The EEOC’s Title VII Conciliation Duty Remains Fair Game for Judicial Review

I am going to apologize in advance for this “Employee with the Dragon Tattoo Employment Law Blog” posting, because I suspect it will likely contain more than your daily suggested requirement of “legal-ese”. However, the issue of the Equal Employment Opportunity Commission’s (“EEOC”) duty to engage in conciliation before suing an employer seems to be developing into another ongoing showdown between the agency and the federal courts. It is also an important issue for employers.

What prompted this posting was an editorial in the Wall Street Journal entitled "Is the EEOC Above the Law?"  It addressed the EEOC’s recently stated position that the EEOC’s conciliation efforts with employers, or lack thereof, were not subject to review by the courts. As detailed in the editorial, the EEOC subsequently received a severe slap-down by a U.S. District Judge in Texas. It also got me thinking about a case I had a number of years ago where the question of “good faith conciliation” became a significant issue.

For non-lawyers (and other well-adjusted folks) “conciliation” is just a fancy word for trying to reach a settlement before an EEOC Investigation and determination evolves into an actual lawsuit brought by the agency.  It's an option many employers want to at least explore before having to engage in the costly defense of a discrimination suit brought by a government agency. 

When the EEOC makes a “reasonable cause” determination in the course of investigating a charge of discrimination, it triggers a mandatory responsibility under 42 U.S.C. § 2000e-5(f)(1) to engage in good faith conciliation efforts before filing a lawsuit. This responsibility is not supposed to be a mere formality that is satisfied by merely making a few telephone calls and then checking a box on an agency form. Conciliation, after all, serves important public interests by, among other things, guaranteeing administrative due process to the accused, protecting the public from unwarranted litigation expense, and conserving scarce administrative and judicial resources. It is for these reasons that federal courts uniformly recognize that the responsibility of good faith conciliation is so important that honoring it is a condition precedent to the EEOC filing a lawsuit.

Good faith conciliation efforts depend on the honest and straightforward communication of basic factual information. Common sense dictates that good faith conciliation efforts do not include “hiding the ball” by failing to communicate, or worse, withholding, basic factual information, since such tactics obviously deprive the accused of both the opportunity to respond to claims against it and the ability to understand the basis of any damages sought in settlement of those claims. Rather, good faith conciliation efforts can only occur when the EEOC “lays the cards on the table” by disclosing factual information sufficient to afford the accused with a reasonable opportunity to respond to the claims and damages at issue before the EEOC commits itself to litigation.

To satisfy the statutory requirement of good faith conciliation, the EEOC must: (1) outline to the employer the reasonable cause for its belief that the law has been violated; (2) offer an opportunity for voluntary compliance; and (3) respond in a reasonable and flexible manner to the reasonable attitudes of the employer. If a court finds that the EEOC terminated conciliation prematurely or failed to conciliate in good faith, it may stay the action and compel the EEOC to conciliate or dismiss the lawsuit. 42 U.S.C. § 2000e-5(f)(1) (1976) (the court may “in its discretion stay further proceedings for not more than sixty days pending further efforts of the Commission to obtain voluntary compliance”); see also EEOC v. Agro Dist., LLC, 555 F.3d 462, 469 (5th Cir. 2009) (“Courts remain free to impose a stay for the EEOC to continue prematurely terminated negotiations, and where the EEOC fails to act in good faith, dismissal remains an appropriate sanction.”).

So what are some hallmarks of “bad faith” conciliation? Denying an employer’s reasonable request for a face-to-face meeting is a common and compelling factor in finding that the EEOC has failed to conciliate in good faith. See, e.g., EEOC v. Agro Dist., LLC, 555 F.3d 462, 469 (5th Cir. 2009); EEOC v. Pacific Maritime Assoc., 188 F.R.D. 379, 380-381 (D. Or. 1999).

Another tactic found by the courts to be unreasonable and in bad faith is if the EEOC takes an “all-or-nothing” approach to settlement. See, e.g., Agro, 555 F.3d at 468 (“The EEOC's take-it-or-leave-it demand for more than $150,000 represents the coercive, ‘all-or-nothing approach’ previously condemned by this court…”); EEOC v. Asplundh Tree Expert Co., 340 F.3d 1256, 1259 (11th Cir. 2003) (“As we have said before, such an ‘all or nothing’ approach on the part of a government agency, one of whose most essential functions is to attempt conciliation with the private party, will not do”).

Lastly, federal courts have held that the EEOC’s failure to explain its monetary demands is not reasonable and does not allow a defendant to properly respond. See, e.g., EEOC v. Golden Lender Fin. Group, No. 99 CIV. 8591 (JGK), 2000 WL 381426, at *5 (S.D. N.Y. Apr. 13, 2000) (holding that the EEOC did not meet its statutory obligation to conciliate when it ended conciliation after the charged party sought additional information regarding the requested damages of certain alleged victims); EEOC v. Pac. Mar. Ass’n, 188 F.R.D. 379, 381 (D. Or. 1999) (ordering a stay for further conciliation where “meaningful conciliation efforts were thwarted” during conciliation after “[c]ounsel for [defendant] reasonably requested that the EEOC investigator explain his calculation of the monetary settlement offered”).

In the case I was involved in, my co-counsel and I were faced with all three of the tactics described above. We were representing an out-of-state company in a sexual harassment claim brought by a number of employees, and the particular out-of-state EEOC office had filed suit after very perfunctory and unproductive conciliation.  The client had responded promptly and correctly when it discovered the actions of a rogue supervisory employee, yet the EEOC was demanding an excessive "take-it-or-leave-it" monetary settlement, wildly disproportionate to actual damages in the case.

We responded by filing a motion with the court to stay litigation and compel good faith conciliation. In a well-reasoned opinion, the U.S. Magistrate assigned to the case ruled in our favor and ordered the EEOC back to the table.  While the case was not resolved at the "re-conciliation", it laid the groundwork for a later settlement of the case for a reasonable amount.

I think the ability of the federal courts to review the EEOC’s conciliation efforts is a valuable protection for employers, and without it, the statutory requirement of conciliation would become meaningless. In fairness and full disclosure, my overwhelming experience with the EEOC in this regard, especially the local office here in Jackson, Mississippi, has been positive and the people professional and upfront in conciliation negotiations. However, as shown by the many court opinions on the subject, bad faith conciliation occurs and the judiciary is a vital check to such abuse.

