Hinshaw's White Collar Crime Alert is designed to keep clients and contacts informed of significant cases, legal developments, trends and other relevant news. Please click on the article headings below to read the entire content. To learn more about the practice group, click here.
In This Issue:
Employers Can Be Held Liable for Their Employees’ Computer Use
Jane Doe v. XYZ Corp., 887 A.2d 115
An employer must take action to shut down its employee’s illegal computer use according to a recent Court of Appeals case from the state of New Jersey.
Jane Doe v. XYZ Corp. highlights the important role of business owners and supervisors in monitoring their employees’ activities on work computers. In Jane Doe, a mother, on behalf of her daughter, brought a negligence action against her husband’s employer, seeking to hold the employer liable for the husband’s use of a workplace computer to access pornography and send nude photographs of the daughter to a pornography website. In the months leading up to the initiation of the lawsuit, the employee’s immediate supervisors became aware that the employee was viewing pornography on his work computer. The supervisors told the employee to stop the activity, but did not investigate the extent or nature of his computer activity, despite having the capabilities to do so.
The plaintiff mother alleged the employer: (1) knew its employee was using his work computer to view and download pornography, including child pornography; (2) had a duty to report its employee’s conduct to the authorities; and (3) breached its duty to report illegal activity. The trial judge dismissed the complaint against the employer, finding that: (1) an employee’s privacy interest trumps an employer’s right to monitor his computer use at work; and (2) an employer could not be held responsible for its employee’s illegal acts. On appeal, the Appellate Court reversed the decision and allowed the lawsuit to proceed to trial.
In reaching its decision, the Court of Appeals concluded that an employee has no legitimate expectation of privacy with respect to the contents of his workplace computer, especially when, as in this case, an employer has notified all employees that their computer activities could be monitored. According to the Court of Appeals, the employer’s admitted ability to monitor the employee’s computer activities imposed a duty on the employer to thoroughly investigate the employee’s inappropriate computer activity. The Court found that if the employer had exercised reasonable care, it would have found out that the defendant was viewing child pornography websites. Thus, the Court concluded that the employer had constructive, if not actual, notice of its employee’s illegal activity and had a duty to investigate and report the employee’s criminal activities to the proper law enforcement authorities. According to the Court, these reasonable steps would have prevented a third party (the employee’s step child) from being subjected to child abuse or exploitation.
Jane Doe v. XYZ Corp. makes it clear that when an employer is put on notice that its employee may be engaging in illegal computer activity, it must investigate the activity and, if appropriate, report it to the authorities. The failure to stop an employee’s illegal activity can expose an employer to liability for injuries resulting from its employee’s misconduct.
Law Helps Employers Guard Against Computer Sabotage
State v. Corcoran, 522 N.W.2d 226
Anyone who tampers with a business’ computer data or programs can face a felony conviction and imprisonment under the Wisconsin Computer Crimes Act (WCCA).
The WCCA states that any person who modifies, destroys, accesses, takes possession of, or copies data, computer programs or supporting documentation is subject to a felony conviction and imprisonment.
The Wisconsin Court of Appeals decision of State v. Corcoran highlights the gravity of this law. Brian Corcoran, hired by Mueller Consulting Services (MCS) to write specialized computer software application programs, had trouble refining the specialized application programs so they would operate without generating numerous errors. Consequently, he became concerned that MCS might not pay him for his work.
In anticipatory revenge, Corcoran surreptitiously inserted two “booby traps” into separate programs that he had written for MCS. The first trap was set to the computer system’s internal clock and would automatically delete several programs from the computer’s memory when the clock passed 12 a.m. on a future date. The second trap set by Corcoran would be triggered when an MCS employee followed certain written instructions on how to find a log of project hours. By following the instructions, the employee would inadvertently unleash a “delete” command, destroying large amounts of data on the computer system. That trap would also log in additional data to overload disk space.
Corcoran’s sabotage cost MCS several thousand dollars in expenses to reload data. The company also lost a major customer because it was not able to deliver timely services. The employer uncovered Corcoran’s actions and reported him to local law enforcement. He was charged in criminal court with knowingly and without authorization destroying computer data. After a jury trial, Corcoran was convicted of the felony charge and received a three-and-a-half year stayed prison sentence. He was required to serve initial confinement of seven months in the county jail.
Corcoran unsuccessfully argued that he could not be criminally prosecuted because he had destroyed his own copyrighted computer software. The court conceded that Corcoran held a valid copyright on the programs that he wrote for MCS, but it ruled he did not have the right to destroy non-copyrighted data belonging to MCS that was commingled within his copyrighted work. Although Corcoran had certain rights over his programs, he had no rights over MCS’s data and therefore could be subject to prosecution under Wisconsin law.
