Select Page

BCN H. Hasl-Kelchner | Email Legal Liability

 

Email and the need for speed in business is a challenge we all face. It’s also what makes the convenience of electronic gadgets so seductive and alluring. But email convenience has a dark side. Join host Hanna Hasl-Kelchner as she sheds light on that dark side and the unwanted legal liability that goes with it.

 

WHAT YOU’LL DISCOVER ABOUT EMAIL BLIND SPOTS:

    • How one sneaky email blind spot creates 5 different legal landmines.
    • The hidden trade-offs your business makes when employees use personal email accounts for business.
    • Why using Gmail for small business correspondence can cause problems.
    • Why controlling certain email liability exposure is totally within your control.
    • Why consistent application of document retention policies matters.
    • And MUCH more.

HOST:

Hanna Hasl-Kelchner empowers smart executives, managers, and entrepreneurs with big picture thinking and the legal literacy advantage.

She is an ivy-league trained business expert and strategic lawyer who has managed hundreds of lawsuits during her 30+ year career, primarily in various in-house roles where she managed multi-million dollar legal budgets and over the years hired an army of outside counsel to assist with litigation and transactional work.

Today she spends her time interviewing the fabulous guests you hear on Business Confidential Now as well as providing executive education and leadership development in the area of legal literacy and risk management.

Her mission is to help you access the business information you need to succeed.

Hanna accomplishes this through her public speaking, consulting, training, and coaching work at Business M.O., LLC and its education division, the Legal Leverage® Academy, using methods honed while teaching at two top tier MBA programs (Duke’s Fuqua School of Business and the University of Virginia’s Darden School), as a practicing lawyer, and as an entrepreneur. She makes learning simple, easy, and fun.

Hanna is a best-selling author whose ground-breaking book, The Business Guide to Legal Literacy: What Every Manager Should Know About the LawThe Business Guide to Legal Literacy: What Every Manager Should Know About the Law, is cited by Wikipedia to highlight the bottom line value of legal literacy. She also the co-author of the best-seller Champions:%20Knockout Strategies for Health, Wealth and SuccessChampions: Knockout Strategies for Health, Wealth, and Success From Today’s Leading Experts.

RELATED RESOURCES:

Contact Hanna and connect with her on LinkedInFacebookTwitterGoogle+, and Pinterest.

SUBSCRIBE, RATE AND REVIEW:

Subscribing is easy and lets you have instant access to the latest tactics, strategies and tips.

Rating and reviewing the show helps us grow our audience and allows us to bring you more of the information you need to succeed from our high powered guests.

Download ♥ Subscribe ♥ Listen ♥ Learn ♥ Share ♥ Review ♥ Enjoy

How One Sneaky Email Blind Spot Unleashes Ugly Legal Liability

In our episode, I’m going to talk about the intersection of emails and our growing dependence on the convenience of email-capable gadgets. It’s important because, in our time strap business environment, convenience ranks high in our ability to get a lot done in a short time. We usually don’t think about the liability exposure trade-offs we make for that convenience or the high costs we can incur when that liability blows up in our face.

I know you can’t manage what you don’t know, and that’s why I want to spend our time together explaining what legal risks are in this situation and how they can sneak up on you so that you can make smart choices that are right for you and your business because when you know better, you do better. Now, some of you know me as the no-nonsense lawyer, and some of you don’t know me at all.

Let me start by telling you that this is not attorney advertising. I’m not looking to be your legal advisor. This is information and education, not legal advice. Although I am a lawyer and have practiced for several years, I also have a deep business background. Now, I prefer to spend my time interviewing the fabulous guests you will learn about on Business Confidential Now as well as providing executive education and leadership development to executives, managers, and entrepreneurs in the area of legal literacy and risk management.

I do that through my consulting training and coaching work at Business MO LLC and the Legal Leverage® Academy. Now, since you can’t manage what you don’t know, legal literacy street smarts is the best way of learning where your organization can be vulnerable. I guarantee you. It is a lot cheaper than a lawsuit. That’s for sure.

The other benefit of all that is that once you know where you are vulnerable, you can start managing the exposure and controlling your organization’s long-term legal costs because you will be sidestepping the liabilities you don’t want. Now that’s incredibly powerful because it can save you hundreds of thousands of dollars. For larger organizations, it can run into the millions because you catch problems or potential problems early before they crater into expensive money pits.

