is almost certain that abuses will occur
and that counseling or corrective discipline will be required. One method of anticipating this
problem is to limit Internet access to certain sites and types of materials. Software can
accomplish this task and is recommended. Beyond this, the organization may wish to
periodically monitor Internet access to ensure that it is appropriate and being used efficiently.
Whether this is done as part of the normal duties of management or through a specially
trained group of human resource professionals is dependent upon unique considerations
within the organization. Generally, new legal standards will demand some form of prudent
“preventive effort” by management as part of later providing an affirmative defense to a
charge that misuse of the Internet has created a hostile work environment.

Five: Establish Uniform Standards of Enforcement for Your Electronic

Resources Policy
We recommend establishing standards of expected behavior and responses before the
inevitable abuses occur. It is imperative that these standards of expected behavior are
consistently enforced. Often, different managers enforce workplace policy requirements in
different ways. This inconsistency between managers can lead to liability for employers.
Also, a single manager may enforce workplace policy requirements one way when dealing
with a particular employee and an entirely different way when dealing with another
employee. For example, an outstanding producer who is Internet-savvy may be allowed to
surf the net without complaint, while a marginal performer is disciplined for non-work-related
use of the Internet. This inconsistent treatment may become a major problem when one of the
workers is a minority or in a protected category and the other is not. This creates a
presumption that the different treatment may have been the result of discrimination rather
than recognition of extraordinary performance. Preestablished standards of performance will
help overcome this problem. If a situation arises in which a modification of these standards
becomes necessary, the manager and the human resource professionals should be aware that
they need to document a nondiscriminatory basis for such a modification.

Six: Brainstorm the Power of Electronic Resources as an Employment

Law Compliance Tool
Schedule a two-hour session for key professionals in your organization responsible for
employment law compliance. This session will be for the purpose of exploring how the
Internet and other electronic resources could reduce your exposure to employment related
litigation. The meeting could occur in a conference room or over the Internet/intranet;

See, for example, the course offerings of Employment Law Learning Technologies, Inc. (ELT) at



however, making it attorney-client privileged is recommended. Ideal participants would be a

top human resources representative, corporate counsel, head of security, a representative from
IT, a top management representative (hopefully, one with some financial authority), a risk
management representative (if such a department exists), head of corporate compliance
programs (if such a department exists), and a line management representative. In preparation
for the meeting, a designated internal electronic resources expert should assemble a list of
possible ways the Internet could be used for employment law compliance. The meeting
should involve a discussion of these applications and end with an action plan.

Selected topics for the agenda could include: Identifying useful websites that contain
employment law information; using the Internet to distribute necessary policies and
information for employees, using the Internet to receive complaints, using the Internet for
expert, management, and employee training on employment law, tracking employee
performance, utilizing Internet evaluation forms, using the Internet to support hiring, linking
through the Internet to a real-time background-checking service, making disciplinary
information available in order to ensure consistent treatment of employees, using the
electronic resources to make reasonable accommodations, preventing the abuse of the
electronic resources in hiring virtual employees, and privacy concerns raised by Internet use
in the workplace.

The full agenda may be developed through a careful reading of this chapter combined with a
comprehensive assessment of the special needs and demands of your organization.

Seven: Build a Library of Useful Employment Law-Related Websites

Several of the governmental enforcement agencies have established useful websites that
provide technical compliance information. We recommend that someone knowledgeable
about the electronic resources and familiar with your compliance needs undertake building a
list of websites for use in employment law compliance. This list could include approved
recruiting sites and sites with a legal focus that could be of use to corporate counsel. Such a
list could become the size of a small-town phone directory in a short time. Accordingly, we
recommend limiting the list to categories and only a few preevaluated sites. This will better
ensure that quality information is being received.

A few suggested sites are included in the above chapter. Periodically, Littler Mendelson will
provide suggestions; however, there is no substitute for your own professional investigation.

Eight: Answer the User-Identification Challenge of the Internet

One of the major employment law related challenges of the Internet is being able to identify
who is doing the communicating. Did employee John Doe actually receive a corporate anti-
harassment policy? Who sent the obscene e-mail that originated anonymously? Was a
manager’s password used by an angry former employee? These and many more critical
questions turn on establishing the identity of the Internet user.

Human resources and corporate counsel should be involved with IT in establishing the level
of technology used to prove identity within the organization when using the Internet. Tools
are now available ranging from codes which can only originate from your computer to
cyber-signatures and beyond. If ultimate security is needed, fingerprint systems and retina
scans are becoming more available at almost affordable prices.

The identity challenge is a formidable one facing today’s employers. Your organization’s
response to this challenge needs to be decided rather than left to be answered by inaction.



Nine: Identify & Train Your Electronic Resources Expert Witness for
Personnel-Related Issues & Employment Law Litigation
The practical goal of considering electronic resources in the context of current employment
and labor laws is to avoid litigation and create the type of working environment which will
support rather than hinder productivity. Nonetheless, there is a need to have an articulate
“expert” within the organization who understands the electronic resources which the
employer has decided to utilize. This individual should be trained in employee investigations
and be schooled in cyber-sabotage. Her or his role will be to aid the human resources and
legal departments in all aspects of electronic resources employment law compliance. The
electronic resources expert can also offer advice on how the electronic resources can be used
as productive tools in preventive efforts. When abuse occurs, this electronic resources expert
will be invaluable in defining what can be technologically established and how to identify the
offending parties. If disciplinary action is taken and is later challenged, this person will be the
logical witness to explain how the organization followed legal requirements. Moreover, an
electronic resources expert will be able to explain complicated technology to a court,
administrative hearing officer, or jury in a way that it can be understood.

Another role for this person will be the building of a prelitigation compliance evidence
package. This will include a description of employment law compliance action that can be
used for the media or the courtroom in showing that the organization took reasonable care to
ensure compliance (independent from the specifics of a particular case in controversy).

