Commercial Insurance Update – The Trouble with E-Mail

please click here for the original pdf

June 2001

The TROUBLE with E-Mail

The trouble with e-mail is that you just can’t trust it.

One minute it’s your friend; the next minute, it’s telling everyone your deepest secrets. Ask Bill Gates, he’ll tell you. In its antitrust case against Microsoft, the Department of Justice was able to cast doubt on his video deposition by confronting him with an electronic mail message he had written three years earlier.

Or ask the former employee of a large corporation who filed a wrongful dismissal lawsuit. His former employer pieced together electronic files he thought he’d deleted, and its attorneys were able to establish that he had illegally copied company materials for a competitor.

Electronic Discovery

OK, you don’t work for Microsoft. But there’s still a good chance that one day your company will be involved in a lawsuit and you’ll be asked to hand your e-mail records over to a court. Today, litigation has entered the brave new world of electronic discovery. Courts have ruled that electronic documents have as much evidentiary value as paper documents. As a result, electronic data is now being aggressively targeted in all types of civil discovery, as well as in regulatory actions, corporate in-house investigations and law enforcement activities.

The search for electronic evidence has spawned an entire new industry of software forensic technologists who use software to systematically seek information in electronic records for lawyers’ use in litigation or criminal cases.

These e-detectives can track down forgotten copies of documents or even piece together bits of deleted or damaged files. The results are sometimes astounding.

E-Mail Risks

In a lawsuit, the single most damaging form of electronic document may be the simple e-mail. Consider this: during the government’s antitrust trial against Microsoft, subpoenaed e-mail comprised nearly all the major evidence presented by both sides in the case.

There are several reasons why e-mail can be so problematic. First, an e-mail is easy to produce and even easier to send. With a few taps of a key, you can distribute comments and attachments far and wide. Perhaps because of the ease and the sense of informality inherent in e-mail, it seems to encourage careless commentary:

– People often say things in e-mails that they would never say in person or by telephone.

– They may make unguarded, offhand comments that can be taken out of context in a courtroom.

– They may speak too candidly about a competitor or forward material that offends a co-worker.

– They may unwittingly distribute copyrighted material or disseminate confidential or proprietary company information.

All these things could be dredged up years later to build a case against your firm.

“Delete” Doesn’t Always Mean Delete

Merely deleting troublesome computer files doesn’t solve the problem. When a file is deleted from a computer, it may still be recoverable from hard drives or archived data files. And who’s to say that a copy of that flaming missive you fired off three years ago doesn’t lurk somewhere on an employee’s, a consultant’s, or even a competitor’s computer?

If it’s there – or parts of it are there – the digital discovery spelunkers can dig it up.

What Have You Got to Hide?

There is another important issue. If you delete only selected documents, you may create an appearance of guilt. And, depending upon the situation, deleting a file may be illegal. Courts have held that once somebody has sued you, or you have a reasonable belief that a suit is impending, you’re under a duty to preserve what may be reasonably relevant to the action. If electronic data is reasonably relevant, or may lead to relevant information, it must be preserved, too.

On the other hand, you don’t want to keep everything indefinitely, either. All those aging e-mails take up valuable disk space, waste computer resources, and may lead to an increase in network traffic and a slower response time. And they might end up costing you in other ways, too. If you don’t have some sort of policy to regularly and systematically delete e-mail and other electronic records, and your firm is sued, how much time and money will it cost to review every electronic document going back five or more years?

Even if there’s nothing damning in them, someone from your – or your attorney’s – will have to look, and you can bet that the plaintiff’s lawyer will be taking a leisurely fishing expedition through them.

Develop an Employee E-Mail Policy

The best way to protect yourself against potential e-mail trouble is to formulate a well-thought-out and strongly communicated written policy regarding your company’s e-mail system – and enforce it. Requiring employees to adhere to a corporate e-mail policy can go a long way to protect your company.

Your human resources, corporate counsel and information services departments should work together to create an employee e-mail policy that sets forth company confidentiality rules and informs employees of their rights and responsibilities regarding e-mail.

Set clear expectations of employee privacy; if you’ll be monitoring employee e-mail, say so in advance. Outline specific types of e-mail that should be avoided; address content that could be considered discriminatory, obscene, defamatory of a coworker or a competitor, or that infringes on copyrights. Additionally, to protect against viruses or breaches in security, many companies forbid employees to download software from the Internet or open .exe attachments.

Some companies also use disclaimers on outgoing messages. These might say such things as “the sender does not necessarily speak for the company.” You might want to ask your attorney about the use of such a disclaimer.

Regularly communicate your e-mail policy to all employees and hold training seminars to make employees aware of the perils and problems associated with e-mail, as well as its proper use.

Such policies can be very effective. A telecommunications company successfully defended itself against a suit charging that it allowed racially harassing messages on its e-mail system. The company had an e-mail policy in place that spelled out appropriate content, was able to show it actively enforced its policy, and had quickly addressed the specific incident.

Develop a Records Management Policy

Your company e-mail policy should be part of an overall data preservation policy. Seek expert advice on how to establish a document retention policy that encompasses all sources of electronic data, taking into consideration your company’s regulatory compliance requirements and the need to preserve information that might be helpful in defending against lawsuits, disaster recovery or other needs.

If you don’t need a record, and if you have no legal obligation to keep it, get rid of it, and make sure that data that should not be saved is, in fact, permanently deleted from all sources. At the very least, set up procedures for regularly deleting old email – say, every 60, 90 or 120 days – and stick to them.

Remember, however, that if you are sued, you may have a duty to stop the regular deletion process in order to preserve all relevant data.

Practicing Safe E-Mail

Once your policies and procedures are in place, practice what you preach. Never put anything in an e-mail that you wouldn’t want printed in your local paper – or in a court record. Avoid off-color or racy humor, venting, unguarded statements and other potentially dangerous e-mail messages.

When you use the company e-mail system to communicate with those outside the company, you’re perceived as speaking for the company. Remember, regardless of how you feel when you send a message or what the context, it will be taken literally in court.

If you’re in doubt about putting something in an e-mail, consider a phone call instead.

And, if you think these are unreasonable precautions, just ask Bill Gates – but don’t expect him to respond via e-mail!


E-Mail Essentials

1. Develop – and enforce – an employee email policy.

2. Establish and explain company policies concerning personal use of e-mail and privacy. If e-mail will be monitored, say so.

3. List specific kinds of e-mail that are not permitted.

4. Communicate your policy to all employees – often!

5. Develop a training program about email liability issues, and its use and misuse.

6. Have a program in place to regularly delete e-mail from all sources.

Disclaimer: This article is written from an insurance perspective and is meant to be used for informational purposes only. It is not the intent of this article to provide legal advice, or advice for any specific fact, situation or circumstance. Contact legal counsel for specific advice.

Tough Times for Some Insurance Companies

The past several years have been rough for several major insurance companies:

– In the spring of 2000, Superior National Insurance Group, the nation’s 11th largest workers compensation insurer (according to 1998 data) was taken over by the California Insurance Department, and is currently in the process of being liquidated.

– The Reliance Group has suffered successive downgrades by A. M. Best, from A- all the way to E, and is now under regulatory supervision.

– Fremont Indemnity, one of the largest workers compensation carriers in California, is now under regulatory supervision.

– Frontier Insurance Group has seen its Best’s rating slide from A- to C-.

– The venerable State Compensation Insurance Fund has also been downgraded by Best’s from an A- to a B+.

– Amwest Surety Insurance Company was recently ordered into liquidation.

The lesson here is to pay careful attention to your insurance company’s financial stability.