The 11 E-Info Risks—Realistic and Legal Policies

Beachboard, who is a shareholder in the Los Angeles office of employment law firm Ogletree Deakins, details the risks in today’s Advisor. He made his comments at the SHRM Annual Conference and Exhibition held recently in Atlanta.

1. Leaks of Company Information

The risk of unwanted disclosures is at the top of CEOs’ worries, says Beachboard. They are concerned about public display of:

  • Confidential company information
  • Trade secrets
  • Other intellectual property

And the concern is real. Consider the following, says Beachboard:

  • You can’t hide company information—somebody has to have access.
  • Blogs and websites are ripe avenues for employees to disclose confidential and/or proprietary information.
  • Disclosure can easily be anonymous.
  • Disclosure can be intentional or unintentional (Unintentional disclosures happen with surprising frequency, says Beachboard.)
  • Your private data can be spread quickly to millions.
  • Once secrets and rumors on blogs “go viral” they are difficult to stop or clean up.

One study showed that companies that monitored outgoing email reported an estimated 25% of their outgoing emails contained content that posed a legal, financial, or regulatory risk, Beachboard says. (The “e” in email stands for evidence, he notes. It’s a document.)

One study showed that fully one third of U.S. companies had had some confidential information compromised on sites like Facebook and LinkedIn.

2. Loss or Disclosure of Employees’ or Customers’ Private Information

Sensitive personal information—relating to both employees and customers—must be protected. The vast majority of disclosures occur with untrained or careless employees and are generally possible because of the failure of the employer to put into place and follow security policies and procedures to protect the personal information.

For example, says Beachboard, you might want a policy that says that social security numbers must be encrypted before transmitting.

Another aspect of the problem is that while most employers jealously guard data on their corporate systems, they pay less attention to data on personal devices, says Beachboard.

Budget cuts? Let us help.® is your one-stop solution for all your HR compliance and training needs. Take a no-cost, no-obligation trial and get a complimentary copy of our special report Critical HR Recordkeeping—From Hiring to Termination. It’s yours—no matter what you decide.

Unfortunately, those personal devices are often lost. If a company-owned phone is lost, you’ll probably find out, because the person needs a new one; but if the employee loses a personal device, you may never find out. What to do?

  • Limit what is stored on personal devices
  • Know what is stored on personal devices
  • Enforce security provisions on personal devices
  • Know when a personal device has been lost or stolen

Some companies use special software that tracks the information on personal devices and can “wipe” the device if lost or stolen, says Beachboard.

3. Negligent Supervision/Retention

When the company knows or should know that an employee is doing “bad deeds,” yet does nothing to prevent the employee from repeating the bad deeds, there could be liability for negligence.

For example, when an employee posts something on a company-sponsored blog, or uses his or her company email address, the company may be held vicariously liable for those posts. It appears to the reader of the blog that the employer authorized the statements.

In one case, a NJ employer has been sued by an employee’s wife after her husband posted porn pictures of the couple’s daughter using a company scanner and email. The company had learned that the employee was accessing child pornography and had admonished him once, but not a second time when it didn’t stop.

4. Defamation Claims

It’s so easy to forward and circulate emails and data, says Beachboard. That can increase exposure.

For example, an employee filed a claim of defamation against a former employer, alleging that the employer accused her of credit card fraud in an email that was circulated among her former coworkers. What was the exposure in this case? It turned out that the allegations weren’t true, and a jury awarded the former employee $1,000,000 in damages.

Find out what the buzz is all about. Take a no-cost look at, solve your top problem, and get a complimentary gift.

5. Postings that Promote Company Products

Federal Trade Commission (FTC) Guidelines (16CFR255) concern endorsements and testimonials in advertising on “new media.” The FTC can take actions against a company whose employees comment on company products or services without disclosing the employment relationship.

The guidelines require that employees disclose “material connections.” Employment is a material connection, adds Beachboard.

In tomorrow’s Advisor, more sins of e-data, plus an introduction to the premier HR website,

Follow Stephen Bruce on Google+

  • Barb

    I’ve heard of company’s secrets being leaked as easily as an employee posting a photo on Facebook of his workspace, with a product under development showing in the background. Scary stuff.