Pornography in the Workplace - One Employer's Response that You Don't Want to Follow

Porn Notice at KNBR.jpgOne employment law topic that never seems to go away is pornography in the workplace.

When the issue invariably arises, I remember my first attorney job out of law school. I began working at a medium-sized law firm. One partner I frequently worked with was a brilliant, chain-smoking, gruff, old white-collar defense and First Amendment attorney. A lot of his clients were in the "adult entertainment business." The work was interesting to say the least.  

One day, I swung by his office to talk about a case and he had some porn on his computer (honestly - I was there just to talk about a case). I jokingly told him he was going to be in trouble if the firm's IT director and the no nonsense firm president found out he was using company resources to indulge in such vices.

His response still makes me laugh: "Expletive them. This is expletive 'legal research' for me." As a First Amendment attorney with a substantial client base in the adult entertainment industry, he made a convincing point.

Most, if any, employees cannot make the same argument when it comes to accessing porn in the workplace. Yet often times employers fail to properly investigate instances of employees using company time or resources to access pornography.

For example, as originally reported by Deadspin, a San Francisco Radio station apparently posted the above notice in response to discovering workplace pornography (you can almost hear the exasperation in the notice by the KNBR's IT/management). KNBR's notice provides a number of points on what not to do when it comes to investigating workplace pornography:

  • To begin with, the first line of defense against viewing or accessing pornography using employer provided resources, e.g., company Internet, emails, computers, etc.) should not be in a (misspelled) posting. Instead, employers should first cover the issue in an employment policy manual and potentially in a separate technology policy agreement, with express prohibitions against it and explaining that violations may result in discipline, up to and including discipline.
  • Second, once pornography is discovered on or accessed through company provided computers or resources, then upper management and the company's attorney needs to become involved at the outset. Together, management and legal counsel can take the appropriate steps to reasonably investigate the issue. 
  • Third, taking the KNBR notice at face-value and building on the preceding point, KNBR did the right thing in taking the offending computer out of service. But it is a critical mistake for the company's IT professionals to tamper with that computer, e.g., "rebuild," reboot, or put it back into circulation. Such actions may result in destroying or altering evidence, which can undermine a company's evidence supporting its disciplinary action and even expose the company to legal liability (often referred to as "spoliation").
  • Fourth, a real concern that employers need to carefully evaluate is whether any pornography discovered in the workplace involves children. If so, the need to inform law enforcement should take immediate priority. See What Should An Employer Do if Child Pornography is Discovered in the Workplace? 

Workplace misconduct, including viewing or accessing pornography using employer-provided resources needs to be taken seriously and carefully investigated. For more information about best practices for preventing such misconduct or properly investigating employee misconduct, contact employment attorney Jason Shinn. Mr. Shinn routinely collaborates with businesses and their HR professionals to address federal and Michigan employment law issues, as well as planning and conducting workplace investigations of potential misconduct.  

Employment Legislation for One: Politician Jumps onto Coattails of Duck Dynasty Controversy

Constitution.jpg"The most terrifying words in the English language are: I'm from the government and I'm here to help." - Ronald Reagan

 

Many employers can relate to the above quote from President Reagan. Unfortunately, many politicians forget this sage wisdom, at least when it is convenient to do so. The most recent example being an Alabama Republican politician's recent announcement to introduce a legislation that essentially intrudes upon a private sector employer's decision to discipline an employee.  

Specifically, Alabama Republican state Senator Jerry Fielding announced his plan to introduce a resolution that calls for the support of Mr. Robertson and a reversal of the decision made by Mr. Robertson's employer to suspend him for the preceding comments.

We previously discussed the firestorm created by Duck Dynasty's Phil Robertson's statements about homosexuals and precivil rights race relations. See Of Ducks and Men - Duck Dynasty and the Misunderstanding of Religious Discrimination and First Amendment Rights in the Workplace

A draft of Mr. Fielding's resolution makes it clear it is legislation for one; It would only apply to Phil Robertsen and his family who - according to the resolution - have "served as ambassadors of the love and grace of the Heavenly Father through their exemplary lives on and off the camera." 

The resolution further chastises Mr. Robertson's employer and pronounces that the employer should not be able to regulate its workplace when it comes to Mr. Robertson's speech. Specially, it reads as follows: 

Phil should not be penalized in any way for practicing freedom of speech, but should be celebrated as a hero for courageously revealing his self-truth and Christian ideals in a world that can be unkind towards those with a conservative mind-set; and Whereas Phil Robertson and his family's admirable stance on marriage, family, and faith reflects the meritorious ideals of the fine citizens of the entire State of Alabama, and it is a tremendous privilege to express our utmost solidarity for them; now therefore, Be it resolved by the Legislature of Alabama .... that this chamber of persons stand united in support of Phil Robertson and his family, and in opposition to the A&E Network's deplorable action of suspending Phil indefinitely from Duck Dynasty for relaying his Christian beliefs.

Mr. Fielding's proposal is no more than legislative chum thrown into the political feeding frenzy surrounding the Duck Dynasty issue. But as a management-side employment attorney, this sort of unwarranted intrusion into what is essentially a garden variety employment discipline issue is unnecessary and improper.

After all the First Amendment, reads "Congress shall make no law" not "private sector employers shall make no law" relative to the First Amendment. Going back to the above quote by Mr. Reagan and regardless of your company's views on sexual orientation, LGBT issues, etc., is there any employer or shareholder who really believes extending First Amendment rights into private sector workplaces would be a good thing? 

For more information about complying with federal and Michigan employment laws or your employment law rights, contact Jason Shinn. He is a Michigan employment law attorney who has represented employers and  

Lawsuits and Superheros - A Little More Fantasy Could Improve the Legal System

Superheros.jpg

I'm not afraid to admit that I'm a comic book geek. And while Spider Man was not my favorite superhero, a favorite quote of mine is associated with him: "With great power comes great responsibility." 

While making the leap from superhero to lawyer probably requires some superhuman power, no extraordinary effort is needed in making the case for applying this quote to attorneys and the lawsuits they file on behalf of their clients. 

The impetus for this diatribe comes from a recent lawsuit between two co-workers - Plaintiff Farhoud and Defendant Rosario - who worked in a large Michigan hospital. Defendant Rosario had allegedly overheard Aiman ask a fellow co-worker, "Can you pull this sheath for me before I have to go shoot somebody?" 

Was this just an off-color remark or a warning sign for something more sinister? Certainly in light of the steady stream of actual and planned violence that is a tragic reality, one could accept that Rosario believed that this comment was "unsettling" and inappropriate, and understand why she reported it to her direct supervisor.

And one could certainly understand that in response to this report, why the hospital's security would confront Aiman who would later testify that he had no recollection of making the comment, but if he did make it, the comment was only made in jest. No disciplinary action was ever taken against Aiman as a result of Rosario's report.

Lawyers Able to Make Huge Factual Leaps in a Single Lawsuit

And at this point in our story is where a lawyer could have saved the day (or at least salvaged some respect for the profession) by exercising responsibility in using the power to file a lawsuit. 

Instead, however, Plaintiff Aiman and his wife found a lawyer who sued the co-worker, alleging that as a result of the accusation concerning the comment that Aiman suffered "substantial damages" including "embarrassment, humiliation, depression, anxiety, and missed time from work." Aiman's wife alleged she suffered emotional distress from the incident and the stress resulted in a heart attack.

But as so often happens in employment related lawsuits, plaintiffs and their attorneys go to considerable lengths to paint a picture of liability only to have the facts intervene and often stubbornly so.

In this regard, Aiman at his deposition conceded that he may have made a comment, that it could have been perceived by his co-worker to be inappropriate, and there was no evidence that the co-worker made a false report. Accordingly, the trial court dismissed the claim reasoning that plaintiffs' claims "did not rise to the level of extreme and outrageous conduct ..." and the Michigan Court of Appeals agreed.

