Bernstein Crisis Management. Crisis response, prevention, planning, and training.


Crisis Manager Internet Newsletter about Crisis Management

03.01.05
ISSN:1528-3836
© 2005 Jonathan Bernstein
Circulation: 4,000+
Estimated Readership: 14,000+


JUST A THOUGHT

If you can't beat them, arrange to have them beaten.

-- George Carlin

CRISIS MANAGER UNIVERSITY

Editor's Note: Intentional and unintentional misuse of e-mail, plus widespread misunderstanding of how the law regards e-mail, has been at the root of many crises in recent years. When it isn't the primary cause, it is often fuel thrown on an already burning fire. Hence, this article is of particular importance to "Crisis Manager" readers. Because of its length, it is the sole feature article in this issue.

E-mail Usage Considerations in Crisis Management
by Sarah Warhaftig

As increased competition and a smaller global community produce greater demands for speed and responsiveness of communications the use of e-mail has become an essential business tool. The ability to communicate on a broad basis with a few simple keystrokes, or to send large attachments for minimal costs has revolutionized the way America, and the world, does business. E-mail has long since outstripped utilization of faxes, and in many instances has replaced regular mail delivery service. Businesses regularly e-mail proposals, RFP responses, pricing, bids, contract terms, offers, and legal documents, for almost immediate delivery.

Internally generated e-mail

E-mail is not without its drawbacks. The inherent informality of the e-mail format can detract from the importance of the communication causing the sender to take less time and energy to properly craft his message. The false sense of privacy, created by computer-to-computer messaging can allow an exchange that would not normally be permitted in a face-to-face business context.

Careless language can constitute harassment, discrimination, or defamation. Informal e-mail promises or representations made by eager sales reps to potential or actual customers may create additional product or performance warranties. Employees may unwittingly share confidential information or trade secrets. In an unpleasant scenario, employees may use e-mail to disseminate pornographic material.

The common law concept of "respondeat superior" makes the employer responsible for the actions of his employees when they are engaged in business pursuits. Thus offensive or actionable e-mail places the employer in a position of potential liability. Consider Connecticut, which has defined harassment in the second degree -- a criminal offense -- as the sending of a communication on an electronic network, "...with the intent to harass, annoy or harm another person." It would seem that annoyance would be enough to expose the employer to liability.

We have learned from the Microsoft antitrust case that internal e-mail is not only subject to discovery, but that personal e-mail can be used to inquire into the state of mind (mens rea) or the intent of the parties. Imagine the situation, the text of an e-mail message is projected on screen for the court, the prosecutor asks, "Now explain exactly what you meant by, 'We will crush Netscape."'

What should you do with your questionable e-mail? Contrary to popular belief, e-mail is almost impossible to destroy. It cannot be eradicated. E-mail cannot be deleted from a personal computer without destruction of the individual hard drive. Yes, the offensive item was deleted, and the deleted items folder was emptied. But when a file is deleted, it is renamed by the computer and moved to another section of the hard drive where it waits to be overwritten if storage capacity becomes an issue. Even if the hard drive is destroyed, there are likely to be system back up tapes. Thus careless comments, and ill-advised communications can be resurrected, usually by subpoena, bringing the company's policies and practices under examination. More on discovery, later.

External e-mail considerations

Employer provided e-mail accounts are often used by employees for personal mail as well as internal company mail. This subjects the server to myriad and diverse incoming communications. When the employer offers access to the Internet as part of internal networks, he opens the window to snoopers, sniffers, hackers, crackers, and a host of viral visitors. A virus targeting e-mail can quickly acquire a company's contacts and customer lists. Any sent item or document stored in an e-mail folder is subject to interception. Once the security of the company server or network is pierced, all of the stored data is in peril. Even if an e-mail virus destroys nothing, it paralyzes operations. If the majority of your pertinent records are stored in e-mail folders, they may not be accessible.

Prudent business practices in the wake of Melissa and its successors requires layers of security involving system generated and human screening of received and sent e-mail. Typically system administrators are not looking at the content of individual messages, rather they are utilizing software packages that scan for viruses, block SPAM, and identify unwieldy attachments and large jpeg (image) files. Similarly, frequent sweeps of individual employee computer hard drives should be conducted to identify and eliminate free ware, unauthorized programs, videos, movies, downloads, and a multitude of reverse search engines all of which take up valuable ram and present entry risks as they cross from the public arena into the network.

Once a message leaves your personal computer or company server it is launched through a variety of intermediaries -- servers, and service providers that disassemble it, send it, relay it, catch it and reassemble it at the addressee's e-mail connection. This is, obviously, a simplistic description of what actually happens. Yet anywhere along the route your e-mail is subject to interception and or review. While your e-mail is traveling from jump point to jump point, the intermediate service providers have the authority to view and scan e-mail to the extent required to maintain their services. Even without deliberate targeting or interception, your message is subject to scrutiny, by the curious, and by the Federal Government.

