Security_Computer_Laptop in Chain.jpegA well written article by Connie Bertram, asks the question “Is Self-Help Discovery by Employees Protected Activity?”

The title of the article refers to situations where an employee attempts to gather factual support or to otherwise pursue an employment discrimination claim or a related employment-based lawsuit against the employer by accessing employer files and databases to build the case.

The answer to the question is critical for employers who are faced with the dilemma of (i) not enforcing a company’s technology use policy that restricts who may access certain categories of company information and/or restricts access to information for only business related matters; or (ii) enforcing the policy but run the risk of inadvertently creating a retaliation claim against the employer.

Ms. Bertram explains: 

This type of misconduct appears to be fueled by the belief of claimants and their counsel that employees have an unfettered protected right to engage in self-help discovery to develop their claims. Indeed, many plaintiffs counsel encourage this behavior, advising clients to gather the goods while they are able to so that counsel can later use the fruits of their efforts in demand letters, Equal Employment Opportunity Commission investigations, and litigation. It is clear that an employee engages in protected activity when she, in good faith, makes or takes certain steps legally and legitimately to investigate an internal or EEOC complaint. But does protected activity include so-called self-help discovery, such as taking and downloading documents or recording conversations?

The article goes on to highlight employment-related lawsuits that have answered this question in favor of employees as well as employers.

The Take-Away for Employers

Unfortunately, Ms. Bertram’s major recommendation is where most employers fail: Employers either (i) do not have a meaningful confidential and proprietary information policy that employees must acknowledge in writing having reviewed; or (ii) Employers either fail to enforce and monitor such policies or fail to do so on a consistent basis. 

One additional point I would add, concerns how data is stored and accessed in the first place. In my experience investigating employee computer misconduct, it is not at all uncommon to discover that all or significant portions of an employer’s entire business operation is easily accessible by anyone with computer access within the company.

In this regard, there is no reason to have highly confidential company information, e.g., pricing, marketing, formulas, customer lists, HR investigation files, etc., that is accessible by anyone employed by the company. Instead, the default rule for any employer should be company information is available to employees “as needed” to perform the applicable job function of that employee. 

Such a default rule benefits employers because it provides an added measure of access control to sensitive data. It may also require an employee to take additional steps – potentially criminal steps under the Computer Fraud and Abuse Act or state law equivalent statutes – to access information outside the employee’s normal authorization. This may also provide the employer with additional non-discriminatory ammunition to discipline or discharge the employee it would not otherwise have available.  

For additional information about investigating employee misconduct, including misconduct involving computers, email, or other technology specific investigations, feel free to contact Jason M. Shinn.