§ 21.3.2


The vital role of the digital workplace in the reengineering of American business is
undeniable and will expand. Every responsible employer in the United States either has or
ultimately will experience the tension between new technology and existing employment
standards. This tension often arises with the introduction of new technology into the

New technology is often critical to a company’s efforts to stay competitive. However, in the
rush to introduce state-of-the-art technology, employers are often willing to overlook any
potential problems related to the technology. Employers must anticipate problems and
tensions and develop policies and procedures to deal with them. Otherwise, the benefits that
arise from the digital workplace could be largely offset by litigation and other costs.

The focus of the nine-phase process is on developing solutions to the problems outlined
above. Employers must recognize that the pace of technological change has been much faster
than the development of case law and litigation. More than most areas of employment law, in
the digital workplace it is necessary to anticipate the future and be willing to invent policies
and solutions before courts have established clear guidelines or, in some cases, any
guidelines. Process and planning become necessary substitutes for the more traditional case
histories and legislative enactments.



Phase I: Implement New Technology Using a Team Selection Process that

Focuses on Employment-Related Issues
Employers often ignore employment-related legal problems that may accompany the
introduction of new technology. Many employers focus on the quick implementation of new
technology in order to gain the immediate benefits of increased productivity and efficiency.
However, in so doing, the employer may not anticipate the effect the new technology may
have on personnel policies and procedures or the potential employment-related legal
problems that may accompany the new technology. Employers often implement the new
technology without even consulting with the human resources or legal departments.

The implementation of a voicemail system is a classic example. Often, the business services
department decides that voicemail will improve productivity and reduce costs. This message
travels to the CEO who directs that at least three bids will be received to ensure that the best
buying opportunity is located. A final decision is then made and a new voicemail system is
ordered and installed.

Although this process might be quick and efficient, a key component was missing. No one
ever questioned how the new voicemail system would integrate with current personnel
policies and procedures, or wondered what potential legal liabilities might exist with regard to
its use and how these liabilities might be limited. In short, the human resources and
employment-related legal issues were not given serious consideration in the planning and
acquisition process. This departmentalized thinking can be divisive, inefficient, and is usually

It is essential that today’s employer adopt a multidisciplinary approach to implementing new

technology. A team should be formed and staffed with representatives from all affected
departments, including human resources and legal. The team should be given the goal of
implementing technology and integrating the new technology into the business objectives of
the organization. The team process will help to ensure that the new technology will either fit
existing employment policies or that those policies will be modified coincident with the
installation of the new system. In this manner, it is more likely that troublesome issues that
could result in litigation will be identified in advance.

There are many other barriers to the success of technological changes. However, failure to
involve the human resources and the legal department in the planning and development of
these programs is near the top of the list.

Phase II: Review Existing Employment Policies Including Those

Governing Workplace Privacy
Once an employer has committed to examining the employment law considerations
associated with the introduction of new technology, it is essential to critically review existing
policies to determine how technology is addressed by the policies and whether the policies
need modification. Review of employee privacy policies is especially important.

Too few employers have developed comprehensive privacy policies. Such a policy is
becoming more and more essential, given the growth of privacy litigation, negligent hiring
lawsuits, and wrongful discharge actions. Privacy policies should generally regulate issues
ranging from control of medical and personnel records to issues of access to personnel
records by law enforcement or other quasi-official entities. However, even if a company has a
privacy policy, it will probably have to be reviewed to ensure that it addresses issues unique
to the digital workplace.



For example, the introduction of an e-mail system raises specific privacy concerns. Can an
employee access sensitive medical information and, if so, what controls and limitations can
be put in place concerning such information? Who will have access to e-mail messages and
are they considered confidential? These issues will need to be addressed in any
comprehensive privacy policy.

The review of written policies does not necessarily end the policy review process. Several
courts have recognized that past conduct, practices, and unrelated writings can create de facto
policies and standards.239 These company practices and de facto policies need to be
inventoried and reviewed as part of the process of assimilating new technology.

Phase III: Establish a Self-Auditing & Issue-Spotting Process

In planning for the implementation of new information technology in the workplace, one
must consider a wide range of practical and legal employment implications. A sample
checklist of questions has been provided under subsection A in the “Essential Tools” section
at the end of this chapter to assist employers in considering a broad range of problems and
litigation risks.

This list should be used as a starting point for the team assigned the task of implementing new
technology. The team should, at a minimum, consider carefully each of the questions. It is
anticipated that the process of answering these questions will suggest additional potential
problems and tactics for improving the implementation process.

Phase IV: Develop Practical & Innovative Responses to the

Employment-Related Issues Raised by the Introduction of New Technology
The development of policies is an integral step toward facing the new technology. The
policies must be as complete and innovative as necessary to meet the requirements of the new
technology. Sample policy provisions have been provided at the end of this chapter as
subsection B under the “Essential Tools” section.

Each policy directly responds to concerns over employee privacy associated with these
technological innovations. Under the issue-spotting process, the organization, it is hoped, will
have identified all critical issues associated with the new technology. These issues can then be
addressed in policies as privacy is addressed in the sample policies.

For example, with regard to voicemail, issues concerning the expectation of privacy on the
part of outside voicemail callers as well as the employee recipients of calls have been noted.
To respond to this issue, it is important to create an appropriate policy that effectively reduces
the expectations of privacy; establishes company ownership of the system and the messages;
authorizes the organization to access the voicemail; and informs incoming callers that the
conversation might be heard by someone other than the person whose voicemail was
activated. By creating and disseminating such a policy, the company fully discloses to
employees and callers what they can expect, which minimizes the potential for a later legal

The development of practical responses and solutions are as varied as the problems that arise.
For example, sexually explicit messages on an e-mail system may later serve as evidence in a
sexual harassment case. Within the e-mail sample policy, a prohibition is included with

See, e.g., Kern v. Levolor Lorentzen, Inc., 899 F.2d 772 (9th Cir. 1990); Pugh v. See’s Candies, Inc.,
116 Cal. App. 3d 311 (1981).



regard to certain discriminatory or offensive language. This effectively integrates e-mail into
the company’s existing sexual harassment policy. It also ensures the enforceability of the
sexual harassment policy as applied to e-mail.