Post September 11, 2001 buoyed by concerns about terrorism and conspiracy, Congress enacted the US Patriot Act. This Act gives Federal agencies the right to eavesdrop and intercept all communications where inference/indicia of terrorist activities or support may be found. Because of the inherent nature of the process, the public rarely hears about its use and success. Be aware that all communication, regardless of its confidential or privileged nature is subject to review and interception by the Federal Government.

The Electronic Communications Privacy Act of 1986

What protections are available to ensure security and privacy of e-mail content and attachments? Congress passed the ECPA to expand the scope and protections of existing wiretap laws to include protection for electronic communications. The Act creates civil liability for one, who, without permission intentionally accesses "a facility through which an electronic communication is provided"; or exceeds permitted access to that facility and thereby "obtains, alters, or prevents access to an electronic communication." The Act also provides for the imposition of fines.

While this is a strong step toward protection of e-mail communications, court interpretations have created 2 erosions in the Act's weight. Almost every Federal appellate court has held that the "interception" must take place contemporaneously with the transmission of the e-mail -- in the brief moments that it travels from sender to recipient. Additionally, courts have distinguished wire communication from electronic communication and have held that stored e-mail cannot be "intercepted." Thus incursions into stored e-mail folders are not subject to the ECPA.

Misdirection and privacy considerations

Once an e-mail is sent, you have absolutely no control of its future destinations. The contents can be printed, edited, changed, enhanced and it can be forwarded to a multitude of individuals without your knowledge or consent.

We trust our intended recipients to treat business communications with proper concern for privacy. Yet what of the misdirected e-mail? By a single keystroke or mouse click sensitive mail can be misdirected to a single individual or an entire distribution list. What if confidential information is mistakenly sent to a competitor or key client? How will a claim of confidentiality or privilege be seen by the courts?

Most courts view e-mail as having the same weight and protections as written correspondence. Yet, written correspondence arrives unopened in a sealed envelope. While there is no "subject line" on an envelope, the recipient can immediately determine if he is a proper addressee, and confidentiality is preserved - with the unspoken understanding that misdirected mail will not be opened and read by an unanticipated recipient.

E-mail, however, travels without a sealed envelope. E-mail is more like a post card than a letter. Even if the reader does not recognize the sender, he may still be willing to open the message. The subject line then becomes the sole remaining barrier that might alert the recipient of misdirection. Only through reading the e-mail does one usually determine that it has arrived unbidden.

Disclaimers on electronic communications may help protect confidential material from being further disseminated. Consider that the typical fax will have the disclaimer on the coversheet. Most of us alert the sender of a misdirected fax and destroy it. And many of us read the fax nonetheless. In some large companies, the lowest person in the organization -- the mail clerk -- probably reads every incoming fax. The typical e-mail carries the disclaimer as a footer. We may notify the sender that it has been misdirected, we will probably delete it, but we will have read it. Should an e-mail disclaimer be a header or opening paragraph? Of what value is the disclaimer if it comes at the end of the e-mail? Current opinion is that the greatest legal value of any disclaimer is to show the courts the sender's intention that the contents of the message remain confidential.

E-mail storage and discovery considerations

Due to the ease of dissemination of, and access to, electronic information a company's public e-mail folders may contain employee manuals, pricing lists, marketing strategies, key client contacts and a wealth of proprietary information. Storage and retrieval of electronic files is light years faster than searching for paper files. Thus an individual's e-mail folders may have several "cabinets" worth of financial reports, contracts, personnel information, and numerous other confidential communications. The varied nature of information stored raises questions regarding privacy and confidentiality concerns and expectations both individual and corporate.

For the employee seeking a finding of privacy, the ECPA offers no support. It is well decided that an employer may search it's own electronic communication facility. Most employees today acknowledge that there is no expectation of privacy with regard to e-mail sent or received at work.

For most businesses, the concern for privacy typically focuses on communications with those outside of the company, not across departments and business units. Yet when the content of the e-mail is the basis for, or is sought as evidence in, litigation, a claim of privacy and confidentiality is not always sustainable.

Even before a claim of confidentiality or privilege can be made, the requested documents must be identified and produced, and then reviewed for any claim of potential privilege. Electronic discovery requests have become a major part of most commercial litigation. E-mail is a gold mine of information; it has quickly become the richest source of discovery. This growing area of production requests creates significant problems for many corporations particularly in terms of costs. Depending on the nature of your tape back up system or e-mail archiving process, production of e-mail evidence can be an expensive and a technically daunting task. If your systems and back up policies are not structured with this eventuality in mind, beware.

