• News
  • Law

Protecting your electronic assets

Ignorance of modern technology is no excuse. In recent years, far too many employers who are not sure how to protect their electronic information have allowed departing employees to take their most valuable trade secrets, degrade the value of their electronic data for litigation purposes or have seen critical electronic evidence completely destroyed, exposing their organizations to serious civil and criminal liability.

In the past, some courts and agencies were relatively lenient with organizations that were trying to keep pace with the electronic revolution. This is no longer the case. In one form or another, court-mandated exchange of electronic information in litigation has existed since the invention of the computer. Up until recently, the rules governing how such e-discovery should be permitted were developed with little consistency by courts, which were sometimes unfamiliar with the technicalities of how electronic data is handled. Now, however, the federal courts have implemented a standardized set of rules governing this process.

Under the new rules, once litigation begins, parties are required to collaborate in proposing a plan for the exchange of electronic information in a cost effective manner that protects the confidentiality of privileged information. But an often overlooked obligation can arise long before suit is filed, as soon as it appears that litigation is a realistic possibility; at that point potential litigants have a duty to identify, locate and prevent the destruction of pertinent data that might be on servers, PCs, laptops, hard drives, PDAs, back-up tapes or anywhere electronic data is stored, whether in the form of e-mails, word processing documents, spreadsheets, voicemails, audio-visuals or graphic images.

Such data requires meticulous handling, preferably by forensic experts, to avoid destroying its value for litigation purposes. For example, when a hard drive of an employee is imaged, the complete drive contents, including free and slack space, should be replicated using forensic grade software with so-called write protection to prevent the altering of data. The electronic mailboxes of potential witnesses should be preserved in their entirety, with deleted e-mails recovered separately, and by forensic procedures that do not alter the metadata (extrinsic information about the data) such as date stamps, which show the dates and times that data was created, modified or deleted.

A party's failure to comply with such obligations can result in crippling sanctions being imposed by the courts, including the payment of enormous costs, the court's ordering of an "adverse inference instruction" (allowing the jury to find that lost electronic evidence would have been unfavorable to the party which lost it), and, in egregious cases, the entry of a default judgment against the offending party.

Adequate protection against such modern electronic fraud, sabotage and theft requires a comprehensive response, which may include the use of sophisticated forensic imaging prior to analysis of an employee's digital activities, and the installation of spyware (monitoring programs which remotely detect and provide evidence of cyber-crimes), as well as the consistent use of more basic practices such as password protecting all confidential data, automatically requiring password changes on a frequent basis, electronically reminding employees on a recurring basis that they can have no expectation of privacy in their use of company computers, and establishing retention protocols with time horizons sufficient to ensure that data needed for litigation is not advertently deleted.

The passage of the Sarbanes-Oxley Act and the implementation of the new Federal E-Discovery Rules have put companies on fair notice of their obligations with regard to electronic data. It is now too late to argue that more time is needed to become acclimated to the electronic age. Employers who have not put preventive policies in place to protect their electronic assets should lose no time in doing do.

Hoffman is the managing partner of the San Diego office of Fisher & Phillips LLP (www.laborlawyers.com), a national law firm that exclusively represents management in labor and employment matters. He regularly advises employers on navigating the obstacles created by state and federal laws.

Beware of computer-savvy employees

Today's employers face electronic challenges from their own employees that were never dreamed of 20 years ago. Malevolent, computer-savvy employees may now be able to purloin electronic trade secrets by modern means, such as devices that combine personal digital assistants (PDAs) with cell phones, thumb drives (tiny devices that connect to USB ports and can be used to transmit enormous quantities of data), wireless networks (which when improperly secured provide an unprotected access point) and instant messaging (which typically keeps little or no logs). These can often be detected only with aid of forensic experts.

Sophisticated hackers may also have access to digital steganograpy and watermarking, which enable the user to hide electronic information within unseen data in an electronic document. While this technology was originally developed to hide a digital copyright or electronic signature, thus protecting the true owner's proprietary rights, it can also be used to imperceptibly hide highly confidential information in electronic files that are as innocuous-looking as personal photographs.

User Response
0 UserComments