Phase V: Develop a Training Program to Implement Digital Workplace

The self-directed workforce and the elimination of several levels of supervision have created
an environment in which the role of training has taken on a higher level of importance. The
regulations and policies related to new technology become the tools for managers to avoid
future litigation problems. Training managers concerning the proper use and misuse of new
technology is paramount to reducing litigation risk. In many areas, this training will extend
beyond the managers to the employees who utilize and access the technology.

Again, voicemail and e-mail are prime examples of this principle. Managers should be trained
regarding the rules governing access to the systems and the rules regarding the type of
information that can be transmitted electronically through these channels. As part of learning
how to use the new technology, employees should also receive instruction regarding these
rules and regulations.

If litigation develops in the future, policies and training will provide the best possible
evidence regarding the employee’s expectation of privacy and will establish that the employer
demonstrated a standard of care. Again, the key is to include a component within the normal
training programs associated with the new technology that focuses on employment law
considerations. This reaffirms the need for a multidisciplinary approach, the breakdown of
departmental lines, and the need for advance planning.

The failure to adequately train users of new technology could result in substantial liability for
negligent training. If, for example, an employee is not properly trained and inadvertently
disseminates private personal information through an e-mail or voicemail system, there could
be a claim of negligent training resulting in an actionable invasion of privacy. Similarly, if an
inadequately trained employee were to lose, destroy, or mis-record vital information needed
by a customer or someone else outside of the company, the failure to train could result in a
tort claim for negligent training. Moreover, the failure to properly train employees in the safe
use of technology and in ergonomic considerations could also result in injuries to the
employees using the system for which the employer would be responsible through the
workers’ compensation system. All of these additional potential sources of liability provide
the motivation necessary to encourage employers to establish a careful program of both initial
and ongoing training.

Phase VI: Monitor Policies & Programs to Reduce Employment-Related

Litigation Associated with New Technology
Every employer has an obligation to monitor and enforce the policies that govern its
workplace. An organization cannot fully meet its key legal obligations by merely providing
competent policies and good training. Our liability system is still built on the assumption that
the workplace is controlled by the employer and that the employer has a responsibility to
monitor and enforce its policies.240 New technology can greatly assist in this process.
Unfortunately, it can also create the potential for systematic abuse. In carrying out the duty of

See, e.g., Baker v. Weyerhauser Co., 903 F.2d 1342 (10th Cir. 1990); Campbell v. Leaseway
Customized Transp., Inc., 484 N.W.2d 41 (Minn. Ct. App. 1992); Duldulao v. St. Mary of Nazareth
Hosp. Ctr., 115 Ill. 2d 482 (1987).



monitoring and enforcing employment policies, we recommend consideration of the


• Technology should be looked at as a potential vehicle for monitoring and enforcing

employment law policies and procedures. For example, technology can assist an
employer in becoming consistent in its disciplinary decisions. Cases often turn on
whether the employer applied the same discipline to similar situations in the past.
• An employer should monitor employees’ use of the new technology to ensure that
established policies are followed. For example, one of the common complaints
regarding electronic bulletin boards is the posting of obscene material, inappropriate
material, or potentially defamatory material. Most bulletin boards have procedures
whereby a manager can remove information. In some organizations, individuals
devote substantial working time to reviewing e-mail messages to ensure that they
meet company standards and do not violate appropriate guidelines. Although this
type of monitoring may be burdensome, in some organizations it may be necessary.
The mere knowledge on behalf of employees that the employer is monitoring what
program is running on their computers is usually enough to significantly curtail
abuses, such as the playing of computer games. No one said the monitoring will be
easy. Many games come with “boss keys” designated to hide games behind phony
spreadsheets or other documents on the touch of a key.
• An employer should monitor the type of information stored on the system and
determine who should have access to the stored information. An organization that
stores personnel records on its electronic communications system needs to ensure that
there are well-structured safety mechanisms to prevent the flow of this information
into inappropriate terminals. The mere existence of certain information creates a
litigation risk.
• Monitoring and enforcement processes can be greatly enhanced by the creation of a
duty to report misconduct. In the sample e-mail and voicemail policies attached to the
end of this chapter, such a duty is set forth. Under these circumstances, an individual,
viewing sexually explicit information on his or her computer screen will have an
affirmative obligation to report it to the company. This obligation removes excuses
that employees sometimes use for not reporting obscene messages.

Phase VII: Establish Disciplinary Standards & Procedures Applicable to the

New Technology
The misuse of the digital workplace is already an area where employers are facing
disciplinary decisions. Employers have the choice of responding to situations as they arise or
establishing standards for disciplinary action. Regardless of the approach, consistency will be
important to reducing the likelihood of litigation and to ensuring acceptance of the
employer’s disciplinary process. For example, if an Asian employee accesses a coworker’s
e-mail and is terminated, while a white employee is only given a disciplinary warning for the
same actions, this could lead to litigation.

Turning to practical solutions to potential discipline, Littler strongly recommends the

consideration of an alternative dispute resolution (ADR) technique, including mediation and
arbitration. If discipline is taken against someone for violating an e-mail policy or based on
information provided through advanced technology, it will be to everyone’s advantage to
have it resolved without formal litigation. ADR presents an option for accomplishing this, it



is hoped, through mediation and a voluntary resolution. If this is not possible, then arbitration
becomes a final option.

Phase VIII: Use Multidisciplinary Innovations to Solve Problems Related to

New Technology
A traditional process of analyzing potential employment law issues has been set forth above.
That process includes spotting issues, developing responses, training managers and
employees regarding their duties and responsibilities, monitoring the system for violations
and then taking appropriate disciplinary action. These traditional steps, however, all take
place within the company’s own organization. They do not necessarily contemplate a
multidisciplinary approach that may provide solutions to employment law considerations
ranging beyond the traditional tools of a human resources department or corporate counsel.

The use of other disciplines such as psychology, sociology, or informational and

organizational specialties may provide useful perspectives that can have an immeasurable
impact on the digital workplace. One of the best examples of this is telecommuting. A review
of telecommuting demonstrates that there are numerous legal problems. An individual
working at home, who is nonexempt, faces several wage-and-hour concerns. How is time
recorded? What constitutes working time? What is the workday? How does the employer
ensure that the work is, in fact, done during the hours specified by the employee?