Now, don’t worry. Reading to this program for the next few minutes is not going to turn you into a lawyer but it will help you connect the dots between certain business practices that sound perfectly reasonable from a purely business perspective yet can place you and your business in harm’s way. What am I talking about? I mentioned earlier the importance of email convenience in the nowadays time-strapped business world. It’s incredibly important because when it comes to email, it’s not uncommon for employees to use personal email accounts for business correspondence, especially if you are working from home in the evening.

Business communications, especially emails, need to be managed from a risk management perspective. Share on X

That’s why I call it the sneaky email blind spot because, on the surface, it sounds perfectly reasonable and cost-effective. You could often get a whole lot more done at home in an interrupted block of time when you don’t have coworkers popping their heads in, asking questions to shoot the breeze or to share the latest developments. Not that those are bad things. It’s good but it interrupts your day. Having an uninterrupted block of time is so valuable but here’s a story about a case or that Nirvana blew up and all because of some email.

It involves some medical workers. They were involved in a lawsuit because they emailed patient files to their personal email accounts so that they could work on them in the evening. They didn’t realize that in the process, they violated Patient Privacy Laws because the servers and email accounts that were part of that transmission process were not secure. Now, there was no malicious intent but you can see how that was a problem.

It’s one of those hidden issues that are not necessarily top of mind, and it sneaks up on you because you are so focused on the business task at hand. Now, I get it. Logging in and out of accounts is a nuisance, and it’s so much easier and faster to fire off that quick email where you have the easy access, where you already are but there are some drawbacks, even for those of us outside the medical profession. I would like to talk to you about five of those drawbacks.

First, let’s say you are a business owner, a solopreneur or a startup. If you are using personal email for company business, you run the risk that you are not keeping your business and personal correspondence separate, and that could be used against you along with some other evidence to pierce the corporate veil and create personal liability. Alone, it might not be decisive. It would depend on the facts of a particular case but in combination with other casual practices, it could be the proverbial straw that breaks the camel’s back.

Now think about it for a moment. The reason you have a corporate form of organization is to protect yourself and your family from business liability. Shooting holes in that corporate veil, which is what lawyers call corporate protection, generally, is the same as shooting yourself in the foot. Now, why would you do that? Is the convenience worth it? You decide. It’s not very hard to purchase a domain name for your business. Even if you don’t set up the website right away or ever for that matter, you can still create an email account associated with your business URL.

There are hundreds of webmasters out there or even your neighborhood teenager who could set that up in less than fifteen minutes once you have purchased a domain name. Having a real business email looks a whole lot more professional than a Gmail account. It helps keep your business and your personal correspondence separate. Now, that’s a real win-win all the way around.

              BCN H. Hasl-Kelchner | Email Legal Liability


               Email Legal Liability: If you’re using personal email for company business, you run the risk that you’re not keeping your business and personal correspondence separate.

               

              If your organization has more employees than yourself, you will have some additional headwinds to deal with, and that brings me to the second sneaky email blind spot. Businesses have a custodial duty to maintain business records. It’s pretty obvious. If you don’t have control of your records because they are in an employee’s email account, Houston, you have a problem.

              It can be difficult to run your business effectively if your business records are not easily accessible. It can also make defending your business difficult when a government agency, say, the Internal Revenue Service, the IRS asks you to produce business records, or God forbid, you are in the middle of a lawsuit and need to answer a document production request.

              Let’s face it. It looks pretty bad if someone else has the records you are supposed to have but doesn’t. If your organization is going to allow personal emails to be used for business correspondence, it would be wise to set some boundaries on the types of communications that are permitted. For example, “I’m stuck in traffic. I’m going to be fifteen minutes late to the meeting” versus attached, “Please find our five-year sales and marketing forecast.”

              You can see it as a different caliber of communication, and the significance of the content has a lot to do with it. That brings me to the importance of sneaky email blind spot number three, security risks. Employees accessing personal email accounts, especially from their own electronic devices, cell phones, tablets, laptops or even a home desktop, probably don’t maintain the internet security as frequently or as tightly as a company IT department, even if you outsource your IT.

              You may have the occasional employee who’s a techie but let’s face it. For the average non-tech business, that employee is the exception rather than the rule. Add to that, most individuals have a number of apps on their personal devices and new apps, in particular, are notorious for having security holes. What all that means for you is that your employee’s personal email accounts are more vulnerable to hacking and your valuable business information getting into the wrong hands. That information includes emails as well as any attached documents that are confidential like the sales and marketing forecast that I mentioned.