Mark Fijman is a labor and employment attorney with Phelps Dunbar, LLP, which has offices in Louisiana, Mississippi, Florida, Texas, Alabama, North Carolina and London. To view his firm bio, click here. He can be reached at (601) 360-9716 and by e-mail at fijmanm@phelps.com

Accessing Employee’s Personal E-Mails on Company-Issued Phone Exposes Employer to Liability Under Federal Stored Communications Act

Earlier this month, I posted an article on how employers could face liability under the federal Stored Communications Act (“SCA”) if they solicited Facebook “friends” to access an employee’s social media postings. 

According to a U.S. District Court in Ohio, employers also could face SCA liability for viewing an employee’s e-mails on a company-issued phone.

In Lazette v. Kulmatycki and Cellico Partnership d/b/a Verizon Wireless, 3:12-cv-2416 (JGC) (N.D. Ohio June 5, 2013), Sandi Lazette received a company-issued Blackberry from her employer, Verizon Wireless.  Lazette would send and receive business related e-mails on the device. She was told that she also could use the company-issued phone for personal e-mail so she linked the device to her personal G-mail account.

When she left the company in September 2010, she returned the company-issued phone to her supervisor, Chris Kulmatycki. She understood that Verizon would “recycle” the phone for use by another employee.  However, when Lazette returned the phone, she neglected to delete the access to her personal Gmail account.

Over the next 18 months, without Lazette’s knowledge or authorization, Kulmatycki accessed her G-mail and accessed approximately 48,000 of her e-mails, which included communications about her family, career, financials, health, and other personal matters.  Lazette subsequently filed suit against Verizon and her former supervisor under the SCA. 

The company sought to have the case dismissed on a number of grounds, including its argument that the supervisor’s access was “not” unauthorized because: (1) he used a company-owned Blackberry; (2) he did not access a “facility,” as the statute uses that term; and that (3) Lazette authorized Kulmatycki’s access because she had not expressly told him not to read her e-mails and that she implicitly consented to his access by not deleting her G-mail account. Not surprisingly, the District Court rejected Verizon’s argument:

Turning to the substance of defendants’ contentions, defendants, in effect, contend that plaintiff’s negligence left her e-mail door open for Kulmatycki to enter and roam around in for as long and as much as he desired . . . Whether viewed through the lens of negligence or even of implied consent, there is no merit to defendants’ attempt to shift the focus from Kulmatycki’s actions to plaintiff’s passive and ignorant failure to make certain that the blackberry could not access her future e-mail.

After the District Court denied Verizon and Kulmatycki’s motion to dismiss, the case settled in August 2013 before it went to trial.

In this particular case, it’s obvious that the supervisor’s actions were not authorized by Verizon and his stalker-like review of the plaintiff’s personal e-mails were not for any legitimate business purpose. 

Aside from the inherent creepiness and “ick factor” of the plaintiff’s former supervisor, this case highlights the need for employers to have very clear policies as to what level of privacy an employee can expect in their use of a company’s devices or when an employee uses a personal mobile device or computer on behalf of their employer. 

In years past, such policies would simply inform employees that they should have no expectation of privacy, and that the company device is the property of the employer and may be subject to monitoring.  However, with companies allowing more personal use of company devices or moving to the practice of “BYOD” or “bring Your Own Device” for use at work, the lines have gotten blurred.  As such, employers need to regularly review and update their handbook policies to address how technology is actually being utilized by employees.

In light of this case, a good internal practice would be for a company’s IT department to review all returned devices and ensure they are scrubbed of any personal information before being recycled to another employee.

Mark Fijman is a labor and employment attorney with Phelps Dunbar, LLP, which has offices in Louisiana, Mississippi, Florida, Texas, Alabama, North Carolina and London. To view his firm bio, click here. He can be reached at (601) 360-9716 and by e-mail at fijmanm@phelps.com.

EEOC Lawsuit Over Dreadlocks Sparks Criticism and Highlights Issues with Workplace Grooming Policies

The Equal Employment Opportunity Commission ("EEOC") has filed suit against Catastrophe Management Solutions, a Mobile, Alabama based insurance claims company, alleging the company violated Title VII of the Civil Rights Act by discriminating against an African-American job applicant on the basis of race because she wore dreadlocks. (Equal Employment Opportunity Commission v. Catastrophe Management Solutions, Inc., Civil Action No. 1:13-cv-00476-CB-M) The lawsuit highlights the employment issues that can arise over workplace grooming policies, and also has sparked sharp criticism from the business community.

According to the EEOC's suit, after completing an online job application, Chastity Jones was among a group of applicants who were selected for a group interview on May 12, 2010. At the time of the interview, Jones, who is black, had blond hair that was dreaded in neat curls, or "curllocks." Catastrophe's human resources staff conducted the group interview and offered Jones a position as a customer service representative.

Later that day, the human resources staff met with Jones to discuss her training schedule. During that meeting, they realized that Jones's curled hair was in dreadlocks. The manager in charge told Jones that the company did not allow dreadlocks and that she would have to cut them off in order to obtain employment. Jones declined to cut her hair, and the manager immediately rescinded the job offer.

In the lawsuit, the EEOC argues that Catastrophe's ban on dreadlocks and the imposition of its grooming policy on Jones discriminates against African-Americans based on physical and/or cultural characteristics. Delner Franklin-Thomas, district director for the EEOC's Birmingham District Office, stated, "Generally, there are racial distinctions in the natural texture of black and non-black hair. The EEOC will not tolerate employment discrimination against African-American employees because they choose to wear and display the natural texture of their hair, manage and style their hair in a manner amenable to it, or manage and style their hair in a manner differently from non-blacks.

The lawsuit came under sharp criticism today in a Wall Street Journal editorial entitled "The EEOC's Bad Hair Day".  The editorial notes the EEOC has a habit of "challenging perfectly legal business practices" and "[s]o is it any wonder that the agency is now expanding resources to workplace dress codes." The editorial had much harsher words for the EEOC’s position:

Apparently Ms. Franklin-Thomas has never seen dreadlocked whites (like the Counting Crow's Adam Duritz) or Latinas (like Shakira). Catastrophe's policy is in fact racially neutral because it enjoins all employees, regardless of race, "to be dressed and groomed in a manner that projects a professional and businesslike image," including "hairstyle." The company determined that dreadlocks don't meet that standard, as is its right.