Although the legal problems are important, the legal discipline only touches the edges of a
full range of issues that affect a telecommuting program. For example, psychologists talk
about social isolation and a feeling of being out of the mainstream. Over-monitoring?
Under-monitoring? Depression associated with isolation? Information and organizational
systems specialists are concerned with the effect of the technology on the culture of the
organization. How will the structure of the organization change? How will the changes effect
communication within the company? All of these issues can be critical to the success of a
telecommuting program.

Multidisciplinary and technologically oriented solutions have tremendous potential for

solving these types of problems in the workplace. The key ingredient is the participation of
individuals from a variety of disciplines in assessing a particular technology and its
application to the workplace and keeping in mind the employment law implications as that
process occurs.

Phase IX: Maintain a Legislative Watch

It is possible that an organization can follow the above steps and provide an excellent
preventive program for the integration of new technology with minimal negative
consequences. Unfortunately, these efforts can be derailed if legislative enactments occur
without full appreciation of their impact. For example, Congress has considered an
electronic-monitoring bill that is designed to eliminate abuse of employee privacy.

Ironically, such legislation could have totally unexpected consequences. For example, an
electronic inventory system may be in use that indirectly identifies the exact productivity of
each worker within a warehouse. The purpose for the technology is to ensure that the
customer can access materials in record time and that the inventory of the warehouse is
maintained consistent with the needs of the customer. However, the secondary effect is to
provide excellent information on the productivity of the workforce and help dictate the size
and training of that workforce. A bill that banned monitoring could inadvertently prohibit this



type of warehouse control and severely injure the significant productivity advances that have
been made by the application of the new technology.

Employers have a vested interest in making their thoughts and concerns known through their
associations regarding the implication of such legislation. Organizations like the American
Electronics Association, the U.S. Chamber of Commerce, and many others have devoted
attention to technology-oriented legislation and its employment law implications. An
excellent example of such legislation is in the area of encryption and law enforcement access
through portholes in the clipper chip. Total encryption could result in money laundering or
violation of company policies with no redress available to law enforcement or to the
employer. The creation of super-privacy, through either technology or legislation, could have
tremendous negative consequences on the ability of employers to maintain the type of
controls that are otherwise mandated by statutes and regulations within the workplace.

Phase X: Develop & Implement Your Organization’s Electronic Data

Retention, Storage & Deletion Policy
Your organization will receive a subpoena or a document request for various e-mails — it is
simply a question of when that will happen. You can either be reactive when the subpoena
hits the door, or you can takes steps at this time to anticipate the inevitable, and to prepare to
give a complete and professional response.

Take the time now to develop a policy on the retention, storage and deletion of e-mail and
other electronic communications, identifying what is to be saved, who may save it, what is
designated as privileged, how long it should be kept, and how and where it should be
archived. Ascertain the state and federal laws which apply to your organization and its
operations. Different laws have different retention requirements and time periods.

The policy should be developed in consultation with your in-house counsel (or, if you have
none, your outside counsel), and your information technology professionals. You need to
develop at least a basic understanding how the company’s systems handle, archive, and delete
e-mails, and what the previous policies (if any) have been on this subject. If you can
accomplish this, when the subpoena is served, you will not waste time having to gather the
data, then attempting to explain to your outside counsel, under the gun, the system and what
data is available, and what data has been purged.

Draft or obtain from your counsel a “litigation hold notice” and think through what persons
should receive it when a subpoena is served.

§ 21.3.3


While telecommuting poses many advantages for both employers and employees, there are
important disadvantages as well. For instance, telecommuting is not suitable where
face-to-face interaction with colleagues or clients is essential to the job. Telecommuting poses
management challenges, from developing a system for communication, to developing ways to
assess employee performance. Furthermore, some employees lack the independence and
commitment required of successful telecommuters, while others may feel isolated from
colleagues, or feel unable to separate their work and personal lives.



These issues raise important questions to consider before implementing telecommuting as an

option: How will the employee’s quality and quantity of work be monitored? How will the
employee’s hours of work, including break periods, meal periods and overtime be monitored?
How can the use of company equipment be limited to business purposes? If an employee’s
child spills soda on a computer keyboard, who is responsible for replacing the equipment?
How will confidential information be protected? Will a telecommuting policy impact
negatively on those employees who must come to the employer’s premises?

To ensure a successful telecommuting program, employers are advised to follow these

guidelines and incorporate them into a written policy signed by the employee:

• Choose telecommuters carefully, considering, among other things, an employee’s

ability to work independently with minimal direct supervision.
• Restrict telecommuting opportunities to those workers with a history of
satisfactory performance, and to those who have the necessary skills in qualified
job positions.
• Allow telecommuting only for specified maximum periods of time (starting,
perhaps, with four weeks), subject to extension at the employer’s option, and
revocable at any time in the sole discretion of the employer. Make clear that
telecommuting is a privilege of the employee, not a right.
• Require newly hired telecommuters to spend a period of time in the office first,
so that they will develop a sense of corporate style, and so that the employer will
have an idea of their abilities.
• Keep in constant contact with telecommuters — schedule weekly meetings, or
occasional face-to-face meetings.
• Consider automatic routing of information — technology now permits memos,
corporate data, and job-related information be set up to automatically route or
copy to the telecommuter.
• Clear directives, objectives, and deadlines help employers monitor
telecommuters. Many employers with successful telecommuter programs have
established a weekly report to communicate progress, problems, and plans.
Employers may wish to establish regular in-office days, so that the company
knows when to expect the employee. Set performance expectations in advance
with the employee.
• Help telecommuters set and recognize their own rewards for completing tasks, as
the demands of telecommuting may be unfamiliar to first-time telecommuters.
Make sure telecommuters learn to create a balance between the telecommuter’s
professional life, and personal life; some telecommuters who are not
self-disciplined let the personal distractions at home get in the way. Others who
are extremely self-motivated and conscientious tend to overwork. Have the
telecommuter establish a specific workspace with both physical and mental
boundaries. This may mean setting rules for family interruptions.
• Take care to convey the organization’s culture and policies — require attendance
at orientation sessions, hold mandatory training sessions at the employer’s place
of business, and make sure that telecommuters have access to all employment
policies, corporate memos, and handbook updates.