The Take-Away

Perhaps I'm being overly critical and the above case is - at worst - just a "close call" as to being a lawsuit that passes the smell test. That test is the short name for the court rules that require a lawsuit to be factually and legally warranted under existing law or offers a "good faith argument for the extension, modification, or reversal of existing law."

But the guidelines set forth in this court rule often seem to be nothing more than an elastic Rorschach test that often becomes kryptonite to reason and only serves to shield clients and their lawyers against having to to take a step back from a particular situation and meaningfully recognize that having the power to file a lawsuit also requires using that power responsibly.

I am now stepping down from my soapbox to return to preparing a motion to dismiss and request for sanctions for having to respond to a shockingly legally and factually deficient lawsuit against a client who is frustrated beyond belief (and justifiably so) at how the legal system can be used for evil. Ok, maybe this last comment is a bit of hyperbole, but somedays getting bit by a radioactive anything seems like it would be better than the day job.

Excelsior true believers (a little tribute to Stan Lee)!

Helping Employers Against Employees Who Help Themselves to Company Information to Build a Discrimination Claim

Security_Computer_Laptop in Chain.jpegA well written article by Connie Bertram, asks the question "Is Self-Help Discovery by Employees Protected Activity?"

The title of the article refers to situations where an employee attempts to gather factual support or to otherwise pursue an employment discrimination claim or a related employment-based lawsuit against the employer by accessing employer files and databases to build the case.

The answer to the question is critical for employers who are faced with the dilemma of (i) not enforcing a company's technology use policy that restricts who may access certain categories of company information and/or restricts access to information for only business related matters; or (ii) enforcing the policy but run the risk of inadvertently creating a retaliation claim against the employer.

Ms. Bertram explains: 

This type of misconduct appears to be fueled by the belief of claimants and their counsel that employees have an unfettered protected right to engage in self-help discovery to develop their claims. Indeed, many plaintiffs counsel encourage this behavior, advising clients to gather the goods while they are able to so that counsel can later use the fruits of their efforts in demand letters, Equal Employment Opportunity Commission investigations, and litigation. It is clear that an employee engages in protected activity when she, in good faith, makes or takes certain steps legally and legitimately to investigate an internal or EEOC complaint. But does protected activity include so-called self-help discovery, such as taking and downloading documents or recording conversations?

The article goes on to highlight employment-related lawsuits that have answered this question in favor of employees as well as employers.

The Take-Away for Employers

Unfortunately, Ms. Bertram's major recommendation is where most employers fail: Employers either (i) do not have a meaningful confidential and proprietary information policy that employees must acknowledge in writing having reviewed; or (ii) Employers either fail to enforce and monitor such policies or fail to do so on a consistent basis. 

One additional point I would add, concerns how data is stored and accessed in the first place. In my experience investigating employee computer misconduct, it is not at all uncommon to discover that all or significant portions of an employer's entire business operation is easily accessible by anyone with computer access within the company.

In this regard, there is no reason to have highly confidential company information, e.g., pricing, marketing, formulas, customer lists, HR investigation files, etc., that is accessible by anyone employed by the company. Instead, the default rule for any employer should be company information is available to employees "as needed" to perform the applicable job function of that employee. 

Such a default rule benefits employers because it provides an added measure of access control to sensitive data. It may also require an employee to take additional steps - potentially criminal steps under the Computer Fraud and Abuse Act or state law equivalent statutes - to access information outside the employee's normal authorization. This may also provide the employer with additional non-discriminatory ammunition to discipline or discharge the employee it would not otherwise have available.  

For additional information about investigating employee misconduct, including misconduct involving computers, email, or other technology specific investigations, feel free to contact Jason M. Shinn.  

Michigan Legislation Introduced to Further Limit Medical Marijuana Use - This Time in Worker's Compensation

Medical Marijuana.jpgIn the fall of 2008, 63% of Michigan residents voted in favor of legalizing medical marihuana. Despite this majority, Michigan legislators continue to whittle away at that law.

The latest such effort involves Michigan's Worker's Compensation statute.

Specifically, under a provision of the Worker's Disability Act, an employer must furnish or cause to be furnished, reasonable medical, surgical, or hospital services and medicine, or other attendance or treatment that is legal under State law, to an employee who receives a personal injury arising out of and in the course of employment.

But proposed legislation would amend the Worker's Disability Compensation Act to specify that an employer is not required to reimburse, or cause to be reimbursed, charges for medical marihuana treatment.

How Many Michigan Employees Would be Affected by the Proposed Change to Worker's Comp Law?

It is not clear how many Michigan employees this amendment would apply to. But back in April, the Detroit Free Press reported approximately 63,735 Michigan residents had registered to use marihuana for medical purposes under Michigan's Medical Marihuana Law (Michigan spells marihuana with an "h", rather than a "j"). 

Further, since 2009, the Michigan Department of Community Health reports that:

  • 222,413 original and renewal applications received since April 6, 2009.
  • 131,483 patient registrations issued.
  • 22,550 applications denied -- most due to incomplete application or missing documentation

Just playing the numbers game, it is reasonable to presume at least more than a few employees are exercising their rights under Michigan's Medical Marihuana Act. It is also not clear what the cost or savings will be to employers.  

Simple is Better - Or at least less likely to be challenged   

Setting aside where you come down on the use of medicinal marijuana, it will be interesting to see if the proposed revision to Michigan's Disability Act passes whether it will survive an obvious judicial challenge. Specifically, this proposed amendment clearly creates a conflict between Michigan's Medical Marijuana Act and the Worker's Disability Act as to the use and coverage of medical marihuana. 

This conflict is entirely unnecessary as the proposed amendment could simply be revised to read eliminate the "legal under State law" provision and replace it with "legal under Federal law." This is because - whether used for lawful medical reasons under Michigan law or something else - marihuana is not legal under federal law as it is classified as a schedule 1 drug.

It is also important to note that under Michigan's Medical Marihuana Act, commercial and non-profit health insurers are already exempted from having to be forced to reimburse a person for costs associated with the medical use of marihuana. See MCL § 333.26427

In any event, we will continue to monitor this proposed legislation. 

Monitoring and Accessing Employee Private Email Results in Lawsuit

Privacy Lock.jpgThe Food and Drug Administration (FDA) was sued by six on-staff doctors and scientists after discovering the FDA accessed their personal email accounts (Gmail). 

The Washington Post reported that government documents showed that the secret surveillance took place over a two-year period after the staffers complained to lawmakers in Congress that the FDA was approving risky medical devices.

According to the complaint filed against the FDA (PDF), the plaintiff-employees claim the FDA targeted its employees with a covert spying campaign that used spyware to monitor and access the employees' workplace computers and other technology to monitor the employees' password-protected Gmail. Additionally, the Complaint alleges that the FDA intercepted email communications, including attorney-client communications by a staffer preparing to file an Equal Employment Opportunity Commission (EEOC) retaliation case against FDA managers. 

Employer Monitoring of Employee Email  

The Complaint against the FDA, a governmental agency, for monitoring employee email brings into play unique issues that private employers do not necessarily have to consider, such as Fourth Amendment protections. But employer monitoring of employees' emails in the private sector has met with mixed results: 

Stengart v Loving Care (PDF) (2009) involved an employer who provided its employee with a laptop computer and a work email address. Prior to plaintiff’s resignation, she communicated with her attorneys about her anticipated suit against her employer. These email communications were sent from plaintiff’s work-issued laptop but through her personal, web-based, password-protected Yahoo email account. After plaintiff filed suit, the company created a forensic image of the hard drive from plaintiff’s computer and was able to numerous communications between plaintiff and her attorney.