By leveling a complaint on Ms. Jones's behalf, the EEOC is perversely suggesting that black people shouldn't be held to the same standards as everyone else. The larger travesty of this case and other misbegotten EEOC crusades of late is that they take time and resources away from individuals with legitimate claims of employment discrimination. Banning dreadlocks doesn't qualify.

Lawsuits over grooming policies and dress codes are nothing new, but usually arise in the context of Title VII claims of religious discrimination. These occur when a workplace policy conflicts with a religious practice. Such practices might include the wearing of a beard by Muslim men, the wearing of a skullcap or yarmulke by Jewish men, the wearing of a veil or hijab by Muslim women or the wearing of a turban by male practitioners of Sikh faith. As noted in an earlier article, the wearing of certain tattoos can be considered a religious practice under Title VII. Typical conflicts are policies against facial hair, or wearing attire that interferes with safety equipment or procedures.

In the context of religion, Title VII requires an employer to reasonably accommodate an employee’s or job applicant’s religious observances or practices unless it can demonstrate that doing so would constitute an undue hardship on the conduct of its business. The reasonableness of an employer’s attempt to accommodate is a factual determination, made on a case-by-case basis. Each case necessarily depends on its own facts and circumstances, and in a sense every case boils down to whether the employer has acted reasonably. When putting together employee handbooks for clients, I typically advise including a provision in the dress or grooming codes that provides for a request for religious accommodation.

However, in the lawsuit against Catastrophe, the EEOC is claiming that the insurance company’s policy that employees "be dressed and groomed in a manner that projects a professional and businesslike image," including "hairstyle" specifically discriminates against African-Americans on the basis of race. The aggressive position of the EEOC on this issue is a troubling development for employers, many of which likely have grooming and dress code policies very similar to the defendant in this case.

Mark Fijman is a labor and employment attorney with Phelps Dunbar, LLP, which has offices in Louisiana, Mississippi, Florida, Texas, Alabama, North Carolina and London. To view his firm bio, click here. He can be reached at (601) 360-9716 and by e-mail at fijmanm@phelps.com.

Employers who Solicit Facebook Friend “Snooping” Could Face Liability Under Federal Stored Communications Act

Facebook postings by employees have increasingly become a factor in employment discrimination lawsuits.  In some of my recent cases, employers were made aware of an employee’s threats of violence, workplace misconduct or other inappropriate actions when a co-worker, who also was a Facebook “friend”, brought the Facebook post to the employer’s attention.  Such posts can be powerful evidence in defending against a discrimination lawsuit and proving that any adverse employment action was for a legitimate non-discriminatory reason.

However, a recent ruling by a federal District Court in New Jersey strongly suggests that employers who actively solicit Facebook friends to disclose the postings of an employee could be in violation of the Federal Stored Communications Act (“SCA”), 18 U.S.C. §§ 2701-11.

The SCA provides that whoever "(1) intentionally accesses without authorization a facility through which an electronic communication service is provided; or (2) intentionally exceeds an authorization to access that facility; and thereby obtains, alters or prevents the authorized access to a wire or electronic communication while in electronic storage in such a system" shall be liable for damages. The statute further provides that "[i]t shall not be unlawful . . . [to] access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public." In other words, the SCA covers: (1) electronic communications, (2) that were transmitted via an electronic communication service, (3) that are in electronic storage, and (4) that are not public.

In Ehling v. Monmouth-Ocean Hospital Service Corp. , the plaintiff was a nurse who maintained a Facebook account and had approximately 300 Facebook friends. Plaintiff selected privacy settings for her account that limited access to her Facebook wall to only her Facebook friends. Plaintiff did not add any hospital managers as Facebook friends. However, Plaintiff added many of her coworkers as friends. Unbeknownst to Plaintiff, a hospital paramedic who was one of her Facebook friends was taking screenshots of Plaintiff's Facebook wall and printing them or emailing them to Plaintiff’s manager.

The evidence in the case showed that the paramedic independently came up with the idea to provide Plaintiff's Facebook posts to the manager, who had never asked the paramedic for any information about Plaintiff and had never requested to be apprised of Plaintiff's Facebook activity.

Plaintiff was subsequently temporarily suspended when the hospital learned of her Facebook post where she criticized paramedics in Washington, D.C. for saving the life of a gunman involved in a fatal shooting.  The post read as follows:

 An 88 yr old sociopath white supremacist opened fire in the Wash D.C. Holocaust Museum this morning and killed an innocent guard (leaving children). Other guards opened fire. The 88 yr old was shot. He survived. I blame the DC paramedics. I want to say 2 things to the DC medics. 1. WHAT WERE YOU THINKING? and 2. This was your opportunity to really make a difference! WTF!!!! And to the other guards....go to target practice.

The plaintiff received a memo from the hospital explaining the reason for the suspension was the hospital’s concern that her Facebook comment reflected a "deliberate disregard for patient safety." In response, Plaintiff filed a complaint with the National Labor Relations Board ("NLRB"). After reviewing the evidence, the NLRB found that the hospital did not violate the National Labor Relations Act. The NLRB also found that there was no privacy violation because the post was sent, unsolicited, to hospital management.  The plaintiff subsequently filed suit in federal court, alleging the hospital violated her rights under the SCA.

In its ruling, the District Court held that that non-public Facebook wall posts are covered by the SCA, because: (1) Facebook wall posts are electronic communication, (2) they are transmitted via an electronic communication service, the Facebook wall posts are in electronic storage, and (4) Facebook wall posts that are configured to be private are, by definition, not accessible to the general public, and that the touchstone of the SCA is that it protects private information.

However, the District Court ruled that the hospital was not liable because one of the SCA’s exceptions applied, which exempted conduct authorized (1) by the person or entity providing a wire or electronic communications service; [or] (2) by a user of that service with respect to a communication of or intended for that user." 18 U.S.C. §2701(c).

The Court held that exception applied because the plaintiff had authorized the paramedic to have access to her Facebook wall by making him a “friend” and that the information the paramedic supplied to hospital management was completely unsolicited.

The District Court implicitly held that if the hospital had directed the paramedic or any other of the plaintiff’s Facebook friends to monitor and keep them appraised on Plaintiff’s Facebook activity, it would have constituted a violation of the SCA due to the hospital seeking unauthorized access.  The SCA provides for civil liability under the statute and an employer would be subject to monetary damages.