Managers, too, must be carefully selected. Managers must learn to evaluate work based on
performance and productivity, and to manage the project, not just the person. Supervisors will
have to become leaders who help set goals, plan work, and guide work. Because supervisors
can no longer oversee the work process in person, they will have to learn to manage results.
Employers may wish to hold special workshops on how to manage telecommuters.

§ 21.4


§ 21.4.1


• What is the nature and the purpose of the new technology, and what is the goal in
introducing it into the workplace? How will these issues be communicated to the
workforce? Should the company place limits of the uses of the new technology,
and if so, what limits will be imposed? How will these goals be communicated
and enforced?
Authorized Users
• Who will be the authorized users of the new technology, and how will they be
identified within the company?
• For employees provided with laptop computers, cell phones or pagers: will the
company restrict their use to business purposes only? How will the company be
able to access and review the contents of the hard drive of its laptop computer?
• Will the company permit employees to use company electronic resources to
access employees’ personal e-mail accounts, such as with America Online,
Yahoo!,, etc.?
• What if any restrictions on the use of any electronic resources are imposed while
the employee is driving on company business?

Confidential Information
• Will there be sensitive or confidential business or personnel information available
in or transmitted through the system?
• What steps, including policies, procedures, and technical protective systems,
should be established to protect confidential and business information? How will
access to sensitive information in the new system be limited to those with a
legitimate need to know? What level of security is appropriate, and at what cost?



• In what ways is the new technology vulnerable to unauthorized access or
sabotage by employees, and what steps can be taken to prevent this?
• What steps, policies, or procedures will be used to prevent employees from
encoding or encrypting information stored or transmitted using the new
technology? What steps will be taken to prevent anonymous transmission or data
• What would an audit (or subpoena) of the last six months/year/last available
period reveal of the use patterns by employees of the company’s internet access,
voicemail, and e-mail?
• Will the company monitor or access the information stored or transmitted by
employees? If so, will notice of this access and monitoring be provided to the
employees? If so, how? Will employees be asked to sign authorizations for
electronic access and monitoring? If so, what should be the contents of the
authorization and the procedure for signature?

Effect on Personnel Policies & Employee Handbook

• Which of the company’s personnel policies will need to be revised in light of the
new technology? Will any provisions of the employee handbook need to be
modified or updated?
• What training will be required or offered to employees concerning the new
• Will existing employees be retrained to use the existing technology, or will new
employees be hired? Will any existing jobs be eliminated? What about
employees who cannot be trained on the new technology or who refuse such
• What criteria will be used to evaluate employees using the new technology, and
should the compensation or performance evaluation systems be modified in any
• What procedures or protections will be established to prevent misuse of the new
technology, such as harassment or discrimination?

Health & Safety Aspects

• Will there be safety and occupational health training needed as a result of the new
technology? Will existing safety and health programs need to be revised? What
potential health or safety problems may be presented by the new technology, and
how will the company address those potential problems? What ergonomic
accommodations should be offered to employees using the new technology?

• Will the new technology enable employees to work at home? If so, what new
policies and procedures will be needed to handle supervision, training,



compensation, workplace safety, and other employment issues for employees

working at home? How will work time, recordkeeping, break times, scheduling,
and overtime be handled for employees working in the home?

Effect on Disabled Employees

• Will the new technology require any special accommodations for existing
employees with disabilities? Will it permit special accommodations for disabled
employees that were not available before?

Labor Relations
• Will the new technology affect the working condition of any employees
represented by a union, and if so, will the union be notified or consulted? Is there
a statutory duty to bargain with the union over any aspect of the new technology?

Cellular Telephones
• How important is it to the company for employees to have cellular telephone
access, compared with (A) the risk of cellular telephone conversation
surveillance, and (B) the risk of accidents while driving and using a cellular
If the company does not pay for a cellular phone or its service:

• Will the company permit employees to use their own personal cellular telephones
for company business?
• Will the company reimburse the employee for such use of the employee’s
personal cellular telephone and service?
• Will the employee be allowed to bring the personal cellular phone to work? Will
there be any restrictions on the employee’s use of the phone while at work? If the
personal cellular phone is lost or stolen while the employee is at work, will the
company be in any way responsible for the replacement of the personal cellular
• Will the company pay for the time of nonexempt employees who make calls
during other than normal business hours?

If the company will allow the use of cellular telephones for business purposes:

• Will the company restrict the use of cellular phones based on the nature of such
conversations or based on the confidentiality or sensitivity of information
• Will the company “prohibit,” “discourage,” “recommend against,” or remain
silent on the use of the cellular phone while the car is in motion?
• Will the company require the use of “hands-free” equipment to be used with the
cellular phone? At whose cost?
• Will the company restrict the length of cellular phone conversations while
driving, in an effort to limit the possibility of accidents?
• Will the company allow, or pay for, nonbusiness (personal) conversations?



• If an employee is assessed a moving violation which results in whole or in part

from the employee’s use of the cellular phone, can the company attempt to place
partial or full liability on the employee for that event and its consequences?
• If the employee cannot or will not return the cellular telephone at the conclusion
of the employee’s employment, what remedies — if any — do the laws of the
state of employment allow the company?

Storage, Designation & Deletion of E-mail & Instant Messages

• How will e-mails be saved?
• How will instant messages be saved?
• Who will determine whether e-mails and instant messages should be stored as
privileged information?
• What federal, state or local laws apply to the retention and disposal of the
organization’s electronic communications?
• Absent any applicable laws or regulations, under what circumstances should
electronic communications be deleted?