Many older systems are structured in such a way as to make retrieval of e-mail financially burdensome and impractical. Certain e-mail and archiving systems cannot restore a single mailbox from backup -- all users' mailboxes must be restored. Perhaps your e-mail is backed up as part of a larger tape process. This will require significant time and expense to accomplish restoration.

In Linnen v A. H. Robbins, Inc., an early "fen-phen" case, the defendant faced the prospect of recovering e-mail (for 15 mailboxes) from over 823 back up tapes at cost estimated between 1.1 and 1.7 million dollars.

What if you receive a request for pertinent e-mail spanning a 3-year period? Most system administrators do not have the time or resources to produce this information quickly. Does your records management system have the capability of scanning for authors, key words, phrases, sentence strings? Or will you need the support of a third party to review a myriad of files to find those identified in the production requests? Data mining is a specialty into itself and numerous companies are now "electronic data retrieval experts." Quite frequently the cost of electronic data retrieval is so prohibitive that companies settle litigation rather than incur the cost of production.

What if you simply can't produce the electronic matter requested? Courts will not accept arguments that back up tapes have been erased, that hard drives have been wiped, or documents deleted as part of your usual business practices. It is black letter law that if litigation could be anticipated, all potential documentary evidence about the matter must be retained and removed from the regular destruction schedule. Most business do not consider e-mail messages to fall into this category, however it is well established that they do. Even if corporate counsel and management are aware of these requirements employees are consistently being encouraged to reduce e-mail storage and to delete unnecessary or outdated documents.

Now that courts have taken an interest in the manner and frequency of back up processes, e-mail retention policies, they are making determinations as to the reasonableness of a company's actions or inactions. And when faced with missing e-mail documentation courts are ruling with the preservation of evidence obligation in mind. Courts are allowing jury instruction regarding spoliation of evidence and the permissible inference that the non-existent e-mail material would weigh against the non-producing party.

A well-drafted records retention policy, including e-mail has become more and more critical for the commercial enterprise. Review of pertinent statutes affecting your industry will provide meaningful guidance on retention and destruction schedules. Consult with corporate counsel and your tax advisor. It may be advisable to distinguish between official and non-official e-mail when developing retention schedules. Consider establishing separate archiving or storage media for official and non-official messages, to reduce the cost of any future retrieval.

In the final analysis user-education is your greatest risk management tool. A strong data retention policy is no protection for an organization that permits or ignores offensive and unprofessional e-mail usage. Establish an acceptable e-mail and Internet usage policy and enforce it. Let users know that e-mail is a professional business tool. If an item of a confidential nature needs to be communicated, it should be done in person. Written documents are subject to second-guessing and misinterpretation. Remind employees that anything communicated via e-mail should have no expectation of being private. If an individual would be uncomfortable, or a company would be embarrassed to see an e-mail message printed for the public to read -- don't type it and don't send it.

Sarah Warhaftig is the S.E. Regional VP of Cannon Cochran Management Services, Inc. a third party administrator. She has over 25 years experience with claims, management, litigation management and operations management. She has been a VP of Operations for MSUSA, Director of Risk Management for Worknet Five Hundred, and a member of home office staffs at AIG, AIAC and Crum & Forster. Ms. Warhaftig teaches Crisis Management for the National Alliance for Insurance Education and Research. She can be reached by e-mail at swarhaftig@ccmsi.com.

CRISIS MANAGER BUSINESS ANNOUNCEMENTS

CD-ROM: CRISIS MANAGEMENT & THE LAW
How PR Pros & Lawyers Can Work Together Effectively
Featuring Jonathan Bernstein, Richard Levick and Ed Novak

On February 23, 2005, Jonathan Bernstein played talk show host and expert commentator in a one-hour teleseminar featuring internationally renowned litigation PR expert Richard Levick and one of the country's top white collar crime attorneys, Ed Novak. This CD-ROM is a "must have" to play for the executive staff of any organization, for practice group meetings at law firms, or for the entire staff of any PR agency. It captures the full teleseminar in which the threesome answered questions such as:

  • If the attorney and PR person disagree, to whom should the CEO listen most closely?
  • When do PR considerations outweigh legal considerations, and vice versa?
  • What types of legal matters require close collaboration between legal and PR counsel?
  • What can a PR person do when dealing with an attorney who just doesn't "get it" with regard to crisis communications?
  • What can an attorney do when his client doesn't seem to understand the need for complementary PR?
  • What are some "right way/wrong way" examples that illustrate the principles of effective crisis management in legal matters?

Go to www.thecrisismanager.com for this and other educational and training materials produced by Jonathan Bernstein.

