Suppose an email from your company’s in-house attorney instructs you to preserve all documents relating to an ex-employee who is threatening to sue for wrongful termination. In the days before smartphones and cloud storage, this would have been a relatively limited exercise: paper documents would be set aside and files on the company server would be backed up. But work-related data can be stored in many places today, including personal devices of employees. Is a company required to preserve such data?
Costco Wholesale recently faced that issue in an employment discrimination and retaliation lawsuit. See Cotton v. Costco Wholesale Corp., 2013 WL 3819974 (D. Kan. July 24, 2013). The plaintiff asked Costco to produce text messages on the personal cell phones of two of its employees who mentioned the plaintiff or his allegations. Costco objected on the grounds that the discovery request required it to invade the privacy of its employees, and there was no indication that the employees sent inappropriate text messages or used their personal phones for work purposes. The court denied the request, determining that Costco did not have possession, custody, or control of the text messages.
Although the court in the Cotton case ruled that the employer had no duty to produce information stored on the personal devices of the employees in question, the outcome might have been different if the facts had changed even slightly. Courts in other jurisdictions might also have taken a contrary approach.
The law in this area is far from clear, but following the guidelines below will help a company address e-discovery issues in their policy on personal electronic devices. An easy way to remember the guidelines is to think of the acronym “APPS”:
- Access: Reserve the right to access personal devices that store work-related data. Access is crucial if the company is legally required to collect and produce data residing in the personal devices of an employee.
- Permission: Clearly specify what personal devices employees are authorized to use for work-related purposes, if any. Consider keeping a log of authorized personal devices and require employees to update the log whenever they start using a new authorized device or retire an existing one. Your company’s document retention policy should extend to authorized devices.
- Privacy: Notify employees that they should have no expectation of privacy to data stored on a personal device if they use the device for work purposes. This prevents the company from being liable for invasion of privacy should it need to search the contents of a personal device to respond to a discovery request.
- Segregation: If possible, segregate work-related content from personal content on personal devices. Segregation can be implemented with software solutions, but if that is not feasible, at a minimum, instruct and train employees who use a personal device for work on how to keep their personal information separate from work data stored on the device. For example, storage of work-related data in a personal cloud storage account should be prohibited.
Follow the above guidelines to avoid getting caught off-guard by e-discovery requests.
Social media can be risky business. Whether an organization embraces or ignores social media, it or its employees probably already have a presence on a social network. That simple reality can be costly for an organization without proper measures in place to deal with the risks of social media misconduct. Readers of this blog are familiar with cases where business saw their reputations marred by employees who post embarrassing photos online about work mishaps or found themselves in legal trouble for firing an employee who vented on Facebook about a co-worker.
To help organizations manage the risks of social media activity, I’m proud to introduce SM Safety, a new line of services offered by my law firm. The approach of SM Safety can be summarized in three words, each corresponding to a level of service that meets a particular need: checkup, plan, and audit.
A SM Safety Checkup is a low-cost way to ensure that an existing social media policy is legally compliant and effective.
A SM Safety Plan is for organizations who need assistance with preparing a new social media policy or enhancing an existing policy.
A SM Safety Audit is a comprehensive review of an organization’s overall presence in the social media space to identify exposure to legal risks due to social media use.
Each SM Safety service is offered for a flat fee. To learn more about SM Safety or to obtain a quote, visit the SM Safety Services page on this site.
FC 250 Grand Marshal, Paula Deen (Photo credit: Bristol Motor Speedway & Dragway)
Lisa Jackson’s discrimination and sexual harassment lawsuit against Paula Deen settled last Friday, but not before Deen tried to remove Jackson’s attorney, for publicly disparaging her on social media. A court order filed hours before the settlement reveals that in March, Deen’s lawyers filed a motion for sanctions against Matthew C. Billips, the lawyer who represented Jackson (read the motion here). The motion alleges that Billips made offensive remarks about Deen on Twitter. Some of the more eyebrow-raising tweets included:
“I’ve been doing Paula Deen, in a strongly metaphorical sense”
“I plan on undressing [Deen]” (in reference to an upcoming deposition of Deen)
“Now talk about fun, suing Paula Deen is a hoot!”
In another Twitter conversation about Deen’s diabetes, Billips allegedly referred to Deen’s food with the hashtag #buttercoatedbuttercookies.
Based on Billips’ tweets and his discovery practices, Deen’s lawyers asked the court to disqualify him from continuing to represent Jackson. As the August 23 court order shows, the judge declined to disqualify Billips, but it was open to imposing some form of sanctions against him. The judge has indicated that the settlement will not stop the court from sanctioning Billips despite Deen’s lawyers attempt to withdraw their sanctions motion in light of the settlement. Billips has 20 days as of Friday to show why he should not be sanctioned.
This cautionary tale that teaches litigants (and their attorneys) not to discuss pending cases on social media. Posts on social networks like Facebook and Twitter can be publicly accessible, are potentially discoverable, and can be the basis for a defamation lawsuit. There’s little to be gained and much to lose by talking about a lawsuit online. For that reason, lawyers now commonly instruct their clients in their retainer agreements not to discuss the case with anyone on social media, even family and friends. Lawyers would do well to follow their own advice.