              Now, if your employee is using their personal device and they have both their personal and business account on there, in other words, two separate accounts on the same cell phone, tablet or laptop, what then? The employee is allowed to access both accounts but the fact that it’s on their personal device still represents a security risk because if somebody is hacking into that device, they could potentially gain access to everything.

              Email isn't a problem until there is a problem. Share on X

              Besides the casual computer security maintenance and updates, employees that use personal email accounts for company business are also unlikely to follow any consistent protocol when it comes to saving or deleting files on their computer or personal devices. That also means your business records.

              That brings me to sneaky email blind spot number four, records retention. It’s not terribly sexy but it’s an important part of business when you need to put your hands on certain documents or files and can’t access them. As I mentioned, organizations have a custodial duty to maintain business records. Responsible organizations have record retention policies that identify how long certain types or classes of documents need to be kept. Financial records, sales reports, marketing information, the list goes on and on.

              Some standards are determined by law for how long you need to keep certain things, tax records, and that type of thing. Some by industry regulation or practice and some by organizational preference. It’s a combination of all three. Now, if documents that are supposed to be kept are deleted or destroyed too soon, it can create problems if you need to produce them in response to a government request or a lawsuit discovery request.

              Premature deletions and “missing documents” are a problem because the assumption that courts, including the court of public opinion make is that the evidence was deleted because it was damaging. What they do then is they invoke what’s called the Negative Inference Rule. In other words, they think the worst about them. Often, being able to delete even a bad document is easier than trying to overcome somebody’s worst imagination of what you did. It’s not pretty.

              As a practical matter, when your business records are embedded in an employee’s personal email account, you lose control of that record. They could keep it longer than necessary or delete it prematurely. Ironically, the power of a document retention policy or any organizational policy for that matter, is its consistent application. It’s always the inconsistent use that opens Pandora’s box of liability exposure, and then there’s a sticky issue of employee termination. That’s my fifth and last sneaky email blind spot.

              I’m sure you have experienced it. Some employees leave the organization voluntarily. You are maybe even sorry to see them go, and others involuntary. You can’t wait for them to go. It’s not always pretty. Let’s say they have your business emails on their personal account, and when they leave, the access to that business email goes with it. Without emails running through your servers, you have no way of knowing what’s on them. All you have is that departing employee’s word for it. That may not be enough, especially if the employer-employee relationship has cooled off a little.

                          BCN H. Hasl-Kelchner | Email Legal Liability


                          Email Legal Liability: It’s so much more fun to spend your hard earned profits growing your business instead of growing your lawyer’s business, especially when the legal liability that’s attached to the actions that can create legal costs are foreseeable avoidable and totally within your control.

                           

                          As some of you may be saying, “If that’s my company’s business records on their personal email account, we have a right to access that account.” My answer to that is not so fast. Without the employee’s permission, you would be hacking, and that’s illegal. You could run afoul of the computer fraud and Abuse Act or maybe the Stored Communications Act. My question to you is, do you really want to do that?

                          Besides, do you think an employee with one foot out the door is going to give you their personal email password access? Even at the start of an employment relationship, when you are all in that honeymoon period. They went through their employee orientation and onboarding process. Asking an employee for their personal email password could probably get your business in legal trouble. Even if the employee gave it to you willingly, think about it.

                          You would have access to too much information more than your own. You could be digging a bigger liability exposure hole for you and your company if you then act on that other information. Think long and hard about that one. The bottom line is that business communications, especially emails, need to be managed from a risk management perspective. I appreciate email is not a problem until there is a problem but why would you want to create ammunition that can be used against you unless you like playing Russian roulette?

                          That would be like crossing the street without looking both ways. You might be able to do it a bunch of times with no problem but being overconfident has its drawbacks. Research has shown time and again that bad habits like crossing the street without looking eventually catches up with us. One day, you are going to get hit by that bus or that truck. All I’m saying is don’t let these email blind spots sneak up on you.

                          Best practices recommend thinking through the potential consequences of your email business practices and deciding whether you are comfortable with the risk exposure you may be having and not realizing. If you are, fine because it’s your business, your risk, and your consequences. If you are not comfortable, please take steps to do something about it, to reduce it to a manageable level.

                          You will never get it to zero. I’m not suggesting that but to a manageable level that you can live with so that you can protect your business and your business reputation. It’s so much more fun to spend your hard-earned profits growing your business instead of growing your lawyer’s business, especially when the legal liability that’s attached to the actions that can create legal costs are foreseeable, avoidable, and within your control.

                           

                           Important Links