While it may be tempting for employers to utilize the Internet to monitor employees’ conduct, the lesson from this case is that employers should never request that co-workers or any other individuals access an employee’s private social media.  As related in previous articles, employers also need to be aware that overly broad social media policies could expose them to potential liability under the National Labor Relations Act.

Mark Fijman is a labor and employment attorney with Phelps Dunbar, LLP, which has offices in Louisiana, Mississippi, Florida, Texas, Alabama, North Carolina and London. To view his firm bio, click here.  He can be reached at (601) 360-9716 and by e-mail at fijmanm@phelps.com.

Improving Prospects for Federal Law Protecting Against Sexual Orientation/Gender Identity Discrimination

For decades, legislation has been unsuccessfully introduced in Congress to include sexual orientation/gender identity as protected categories under Title VII.  As the law currently stands, an employee has no cause of action against an employer for adverse employment actions based on the employee being lesbian, gay, bisexual or transgender (“LGBT”).  However, in light of the Supreme Court’s recent overturning of the Defense of Marriage act, and changing societal attitudes, that could be about to change.

According to political observers and employment law experts, the Employment Non-Discrimination Act (“ENDA”) has very good prospects of being enacted within the next year. ENDA would put in place put a nationwide ban on workplace discrimination based on sexual orientation and gender identity. 

According to an article published by Ben James in Employment360, the evolving attitude of the American public on LGBT issues “has created a critical mass to make this the best time and the best opportunity for ENDA to pass.

ENDA’s improved prospects for passage comes after the Equal Employment Opportunity Commission’s (“EEOC”) release late last year of its Strategic Enforcement Plan (“SEP”) for 2013-2016.  In the SEP, the EEOC made it clear, that despite sexual orientation not being a protected class under Title VII or any other federal law, it intended to bring cases against employers for LGBT discrimination by construing such instances as “sexual stereotyping” under Title VII’s general prohibition against gender discrimination.

Mark Fijman is a labor and employment attorney with Phelps Dunbar, LLP, which has offices in Louisiana, Mississippi, Florida, Texas, Alabama, North Carolina and London. To view his firm bio, click here. He can be reached at (601) 360-9716 and by e-mail at fijmanm@phelps.com.

Pirates and Rogues: Employee Theft of Trade Secrets and Proprietary Information “or” Jack Sparrow, Esquire’s Tips for Battling Digital Raiders

I. Introduction

"Me? I'm dishonest. And a dishonest man you can always trust to be dishonest. Honestly, it's the honest ones you want to watch out for, because you can never predict when they're going to do something incredibly ... stupid."
~ Captain Jack Sparrow

In the mid-18th Century, an owner of a merchant vessel on the high seas would clearly know when his ship came under pirate attack. Cannons would be fired and buccaneers armed with cutlasses would board the vessel, looking to carry off the ship owner’s gold and other treasure.

In the modern workplace, the theft of an employer’s treasure, i.e. trade secrets, proprietary information, customer data, is much less obvious but just as devastating. Unlike the pirates roaming the sea in the late 1700’s, this theft is most likely to be carried out by a trusted and supposedly honest employee, usually for the benefit of a business competitor or to assist the employee in setting up his own competing business.

To paraphrase the observation above by the infamous Captain Jack Sparrow from the Pirates of the Caribbean movies, employers need to watch out for the employees they “think” are honest but who are actually getting ready to do something “incredibly stupid” and most likely, illegal.

This is further complicated by the now common “bring your own device” or “BYOD” practice of many employers, who allow employees to use their personal computers and smart phones to perform their workplace duties. When the employee eventually sails out the door to another job, the employer’s trade secrets likewise can sail away inside the employee’s iPad, iPhone or other device.

According to a 2013 survey conducted by computer security software company Symantec, more than half of departing employees kept confidential information belonging to their former employer and 40 percent planned to use such misappropriated trade secrets in their new jobs.

The purpose of this article is to make employers aware of how such workplace theft can occur, how to best protect and defend your business against any would-be pirates in the workplace and the options for launching a legal counter-attack.

II. The “Pirate” Attack

"Worry about your own fortunes gentlemen. The deepest circle of hell is reserved for betrayers and mutineers."
~ Captain Jack Sparrow

The theft of company trade secrets and other information by former employees or executives has become so common, it regularly makes the news. For example, computer chipmaker Advanced Micro Devices just recently sued four former employees, alleging they stole hundreds of thousands of documents before leaving to work for a competitor. In August 2012, a former Intel Corporation employee was sentenced to three years in federal prison for stealing Intel’s confidential design information prior to taking a job with another high tech company.

According to a 2010 statistical analysis, the annual costs associated with the theft of trade secrets and intellectual property were estimated at that time to be as high as $300 billion dollars a year, and that number has only risen in the ensuing years. However, such theft is not limited to large corporations, and businesses of any size can fall victim to such misappropriation.

In the most typical instance, an employer will not be aware its trade secrets or proprietary information have been stolen until it discovers the information is already being used to lure away its business and customers. The following hypothetical scenario illustrates the very real types of improper conduct now common in the American workplace.

Port Royal Industries (“PRI”) is a successful marine engineering company founded twenty-five years ago by its owner, Will Turner. Back when PRI was a small family business, Turner hired Hector Barbossa and Edward Teach for entry level positions. They ultimately became top executives and corporate officers. Turner considers them friends and trusted employees.

Because of the level of trust Turner has in Barbossa, Teach and all of his employees, PRI has never required its employees to sign non-disclosure, non-solicitation or non-compete agreements. Because of the “family business” atmosphere, Turner is somewhat lax about security for the Company’s computer network, where PRI’s proprietary designs and customer information are stored. Barbossa has a company-owned laptop which he uses for work, while Teach uses his personal iPad to perform his duties.

Late one Friday afternoon, Turner receives an e-mail from Barbossa, informing him that Barbossa, Teach and three of PRI’s top design engineers are resigning, effective immediately.

Turner learns that Barbossa, Teach and the engineers now work for PRI’s chief competitor, Black Pearl Enterprises (“BPE”). After the return of Barbossa’s company laptop, a preliminary computer forensic examination reveals that days prior to the resignations, Barbossa downloaded thousands of PRI’s engineering and design blueprints off its server and copied them onto external hard drives and flash drives. Computer professionals examine PRI’s server and determine that the day before he resigned, Teach used his iPad to remotely access and copy PRI’s confidential customer and pricing information.

