Technological Advances - A Double-Edged Sword

January 24, 2008

To say that technology is changing daily is an understatement. In the business world, we take for granted many of the technological advancements that have allowed us do our jobs more quickly and efficiently than workers twenty - or even ten - years ago. However, the same technology that has increased productivity also has created new threats and challenges for employers.

Employees no longer need to be in the office to access their employers' computer systems. They now can connect to work from home, hotels, coffee shops and just about anywhere there is an Internet signal. As a result, more and more employees perform a greater percentage of their work from outside the office. Not only is the location of the workplace changing, so are the ways in which employees perform their work. For example, many employees frequently use instant messaging to communicate with co-workers and business partners, even regarding sensitive projects. Additionally, employees increasingly use personal web-based e-mail accounts to send projects to work on outside of the office.

Many employers, however, are unaware of the dangers associated with their employees' use of these technologies. For example, use of web-based e-mail accounts such as those provided by Google, Microsoft and Yahoo!, present significant challenges to employers. First, these web-based mail services often have less robust security and anti-virus systems than those deployed by companies to protect their corporate networks. Consequently, web-based e-mail accounts potentially create "holes" in a company's electronic security systems which, in turn, increase the likelihood that the company's network will be infected by a virus or spyware.

Second, since messages sent or received by a web-based e-mail account typically are stored on the mail provider's server, whether the messages, and, more importantly, the information contained in the messages, become the property of the mail provider, is an issue. At minimum, an employee's use of a web-based e-mail account to send or receive confidential corporate documents may weaken a company's argument that it took appropriate measures to ensure the confidentiality of its information. Thus, for example, it may be more difficult for a company to enforce a non-compete agreement because successful enforcement generally depends on whether a company can show it took reasonable and appropriate measures to protect its information.

Third, some web-based e-mail providers scan all messages for key words for purposes of targeted advertising to the user. Similarly, providers of electronic communication systems generally reserve the right to monitor messages to ensure the system is not being used for an improper purpose. Thus, corporate e-mail messages may be reviewed by a third-party. Not only does this diminish the confidentially of the message, but, if it was intended to be a privileged attorney-client communication, the fact that the message became accessible by a third-party may destroy the privilege.

Fourth, messages sent from web-based e-mail accounts typically do not pass through the company's corporate e-mail system. Consequently, key communications and different drafts of documents may not be archived on and accessible from the company's system. Employees may keep copies of their work in personal e-mail accounts or on their home computers, thereby circumventing the company's document retention and destruction policies. As a result, critical documents may not be recoverable in the event of litigation, or documents which should have been destroyed pursuant to company policy are not.

Employers must take steps to guard against these dangers. While most employers have policies governing use of the company's electronic communication systems, many do not enforce or update them consistently to keep pace with advances in technology. With an estimated 90 percent of all business information stored in electronic form, an up-to-date and consistently enforced electronic communications policy is a company's first defense in protecting the confidentiality of its information and the integrity of its systems.

What Employers Should Do

• Review your technology and electronic communication policies and update them where appropriate. (While most companies have policies regarding e-mail and Internet access, many do not have policies regarding instant messaging, the use of corporate networks to access web-based e-mail, blogging or the use of home computers to conduct corporate business.)
• Implement procedures and technology solutions to monitor the effectiveness of and compliance with your policies, especially as they relate to key areas such as human resources and finance.
• Provide training regarding technology and electronic communications and electronic document retention and destruction policies.

BACK TO EPL NEWS