The trial judge found in favor of the employer noting that the company’s policy put employees on sufficient notice that electronic communications, “whether made from her company E-mail address or an Internet based E-mail address would be subject to review as company property.” 

The Court of Appeals disagreed, however, and noted that the policy was not clear as to what email use would or would not become company property. The policy also failed to put an employee on notice that he or she should have no expectation of privacy in private emails sent over the employer's network. The Court further based its decision on the “important societal considerations that undergird the attorney-client privilege.” 

Scott v. Beth Israel Med. Center Inc., (N.Y. Sup. Ct. 2007) is a case in stark contrast to Stengart. In Scott, the court sided in favor of the employer and decided that email communications between the plaintiff doctor and his attorney exchanged over the employer’s email system was not protected by the attorney-client privilege or work product doctrine.

The emails in question were were all sent over the employer’s email server. And the employer’s email policy stated, among other things, that the electronic mail systems were the property of the employer and should be used for business purposes only, that employees “have no personal privacy right in any material created, received, saved or sent using [employer's] communication or computer systems,” and that the employer reserved the right to access and disclose such material at any time without prior notice.

The important distinction between Scott and Stengart is that Scott used his employer provided email account. Stengart, however used her personal email account, but accessed it through her employer provided computer.  

The Take-Away 

The decision-making process for monitoring employee emails is as much about managing legal risks as it is about managing your company's culture. In that regard, there is not necessarily a right or wrong answers just responses along the spectrum of bad to better.

In any event, among other points that employers should consider in monitoring employee email are the following:

  • Have a well-written e-mail policy that clearly advises employees of how company computers, Internet resources, and email will be treated. The lack of such a policy was one of the critical facts the Stengart used to decide in favor of the employee. 
  • The policy should expreslly note that the employer reserves the right to monitor all e-mail and that employees should have no expectation of privacy in email transmitted through the company system.
  • An employer should obtain the employee’s signed acknowledgement that the policy was received and understood. A better check would be to require an employee to click an acknowledgment screen before the employee could log onto the network.  

For individual employees:

  • You should assume anything you email or otherwise access through your employer's technology infrastructure will be reviewed. 
  • Also, it is important to realize that there is the potential that webmail, e.g., Gmail or Yahoo based email, could be retrieved after you have logged out and long after you have left your employer.  
  • Do not, under any circumstances use your employer's email system to communicate with your attorney, especially if you are planning on suing that employer. 

In regard to this last point, I have on various occassions directed individuals emailing me about legal representation to create a private email account rather than use their employer provided account. While I've been called "paranoid," it is better than later finding out you were correct to believe your email discussions were being monitored.  

Holiday and Year-End Bonuses Often Mark the Beginning of Litigation Festivus

Business Headlock.jpgFestivus - as introduced by Seinfeld - is a holiday celebration that included the "Airing of Grievances," i.e., public criticism and pronouncements as to how a particular person has been a disappointment in the past year. 

The timing of holiday and year-end bonuses also often mark the beginning of a similar airing of grievances in the form of unfair competition lawsuits against departing employees.

This is because historically, employees plan their exits around receiving their bonuses. And these exits are often for a competitor or to start a competing business.

For example, this blog previously discussed a lawsuit alleging that a group of attorneys stole computer records consisting of client information from their former law firm prior to departing to start a competing venture. This theft came after the former law firm had handed out year-end bonuses. 

Certainly not all competition by a former employee is unlawful. But if a departing employee violates a noncompete agreement, misappropriates company assets, or engages in other wrongful conduct, then the former employer may have a number of claims available for protecting its business interests. 

Such claims may include a variety of business torts, including tortious interference with a contract or a business expectancy, misappropriation of trade secrets, and business defamation, and claims under the Computer Fraud and Abuse act. Speaking from experience, however, it is far better (and cheaper) to prevent such post-employment litigation. 

Preventing or Limiting the Damage done by a Departing Employee

A common sentiment clients express is that the damage done by a departing employee unfairly competing is like a slow wind up punch. In other words, the signs and evidence of such wrongful conduct were clearly evident from the outset.

In this regard, the following are leading indicators that employers should review and otherwise monitor in order to guard against an employee unfairly competing: 

  • Any access logs available to the employer should be carefully reviewed for the month leading up to year-end bonuses. Examples include computer sign-ins, server access logs, copier usage, and building access. Often times, these logs will identify unusual or heavy access or usage of resources that could be indicative of copying, transfer or retrieval of information. Going back to the lawyers that were accused of stealing computer records, it was explained to me that they actually had support staff scan physical files so it was "easier" to find, which also made them easier to download. One attorney reportedly even asked the office manager for moving boxes in order to box up personal items she intended to donate to charity.     
  • E-mail, use of portable hard drives or other memory storage, and downloading of data should be carefully monitored. 
  • After an employee departs, it is prudent to monitor press releases that involve the former employee or that employee's new employer to determine whether any trade secret information has been misappropriated. 
  • Review back-up email archives to assess whether any information was transferred by the employee in the weeks preceding the employee’s departure.

Responding to a Departing Employee's Unfair Competition 

The ultimate response an employer should have to a departing employee preparing to or actually engaging in some form of unfair competition will depend upon numerous facts and circumstances that should be evaluated with experienced counsel. But these considerations will often include:

  • Whether the former employee is violating a noncompete agreement;
  • Whether a demand letter asking the employee for voluntary and mandatory compliance by a date certain is appropriate before pursuing litigation; 
  • Whether to also send a demand letter to the new employer. In this regard, hiring an employee in violation of a noncompete agreement may constitute tortious interference with a contract and providing notice may provide a route to pursue the new employer; and
  • Whether you should  contact any vulnerable or targeted clients in order to cement business relationships and how much, if anything, should be disclosed to the client. 

Regardless how these and other issues are resolved, it is absolutely critical that the company act swiftly in order to protect its business interests. Additionally, three areas critical to litigation success will also require swift action:

First, one of the most effective remedies a company may have against a former employee who has misappropriated trade secrets or otherwise is engaging in unfair competition is a preliminary injunction. But unreasonable delay in pursuing a preliminary injunction can jeopardize this remedy.

Second, swift action in responding to a departing employee engaged in unfair competition is also important in terms of setting precedent for current employees and for judges. This is because inconsistent enforcement of a company's rights or pursuing remedies against some employees while attempting to enforce rights or pursuing the same remedies against other employees sends mixed messages and may undercut any claim a company is protecting legitimate business interests.

Third, evidence of misappropriation and unfair competition will need to be preserved. And this evidence will often take the form of digital evidence that is easily lost through deletion or routine computer operations. Additionally, companies pursuing claims against their former employees should anticipate judges will hold them to a high standard when it comes to preserving digital evidence

The Take Away

Some may consider it to be Grinch-like (or attorney-like) to turn holiday or year-end bonuses into a negative. And while the unscrupulous individual willing to steal is the exception, it is important to consider that such former employees who have gone into business for themselves or have jumped over to a competitor pose a far greater threat than everyday cut-throat competition. This is because these former employees have intimate familiarity with the company's business operations, services or products, pricing and marketing information, and its customers. 

But the damage done by a departing employee who is unfairly competing or has otherwise misappropriated company assets can often be avoided by taking appropriate preventive measures. And a business taking reasonable precautions, such as including noncompetition provisions in its employment agreements, protecting its trade secrets and confidential information from disclosure, and establishing and following appropriate exit interviews should greatly reduce its chances of becoming involved in subsequent business litigation or, if necessary, significantly increase its chances of prevailing.

Would You Like Fries with that Identify Theft? Thoughts on Limiting Liability for Employee Misconduct

Eliminating IndividualsThe Detroit Free Press (by Tresa Baldas) reported that a former McDonald's employee was recently caught stealing customers' credit card information while working the drive through.