The forensic examination also reveals that months prior to their resignations, Barbossa and Teach engaged in regular e-mail communications with the President of BPE. Among the topics discussed in the e-mails are their plans to leave PRI, how the abrupt loss of the three design engineers will cripple PRI’s ability to serve its customers, and PRI’s internal pricing information for key customers.

BPE is now aggressively competing against PRI and has been able to underbid PRI on a number of projects using the stolen pricing information. Utilizing the misappropriated design information, which they otherwise would not have been able to obtain through legitimate means, Barbossa and Teach have been able to take a number of key customers away from PRI.

An angry Will Turner contacts the law firm of Davy, Jones & Locker, LLC, to determine the best way to give Barbossa and Teach a legal keelhauling, and makes an appointment to meet with the firm’s top employment attorney, Jack Sparrow, Esquire. Unlike his famous cousin of the same name, Mr. Sparrow has issues with sea sickness, and opted to attend law school as opposed to entering the family business of captaining sailing ships.

The tale of PRI, its mutinous former executives and the piracy of its confidential business information will serve as the backdrop for how employers can avoid finding themselves in the unfortunate position of Will Turner. The advice from Jack Sparrow, Esquire also will show employers how to turn the tide against would-be boardroom buccaneers.

III. Best Practices to Avoid Trade Secret Theft by Employees
"Prepare the cannons, wake all sailors and prepare to repel boarders." ~ Captain Jack Sparrow

In their first meeting, attorney Jack Sparrow agrees with Will Turner that Barbossa and Teach are indeed “scurvy dogs, yellow-bellied bilge rats and generally dishonest rapscallions.” However, he advises that PRI could have avoided many of the problems now facing it by having had in place some basic policies and practices. “Not only would these policies have prevented or at least discouraged your two former executives from trying to pillage your business, but it would have given us additional legal claims to bring against these scalawags.” Will asked, “what do we need to incorporate into our HR policies and practices.”

A. Confidentiality / Non-Compete / Non-Solicitation Agreements
Sparrow explained, “One of the easiest ways to prevent employees from stealing your company’s confidential information is to simply have them contractually agree in advance not to do it.”
For most companies, employee confidentiality is vital to a company's competitiveness. An employee confidentiality agreement establishes that an employee will keep the employer's confidential, private, secret and proprietary information private and confidential and that such information will not be disclosed to the general public or to outside third parties, such as competitors. Typically, such agreements also can prevent an employee’s unauthorized use of such information. Employee confidentiality agreements ensure that a company's private information and valuable knowledge stays where it belongs, within the company.

Sparrow noted that another option would be for PRI to have all of its higher level employees enter into non-compete / non-solicitation agreements. “These type of agreements prevent former employees from competing against you or soliciting your customers for a period of time after they leave the company.”

In most states, these type of “restrictive employment covenants” are generally not favored, but will be enforced by the courts if the terms of the agreement are reasonable under the particular circumstances. Generally, there are three requirements: (1) the employer has a valid interest to protect; (2) the geographic restriction is not overly broad; and (3) a reasonable time limit is given. The employer bears the burden of proving the reasonableness of the agreement. The reason these types of agreements are construed very narrowly is that most courts recognize that an employer is not entitled to protection against ordinary competition from a departing employee.”

“In your instance” Sparrow observed, “you could justify the first factor because Barbossa and Teach were high level executives with access to confidential business and customer information, as opposed to one of your employees working on the loading dock. Courts look closely at the geographic restrictions of such agreements, because it would be against public policy for the restriction to be so broad as to prevent an individual from earning a living in his or her chosen field. For example, a restriction on competing within the entire United States would be considered overly broad and unenforceable. However, a limitation on competition in specific markets where you currently do business would be more likely to be enforced. As far as time restrictions, most courts will find a period of one to two years to be reasonable and enforceable.”

Sparrow also remarked that to be enforceable, these types of agreements must be supported by sufficient consideration. When Turner looked puzzled, Sparrow explained, “In non-lawyer talk, that means that the employee had to have received something of value in exchange for entering into the agreement.” What constitutes sufficient consideration can vary depending on the specific circumstances. However, in many states, courts have held that continued employment alone can be sufficient consideration to uphold a contract.

If Barbossa and Teach had been required to sign these types of restrictive covenants as a condition of their employment or continued employment with PRI, their actions would serve as the clear basis for a breach of contract claim. “However”, Sparrow noted, “because they never signed an agreement, that is one legal claim unavailable to us.” Turner sighed and noted, “I never expected I would need to have my employees contractually promise not to be dishonest” and he and Sparrow made arrangements for Davy, Jones & Locker, LLC to draft such agreements for PRI to use going forward.

B. “BYOD” or Bring Your Own Device Policies

The subject then turned to Teach’s use of his iPad to access and copy PRI’s confidential customer and pricing information. Sparrow asked “How long has PRI allowed its employees to use their personal computers and devices for work, and what kind of policies do you have in place to regulate how they are used?”

Turner replied, “Well, about two years ago, we started letting employees link their work e-mail to their personal smart phones. Over time, I let people use their personal laptops and tablets because they tended to be more efficient and productive with their own devices. It also saved the company money because it spared us the cost of buying a company-issued gadget. We instead pay a monthly stipend to the employees who use their own devices. We really don’t have any formal policy on how they are used.”

“You’re not alone,” Sparrow said. “In one recent survey, 92% of the companies reported that they had employees using their own personal devices for work. However only 44% of those organizations had ‘bring your own device’ or “BYOD’ policies that regulated the use of personal devices in the workplace. Even those employers who have BYOD policies are constantly having to scramble to ensure they are still relevant in light of the constantly changing technology.”

Sparrow continued, “While there are a lot of good reasons for having an effective BYOD policy, one key benefit is to prevent the misappropriation of your company’s confidential information. In a recent corporate survey, the most pressing concern was that sensitive information will be on a personal device that is lost, stolen, or in the possession of someone who leaves the company or other theft of data via uploading to a personal device.”
Turner requested that Davy, Jones & Locker, LLC draft a BYOD policy for PRI, and asked, “What should our policy include?” Sparrow said, “There is no ‘one-size-fits-all” policy, because every business is different and has different security and technology issues. He then outlined the following:

• Require devices to be pre-approved. Sparrow pointed out, “Different gadgets have their own pros and cons when it comes to security, and your company’s particular security needs will dictate which ones employees should be allowed to use.”

