Upload
bertram-anthony
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
Legal Considerations:Legal Considerations:
““Privacy & SecurityPrivacy & Security
In the 21In the 21stst Century” Century”
Van Vleck Turner & Zaller LLPA T T O R N E Y S
Counsel to California Employers
RSA RESEARCH SECURITY ADMINISTRATORS
Presented by Brian F. Van Vleck
Van Vleck Turner & Zaller LLP
www.vtzlaw.com
www.vtzlawblog.com
OVERVIEW I. The Dilemma of The Corporation In
The Information Age
II. Why Companies Must Investigate
III. The Legal Limits on Corporate Investigations
IV. Who Should Investigate?
V. How To Investigate
THE DILEMMA OF THE ORPORATION THE DILEMMA OF THE ORPORATION IN THE INFORMATION AGEIN THE INFORMATION AGE
More threats to Corporate assets, More threats to Corporate assets, information and peopleinformation and people
More legal duties to investigateMore legal duties to investigate
At the same time, more legal At the same time, more legal restrictions are being imposed on restrictions are being imposed on corporate investigationscorporate investigations
HEWLETT-PACKARD: CASE STUDY OF AN INVESTIGATION
GONE WRONG
• Criminal Complaint filed by California Attorney General against HP Chairwoman, Patricia Dunn, and HP's Chief Ethics Officer, Kevin Hunsaker
• Charges also filed against Ronald DeLia, the managing director of Security Outsourcing Services, the Company hired by HP and two of its private investigators
HEWLETT-PACKARD: CASE STUDY OF AN INVESTIGATION GONE
WRONG (CONT.)
• The Criminal Complaint alleges counts for “fraudulent use of wire communications; wrongful use of computer data; and identity theft.”
• Violation of Penal Code sections 538.5, 530.5(a) and 502(c)(2)
• Together, all four counts carry a maximum prison sentence of three years and maximum fines of $55,000
WHY COMPANIES MUST WHY COMPANIES MUST INVESTIGATEINVESTIGATE
Corporate officers have a fiduciary Corporate officers have a fiduciary duty to shareholders to prevent duty to shareholders to prevent waste, fraud and misappropriation waste, fraud and misappropriation of assetsof assets
To Protect Company’s Physical Property
WHY COMPANIES MUST INVESTIGATE (CONT.)
• In order to preserve legal trade secret status, a company must take all reasonable efforts to maintain the confidentiality of its proprietary information
To Protect Company’s Intellectual Property
WHY COMPANIES MUST INVESTIGATE (CONT.)
• Labor Code Section 6301 requires California employers to maintain a“safe workplace”
To Protect Company’s Workers and Customers
WHY COMPANIES MUST INVESTIGATE (CONT.)
• “A director’s obligation includes a duty to attempt in good faith to assure that a corporate information and reporting system” exists, which is “adequate to assure the board that appropriate information will come to its attention in a timely manner as a matter of ordinary operations.”
• “Flagrant organizational indifference” to misconduct is sufficient to establish corporate criminal intent
To Comply with Fiduciary Duties and Sarbanes Oxley
WHY COMPANIES MUST INVESTIGATE (CONT.)
• The California Fair Employment and Housing Act (“FEHA”), requires an employer “to take all reasonable steps to prevent discrimination.”
• “Good cause” for terminating an employee due to misconduct requires a “reasoned conclusion . . . supported by substantial evidence gathered through an adequate investigation on a reasonable inquiry into the facts.”
To Avoid Legal Liability
WHY COMPANIES MUST INVESTIGATE (CONT.)
• California’s “reasonably avoidable consequences doctrine” may cut off damages to any plaintiff who fails to utilize the company’s established complaint and investigation policy
• Failure to investigate employee misconduct may lead to vicarious liability or punitive damages based on alleged “ratification”
LEGAL LIMITS ON COMPANY LEGAL LIMITS ON COMPANY INVESTIGATIONSINVESTIGATIONS
Private Right of ActionPrivate Right of Action
Elements:Elements: (1) A legally protected privacy interest (1) A legally protected privacy interest
(2) A reasonable expectation of privacy in the (2) A reasonable expectation of privacy in the circumstances circumstances
andand
(3) Conduct by defendant constituting a serious invasion of (3) Conduct by defendant constituting a serious invasion of privacy privacy
Right of Privacy – California Constitution
LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)
• Balancing of Interests Defense
Even where a significant privacy intrusion isfound it may still be justified based on a “weighing”or “balancing” of the privacy interests against the employer justification.
• Consent Defense
An employee’s knowing consent to the disclosure of private information is usually sufficient to remove any reasonable expectation of privacy and waive his or her privacy rights.
Right of Privacy – California Constitution
LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)
• Job Applicants may be subjected to mandatory drug testing.
• Current employees may generally be tested only where the employer has a “reasonable suspicion” of drug use.
• Certain special categories of employees, such as security personnel and workers with a special impact on public safety may probably be subjected to random, suspicionless testing.
