Legal Considerations:Legal Considerations:

““Privacy & SecurityPrivacy & Security

In the 21In the 21stst Century” Century”

Van Vleck Turner & Zaller LLPA T T O R N E Y S

Counsel to California Employers

RSA RESEARCH SECURITY ADMINISTRATORS

Presented by Brian F. Van Vleck

Van Vleck Turner & Zaller LLP

www.vtzlaw.com

www.vtzlawblog.com

OVERVIEW I. The Dilemma of The Corporation In

The Information Age

II. Why Companies Must Investigate

III. The Legal Limits on Corporate Investigations

IV. Who Should Investigate?

V. How To Investigate

THE DILEMMA OF THE ORPORATION THE DILEMMA OF THE ORPORATION IN THE INFORMATION AGEIN THE INFORMATION AGE

More threats to Corporate assets, More threats to Corporate assets, information and peopleinformation and people

More legal duties to investigateMore legal duties to investigate

At the same time, more legal At the same time, more legal restrictions are being imposed on restrictions are being imposed on corporate investigationscorporate investigations

HEWLETT-PACKARD: CASE STUDY OF AN INVESTIGATION

GONE WRONG

• Criminal Complaint filed by California Attorney General against HP Chairwoman, Patricia Dunn, and HP's Chief Ethics Officer, Kevin Hunsaker

• Charges also filed against Ronald DeLia, the managing director of Security Outsourcing Services, the Company hired by HP and two of its private investigators

HEWLETT-PACKARD: CASE STUDY OF AN INVESTIGATION GONE

WRONG (CONT.)

• The Criminal Complaint alleges counts for “fraudulent use of wire communications; wrongful use of computer data; and identity theft.”

• Violation of Penal Code sections 538.5, 530.5(a) and 502(c)(2)

• Together, all four counts carry a maximum prison sentence of three years and maximum fines of $55,000

WHY COMPANIES MUST WHY COMPANIES MUST INVESTIGATEINVESTIGATE

Corporate officers have a fiduciary Corporate officers have a fiduciary duty to shareholders to prevent duty to shareholders to prevent waste, fraud and misappropriation waste, fraud and misappropriation of assetsof assets

To Protect Company’s Physical Property

WHY COMPANIES MUST INVESTIGATE (CONT.)

• In order to preserve legal trade secret status, a company must take all reasonable efforts to maintain the confidentiality of its proprietary information

To Protect Company’s Intellectual Property

WHY COMPANIES MUST INVESTIGATE (CONT.)

• Labor Code Section 6301 requires California employers to maintain a“safe workplace”

To Protect Company’s Workers and Customers

WHY COMPANIES MUST INVESTIGATE (CONT.)

• “A director’s obligation includes a duty to attempt in good faith to assure that a corporate information and reporting system” exists, which is “adequate to assure the board that appropriate information will come to its attention in a timely manner as a matter of ordinary operations.”

• “Flagrant organizational indifference” to misconduct is sufficient to establish corporate criminal intent

To Comply with Fiduciary Duties and Sarbanes Oxley

WHY COMPANIES MUST INVESTIGATE (CONT.)

• The California Fair Employment and Housing Act (“FEHA”), requires an employer “to take all reasonable steps to prevent discrimination.”

• “Good cause” for terminating an employee due to misconduct requires a “reasoned conclusion . . . supported by substantial evidence gathered through an adequate investigation on a reasonable inquiry into the facts.”

To Avoid Legal Liability

WHY COMPANIES MUST INVESTIGATE (CONT.)

• California’s “reasonably avoidable consequences doctrine” may cut off damages to any plaintiff who fails to utilize the company’s established complaint and investigation policy

• Failure to investigate employee misconduct may lead to vicarious liability or punitive damages based on alleged “ratification”

LEGAL LIMITS ON COMPANY LEGAL LIMITS ON COMPANY INVESTIGATIONSINVESTIGATIONS

Private Right of ActionPrivate Right of Action

Elements:Elements: (1) A legally protected privacy interest (1) A legally protected privacy interest

(2) A reasonable expectation of privacy in the (2) A reasonable expectation of privacy in the circumstances circumstances

andand

(3) Conduct by defendant constituting a serious invasion of (3) Conduct by defendant constituting a serious invasion of privacy privacy

Right of Privacy – California Constitution

LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)

• Balancing of Interests Defense

Even where a significant privacy intrusion isfound it may still be justified based on a “weighing”or “balancing” of the privacy interests against the employer justification.

• Consent Defense

An employee’s knowing consent to the disclosure of private information is usually sufficient to remove any reasonable expectation of privacy and waive his or her privacy rights.

Right of Privacy – California Constitution

LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)

• Job Applicants may be subjected to mandatory drug testing.

• Current employees may generally be tested only where the employer has a “reasonable suspicion” of drug use.

• Certain special categories of employees, such as security personnel and workers with a special impact on public safety may probably be subjected to random, suspicionless testing.