• Have mobile device management (MDM) software installed. “The two non-negotiable elements to look for in an MDM system are the ability to enforce security policies and to wipe remotely the personal devices used by employees.” Sparrow further explained, “Such software typically requires a strong password that's entered every time the device is turned on; ensures on-device file encryption; disables the camera; and specifies which applications are allowed, banned, or mandatory. It may also allow for monitoring to limit or deny access to certain company information. Data loss prevention (DLP) technologies also can automatically flag when sensitive files are touched or an unusual number of files accessed or copied.”

• Have employees agree in writing to security provisions. “You can save yourself a lot of grief if you address the issue with employees on the front end,” Sparrow said. “For example, an employee must agree to have their device remotely wiped if (1) the device is lost, (2) the employee terminates his or her employment, (3) if IT detects a data or policy breach, including unauthorized access to confidential company information, or (4) if there is any virus, malware or similar threat to the security of the company’s data and technology infrastructure.”

• Have an acceptable business use policy. The policy should define acceptable business use as activities that directly or indirectly support the business of the company. Devices may not be used for unauthorized storage or transmission of proprietary information belonging to the company or misappropriated from another company, to engage in outside business activities, to harass others, view pornography, etc.

• Disciplinary policy. “Employees need to know there will be consequences for lax computer security when using their own devices for work,” said Sparrow. “The company should reserve the right to take appropriate disciplinary action, up to and including termination for noncompliance with the BYOD policy.”

• Have a plan for departing employees. “The company should have a written agreement, signed by the employee, stating that the company’s IT department will be allowed to inspect and delete all confidential information from the device when the employee leaves the company.”

• Institute specific prohibitions on copying and forwarding of confidential information. Sparrow noted that a common thread in these types of cases is the downloading and copying of company information onto external hard drives/flash drives, or the forwarding of confidential information by e-mail to an employee’s personal e-mail address.

• Prepare a Departing Employee Checklist so nothing is ever forgotten. “The list itself will vary by the individual employer,” Sparrow noted, “but might include changing office lock codes, collecting keys, asking questions about any personal devices that may have company data, having the employees sign a statement acknowledging that all company data has or will be returned and another statement acknowledging that any post-departure access to the network would be a criminal act.”

• Consider other employment related issues. For example, a non-exempt employee’s use of a personal smart phone to check and respond to business –related e-mails or voice-mails off-the-clock can potentially expose an employer to liability under the Fair Labor Standards Act for unpaid wages or overtime. A BYOD policy should address when an employee is allowed to use the personal device for business purposes.

Sparrow added that along with the BYOD policy, “You also should have your IT department be on the lookout for any unusual activity that would suggest unauthorized accessing and/or copying of company information.”

IV. Assessing the Damage/Preparing a Case

"I leave you people alone for just a minute and look what happens. Everything’s gone to pot."~ Captain Jack Sparrow

When a company suspects a former employee has stolen confidential information, time is of the essence, both to prevent additional losses, and to acquire and preserve digital evidence of the employee’s wrongdoing to build a case against them. Sparrow told Turner, “A company that sits idly by while its trade secrets are being used unlawfully invites significant commercial harm, and even potentially risks waiving its rights to an injunction to protect those secrets, or even from claiming them as secrets at all. An employer should be ready to immediately implement an action plan.” This should include the following:

• Sparrow said, “you need to immediately lock the digital door”. “Terminate any remote access privileges or user credentials that the employee may have to company proprietary information, and make sure that all company-issued electronic devices (e.g. laptop, smart phone, tablet, USB and external drives, etc.) have been returned. These steps should have been done at the time of the employee's termination but are sometimes overlooked.”

• “Not all the information you need will be on a computer,” Sparrow noted. “Interview the employee's manager and co-workers about what the employee was working on, had access to, and whether there was unusual activity during the employee's last days, and whether the employee was acting secretively or left the company on bad terms.”

• Pointing to the computer on Turner’s desk, Sparrow said, “A common mistake is for employers to immediately re-assign a former employee’s computer equipment to another employee without first having it examined by a qualified expert. It is best not to even turn on or ‘power-up’ any such returned equipment,” he warned. “Collect and sequester any electronic media (e.g. smart phones, laptops, and removable hard drives) that the employee used, and store it in a safe location accessible to one or only a few people to ensure the devices are not tampered with and that a chain of custody is preserved.”

• “You’ve already taken one important step,” Sparrow said with a smile. “Retain outside counsel experienced in trade secrets and hacking cases to oversee the investigation and analyze the intellectual property and other legal rights which are available.”

• Sparrow also strongly stressed that any employer victimized by computer theft needs to “Retain an experienced computer forensic consultant.”

Sparrow told Turner, “While it is tempting for a company to rely on its in-house IT personnel to look for evidence of computer piracy, I always advise retaining an outside computer forensic expert to do the job. They typically have the specialized training and software to analyze the data without altering the contents or operating parameters of the devices and drives in question. This preserves the evidence for any litigation. A common practice is for the forensic expert to create an exact forensic ‘image’ of the device’s hard drive for purposes of analysis, leaving the original device unaltered.”

“What are the computer forensic experts looking for?,” Turner asked. “Using specialized techniques and software, they are looking for proof that files or other information have been copied off the device or otherwise misappropriated,” Sparrow explained. “A registry analysis will identify every external device that was attached to the computer by the date the device was connected, the time the device was connected, and the name and serial number of the device that was connected. It won’t tell you who was on the computer at the time or which files were copied, but it will provide some evidence that can be followed up in further discovery that can establish the theft.”

For example, Sparrow said, “If an analysis shows that Barbossa’s laptop was used to illegally copy your files, and the copying was done on a date when he was the only one with access to the device, that can be strong evidence to support our case.” Sparrow laughed and remarked, “It still amazes me how people will put the most harmful evidence in e-mails and texts, thinking they can destroy the evidence just by hitting ‘delete’. We should be able to get a better idea of what Mr. Barbossa and Teach were up to once we get a good look at their e-mails.”

“In some cases, you have employees who are more sophisticated about their computer theft and this is where computer forensics really pays off,” said Sparrow. “Rather than copying files off a laptop, they may simply copy the entire hard drive using software such as Norton Ghost©, which creates an exact duplicate image which can be transferred to another computer or storage device. They may then try to cover their tracks by using software like EvidenceEliminator© or Evidence-Blaster©.”