§ 21.4.2


Introductory Provision241
The company’s electronic resources — including desktop and portable computer systems,
cellular telephones, personal data assistants (PDAs), fax machines, Internet access,
voicemail, e-mail, instant messaging (IM), electronic bulletin boards, and its intranet—
enable employees quickly and efficiently to access and exchange information throughout
the company and around the world. When used properly, we believe these resources greatly
enhance employee productivity and knowledge. In many respects, these new tools are
similar to other company tools, such as stationery, file cabinets, photocopiers, and
telephones. Because these technologies are rapidly changing, it is important to explain how
they fit within the company and within your responsibilities as an employee.

This policy applies to all electronic resources that are owned or leased by the company, that
are used on or accessed from company premises, or that are used for company business.
This policy also applies to all activities using any company-paid accounts, subscriptions, or
other technical services, such as Internet and Web access, voicemail, and e-mail, whether or
not the activities are conducted from company premises.

As you use the company’s electronic resources, it is important to remember the nature of
the information created and stored there. Because they seem informal, e-mail messages,
voicemail messages and messages posted on the Internet are sometimes offhand, like a
conversation, and not as carefully thought out as a letter or memorandum. However, even
after you delete these messages or close a computer session, the information may still be
recoverable and may even remain on the system. You should keep this in mind when
creating e-mail messages, voicemail messages, messages on the Internet, and other
documents on the computer. Moreover, be aware that technology exists to intercept wireless
communications, including cellular telephone conversations, or to pinpoint the geographical
location of the users of such technology.

Acceptable Uses
The company’s electronic resources are provided for the benefit of the company and its
customers, vendors, and suppliers. These resources are provided for use in the pursuit of
company business and are to be reviewed, monitored, and used only in that pursuit, except
as otherwise provided in this policy.

The policies and forms provided are samples only and do not constitute and are not a substitution
for consultation with legal counsel. The law in this area consistently changes and must be reviewed
before implementing any policy in this regard. These sample policies and forms should not be
implemented or executed except on the advice of counsel.



Employees should use the company’s electronic resources with the understanding that these
resources are provided for the benefit of the company’s business. Accordingly, employees
should use the company’s electronic resources to further the company’s ability to conduct
its business and in a manner that is consistent with performance of their duties and
responsibilities. Employees should never use the firm’s electronic resources for personal
use in a manner that interferes with work or any responsibilities to customers, vendors,
suppliers, or colleagues. All employees are responsible for ensuring that they use the
company’s electronic resources in an effective, ethical, and lawful manner.

Unacceptable Uses
The company’s electronic resources should not be used for personal gain or the
advancement of individual views. Employees who wish to express personal opinions on the
Internet are encouraged to obtain a personal account with a commercial Internet Service
Provider and to access the Internet without using company resources. Employee postings
are not permitted on the company’s intranet or electronic bulletin board.

Employees are permitted to use the company’s electronic resources for occasional
non-work-related purposes during nonworking time (e.g., during breaks and before or after
working hours). Your use of the company’s electronic resources must not interfere with your
productivity, the productivity of any other employee, or the operation of the company’s
electronic resources. Employees may not play games on the company’s computers and other
electronic resources. Employees may not access nonbusiness-related websites or commercial
websites unless necessary for business purposes and authorized by their direct manager.

You should not send e-mail or other communications that either mask your identity or
indicate that they were sent by someone else. You should never access any electronic
resources using another employee’s password. Similarly, you should only access the
libraries, files, data, programs, and directories that are related to your work duties.
Unauthorized review, duplication, dissemination, removal, installation, damage, or
alteration of files, passwords, computer systems or programs, or other property of the
company, or improper use of information obtained by unauthorized means, is prohibited.

Employees are prohibited from using the company’s electronic resources for the
transmission or receipt of any information in violation of federal, state or local laws or
regulations, including trade secrets.

Sending, saving, or viewing offensive material is prohibited. Messages stored or transmitted

by computer, voicemail, e-mail, or telephone systems must not contain content that may
reasonably be considered offensive to any employee. Offensive material includes, but is not
limited to, pornography, sexual comments, jokes or images, racial slurs, gender-specific
comments, or any comments, jokes, or images that would offend someone on the basis of
his or her race, color, creed, sex, age, national origin, or ancestry, physical or mental
disability, veteran status, as well as any other category protected by federal, state, or local
laws. Any use of the Internet/Web, intranet, or electronic bulletin board to harass or
discriminate is unlawful and strictly prohibited by the company. Violators will be subject to
discipline, up to and including termination of employment.

The company does not consider conduct in violation of this policy to be within the course
and scope of employment or the direct consequence of the discharge of one’s duties.
Accordingly, to the extent permitted by law, the company reserves the right not to provide a
defense or pay damages assessed against employees for conduct in violation of this policy.



Access to Information
The company asks you to keep in mind that when you are using the company’s computers
you are creating company documents using a company asset. The company respects the
individual privacy of its employees. However, that privacy does not extend to an
employee’s work-related conduct or to the use of company-provided electronic resources or

The company’s computer, voicemail, e-mail, or telephone systems, and the data stored on
them are and remain at all times the property of the company. As a result, computer data,
voicemail messages, e-mail messages, and other data are readily available to numerous
persons. If, during the course of your employment, you perform or transmit work on the
company’s computer system and other electronic resources, your work may be subject to
the investigation, search, and review of others in accordance with this policy.

All information, including e-mail messages and files, that are created, sent, stored, or
retrieved over the company’s electronic resources is the property of the company, and
should not be considered private or confidential. Employees have no right to privacy as to
any information or file transmitted or stored through the company’s computer, voicemail,
e-mail, or telephone systems. Any electronically stored information that you create, send to,
or receive from others may be retrieved and reviewed when doing so serves the legitimate
business interests and obligations of the company. Employees should also be aware that,
even when a file or message is erased or a visit to an Internet or website is closed, it is still
possible to recreate the message or locate the website. The company reserves the right to
monitor your use of its electronic resources at any time and to inspect and screen all of the
company’s electronic resources and all information contained therein without prior notice to
employees. These inspections and searches may be conducted during or outside business
hours and in the presence or absence of the employee. All information including text and
images may be disclosed to law enforcement or to other third parties without prior consent
of the sender or the receiver.