According to the criminal complaint filed in the Michigan Eastern District Court (PDF) the former employee, Teresa Pulliam, is charged with access device fraud after she was caught on video surveillance using a hand-held skimming device while handling customers’ credit and debit cards at an Oak Park McDonald’s restaurant. After her arrest, Pulliam admitted that she was paid more than $1,000 for providing the stolen credit card accounts. If convicted, she faces up to 15 years in prison.

Best Practices for Preventing and Limiting Liability for Employee Misconduct  

This unfortunate case illustrates three important points that any employer should consider in managing its risks associated with employees engaged in criminal or wrongful misconduct.

Eliminating Bad Apples at the Outset: First, the business necessity for conducting some form of background checks on employees or applicants for employment is critical. This is because Michigan, like many states, recognize the torts of negligent hiring, supervision and the retaining of unsafe employees. A particularly insightful analysis as to why such checks are essential in avoiding such claims was provided by the court in Verran v United States, 305 F. Supp. 2d 765 (ED Mich 2004), which explained:

To sustain such a claim, Plaintiff must produce evidence of the appropriate standard for hiring, retaining, or supervising the relevant class of employee, as well as evidence demonstrating that the employer knew or should have known of the employee’s propensity to engage in the challenged conduct. 

Therefore, the issue of liability will largely focus on the adequacy of the employer’s pre-employment investigation of applicants, which will include what, if any, background checks were conducted. 

Continuous Due Diligence in Maintaining Crime-Free Workplace: Second, background checks should not be the endpoint in an employer's due diligence efforts to maintain its workplace. Going back to Pulliam's misconduct, not only was it recorded by the employer's video surveillance , but the surveillance was actually reviewed by a manager. Further, this manager understood the importance of promptly contacting law enforcement.

Insuring Risks and Make Sure Risks are Insured: Third, in addition to the bad publicity employees like Ms. Pulliam create, such misconduct may result in an employer facing civil liability. In this regard, it is important for employers to carefully evaluate their insurance coverage. This is because under most general commercial liability policies, misconduct Ms. Pulliam admitted to engaging in is often excluded under a criminal acts and negligent supervision exclusion. Generically, such an exclusion will provide that an insurance company's duty to defend and indemnify do not apply:   

To bodily injury, personal injury, or property damage arising out of and/or resulting from any actual or alleged negligent hiring, training, and/or supervising of any former or current employee of any insured or any volunteer worker, subcontractor, or any person under the direction and control of any insured.

At the end of the day, protecting a business against employee misconduct requires a holistic, on-going commitment that begins with the application process and continues throughout the life of the employment relationship. 

When Employee Misconduct Becomes Criminal - Understanding The Fifth Amendment in Parallel Proceedings

Shredding Evidence

U.S. federal and state civil laws frequently overlap with criminal laws. This creates the opportunity for what is often referred to as parallel proceedings, e.g., simultaneous or successive civil and criminal proceedings.

As explained below, companies are often in a legal bear trap when caught in parallel proceedings because of the assertion of Fifth Amendment rights against self-incrimination by current and former employees.

Overview of Fifth Amendment Rights

Under the Fifth Amendment and Mich. Const. art 1, § 17, no person can be compelled to be a witness against him or herself in a criminal trial. The privilege may be raised in civil as well as criminal proceedings and applies to all stages of the litigation process. A few more important points pertaining to asserting Fifth Amendment Rights include the following: 

  • An individual may assert the Fifth Amendment privilege against self-incrimination. A business entity such as a corporation, however, generally does not have any Fifth Amendment rights.  
  • The Fifth Amendment privilege extends not only to “answers that would in themselves support a conviction under a federal criminal statute” but also to answers “which would furnish a link in the chain of evidence needed to prosecute the claimant...” Hoffman v. United States, 341 U.S. 479, 486 (1951).

Unique Issues Employers face when Employees Assert Fifth Amendment Rights 

Information Blackout: When a current or former employee asserts his or her Fifth Amendment rights in civil litigation it is like an aneurysm in that it signals something very serious but it is unknown when it will cause trouble and the scope of that trouble. For companies, their first notice of this litigation "aneurysm" is not until long after a criminal investigation has begun and, more likely than not, after the government has arrested an individual employee. At that point, it is common for this arrest to also include the seizure of records, computers, documents, and other information that were in the possession of the person arrested. 

The end result is that the company will not be in a position to effectively investigate the alleged wrongful conduct involved in the civil action without access to the seized information and without the assistance of its indicted employee. This may also effectively preclude the company from presenting an effective defense because current or former employees would not be able to testify or to provide responsive declarations in response to the civil litigation without placing themselves at risk of self-incrimination.

Negative Inferences: Unlike criminal cases, reliance on the privilege in civil cases may give rise to an adverse inference against the party claiming its benefits. See Baxter v. Palmigiano, 425 U.S. 308, 318 (1976). What this means is that a decision to plead the Fifth in response to a question at a civil deposition or trial may give rise to an adverse inference that the answer to the question would have been unfavorable to the individual or a legitimate inference that the witness was engaged in criminal activity. Although courts will generally require that an adverse inference may only be drawn from the defendant’s assertion of Fifth Amendment rights in response to evidence offered against the person asserting the privilege, this is not a high standard to overcome.

Also, courts do not automatically preclude drawing an adverse inference against a company based on a current or former employee's invocation of their Fifth Amendment privilege against self-incrimination. This negative inference coupled with the fact that the employer may be unable to adequately investigate the matter and circumstances is especially crippling in the context of civil litigation. 

Recommendations 

Decisions for responding to parallel proceedings must be made with the insight and collaboration of both civil and criminal legal counsel. Points to consider, however, include: 

  • Quickly Investigate before the Information becomes Unavailable: As noted above, it is likely that access to both your former or current employee will be significantly limited. For this reason, it is important to promptly investigate the facts and circumstances at soon as the opportunity presents. Having a good understanding of the facts before the government gets involved and before an employee invokes his or her Fifth Amendment Rights allows the employer to critically assess its vulnerabilities and strategic decisions about how to address the prospective litigation or criminal proceeding.\
  • Stay of Proceedings: Although courts have the power to stay civil proceedings, it is not constitutionally required to do so. But if this strategy is chosen, an effective argument is that the resolution of the criminal action will likely efficiently resolve the civil proceeding in that it increases prospects for settlement of the civil case. It will also result in many of the civil issues being disposed of in the criminal proceeding. Conversely if a civil proceeding goes first, a significant amount of information would likely be withheld" due to the invocation of the Fifth Amendment privilege against self-incrimination.
  • Preservation Obligations: No matter the ultimate strategy chosen, companies must quickly implement a litigation hold in order to preserve information relevant to both the criminal and civil proceedings. 

Jason Shinn has worked with corporate clients to conduct internal investigations in response to parallel proceedings, including multi-million dollar civil fraud claims subject to a criminal probe by the Federal Bureau of Investigation. In that particular case, the FBI probe resulted in the indictment and eventual conviction of several former employees while the corporate client was not charged of criminal wrongdoing and was able to settle the civil claims for extremely favorable terms. 

Recommendations for Preventing and Responding to Workplace Violence

The preliminary results of the U.S. Department of Labor's National Census of Fatal Occupational Injuries for 2010 showed mixed results as to workplace violence.

Specifically, workplace homicides declined 7% in 2010 to the lowest total ever recorded by the fatality census. But workplace homicides involving women increased by 13%. 

Historically, 11,613 workplace homicide victims were reported between 1992 and 2006 according to the Bureau of Labor Statistics’ Census of Fatal Occupational Injuries (CFOI). 