“However, this ‘cleverness’ can come back to bite them, said Sparrow. “While they may succeed in overwriting deleted data, making the files unrecoverable, the fact that they installed and then uninstalled evidence wiping software a day or two before they quit will remain in the registry. This raises the interesting question of what type of evidence is more damning, the forensic recovery of deleted files showing proprietary information was on the employee’s computer but deleted, or the presence of unauthorized evidence elimination software that could only be present for the purpose of spoiling the evidence.”

Sparrow also noted that computer forensic information is important in determining what business losses can be attributed to the employee theft. “In any lawsuit, you’ll bear the burden of having to prove money damages because of Barbossa and Teach’s wrongdoing.”

V. Legal Action Against Former Employees and Others

"Send this pestilent, traitorous, cow-hearted, yeasty codpiece to the brig."~ Captain Jack Sparrow

Turner banged his fist on the table and demanded, “Is there anything I can do right now to stop these rogues? I’m afraid that by the time we get to trial, they’ll have already sunk my business using my own trade secrets against me.”

Sparrow said, “The first thing we can do is to ask the court to grant some immediate injunctive relief. Injunctive relief is an equitable remedy granted when money damages would not be enough to compensate you for your losses if an injunction was not granted.“

“The type of injunctive relief we’ll seek is a temporary restraining order or “TRO” against Barbossa, Teach and BPE to prevent them from disclosing or utilizing PRI’s trade secrets. We’ll later move the court to leave it in place until our lawsuit can be decided on the merits. To obtain a TRO, we’ll have to convince the court of four things: (1) that we’re likely to succeed on the merits of our claims, (2) that PRI is being irreparably harmed by the improper disclosure and use of its trade secrets, (3) that Barbossa, Teach and BPE will not suffer irreparable harm if the TRO is granted, and (4) that the public interest is served by issuing the injunction.”

Turner thought about what Sparrow had explained and said “Well, if I’m going to have to convince the court I’ll succeed on the merits of my claims, I guess I better know what kind of claims I can bring. I think we’ve clearly and painfully established that it was a mistake for me not to have Barbossa and Teach under a restrictive covenant, and that rules out a breach of contract claim,” said Turner. What other options do I have?” Sparrow chuckled and said, “There’s more than one way to have these treacherous scoundrels walk the plank!”

A. Uniform Trade Secrets Act

“In your case, there is statutory protection against the theft of your trade secrets by your former executives,” said Sparrow. “Most states have adopted the Uniform Trade Secrets Act. The purpose of the Act (“UTSA”) is to prevent a person or business from profiting from a trade secret developed by another, because it would allow them to acquire ‘a free, competitive advantage.’ To establish a claim of trade secret misappropriation under UTSA, we would have to be able to show: (1) that a trade secret existed; (2) that the trade secret was acquired through a breach of a confidential relationship or discovered by improper means; and (3) that the use of the trade secret was without the plaintiff’s authorization.”

“So can you tell me what is considered a trade secret under UTSA?,” Turner asked. Sparrow explained that under the Act, “A trade secret’ means information, including a formula, pattern, compilation, program, device, method, technique or process, that derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means, by other persons who can obtain economic value from its disclosure or use, and is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.”

“Skip the legal jargon,” Turner demanded, “What the heck does that mean?” “In essence,” Sparrow said, “It means that a trade secret is something that is valuable to your business because it is not generally known outside your business, you take reasonable efforts to keep it secret, and the only likely way your competitor could find out about it would be by stealing it or through other improper means. Sparrow noted, “It would seem that the engineering designs that were stolen would meet the definition under UTSA.”

“Would the customer information they took also be considered a trade secret?” Turner asked. Sparrow nodded “Courts interpreting this section of the UTSA have consistently held that lists of current and prospective customers, the requirements of customers, and other proprietary business information can constitute a trade secret.”

Sparrow continued, “UTSA refers to the theft of trade secrets as misappropriation. That means the acquisition of a trade secret by someone who knows or has reason to know that it was acquired by improper means, such as theft, bribery, misrepresentation, breach or inducement of a breach of duty to maintain secrecy. It also includes the disclosure or use of a trade secret without consent by someone who used improper means to acquire knowledge of the trade secret. For example, if an ex-employee spilled the company secrets to a business rival, who starts using the trade secrets.”

“UTSA also prohibits the use of trade secrets by a company which ‘has reason to know’ that the material constitutes a trade secret. This is known as constructive knowledge (versus actual knowledge). In other words, even if a company was unaware it possessed purloined trade secrets, it can still be prosecuted if it should have known.”
Sparrow added, “With what we know right now, it looks like we have a good claim of misappropriation of trade secrets against Barbossa and Teach. In addition, we also should be able to go after BPE, because they clearly had reason to know that the information they were using belonged to PRI and was acquired by improper means. Under the Act, we can seek injunctive relief against them all and also seek money damages for the business losses they’ve caused to PRI.”

B. Computer Fraud and Abuse Act

“Because of the way Barbossa and Teach stole information from PRI’s computer system, you also can assert a claim under federal law, said Sparrow. Sparrow continued, “The Computer Fraud and Abuse Act (“CFAA)” provides civil remedies for certain types of misuse of computers and computer files. “This law was originally enacted to bring criminal charges against computer hackers, but the civil component of the statute allows employers to seek damages against former employees for misuse of a protected computer,” Sparrow noted. “CFAA defines a ‘protected computer’ as a computer ‘used in interstate or foreign commerce or communication’ so a protected computer, in effect, could include any computer connected to the Internet.

CFAA prohibits numerous types of conduct, including the theft of data from a protected computer and the unauthorized access of a protected computer resulting in damage to a protected computer. Sparrow pointed out to Turner “The crucial evidence to support a successful CFAA claim will be the information you obtain from the forensic examinations you conduct early in the litigation process”

C. Breach of Fiduciary Duty
“What really bothers me about all this is that these two mutinous swine were my top executives and officers in the company and they were actively conspiring with my competitor. They were supposed to be working on behalf of PRI,” Turner said to Sparrow. “Surely that can’t be legal! Is it legal?”