Crisis Alert Service Launched

For anyone who missed the announcement, Bob Aronson and I just launched a free "Crisis Alert" service to bring you news of trends and events that we believe could evolve into crises in the near future. The first alert addressed the dramatic rise in workplace use of methamphetamines and what readers could do to minimize the chance of that addiction creating crisis situations. [Note: Service has been discontinued.]

PLAIN ENGLISH DISCLOSURE

Bernstein Crisis Management, Inc. has formal or informal co-promotional and mutually beneficial business associations with a number of the services we mention periodically in this newsletter. No, we can't go into details because that's confidential, proprietary, etc. But our relationship is NOT "arm's distance" and you should know that, since we regularly write about these services as we use them for crisis and issues management or other purposes. That said, you should also know that Bernstein Crisis Management sought the relationships because its staff is convinced that these services are the best of their kind for Bernstein Crisis Management's needs and those of its clients. If you have any questions about these relationships, please contact Jonathan Bernstein, (626) 825-3838.

ABOUT THE EDITOR & PUBLISHER

Jonathan Bernstein is president of Bernstein Crisis Management, Inc., www.bernsteincrisismanagement.com, a national crisis management public relations agency providing 24/7 access to crisis response professionals. The agency engages in the full spectrum of crisis management services: crisis prevention, response, planning & training. He has been in the public relations field since 1982, following five-year stints in both military intelligence and investigative reporting. Write to jonathan@bernsteincrisismanagement.com.

Bernstein Crisis Management, Inc. is located at 1013 Orange Avenue, Monrovia, CA 91016. Telephone: (626) 825-3838.

GUEST AUTHORS

GUEST AUTHORS are very welcome to submit material for "Crisis Manager." There is no fee paid, but most guest authors have reported receiving business inquiries as a result of appearing in this publication. Case histories, experience-based lessons, commentary on current news events and editorial opinion are all eligible for consideration. Submission is not a guarantee of acceptance.

LINKS

When I find a site that I think will be useful to my readers or site visitors, I put it on our Links page. If you have a site that would be of specific use to crisis managers and want to discuss a link exchange or other cooperative effort, please write to me, jonathan@bernsteincrisismanagement.com.

LEGAL DISCLAIMER

All information contained herein is obtained by Jonathan Bernstein from sources believed by Jonathan Bernstein to be accurate and reliable.

Because of the possibility of human and mechanical error as well as other factors, neither Jonathan Bernstein nor Bernstein Crisis Management is responsible for any errors or omissions. All information is provided "as is" without warranty of any kind. Bernstein Crisis Management and Jonathan Bernstein make no representations and disclaim all express, implied, and statutory warranties of any kind to the user and/or any third party including, without limitation, warranties as to accuracy, timeliness, completeness, merchantability, or fitness for any particular purpose.

Unless due to willful tortuous misconduct or gross negligence, Jonathan Bernstein and Bernstein Crisis Management shall have no liability in tort, contract, or otherwise (and as permitted by law, product liability), to the user and/or any third party.

Under no circumstance shall Bernstein Crisis Management or Jonathan Bernstein be liable to the user and/or any third party for any lost profits or lost opportunity, indirect, special, consequential, incidental, or punitive damages whatsoever, even if Bernstein Crisis Management or Jonathan Bernstein has been advised of the possibility of such damages.

A service of this newsletter is to provide news summaries and/or snippets to readers. In such instances articles and/or snippets will be reprinted as they are received from the originating party or as they are displayed on the originating website or in the original article. As we do not write the news, we merely point readers to it, under no circumstance shall Bernstein Crisis Management or Jonathan Bernstein be liable to the user and/or any third party for any lost profits or lost opportunity, indirect, special, consequential, incidental, or punitive damages whatsoever due to the distribution of said news articles or snippets that lead readers to a full article on a news service's website, even if Bernstein Crisis Management or Jonathan Bernstein has been advised of the possibility of such damages. Authors of the original news story and their publications shall be exclusively held liable. Any corrections to news stories are not mandatory and shall be printed at the discretion of the list moderator after evaluation on a case-by-case basis.

OTHER IMPORTANT STUFF

Do you know people who are Crisis Managers, whether they want to be or not? Please pass this newsletter on to them!

Subscribe to the free, twice-monthly email newsletter below. After entering your email address, you will receive a message asking you to confirm your subscription in order to prevent someone else from adding you to the list without permission. YOU MUST CONFIRM YOUR SUBSCRIPTION OR YOU WILL NOT RECEIVE THE NEWSLETTER.

Subscribe to the BCM Crisis Manager newsletter

Articles in "Crisis Manager" were, unless otherwise noted, written and copyrighted by Jonathan Bernstein. Permission to reprint will often be granted for no charge. Write to jonathan@bernsteincrisismanagement.com.