DRUG TESTING

LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)

To the extent that an employer has a policy putting employees on notice, there is no reasonable expectation of privacy in the use of employer-provided computers or in workplace communications.

SEARCHING WORKPLACE E-MAIL, PHONE LOGSAND COMPUTER FILES

LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)

• Employees may have a reasonable expectation of privacy in various workspaces

• But this may be waived if employees are given prior notice of potential searches

SEARCHING DESKS, LOCKERS, AND OTHER WORK SPACES

LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)

• Federal Omnibus Crime Control and Safe Streets Act of 1968, as amended by the Electronic Communications Privacy Act of 1986, establishes criminal and civil liability for illegally intercepting communications and for illegally accessing stored communications. (18 U.S.C. § 2500 et seq.).

• The California Privacy Act (“CPA”) also prohibits electronic “wiretapping” or “eavesdropping.” (Penal Code §§ 631- 632).

• Silent video surveillance is presumably not covered by state or federal statutes, but may violate privacy rights depending on time, place and manner of videotaping (e.g., in bathrooms or locker rooms).

“WIRETAPPING”AND ELECTRONIC EAVESDROPPING

LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)

• Federal law permits recording of conversations when one of the parties consents to the recording. The California law imposes criminal and civil liability unless there is consent of all parties to the communication.

• The California Supreme Court has recently held that California’s law requiring consent of all parties applies whenever at least one of the parties is in California.

“WIRETAPPING”AND ELECTRONIC EAVESDROPPING (Cont.)

LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)

• Federal Employee Polygraph Protection Act of 1988, prohibits employers from even requesting an employee to submit to lie detector test except based on reasonable suspension as part of an on-going investigation involving economic loss.

• Significantly, the definition of restricted “lie detector” tests is not limited to polygraphs, but includes any “voice stress analyzer,” “psychological stress analyzer,” or “any similar device (whether mechanical or electrical).”

USE OF “LIE DETECTORS” OR POLYGRAPHS

LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)

• Extortion is defined as “the obtaining of property from another, with his consent, induced by the wrongful use of force or fear”

• The definition of “fear” includes threats of criminal prosecution

• Valuable information as “property” under the extortion statute?

THREATS CONSTITUTING EXTORTION

LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)

Wrongfully restricting the physical movement of an individual – for example, requiring a subject to remain in an interrogation room

FALSE IMPRISONMENT

LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)

• Violation of federal law to take any letter “before it has been delivered to the person to whom it was directed”

Application to mail delivered to employer’s business?

INTERCEPTING U.S. MAIL

LEGAL LIMITS ON COMPANY INVESTIGATIONS (CONT.)

•“Obtaining Phone Records by false pretenses is prohibited by California Penal Code sections 538.5 and 530.5(a).

• “Hacking” confidential computer files is prohibited by California Penal Code section 502(c)(2).

• Business & Professions Code 17200 et seq. generally prohibits any “illegal, unfair, or fraudulent” business practices

• Forthcoming FTC regulations and federal statutes will undoubtedly create new restrictions

“PRETEXTING”

WHO SHOULD CONDUCT THE WHO SHOULD CONDUCT THE INVESTIGATIONINVESTIGATION

In-House Personnel? In-House Personnel?

Outside Private Investigators?Outside Private Investigators?

Outside Legal Counsel?Outside Legal Counsel?

WHO SHOULD CONDUCT THE INVESTIGATION?

Advantages

• More Knowledge of Company and facts

• Less expensive

Disadvantages

• Perceived lack of objectivity

• Lack of legal or technical expertise

• Lack of privilege

In-House Personnel

WHO SHOULD CONDUCT THE INVESTIGATION?

Advantages

• Technical Expertise

• Lack of Company responsibility for methods and techniques

Disadvantages

• More expensive

• Lack of company control over methods and techniques

Outside Private Investigators

WHO SHOULD CONDUCT THE INVESTIGATION?

Advantages

• Attorney-client privilege may protect investigation results from disclosure

• Knowledge of legal parameters on investigations

Disadvantages

• Most expensive alternative

• Limitations on Ex Parte Contacts if Target is Represented by Counsel

Outside Legal Counsel

WHO SHOULD CONDUCT THE INVESTIGATION?

• Outside counsel and outside investigators are independent contractors and not employees

• Company’s degree of responsibility for such agents may depend on the type of information sought and the extent of the Company’s knowledge, instructions and supervision

Is Outsourcing A Defense To Improper Investigation Tactics?

WHO SHOULD CONDUCT THE WHO SHOULD CONDUCT THE INVESTIGATION?INVESTIGATION?

Depends on Type of Incident Being Depends on Type of Incident Being InvestigatedInvestigated

Typical In-House InvestigationTypical In-House Investigation

Interview the complainant firstInterview the complainant first

Give the accused fair notice and an opportunity Give the accused fair notice and an opportunity to respondto respond

Written Report of findings and actions takenWritten Report of findings and actions taken

How Should A Typical Investigation Be Conducted?

Van Vleck Turner & Zaller LLP

www.vtzlaw.com

www.vtzlawblog.com