Rock legend gets to continue lawsuit against HP for selling penis-measuring app named after him – Evans v. Hewlett-Packard Co., 2013 WL 4426359 (N.D. Cal. Aug. 15, 2013)
(Photo credit: Wikipedia)
Want to test the urban myth that a man’s shoe size is a good measure of his you-know-what? Well, there’s an app for that. Or there was. And the app store that sold it is being sued by the app’s namesake, who isn’t thrilled that his name was associated with a digital ruler for male nethers.
“The Chubby Checker” was an app for estimating the size of a man’s genitals based on his shoe size. Hewlett-Packard’s subsidiary, Palm, Inc., offered the app for sale on its app store. The name of the app is a pun based on “Chubby Checker,” the stage name of rock-and-roll legend Ernest Evans. Evans and the companies who owned registered marks associated with the name “Chubby Checker” sued HP and Palm for trademark infringement and dilution, federal unfair competition, and various state law claims.
The defendants tried unsuccessfully to dismiss the trademark infringement claim. The complaint sufficiently alleged a claim of contributory infringement against the defendants, the court found. Plaintiffs alleged that the “Chubby Checker” name and mark was internationally famous. The defendants also allegedly maintained “primary control” over the use of the mark by setting up a detailed application and approval process for the app. Thus, the court ruled that it was plausible to infer that the defendants knew or could have reasonably concluded that the plaintiffs would not have consented to license the “Chubby Checker” mark for use with the app.
The defendants fared better in their attempt to dismiss the state law claims. The defendants invoked Section 230 of the Communications Decency Act, which immunizes internet service providers from tort liability based on content published by third parties. The plaintiffs did not allege that the defendants created the app. Instead, third parties created the app. Since the defendants were internet service providers rather than content providers, Section 230 required dismissal of the state law claims.
LegalTXTS Lesson: This ruling could be a major setback for app store operators. Essentially, it means an app store could be sued for contributory trademark infringement whenever one of the apps it sells is the subject of trademark litigation. That might make some sense if the app store set up an approval process that includes review of the intellectual property rights used by apps (e.g., see how the app Pic Bubbler fared in the review process for the Apple App Store), but not if such review is missing from the app approval process (Google Play, for example, employs a minimal review process). And you can bet the app store operator is a prime target for litigation if it’s a deep pocket. Like in this case, who would you rather sue—HP, or the creator of The Chubby Checker, which apparently sold a mere 88 copies at 99 cents each?
Court dismisses lawsuit against Match.com arising out of attack of one member by another – Beckman v. Match.com, 2013 WL 2355512 (D. Nev. May 29, 2013)
A court threw out a Match.com subscriber’s lawsuit alleging that the online dating service was responsible for the injuries she sustained from being attacked by a man whom she met through the service. Mary Kay Beckman met Wade Mitchell Ridley through Match.com and dated him briefly before ending the relationship. After the break-up, Ridley sent Beckman threatening and harassing text messages. Several months later, Ridley ambushed Beckman at her residence and repeatedly stabbed and kicked her.
Beckman filed a $10 million lawsuit against Match.com for (1) negligent misrepresentation; (2) deceptive trade practices; (3) negligent failure to warn; (4) negligence; and (5) negligent infliction of emotional distress. The federal district court of Nevada granted Match.com’s motion to dismiss the entire lawsuit.
The court held that Section 230 of the Communications Decency Act immunized Match.com from the negligence and negligent infliction of emotional distress claims. The court easily found that Match.com was an “interactive services provider” and not an “information content provider.” The court also found that the theory behind the claims was exactly the reason that CDA immunity exists—to protect publishers against liability based on publication of online content generated by third parties. Beckman alleged that Match.com was negligent in posting Ridley’s profile, which led to her to date Ridley and later be attacked by him. Because the information in the profile originated from Ridley, CDA immunity protected Match.com from liability based on publication of the profile.
The court took a bit more effort to apply the CDA to Beckman’s claims for negligent failure to warn and negligent representation. Although those claims tried to focus on Match.com’s alleged failure to warn Beckman instead of Ridley’s profile, the court concluded that the wrongful conduct alleged in the claims was still traceable to the publication of the profile. There was nothing for Match.com to negligently misrepresent or negligently fail to warn about other than what a Match.com user might find on another user’s profile. Since the negligent failure and negligent misrepresentation claims were just another way of holding Match.com liable for information originating with a third party, the CDA barred those claims.
The court also found reasons to dismiss the negligence-based claims other than the CDA. The negligence claim failed because no special relationship exists between a provider of online dating services and its subscribers, and in the absence of a special relationship, Match.com owed no duty to its subscriber. The emotional distress claim could not survive because, according to the court, posting an online dating profile did not rise to the level of “extreme and outrageous” conduct required to recover for emotional distress. Finally, Beckman did not satisfy a heightened pleading standard that applied to the negligent misrepresentation claim.
The deceptive trade practices claim, which Beckman brought under the Federal Trade Commission Act, was dismissed because there is no private right of action to enforce the Act. Beckman argued that the claim alleged that Match.com was negligence per se for violating the Act, but the court found that she did not plead such a claim.