Migrated from eDJGroupInc.com. Author: Greg Buckles. Published: 2010-05-25 04:51:20Format, images and links may no longer function correctly.
Too many years back, I recall the first time I had to run a review of raw email recovered from Exchange back-up tapes. This well predated all the Enron insanity, but the level of ‘inappropriate content’ astounded my team, myself and the client’s management team. The 24/7 connected business cycle seduces employees into the illusion of privacy while at work. Just because no one has paid attention, does not mean that an poor choice of words will not lurk somewhere in the enterprise and surface at the worst possible moment. One of today’s stories from the eDJ (eDiscoveryJournal) news engine reminded me of that first email review. The contract paralegal used the firm email system to complain about a festival and was subsequently sacked for her temerity. I used to call this the ‘5,000 to One Rule’. The first time any corporation attempted an in-house review of journaled or restored email, we would see at least one employee fired or disciplined for every 5,000 email reviewed.
Email became the defacto corporate communication stream without real policy or structure. The introduction of Blackberry phones enabled continuous, stream of consciousness connectivity. Employees assumed that they could use it for personal discussions as long as they deleted the jokes and other off-color emails. But we all know that user deletion is a myth at best without the kind of comprehensive enterprise software that has only recently hit the market. Many corporate IT admins and record managers assume that users are complying with ‘policy’ until we run the eDiscovery fire drill and find all the hoarders and impromptu, abandoned departmental shares.
Any Biglaw associate or contract attorney knows about all the crazy email found during a major review, but most fall under the “don’t ask, don’t tell” rule unless the communications are blatantly criminal. Now that live review software is reaching corporate counsel inside the firewall, more are running their own investigations and many are horrified at what they find. While training on new enterprise systems, I have had counsel say, “Go back to that email. Can you forward that to me?” No one wants to acknowledge the problem until it stares you in the face in front of your peers.
The good news is that the employees can and will change their habits when they see a couple bad apples get the axe for particularly blatant or obscene violations. The corporate grapevine works fast, especially when backed up with a new training program and awareness campaign. You want to foster a workplace environment that encourages collaboration and good communication within a clear usage policy framework. A ‘big brother’ atmosphere can poison your workforce and pressure employees into underground communication streams. Outside of regulated companies, I recommend ‘trust but verify’ practices that make it clear that the company does not indiscriminately review without cause. This only works when supported by automated search, filter or categorization systems that will flag suspect communications. Everyone understands why HR would want to review email containing obscene words, images or directly to competitor’s domains.
While taming your own ‘wild west’ of historical email, you should be prepared to escalate problem emails with an official remediation plan that includes chain of custody, action thresholds and policy feedback mechanisms. When you find a problem, you want to be able to demonstrate that you resolved the individual violator fairly and then made reasonable effort to ensure that the issue would not reoccur. If you find a particularly ugly attachment, you will need to run an enterprise search to find out who else has copies and get them out of your system. Then you will want some kind of corporate policy blast to remind everyone else of the acceptable usage policy.
So before you embark on your first big in-house review of raw email, think about these scenarios:
• Obscenity and sexual content
o Child pornography – CALL THE POLICE IMMEDIATELY (do not compromise evidence)
o Workplace affairs
o Photo sharing networks – yes, they are that blatant
• White Collar Crime
o Price fixing
o Deceptive trade practices
o Bribes
o Industrial Espionage – stealing trade secrets, IP theft
• Business Ethics
o Lying
o Kickbacks, bid rigging and purchasing violations
o Time/billing issues – yes, they do brag about falsified overtime
• HR conduct
o Harassment – sexual, racial, age, etc
o Political/Religious Activism in the workplace
o Information access – salary, passwords, hacking the bosses email
o Outside jobs, including actively marketing within the company
o Gambling
o Inappropriate humor
These should give you some things to think about as you get access and control over your communication flood. Just face the fact that any sufficiently large collection will contain unprofessional content. Focused relevance criteria will reduce your exposure during review, but you should still be sampling the excluded email. It is better to have an escalation workflow set up and deal proactively with these kinds of things. We are Litsupport and we do read your email. We just wish that you would stop sending things like that. Please.