“No, it’s not,” said Sparrow. Because they were trusted high level executives and corporate officers, they owed a legal duty of care and loyalty to your company. Because they clearly and intentionally worked against the best interests of PRI, we have a strong claim against them for breach of fiduciary duty!”
Sparrow explained to Turner that under the law in most states, a corporate officer has a duty of care which can be defined as follows: "A director or officer has a duty to the corporation to perform the director’s or officer’s functions in good faith, in a manner that he or she reasonably believes to be in the best interests of the corporation, and with the care that an ordinarily prudent person would reasonably be expected to exercise in a like position and under similar circumstances."

Sparrow continued, “The second fiduciary duty that all officers owe to their employer is that of loyalty, good faith and fair dealing. Officers have a duty to exercise ‘the utmost good faith and loyalty’ to the corporation. This includes the duty to refrain from engaging in self-dealing activities.”

“In this case, Barbossa and Teach are clearly fiduciaries because of their high level positions within the company. However, courts have recognized that even lower level employees, such as a store manager or an office manager, also may owe such fiduciary duties to their employer, depending on the individual circumstances.”

Looking through copies of the e-mails between Barbossa and Teach and the President of BPE, Sparrow said, “In these e-mails, your two back-stabbing executives are actively discussing with your chief competitor how to do damage to PRI. They’re doing this while serving as company officers and top executives who are ‘supposed’ to be working in the best interests of your company. This is hardly the conduct of loyal employees acting in good faith. These e-mails are ‘the smoking gun’ in our breach of fiduciary duty claim against them! Plus, juries generally don’t care for sneaky dishonest employees who are foolish enough to discuss all their wrongdoing in an e-mail.”

Turner asked, “Is there any type of claim we can bring against BPE? What about the engineers who left with Barbossa and Teach? They had to have known what those two pieces of shark bait were up to, and helped them to steal our information!”

Sparrow nodded and said, “A person or a corporation ‘who knowingly joins with or aids and abets a fiduciary in an enterprise constituting a breach of the fiduciary relationship becomes jointly and severally liable with the fiduciary for any profits that may accrue.’ In other words, if BPE, its President or your former engineers knowingly helped Barbossa and Teach in breaching their fiduciary duties to PRI, they also can be can be held liable for money damages. This could include any profits they made utilizing PRI’s information.”

D. Tortious Interference with Business Relations / Civil Conspiracy
“I’d really like to sink these sea rats” Turner said. “Is there one more claim I might be able to bring?” Sparrow laughed, “How about two?”

“One potential claim against them would be for tortious interference with business relations. To prove such a claim, we would have to show (1) their acts were intentional and willful; (2) their acts were calculated to cause damage to PRI in its lawful business; (3) the acts were done with the unlawful purpose of causing damage and loss, without right or justifiable cause on the part of BPE or its President, and (4) actual damage and loss resulted.”
“In our case, I think we’ll be able to prove all of that. First, their actions were clearly intentional and willful because we can show this scheme had been in the works for months. Second, their acts were calculated to cause damage to PRI, by taking away its business and customers using stolen information. Third, BPE has no lawful right to be using your information against you. Finally, we can show PRI has suffered actual damage because of their wrongful actions.”

Sparrow continued, “Another possible claim would be for civil conspiracy. Conspiracy requires a finding of “(1) two or more persons or corporations; (2) an object to be accomplished; (3) a meeting of the minds on the object or course of action; (4) one or more unlawful overt acts; and (5) damages as the proximate result.” The purpose of the conspiracy has to be to accomplish an unlawful purpose or a lawful purpose unlawfully.”
“In your case, Barbossa, Teach, BPE, its President and your engineers had the goal of hurting PRI’s business and clearly agreed on how they were going to go about it. Further, the unlawful acts involved the breach of fiduciary duty, violations of MUTSA and CFAA when they stole your information, as well as their tortious interference with your business relations.”

VI. Conclusion

'Well, then, I confess, it is my intention to commandeer one of these ships, pick up a crew in Tortuga, raid, pillage, plunder and otherwise pilfer my weasely black guts out."~ Captain Jack Sparrow

As illustrated by the fictional pirate tale above, dishonest employees rarely let you know in advance of their intention to “raid, pillage, plunder and otherwise pilfer” your company’s trade secrets. However, employers who put in place the proper policies and practices are less likely to find themselves in the position of the overly trusting Will Turner, and better prepared for any legal battles against pirates and rogues in the workplace.

Mark Fijman is a labor and employment attorney with Phelps Dunbar, LLP, which has offices in Louisiana, Mississippi, Florida, Texas, Alabama, North Carolina and London. To view his firm bio, click here. He can be reached at (601) 360-9716 and by e-mail at fijmanm@phelps.com. An abbreviated version of this article has previously been published in the Mississippi Business Journal.

Tattoos and Piercings Still Viewed Negatively in the Workplace

In my 2011 article The Employee with the Dragon Tattoo I addressed some of the employment law issues facing employers as new generations of employees enter the workplace.  While tattoos have become more mainstream, particularly among members of Generations “Y” and “Z”, this type of self-expression is unlikely to be an asset in career advancement.

In a recent article Survey: Tattoos Hurt Your Chances of Getting a Job Salary.Com surveyed 2700 people and  76% of respondents felt tattoos and piercings hurt a job applicant's chances of being hired during a job interview.  More than one third - 39% of those surveyed, believe that having employees with visible tattoos and piercings, reflect poorly on the employer/business.  Of those surveyed, 42% felt visible tattoos are always inappropriate at work, with 55% reporting the same about body piecings.

As I noted in my 2011 article, employers could face potential Title VII liability for workplace restrictions on tattoos that are part of a religious practice.  Employers should generally avoid any overly broad dress code or similar policy that does not acknowledge the potential need to offer accommodation.  While religious tattoos or piercings may be subject to accommodation, those worn for secular or purely decorative reasons do not need to be accommodated under Title VII.  As such, it is legally within an employer’s right to require that tattoos, piercings or other body art be covered up in the workplace.  Likewise, an employer can require workers to cover up any secular tattoos that could be considered offensive or a source of harassment toward other employees or customers, including, but not limited to tattoos of a sexual nature or racist symbols or images.

Mark Fijman is a labor and employment attorney with Phelps Dunbar, LLP, which has offices in Louisiana, Mississippi, Florida, Texas, Alabama, North Carolina and London. To view his firm bio, click here. He can be reached at (601) 360-9716 and by e-mail at fijmanm@phelps.com.