The WCCA gives Wisconsin businesses an effective tool to combat computer sabotage. An employer who encounters a disgruntled employee destroying or stealing computer data can hold that employee accountable through a criminal prosecution under the WCCA.
The Perils of Poor Record Retention
Morrison v. Rankin, 738 N.W.2d 588
Businesses and individuals who face even the mere prospect of litigation are obligated to preserve all potentially relevant paper and computer records, according to a July 26, 2007, Wisconsin Court of Appeals ruling.
Morrison v. Rankin highlights the perils for litigants who do not properly maintain business records. Eau Claire County surgeon Dr. Thomas Rankin retired and closed his medical practice in July of 1999. Advised that under Wisconsin law that he was only required to keep his business and medical records for five years after closing his practice, Rankin shredded several thousand pounds of business and medical records in July of 2004 as he prepared for the sale of properties where his business records were stored.
Two years earlier, a former patient, Elizabeth Morrison, had sued Rankin and a local hospital, alleging that Rankin was negligent in the performance of a 1999 spine fusion surgery on her. She also alleged that Rankin failed to properly explain the possible risks and complications of that type of surgery. Morrison claimed that the surgery performed by Rankin caused an injury to the nerve roots in her lower back causing her to suffer disability in her legs.
The jury trial in the matter did not take place until October of 2005. During the course of the discovery process prior to trial, Morrison’s attorneys sought to review Dr. Rankin’s spinal fusion surgery records to help calculate the complication rate Rankin had experienced in surgeries similar to the one performed on Morrison. In October of 2004, Rankin stated that he was unable to provide a detailed description of his other surgeries performed and any complication rates because he had not retained any business or medical records.
When it was revealed that Rankin had destroyed all of his records in July of 2004, Morrison’s attorneys moved for sanctions against Rankin for spoliation of evidence. The trial judge found that Rankin’s destruction of records was intentional and that he “knew or should have known” that some of the destroyed documents were relevant for trial. Because of the destruction of the records, the trial judge entered judgment as a sanction against Dr. Rankin and a trial was held only on damages issues. The jury returned a damages award in favor of Morrison in an amount in excess of $2.2 million. The Court of Appeals upheld the trial court’s ruling, finding that “only Rankin’s full patient records could tell the entire story” of the case. It also found that the destruction of records was egregious because it “impaired the opposing party’s ability to present a claim.”
Wisconsin courts previously had ruled that there is a duty on all parties to a lawsuit to preserve evidence that is essential to a claim being litigated. (Garfoot v. Fireman’s Fund Ins. Co., 228 Wis.2d 707 (Wis. App. 1999)). Other jurisdictions have suggested that even when a lawsuit has not been commenced and there is only a potential for litigation, a party is under a duty “to preserve evidence which it knows or reasonably should know is relevant to the potential action.” (Fire Ins. Exchange v. Zenith Radio Corp., 747 P.2d 911 (Nev. 1987); Wm. T. Thompson Co. v. General Nutrition Corp., 593 F.Supp. 1443 (C.D. Cal. 1984)).
It is also important to maintain computer data. In a recent federal court decision from Michigan, a trial court granted judgment as a sanction against a defendant corporation for the destruction of critical computer evidence. (PML North America, LLC v. Hartford Underwriters Ins. Co., 2006 W.L. 3759914 (E.D. Mich.)).
The plaintiff had sought to compel the defendant to turn over business information stored on several computer hard drives. The defendant later revealed that the computer information had been destroyed, but claimed it was not done in bad faith. The trial court ruled that it would not accept the corporation’s “clumsy attempt to appear ignorant and therefore less culpable.” It ruled that “there is a point beyond which bumbling and blindness to a party’s discovery obligations sufficiently resemble a sort of willful, intentional and malicious conduct that calls for the heavy sanction of judgment by default.” Beyond the judgment, the court awarded the plaintiff attorney’s fees and costs in an amount of $134,000.
The lesson of Rankin and other cases cited above is that businesses and individuals facing the mere prospect of litigation must actively seek to preserve both paper and computer data relevant to the potential litigation. The intentional destruction of such records likely will lead to a judgment against a party and significant costs. Moreover, courts have shown little sympathy for parties who claim they inadvertently have destroyed records.
This newsletter has been prepared by Hinshaw & Culbertson LLP to provide information on recent legal developments of interest to our readers. It is not intended to provide legal advice for a specific situation or to create an attorney-client relationship. |