Confidential Information
E-mail and Internet/Web access are not entirely secure. Others outside the company may also
be able to monitor your e-mail and Internet/Web access. For example, Internet sites maintain
logs of visits from users; these logs identify which company, and even which particular
person, accessed the service. If your work using these resources requires a higher level of
security, please ask your manager or the IT department for guidance on securely exchanging
e-mail or gathering information from sources such as the Internet or World Wide Web.

All employees should safeguard the company’s confidential information, as well as that of
customers and others, from disclosure. Do not access new voicemail or e-mail messages with
others present. Messages containing confidential information should not be left visible while
you are away from your work area. E-mail messages containing confidential information
should include the following statement, in all capital letters, at the top of the message:





Security of Information
Although you may have passwords to access computer, voicemail, and e-mail systems,
these electronic resources belong to the company, are to be accessible at all times by the
company, and are subject to inspections by the company with or without notice. The
company may override any applicable passwords or codes to inspect, investigate, or search
an employee’s files and messages. All passwords must be made available to the IT
Department. You should not provide a password to other employees or to anyone outside
the company and should never access any electronic resources using another employee’s

In order to facilitate the company’s access to information on its electronic resources, you
may not encrypt or encode any voicemail or e-mail communication or any other files or
data stored or exchanged on company systems without the express prior written permission
from the IT department and your manager. As part of this approval, the IT department will
indicate a procedure for you to deposit any password, encryption key or code, or software
with the IT department so that the encrypted or encoded information can be accessed in
your absence.

Employees should not open e-mail attachments that arrive anonymously, that have strange
subject titles, or that contain multiple forwards. If employees are unsure about the safety or
content of an e-mail attachment, they must consult with the IT department before opening
the attachment.

Copyrighted Materials
You should not copy or distribute copyrighted material (e.g., software, database files,
documentation, articles, graphics files, and downloaded information) through the e-mail
system or by any other means unless you have confirmed in advance from appropriate
sources that the company has the right to copy or distribute the material. Failure to observe
a copyright may result in disciplinary action by the company as well as legal action by the
copyright owner. Any questions concerning these rights should be directed to your

The Company’s Software Policy

If you want to install software on company computers, you must contact the IT department
and request to have the software installed. Employees are prohibited from downloading or
installing any software on any company electronic resource without the express prior
written permission of the IT department.

Involving the IT department ensures that the company can manage the software on
company systems, prevent the introduction of computer viruses, and meet its obligations
under any applicable software licenses and copyright laws. Computer software is protected
from unauthorized copying and use by federal and state law; unauthorized copying or use of
computer software exposes the company and the individual employee to substantial fines
and exposes the individual employee to imprisonment. Therefore, employees may not load
personal software onto the company’s computer system and may not copy software from
the company for personal use.

The company will cooperate with the copyright holder and legal officials in all copyright



Your Responsibilities
Each employee is responsible for the content of all text, audio, or images that they place or
send over the company’s electronic resources. Employees may access only files or
programs, whether computerized or not, that they have permission to enter.

Violations of any guidelines in this policy may result in disciplinary action up to and
including termination. In addition, the company may advise appropriate legal officials of
any illegal violations and cooperate in investigations conducted by legal officials.

Company-Provided Cellular Phones

Where job or business needs demand immediate access to an employee, the Company may
issue a business cellular telephone to an employee for local and long-distance work-related
communications. The company-provided cellular telephone should be used for work-related
communications only.

In general, the Company expects employees to use common sense and sound judgment
when utilizing a company-provided cellular telephone. Because cellular telephone
transmissions may be accessible by individuals outside of the Company, employees should
not transmit sensitive or confidential information via cellular telephone. The confidentiality
of conversations conducted on a cellular telephone or voicemail should not be assumed.

Employees in possession of company equipment such as cellular phones are expected to

protect the equipment from loss, damage or theft.

Upon resignation or termination of employment, or at any time upon request, the employee
may be asked to produce the cellular telephone for return, replacement or inspection.
Employees unable to present the cellular phone in good working condition within the time
period requested may be required to bear the cost of a replacement.

Employees who separate from employment with outstanding debts for equipment loss or
unauthorized charges and who do not provide repayment or replacement will be considered
to have left employment on unsatisfactory terms, as well as subject to legal action for
recovery of the loss.

Employee’s Personal Cellular Phones

While at work, employees are expected to apply the same policy in using their personal cellular
phones as is expected for personal telephone calls as described in the Company Handbook.

If an employee brings a personal cellular telephone on to Company property, the phone

should remain on the “off” or “vibrate” mode during business hours. An employee with a
personal cellular telephone that is not approved by Company management for work-related
use should not make calls from nor accept incoming calls to their personal phones during
work hours.

Employees who have personal cellular telephones are also discouraged from conducting
Company business while driving. Employees who have personal cellular telephones are
also expected to take personal responsibility for their safety and adopt personal and public
safety precautions, including those set forth herein. The Company will not be liable for the
loss of personal cellular phones brought into the workplace.



Safety Issues for Cellular Telephone Users

Employees whose job responsibilities include regular or occasional driving, and who are
issued a Company cellular telephone for business-related work use, are expected to put
safety first before all other concerns. Employees whose job responsibilities do not
specifically include driving as an essential function, but who are issued a Company
provided cellular telephone for business use, are also expected to abide by the provisions

To promote ergonomic considerations and additional safety, the Company will provide or
reimburse employees who are assigned a Company provided cellular telephone for the
purchase of appropriate “hands-free” cellular telephone accessories.

It is recommended that employees who are driving during the course of their Company
work refrain from using their phone while driving. Special care should be taken in
situations where there is traffic, inclement weather or the employee is driving in an
unfamiliar area. Business-related cellular telephone conversations while driving should be
minimized in number and length of conversation. Whenever possible, pull off the road and
stop the car if a conversation becomes either extended or intense.

Employees who are charged with traffic violations resulting from the use of their personal
or company-issued cellular telephone while driving will be solely responsible for all
liabilities, fines, and other adverse consequences that result from the traffic violation.