Against this dark backdrop, it is apparent that for any business workplace violence must be a top concern. This is especially true for smaller business organizations who are often hit by violent incidents much harder. Based on experience and personal observations, smaller companies typically do not have the resources to employ security, invest in work place violence prevention training, or employee counseling services. Nonetheless, there are measures that any business – regardless of available resources – should take so it does not become another grim workplace homicide statistic.

Identifying Warning Signs of Workplace Violence

Employers cannot guarantee workplace safety. But there are red flags and behaviors employers should recognize to minimize the chance that an employee’s actions do not boil over into a violent altercation. For example, the National Institute for Prevention of Workplace Violence identifies 13 signs to look for:

  1. Employees making threats;
  2. Acting unreasonably;
  3. Intimidating or controlling other employees;
  4. Exhibiting paranoid behavior;
  5. Acting irresponsibly;
  6. Exhibiting angry or aggressive behavior;
  7. Showing a fascination with or acceptance of violence;
  8. Holding grudges;
  9. Exhibiting generally bizarre behavior;
  10. Exhibiting signs of depression;
  11. Demonstrating obsessions;
  12. Demonstrating signs of substance abuse; and
  13. Demonstrating signs of desperation.

But recognizing violent tendencies is only the first step. Employers must also enforce workplace violence policies.These policies should be applied uniformly, and should be based upon an objective analysis of the employee’s present tendencies to commit a violent act. 

Implementing an Anti-Work Place Violence Policy

Effective anti-violence policies should generally include the following:

  • The policy should clearly establish that violence will not be tolerated in any manner from any employee. The policy should also provide a non-exhaustive list of violent acts, including verbal threats or harassment;
  • The policy should explain that prohibition on violence also extends to customers, clients, patients, or guests;
  • The policy should plainly state that employees who engage in workplace violence are subject to discipline, up to and including termination. Further, employees should be advised that appropriate law enforcement agencies may be contacted; and
  • The policy must also establish a convenient method of reporting any examples of violence. The policy should also promise that all reports will be taken seriously and promptly investigated. Because employees may be reluctant to turn in a fellow employee, the policy should also provide a confidential means of making good faith complaints.

Sample Workplace Ant-violence Policy

Here is a free sample Workplace Anti-Violence Policy (PDF). This policy is intended for educational purposes only and is not a substitute for a one-on-one discussion with a competent attorney.

This is because there are many subtle pitfalls when it comes to the interplay with various employment statutes and implementing workplace violence policies.

For example, the Americans with Disability Act (ADA) prohibits discrimination on the basis of a disability (whether actual or perceived) or a record of disability. This prohibition could complicate the enforcement of a work place violence policy if misconduct was the result of an employee’s disability. Both the Equal Employment Opportunity Commission (EEOC) and courts generally take the position that employers are almost always entitled to enforce workplace violence policies pursuant contains a “direct threat” exception, and if the policies are enforced uniformly. But courts have found that taking an adverse action against a current employee for past conduct related to a disability may violate the ADA. See Josephs v. Pacific Bell, 443 F. 3d 1050 (9th Cir. 2006) (Employer violated the ADA by refusing to rehire a former employee based upon the former employee’s history of violence).

Cases like this make it critical for employers to fully understand what are often subtle pitfalls when it comes to how various employment laws may interact. For questions or more information, contact the attorneys at E-Business Counsel, PLC

What's the Harm in a Little Workplace Porn? For Starters, Unemployment Benefits.

Porn Keyboard.jpgA recent denial of unemployment benefits in Berglund v Industrial Technology Institute (7/21/2011) offers important insight for both employers and employees when it comes to accessing Internet pornography in the workplace and technology use policies.   

Overview of Michigan Unemployment Benefits

Under Michigan law, an employee is disqualified from receiving unemployment benefits if he or she is discharged or suspended for “misconduct connected with … work." MCL 421.29(1)(b). Employers bear the burden of proving misconduct. And normally this is a high burden to meet because "misconduct" must evince a "willful or wanton disregard of an employer's interest as is found in deliberate violations or disregard of standards of behavior" that an employer has the right to expect of its employee. Carter v MESC, 364 Mich 538, 541, 111 NW2d 817 (1961). 

Willfulness can be shown by an employee’s conscious violation of an important, well-known employer policy or rule, particularly if the employee has been warned previously about such a violation. 

The Initial Denial of Unemployment Benefits

In the Berglund case, the hearing referee made an initial determination that the discharged employee, Mr. Berglund, was guilty of misconduct and, therefore, denied him unemployment benefits. The Michigan Employment Security Commission Board of Review upheld the denial of unemployment benefits. 

The misconduct consisted of evidence presented by the employer that:

  • Mr. Berglund visited a number of inappropriate web sites, including "teenagecheerleaders.com," "sextelevision.net," and other sites involving swimsuit models and Victoria's Secret;
  • These sites contained images of scantily dressed females, nudity, and other images considered pornographic;
  • Mr. Bergland admitted to receiving and keeping emails that were pornographic and that he "might have" instructed his computer to access a site like sextv.com; and 
  • In an eight hour day, records reflected approximately 3½ to 4 hours was spent by Mr. Berglund visiting these types of sites.

The Denial of Unemployment Benefits is Reversed

The Employment Security Commission Board of Review's decision, however, was reversed by the Wayne County Circuit Court. In reversing this decision, the Court noted that the employer did not present any evidence that Mr. Berglund violated an employer policy or technology use policy in accessing these sites. Further, there was no evidence that the employer directed Mr. Berglund not to view such sites.

The Circuit Court also noted that there was no evidence that Mr. Berglund's accessing any sites negatively affected his work performance. Additionally, the Court noted that personal use of work computers was allowed by the employer. 

The Denial of Unemployment Benefits is Reinstated

When the issue of Mr. Berglund's unemployment benefits reached the Michigan Court of Appeals, it reinstated the Michigan Employment Security Commission Board of Review's decision to deny unemployment benefits. Interestingly, the Court touched on the idea that accessing websites of the type at issue can lead to spam, pop ups, and cookies, which can impair a network and, therefore, harm the interest of the employer: 

An employer has an interest in maximizing the capability of its network. An employee who deliberately accesses websites that hinders the work network's capability harms the interests of the employer.

Under the Court's reasoning, this "harm" also supported a finding of misconduct. 

The Take Away

Certainly no one would seriously dispute that accessing pornographic websites or other sites of a sexual nature would fall into the category of a "good career move." But this case illustrates the considerable range of opinions that can be reached as to whether such conduct should be the basis for denying an employee unemployment benefits.    

Employees

For individual employees, it is critical to follow an employer's computer use policies. It is also equally important that in the absence of such policies or when it comes to "grey areas," common-sense should be exercised in using workplace resources to access the Internet. And if you are ever uncertain - a good rule of thumb is accessing pornography sites at work is never a good idea. Further, it should be assumed that your workplace Internet use is monitored.     

Employers

First, it would have been much harder for the circuit court to reverse the denial of unemployment benefits if the employer had in place a technology policy that expressly prohibited accessing or displaying any kind of sexually explicit image or document using company resources. This is because there would have been no need to make judgment calls made by the circuit court to reverse the denial of benefits. 

Second, it is not unreasonable to expect (and in my experience it should be anticipated) that employees use company resources to access Internet pornography or similarly inappropriate sites while at work. For this reason, it is critical for companies to have a policy that expressly puts employees on notice that accessing or displaying any kind of sexually explicit image or document on any company system is not permitted, a violation is subject to discipline, up to and including discharge, and that Internet usage may be monitored to, in part, enforce the policy. 

Third, the argument that cookies, spam, and pop-up ads provided sufficient harm to the employer to justify a denial of unemployment benefits was unconvincing. Such Internet flotsam is present to some degree on all commercial websites and this particular employer did not place any restrictions on accessing any sites for personal use.

