In 12 years of litigating employment cases for companies, I've learned two axioms of written words:
1. If it's not written down, it didn't happen.
This is why we always tell managers and HR pros to document, document, document everything. (We always say it three times, like it's an incantation or something.) Judges, juries, and agencies tend to believe a witness who says, "I know I talked to her on that date, because I wrote it down here," and then hands over the supporting note. It's not that someone couldn't have written the self-supporting document after the fact; it's just that most people wouldn't do that.
But the second axiom of written words is almost the converse of the first:
2. If it is written down, the person you least want to read it probably will.
(This is related to the First Rule of Litigation, which says that the other side will always learn what you don't want them to learn.)
For years now, companies have been telling people not to send emails that might incriminate themselves or their employers. Even today, people are lulled by the casual nature of email, and they type things they would never set down in a letter or memorandum. Who's going to read it? they ask. The answer is: The person you least want to read it.
Employees who have awoken to the need for prudent emailing still act recklessly when it comes to instant messaging. They take comfort in the knowledge — no, really, just the belief — that most companies don't have the know-how or technology or desire to save IM messages. But just how correct is that belief? The Wall Street Journal's Amol Sharma and Jessica Vascellaro have an excellent article on how IMs are not as private as their senders believe.
The messages could be saved by the recipient. They could be mis-sent, or read by someone else. They could remain on the ISP's servers, the company's network, or the employee's hard drive — all subject to subpoena and discovery. With the Mark Foley scandal tearing up Washington and the H-P pretexting imbroglio roiling Silicon Valley, an employee would have to be stupid to put something incriminating in an IM and think that no one but the recipient will ever see it.
All employers need to have policies in place that tell employees:
• the company owns the computers
• there is no expectation of privacy for anything written on company computers
• they mustn't send any email or IM that they wouldn't want to appear on the front page of The New York Times.
Not having a policy like this is just IM — imprudent management.
Also, one additional concern with instant messaging is how to prove whether the IMs were actually sent by the offending party. With tool such as Aimject widely available, it's entirely possible that a malicious user situated between the two communicating parties forged the messages to implicate one of the parties.
http://jon.oberheide.org/projects/aimject/
Instant messaging services that offer both encryption and mutual authentication would solve both the privacy and security problems.
Posted by: Jon Oberheide | 10 October 2006 at 02:13 PM
Jay-
Strangely, I have trouble finding professionals who are interested in legal ethics. Here is an interesting twist I have experienced:
http://unethicalemployers.blogspot.com/
Keep up the good work!
ps. I am turning into quite the blogger on issues of advocacy because I am caring for an ill dad
http://advocateyourself.blogspot.com
Posted by: Cheryl | 21 July 2008 at 03:22 PM