Personal Phone Calls

Personal calls during working hours, regardless of the phone used, interfere with employee
productivity and are distracting to others.

Employees are to make all personal calls during nonwork time (rest or meal periods) and
asked to ensure that any persons who may call you while at work are aware of the Company
policy and procedure for emergency calls. Human Resources staff are available to assist
with communicating emergencies. Flexibility will be provided in circumstances demanding
immediate attention or emergencies.

Camera Phones
Under no circumstances are cellular telephones with camera or video capability to be
brought onto the Company’s premises, or to be used by an employee within the employee’s
job responsibilities, without the express prior written consent of Company management.

Headphones and Earphones

No headphones or earphones may be used by an employee during the time of the
performance of the employee’s duties without the express prior written consent of
Company management.

Special Responsibilities of Management Staff

As with any policy, management staff is expected to serve as appropriate role models for
proper compliance with the provisions above and are encouraged to regularly remind
employees of their responsibilities in complying with this policy.



§ 21.4.3


The following are components and areas that should be included in any telecommuting

A. A Telecommuting Agreement for signature detailing:

The company’s responsibilities under the Telecommuting Agreement.
The employee’s responsibilities under the Agreement.
Hours/overtime; Work hours; Scheduled workweek.
Wages and Benefits.
Employee reimbursement procedures.
Vacation allowances.
The employee’s responsibility for any tax implications related to his or her off-
site location.
B. Identify the availability and form of any training.
C. Document performance expectations.
D. Document the procedure for issuing assignments and deadlines.
E. Explain the frequency of visits by the employer to the telecommuter’s off-site
F. Detail phone contact procedures and arrange for the handling of calls made by
the telecommuter from the off-site work location for company business.
G. Detail the applicability of the employer’s harassment and discrimination policies.
H. Detail the applicability of the employer’s Internet policies and procedures.
(a) Identify the telecommuter’s responsibility for the content of all text, audio, or
images that he or she places or sends over the Internet.
(b) Prohibit the use of company password(s) to express personal opinions on the
I. Detail the confidentiality of company information.
(a) Explain procedures to protect against the release of proprietary information to
the telecommuter’s family or other outside entities and individuals.
(b) Implement procedures for fireproofing files.
(c) Implement procedures for securing all documents at end of each day.
(d) Identify procedures for marking documents as confidential.
(e) Identify the requirements and techniques to secure computer information.
J. Equipment Use and Maintenance.
(a) List the equipment provided by company.
(b) Determine if telephone lines should be in the company’s name.



(c) Determine if the company should be responsible for installation, repair, and
maintenance of company-owned telecommuting equipment and furniture.
(d) Determine which party is liable for damage to equipment and/or furniture.
(e) Detail the procedures to address technical problems with home
K. Safety Issues.
(a) Determine who is liable for injuries at the off-site location.
(b) Identify who is responsible for designing and maintaining the workplace so
that it is free from hazards?
(c) Identify who will ensure that the off-site workplace complies with all
occupational safety and health standards and regulations?
(d) Identify who will ensure that the off-site workplace complies with local
building codes and ordinances.
(e) Identify who is responsible for setting up and maintaining an ergonomically
correct workstation.
(f) Determine if a workplace violence policy appropriate.
L. Termination of agreement.
(a) Detail procedures for the return of equipment and records.
(b) Determine if the telecommuter’s travel to the company’s office for purpose of
returning office equipment is considered working time.
(c) Determine if the company should reimburse the employee for such travel.
(d) Detail the consequences of the telecommuter’s failure to return any
company-owned equipment, software, records, etc.

§ 21.4.4


The following checklist is intended to guide an employer on what to gather and provide to
counsel before filing an injunction against the sending of unsolicited e-mails using the
company’s e-mail system. By compiling this information ahead of time, you will help speed
your attorney’s work in obtaining the subpoenas necessary to take expedited action.

The Company E-mail “System”

• Determine the approximate minimum cost the system, including the cost of both
hardware and software, was created and is now maintained.
• Determine the approximate minimum amount the company has spent to maintain
(and upgrade) the system in the last 12 months.
• Identify how many employees currently have addresses on the system.



• Identify how many employees currently use company e-mail.

• Identify how many e-mail messages are sent to employees on the system daily (if
easily ascertainable).
• Include a copy of the company’s written, electronically-disseminated, or posted
policy addressing the inappropriate use of the system.
• Determine if the company allows unrestricted personal use of the e-mail system
by current employees. If not, identify what restrictions currently exist and if the
restrictions are in writing or otherwise available to all employees.
The Unsolicited E-mails
• Include a copy of the most recent unsolicited e-mail and any attachments.
• Identify the source of the unsolicited e-mails.
• Identify whether the sender is a current or former employee.
• Identify the number of unsolicited e-mails sent by this sender.
• Determine which employees have received the unsolicited e-mails.
• Determine the period of time during which the e-mails have been sent.
• Determine if all unsolicited e-mails have been saved or printed in hard copy.
• Determine how many employees have complained about receiving the
unsolicited e-mails either to the sender directly or to company management.
Detail the results of each complaint.
• Estimate the minimum monetary value of the productive working time lost by
employees receiving the unsolicited e-mails and include the method used to
arrive at this amount.
If the Sender Is Known:
• Determine whether and how often the company requested that the sender stop
sending unsolicited e-mails.
• Identify what methods were used to make each request.
If in person:
• By which company employee?
• Date and time of conversation?
• Others present?
• Content of request?
If by personal telephone conversation:
• By which company employee(s)?
• Date and time of call?
• Content of request?
• Information by which company employee knew s/he was talking with



If by telephone message:
• Number called?
• Date and time of call?
• Person leaving message?
• Identifying message on answering machine?
• Content of message left?
If in writing:
• Form of writing?
Letter or memo?
• Author?
• Date of writing and delivery?
• Method of delivery to sender:
• First class mail, FedEx, UPS, Express Mail?
• Personal delivery to sender or sender’s home address?

If the Sender Is Unknown:

• Determine likely suspects.
• Identify potential suspects, along with any information supporting the