Also, any network traffic is going to impact an employer's network to some degree. But to say a cookie, which is simply a text file, will take up sufficient bandwidth to hinder network traffic is a stretch (any network administrators please weigh in on this issue). And this stretch would fall flat if it had been shown that other employees were allowed to access video content or stream Internet music over the company network because both actually devour significant amounts of bandwidth.

A stronger argument would have been to take the position that accessing, downloading, or saving images using company resources that contain sexually explicit material violated the company's sexual harassment policy (assuming the employer had such a policy). It is far more convincing that such conduct approaches the "willful or wanton" disregard of an employer's interest - preventing sexual harassment or a hostile work environment - to warrant a finding of misconduct warranting a denial of unemployment benefits than the network traffic argument. 

Departing Employees More Disgruntled than Ever and the Risk to Employers

Cost, Risk, Effort.jpgThe Wall Street Journal (by Joe Light) recently reported that departing employees are more disgruntled than ever. The article notes that based on exit interviews of more than 4,300 employees from 80 companies:

More than three-quarters of departing employees say they wouldn't recommend their employer to others, the worst percentage in at least five years ...

The WSJ article goes onto discuss the negative impact departing employees may have on a company's image.

But disgruntled employees may also directly impact the company's bottom line. Consider the following examples:

Developing a Comprehensive Procedure for Departing Employees 

Thankfully such unscrupulous acts are the exception. But these exceptions also demonstrate the highly consequential adverse effect unscrupulous departing employees can have on a company. With proper planning, however, these risks can be eliminated or, at least, managed. This risk management program should be developed in collaboration with an experienced lawyer, but among the topics that should be discussed with legal counsel are the following:

  • Pre-Exit Interview Review: Once an employer learns an employee will be leaving, it should review that employee's file to confirm what, if any, agreements the employee may have signed. Typical examples may include patent and invention agreements, agreements pertaining to confidential information and trade secrets, and the company should be aware of every provision in every agreement or policy that may be helpful to the company. This review provides an opportunity for the employer to understand every provision in every agreement signed by the departing employee. Each such agreement should be discussed with the departing employee so the individual understands his or her obligations.  
  • The Exit Interview: An employer should conduct an exit interview with the departing employee before their last day of work. This interview should be conducted (ideally) by two interviewers. The interview should focus on (i) reviewing all work the individual was working on, as well as all critical customer contacts; (ii) apprising the individual of the need for confidentiality regarding all such work and customers; (iii) reminding the individual of all agreements he or she signed and highlight any post-work restrictions; (iv) if there were no agreements, the employer should emphasize that the law provides additional employer protections over proprietary and trade secret information; (v) the employer should also ask the person to explain what steps he or she took to ensure that no trade secret information or proprietary information will be taken or otherwise used in the individuals' new position.  
  • Proper Investigation: If there is reason to believe the departing employee has or will take confidential information or trade secrets, legal counsel should be contacted immediately. An experienced lawyer will be able to collaborate with the employer for implementing proper steps and procedures for documenting the theft and positioning the matter to obtain all available remedies.

For additional information on minimizing risks at the intersection of technology and departing employees, see the employer's technology checklist for departing employees.

Michigan Lawmakers Continue to Address Medical Marijuana Law Questions

YellowQuestionMark.jpgThe Detroit Free Press (by Dawson Bell) reported that Michigan's Attorney General, Bill Schuette, and a coalition of lawmakers and prosecutors are calling Michigan's medical marijuana law so poorly drafted as to be unworkable.

The focus of this criticism in large part is on the legality of medical marijuana dispensaries, the definition of a "locked facility," and the nature of the doctor-patient relationship with respect to obtaining authorization for a medical marijuana card.

What is not discussed, but is equally important, are issues at the intersection of employment and use of medical marijuana.
As previously discussed, a Michigan federal district court ruled in favor of an employer, Walmart, when it discharged an employee who was also an authorized medical marijuana patient. 

While these issues are certainly important, it is equally important to employers and employees for lawmakers to address the use of medical marijuana off duty or during nonworking hours.

As previously discussed, a Michigan federal district court ruled in favor of an employer in a case involving Michigan's medical marijuana statute. In that case, Walmart discharged Mr. Cassia after he tested positive for marijuana use. At the time of the drug test, Mr. Cassia was an authorized medical marijuana user because of his sinus cancer and a brain tumor. He did not use marijuana while working. The case, however, is presently on appeal. 

That case only challenged the termination on the basis that it violated an implied right to use marijuana for medicinal purposes during off-duty hours as a violation of Michigan's public policy (as set forth in the Michigan Medical Marihuana statute). It did not involve the Americans with Disability Act or Michigan's state law equivalent, the Persons with Disabilities Civil Rights Act, MCL § 37.1101.

Both of these statutes involve providing "reasonable accommodations" in order to provide employment opportunities for persons with disabilities. Certainly "toking up" on the job would not be a reasonable accommodation. But the real uncertainty for employees and employers is how to treat drug test that are positive for marijuana by-products. Such products may show up weeks after the initial ingestion.

On that issue, the Michigan Supreme Court expressly held that (at least certain) by-products are not an illegal (schedule 1) drug in the context of operating a motor vehicle. Notably, the Court referenced the Medical Marihauna Act and highlighted that without its limitation, "individuals who use marijuana for medicinal purposes will be prohibited from driving long after the person is no longer impaired ..." Further, the Court noted that at the time the issue was considered, no federal courts had concluded that by-products were "a controlled substance."

So what does this mean for Michigan employers and employees? That is a question Michigan lawmakers should certainly answer for the benefit of both employers and employees. Otherwise both are left uncertain as to their rights and responsibilities when it comes to using medical marijuana and the employment relationship. 

Protecting Company Information Using the Computer Fraud and Abuse Act

Security Padlock.jpgA 2011 Sixth Circuit Court of Appeals opinion, underscores the importance of the Computer Fraud and Abuse Act plays in combating disgruntled employees who steal company data. This case also highlights important steps employers should take in protecting company IT infrastructure and digital information from internal threats.

In that case, the former employer worked in the IT department of Campbell-Ewald, a Michigan advertising company. During his employment, the former employee accessed Campbell-Ewald's computer server and copied confidential computer files belonging to its CEO without authorization.  

Campbell-Ewald strategically responded by firing the individual, contacting the authorities, hiring a security investigation firm, and retaining legal counsel. 

The FBI investigated and determined:

  • The former employee had accessed Campbell-Ewald's confidential files no fewer than twenty-one times after his firing, twice through a Campbell-Ewald server and nineteen times through the email account of another employee, "SM." 
  • The files the former employee accessed consisted of "confidential pieces of information . . . including executive compensation, financial statements of the firm, goals and objectives for senior executives of the company reporting to the chairman, and some strategic plans." These files were normally stored on the CEO's desktop computer but had been moved by the company to its server.
  • The former employee admitted that he had learned of employee SM's username and password in the course of his employment. While SM had slightly altered his password after the former employee was fired, he was able to guess the new password through trial and error.

The former employee was eventually convicted under the Computer Fraud and Abuse Act, 18 U.S.C.S. § 1030(a)(2)(C) and (c)(2)(B)(iii). The court also awarded the former employer restitution in the amount of $47,565 for private security investigation costs. This decision from the United States District Court for the Eastern District of Michigan was upheld on appeal. 