DRUG TESTING
LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)
To the extent that an employer has a policy putting employees on notice, there is no reasonable expectation of privacy in the use of employer-provided computers or in workplace communications.
SEARCHING WORKPLACE E-MAIL, PHONE LOGSAND COMPUTER FILES
LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)
• Employees may have a reasonable expectation of privacy in various workspaces
• But this may be waived if employees are given prior notice of potential searches
SEARCHING DESKS, LOCKERS, AND OTHER WORK SPACES
LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)
• Federal Omnibus Crime Control and Safe Streets Act of 1968, as amended by the Electronic Communications Privacy Act of 1986, establishes criminal and civil liability for illegally intercepting communications and for illegally accessing stored communications. (18 U.S.C. § 2500 et seq.).
• The California Privacy Act (“CPA”) also prohibits electronic “wiretapping” or “eavesdropping.” (Penal Code §§ 631- 632).
• Silent video surveillance is presumably not covered by state or federal statutes, but may violate privacy rights depending on time, place and manner of videotaping (e.g., in bathrooms or locker rooms).
“WIRETAPPING”AND ELECTRONIC EAVESDROPPING
LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)
• Federal law permits recording of conversations when one of the parties consents to the recording. The California law imposes criminal and civil liability unless there is consent of all parties to the communication.
• The California Supreme Court has recently held that California’s law requiring consent of all parties applies whenever at least one of the parties is in California.
“WIRETAPPING”AND ELECTRONIC EAVESDROPPING (Cont.)
LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)
• Federal Employee Polygraph Protection Act of 1988, prohibits employers from even requesting an employee to submit to lie detector test except based on reasonable suspension as part of an on-going investigation involving economic loss.
• Significantly, the definition of restricted “lie detector” tests is not limited to polygraphs, but includes any “voice stress analyzer,” “psychological stress analyzer,” or “any similar device (whether mechanical or electrical).”
USE OF “LIE DETECTORS” OR POLYGRAPHS
LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)
• Extortion is defined as “the obtaining of property from another, with his consent, induced by the wrongful use of force or fear”
• The definition of “fear” includes threats of criminal prosecution
• Valuable information as “property” under the extortion statute?
THREATS CONSTITUTING EXTORTION
LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)
Wrongfully restricting the physical movement of an individual – for example, requiring a subject to remain in an interrogation room
FALSE IMPRISONMENT
LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)
• Violation of federal law to take any letter “before it has been delivered to the person to whom it was directed”
Application to mail delivered to employer’s business?
INTERCEPTING U.S. MAIL
LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)
•“Obtaining Phone Records by false pretenses is prohibited by California Penal Code sections 538.5 and 530.5(a).
• “Hacking” confidential computer files is prohibited by California Penal Code section 502(c)(2).
• Business & Professions Code 17200 et seq. generally prohibits any “illegal, unfair, or fraudulent” business practices
• Forthcoming FTC regulations and federal statutes will undoubtedly create new restrictions
“PRETEXTING”
WHO SHOULD CONDUCT THE WHO SHOULD CONDUCT THE INVESTIGATIONINVESTIGATION
In-House Personnel? In-House Personnel?
Outside Private Investigators?Outside Private Investigators?
Outside Legal Counsel?Outside Legal Counsel?
WHO SHOULD CONDUCT THE INVESTIGATION?
Advantages
• More Knowledge of Company and facts
• Less expensive
Disadvantages
• Perceived lack of objectivity
• Lack of legal or technical expertise
• Lack of privilege
In-House Personnel
WHO SHOULD CONDUCT THE INVESTIGATION?
Advantages
• Technical Expertise
• Lack of Company responsibility for methods and techniques
Disadvantages
• More expensive
• Lack of company control over methods and techniques
Outside Private Investigators
WHO SHOULD CONDUCT THE INVESTIGATION?
Advantages
• Attorney-client privilege may protect investigation results from disclosure
• Knowledge of legal parameters on investigations
Disadvantages
• Most expensive alternative
• Limitations on Ex Parte Contacts if Target is Represented by Counsel
Outside Legal Counsel
WHO SHOULD CONDUCT THE INVESTIGATION?
• Outside counsel and outside investigators are independent contractors and not employees
• Company’s degree of responsibility for such agents may depend on the type of information sought and the extent of the Company’s knowledge, instructions and supervision
Is Outsourcing A Defense To Improper Investigation Tactics?
WHO SHOULD CONDUCT THE WHO SHOULD CONDUCT THE INVESTIGATION?INVESTIGATION?
Depends on Type of Incident Being Depends on Type of Incident Being InvestigatedInvestigated
Typical In-House InvestigationTypical In-House Investigation
Interview the complainant firstInterview the complainant first
Give the accused fair notice and an opportunity Give the accused fair notice and an opportunity to respondto respond
Written Report of findings and actions takenWritten Report of findings and actions taken
How Should A Typical Investigation Be Conducted?
Van Vleck Turner & Zaller LLP
www.vtzlaw.com
www.vtzlawblog.com