Protecting Company Information Before it is Compromised

The former employee's conviction under the Computer Fraud and Abuse Act is significant with respect to a number of legal issues. But for employers focused on preventing a similar IT disaster from happening, the following are important take-away points to consider: 

  1. Computer security is often an "all or nothing" process in that if you miss a single link in your security chain you leave the network vulnerable. Consider implementing the topics in this Employer's Technology Checklist for Departing Employees to minimize your company's vulnerable spots; 
  2. Before a theft or a data breach occurs, employers should coordinate with IT, human resources, legal and business units to carefully and critically draft computer/network policies clearly defining the permitted access to sensitive company data and customer information. Further, employees must understand that exceeding their authorized access is strictly prohibited and subject to discipline, including termination; 
  3. Information should be segregated so that employees have access only to data relevant to their jobs and this segregation should be routinely audited to confirm data remains accessible only by those who have a business-related need for access;
  4. Additionally, it is essential to properly draft employment policies to trigger the Computer Fraud and Abuse Act. This is not always possible as Courts do not agree how critical issues such as "unauthorized access" or "exceeding authorized access under the Computer Fraud and Abuse Act should be applied in the context of the employment relationship. Strategic drafting can greatly increase the chance of having a viable Computer Fraud and Abuse Act claim if an employee compromises or steals corporate data; and 
  5. Properly securing and preserving computer-related evidence must be a top priority in responding to potential computer misconduct. Otherwise, companies run a significant risk of compromising or outright destroying computer evidence, which may result in its exclusion at trial. Consider U.S. v Khoo (Oregon Dist. Court 2011) where the court excluded computer evidence in a federal criminal matter involving the theft of corporate data (Khoo Order.pdf) (Court excluded forensic image after the company owner inadvertently compromised / tampered with evidence while investigating an employee's suspicious activity on a company laptop. See Susan Brenner of CYB3RCRIM3 for a full explanation of this case. Also, see this prior write-up about investigating and preserving company computer data with contributions from the Michigan State Police Computer Crime Unit.  

What Should An Employer Do if Child Pornography is Discovered in the Workplace?

Porn Keyboard.jpgPossession of child pornography often involves a computer and is a serious crime. But what happens when that crime takes place on an employer's network or company computer?

The thirteenth-century Spanish King Alfonso X said, "Had I been present at the creation, I would have given some useful hints for better ordering of the universe." Based on prior experience counseling employers and insight from Detective Thomas Kish of the Michigan State Police Department's Computer Crime Unit - but with a little more modesty than the King - the following points are offered to employers for responding to computer misconduct, including criminal misconduct, in the workplace. 

1. Investigate and Confirm the Facts Before Reporting Suspected Child Pornography.

Before reporting suspected child pornography, it is absolutely critical employers make certain the material is actually child pornography. From law enforcement's perspective, it is important to minimize expending resources on investigating material that - while offending or in poor taste - does not rise to the level of criminal possession of child pornography.  

Further, the stigma of possessing child pornography certain to follow the accused and the potential negative publicity to an employer are also equally compelling reasons to be certain that the offending material rises to the statutory definition of child pornography.  

Knowing, however, what is or is not "child pornography" may not always be straightforward. For example, it is generally more than an image of a nude child. Instead, under Title 18 United State Code (USC) § 2252, "child pornography" refers to the knowing possession of: 

books, magazines, periodicals, films, video tapes, or other matter which contain any visual depiction that has been mailed, or has been shipped or transported in interstate or foreign commerce, or which was produced using materials which have been mailed or so shipped or transported, by any means including by computer, if—

(i) the producing of such visual depiction involves the use of a minor engaging in sexually explicit conduct; and

(ii) such visual depiction is of such conduct ...

Because any statutory definition may contain hidden nuances or must be applied to factual circumstances that are not always clear-cut, it is important to consult with a competent attorney in assessing your obligations under this statute.    

2. IT Must be Included in an Employer's Response Team.

A critical component of an employer's response team will be IT professionals. IT - along with anyone investigating the matter - must understand that confidentiality is a must because of the sensitive subject matter of the investigation.

Among the tasks IT should address are identifying user log in dates, preserving server logs, and preserving any Internet cache (A cache is a storage mechanism designed to speed up the loading of Internet displays. When a user views a Web page, the Web browser stores a copy of the page on the computer's hard drive in a folder or directory) or other images that relate to the suspected child pornography.

Such evidence is especially critical in determining the identity of the suspect where a computer used to facilitate the possession of the offending material may be shared by employees or is otherwise unsecured.

Additionally, IT will also want to focus on making sure nothing is done to damage, taint or destroy potential evidence.

3. Do Not Forward, Delete or Try to Erase the Offending Material.

Certainly a common response to discovering child pornography in any setting is disgust. But don't let this response motivate your company and its employees to destroy the offending material. Destroying child pornography could lead to criminal charges for having reviewed or possessed child porn, or for obstruction of justice. Additionally, criminal liability could result with each forward, view, or distribution. It is, therefore, important to isolate the suspected child pornography and refrain from intentionally making any copies or inadvertently making copies by forwarding the material.  

4. Limiting Business Interruption

A point that employers often overlook is that once child pornography is discovered and reported to law enforcement, the storage medium - whether it is the hard drive of a company PC, laptop, portable storage, etc. - will be seized by law enforcement. Such storage medium will also be eventually purged of illegal content as well as any business related content.

For this reason, it is important to work with your IT professionals to determine what business-critical information may reside on the storage medium subject to confiscation and that this loss will be a moot issue because the information is backed-up. Alternatively, your attorney may need to work with law enforcement to try and "carve-out" preservation of the business related information that would be permanently lost if it is purged.   

5. Report Actual Child Pornography to Law Enforcement - No Exceptions.

There may be reluctance to report the discovery of child pornography due to any number of reasons, such as potential embarrassment or because it belonged to a key employee or executive. In addition to the potential criminal liability discussed above, a recent decision from the Sixth Circuit Court of Appeals (the federal circuit that Michigan is in) offers a cautionary illustration why employers must resist this temptation.

In Doe v. Boland (2011) an attorney was acting as defense expert witness in a child pornography prosecution. As part of the defense, the expert morphed, i.e. digitally altered, non-child pornography images into images seemingly depicting actual child photography. The attorney/expert - after having his home searched and computers seized by the FBI - was eventually charged with possession of child pornography. As part of a pretrial diversion agreement with the US attorneys office, the attorney/expert admitted criminal wrongdoing for possession of child pornography. The take-away from this case is that there is no exception - even in a judicial setting - making the possession of child pornography acceptable.

In addition to the criminal prosecution, the Court held that the defendant in Boland could be civilly liable to the minor children whose images were altered. Other courts have also concluded that a company could be liable for damages suffered by innocent third parties where the company failed to investigate reports that an employee was viewing child pornography online at work. See Doe v. XYC Corp. (New Jersey 2005). 

An employer's Computer/Internet Use Policy should also specifically explain to employees their obligations when it comes to reporting suspected child pornography or other inappropriate computer/Internet usage and that failing to do so is subject to discipline.

6. Do not overlook offensive content that does not meet the definition of child pornography.

Additionally, it is important for employers to proactively respond to offending material that does not meet the statutory definition of child pornography. This is because employers still run the risks of not properly responding or failing to take appropriate steps when it comes to such material found in the workplace. For example, in a 2009 case out of the Sixth Circuit (Gallagher v. C.H. Robinson Worldwide, Inc.) the decision to dismiss a sexual harassment claim by the trial court was reversed (The court noted that Plaintiff testified that co-workers used Internet to view sexually explicit pictures on their computers, along with other conduct compared to a “guy’s locker room.”). See also a 2007 case (Avery v Idleaire Technologies Corp.) out of Tennessee, where the Court allowed a plaintiff’s hostile work environment claim case to go to a jury because a jury “could find it to be objectively offensive for an employer to permit employees to use a company computer terminal on company time to actively seek pornographic material ... to be left for the plaintiff and other employees to see.” 

7. Closing Recommendation

For any employer responding to the discovery of pornography, especially child pornography, in the workplace, the preceding points should be discussed with competent legal counsel. Beyond my pitch for job security, legal counsel will be critical for evaluating and explaining the company's legal obligations, meeting those obligations, and implementing a workable strategy to minimize the interruption to the business operations.

Again, a special thanks to Detective Thomas Kish of the Michigan State Police Department's Computer Crime Unit for his insight. The public and employers are certainly better off having dedicated, experienced individuals like Detective Kish and his colleagues who are willing to share their experience in order to protect children from being exploited. 

Are Your Employees Going to Pot? According to the Numbers, Probably

Medical Marijuana.jpgThe Detroit Free Press reported on April 21, 2011 (by Dawson Bell and John Wisely) that approximately 63,735 Michigan residents had registered to use marihuana for medical purposes under Michigan's Medical Marihuana Law (Michigan spells marihuana with an "h", rather than a "j"). There is also over a five-month backlog in issuing registration cards. 

Based on the numbers, it is likely that among those registered or waiting to become registered to use marijuana for medicinal purposes at least a few are employees. And this raises a number of issues central to the relationship between employers and employees.

Michigan's Medical Marihuana Act (the Marihauna Act), however, does not necessarily answer these issues. This is because it is both a relatively new statute - meaning many issues have yet to be resolved - and it has been widely criticized for its lack of clarity and contradictory provisions. See Judge Peter D. O'Connell's thorough analysis of these problems in his concurring opinion in People v Redding.

Nonetheless and to paraphrase the former Secretary of Defense Donald Rumsfeld: "There are known knowns ... [and] There are known unknowns ..." that are important to consider for both employers and employees. 

Known Knowns Employers Should Consider 

First, the starting point for what is "known" is the Marihauna Act and what it actually provides: 

A qualifying patient who has been issued and possesses a registry identification card is not subject to arrest, prosecution, or penalty in any manner, or denied any right or privilege including, but not limited to, civil penalty or disciplinary action by a business or occupational professional licensing board or Bureau for the medical use of marijuana in compliance with the Act.

Second, an employer is not required to accommodate the ingestion of marijuana in any workplace or any employee working while under the influence of marijuana.

Third, marijuana is classified as a schedule I Drug under federal law. 21 § USC 812(c). This, ironically, means there is no accepted medical use for drugs in this category. Thus, federal law prohibits the manufacture, distribution, and possession of marijuana - regardless of a contrary state law like Michigan's Medical Marihuana Act. 

Fourth, in February 2009, the U.S. Justice Department directed federal prosecutors to discontinue prosecuting individuals who use or supply marijuana for medical use in compliance with their state's law. 

Known Unknowns Employers Should Consider

As noted above, an employer is not required to accommodate the ingestion of marihauna in any workplace or any employee working under the influence of the substance.

But what does "under the influence" mean? It is not defined under the statute. And a "hypothetical" situation highlights this problem.

Consider John Doe employee who works Monday through Friday, as a sales associate in a big-box retail store, who happened to be employee of the year in 2008, but has since been diagnosed with sinus cancer and a brain tumor.

Now consider John Doe tokes up a joint over the weekend to alleviate his pain. Experts have testified in court that on average certain marihauna by-products could remain in a person's blood for 18 hours and in a person's urine for up to 4 weeks. Now consider a week later Mr. Doe is given a drug test by his employer. Not surprisingly the drug test is positive for marihuana use. Is that under the influence?

While not an employment case, People v. Feezel, (2010) potentially offers some insight as to what "under the influence" means. In that case, Michigan's highest court (pun intended) reversed a criminal defendant's convinction for operating a motor vehicle with the presence of a schedule 1 controlled substance in his body, causing death.

The reversal was required because the defendant did not actually have a schedule 1 drug in his system but rather "11-carboxy-THC, a byproduct of metabolism created when the body breaks down the psychoactive ingredient of marijuana." The Court concluded that this by-product was not a schedule 1 controlled substance under Michigan's motor vehicle statute and, therefore, a person cannot be prosecuted for operating a motor vehicle with any amount of 11-carboxy-THC in his or her system.

Notably, in reaching its decision, the Court referenced the Medical Marihauna Act and highlighted that without its distinction between marihuana and by-products, "individuals who use marijuana for medicinal purposes will be prohibited from driving long after the person is no longer impaired ..." 

So under Feezel, the presence of - at least - certain by-products does not equate to marihuana or impairment. What does this conclusion mean for drug test screening the same or similar by products? Also if the presence of a marihauna related by-product in a person's system is not criminal impairment in the operation of a motor vehicle, what about an impairment in the employment context? Does it matter if the employee is a receptionist, data processor, or operating power machinery?  

No Michigan state court has addressed the issue of "under the influence." And the few cases outside of Michigan (California, Montana, Oregon, and Washington) that have generally considered the issue of whether an employer must accommodate an employee's use of marijuana for medicinal purposes have gone in favor of the employer, including the February 2011 opinion from a Michigan federal district case in Cassias v Wal-Mart.     

Conclusion

For both employers and employees with serious illnesses, having to make the choice of how to respond to these unsettled issues is challenging to the say the least. And from an individual's perspective, it certainly seems unfair to be in a position to have to choose between discontinuing marijuana treatment that may be the only alleviation of pain or continued employment. 

A Short Checklist to Avoid a Disgruntled Former Employee Costing Your Company $200,000

Virus Code.jpgA disgruntled former Gucci employee is reported to have caused in excess of $200,000 in damages to his former employer (as reported by Computer World) and now faces criminal charges.

Specifically, the New York District Attorney's indictment alleges that Sam Chihlung Yin fraudulently obtained IT access after he was fired. From there, the indictment alleges that Mr. Yin used his inside-knowledge of the Gucci IT infrastructure to cause damage that included deleting data, shutting down servers and leaving Gucci with an estimated $200,000 cleanup bill.

What Employers Should Take Away from this Incident

For Gucci, this incident is an expensive reminder of why it is critical to have a termination checklist that should be followed once a decision has been made to terminate an employee, especially an IT employee. For employers looking to avoid Gucci's mistake, a non-exhaustive checklist to consider includes the following:   

  1. Do not communicate the termination until the employer is prepared to escort the employee off the premises. It is generally better to pay the employee severance benefits with no expectation of receiving anything in return than to pay the price of a vindictive employee trashing or misappropriating company information.
  2. Coordinate with IT personnel to remove all access to the IT systems, e-mail, remote access, or any other means to access the employer's network. Ideally this will be done while the employee is being terminated. Or, if the terminated employee is a member of IT, eliminate access after working hours and then complete the termination process the next working day. Companies could also consider covertly transferring the IT employee into an IT "sandbox" until all normal IT access can be severed.    
  3. Obtain custody of all employer owned PCs or laptops as well as all company owned external hard drives or other portable media before the employee is terminated. 
  4. Remove any rights the employee may have as administrator of the organization's Web site and extranets. While you are at it, remove the employee's page or profile, if any, from the organization's Web site.
  5. Take an inventory of all of the files or projects on which the employee was working, and make sure that all such materials have been returned. This is particularly important for employees who work remotely.
  6. Even after going though a termination checklist, an employer should monitor its network to ensure that the former employee has not regained access and to make sure that company information has not been compromised. 
  7. Employers should also remind employees that assisting former employees to access the company's IT systems is prohibited. It is important that current employees are aware of this policy, especially at or around the time of a termination.
  8. If there is concern that the former employee has taken steps to destroy or steal data, careful consideration should be given for retaining a forensic computer examiner to take necessary steps to properly preserve evidence of wrongdoing.

The Gucci incident illustrates that it only takes one lapse in security to severely destroy or cause significant damage. It is better to be vigilant than a statistic.