Texts and Message Apps Are Changing Internal Investigations

by Farella Braun + Martel LLP
Contact

Farella Braun + Martel LLP

It almost goes without saying that these days not all pertinent business-related communications can be found on corporate email servers. As we have increasingly seen in recent internal investigations, some of the most important written communications (especially between high-level executives) are more likely to be found in a place that most outside counsel have for years either ignored altogether or have considered untouchable — cellphone text messages. Though text messaging may be the most ubiquitous form of nonemail communication, other mobile communication platforms are also in frequent use in corporate America, including Telegram, Signal, Snapchat, Slack, WhatsApp and the like. The reverberations of this trend of executives and employees at all levels taking sensitive communications off email are being felt across industries, but particularly in highly regulated industries required to preserve business records. The near-universal use of these alternative forms of communication should prompt a major shift in how evidence is gathered and considered in internal corporate investigations.

Executives and employees use texts to communicate with business colleagues for all sorts of non-nefarious reasons. Texts and other mobile messages are easy, unobtrusive, and they can spur more instantaneous responses than emails. Text messages are also perceived as less likely to get lost in individuals’ overflowing email inboxes. Importantly, text messages, unlike corporate emails, are perceived to be a casual, even private, mode of communication. Executives and employees wishing to have intimate, brief or “sensitive” (including potentially problematic) conversations may view texts as a safer and more ephemeral communication channel than corporate email, to say nothing of the many mobile communications formats that are designed to be truly ephemeral, such as Snapchat or Signal.

Texts, and messages in other mobile communications formats, by their nature are also much less likely to have been carefully drafted or well-considered before sending. The same lack of consideration that landed many executives in hot water in previous decades for indiscriminately describing problematic issues in email applies with even greater force to mobile messaging. Such messages are almost always shorter, more to the point, and lacking nuance than the average corporate email. Obviously, at the same time that they are a quick and effective form of communication, texts still represent the creation of a written record that can be used as evidence in any follow-on government investigation or civil litigation. And, like email, even if the person on one side of the conversation does not retain mobile communications, there is always a second source of the same information (the recipient) that is usually beyond the control of the counterpart to the communication.

Precisely due to its ubiquity, omitting this key communication stream from consideration in an internal corporate investigation presents serious risks. If text messages and other forms of messaging in use by employees and executives are not fully considered, an internal investigation result may be at best incomplete or at worst incorrect. The worst mistake is to assume that if communications are not found in corporate email that they did not occur, and draw inferences based on that assumption. Ideally, relevant text and other mobile communications should be collected and reviewed even before executives are interviewed, as has traditionally occurred with key emails.

Text and other mobile messages, however, can be both technologically and politically difficult to collect from individuals. And due to a patchwork of inconsistent corporate policies regarding their preservation and use, collecting those messages may present privacy considerations on behalf of the individuals who are using the alternative forms of messaging. Those difficulties make it more understandable that most internal investigators have traditionally been content to ignore their existence altogether and rely on more easily attainable, and searchable, corporate email. By their nature, text messages are more difficult to search using key words and other e-discovery shortcuts, and instead require a relatively more intense manual review to discern the meaning and import of conversations.

The issue of whether text and other mobile messages are corporate or personal records for purposes of the Fifth Amendment “act of production” doctrine is complex and hinges on an employee’s reasonable expectation of privacy in the messages. If an employee’s or executive’s cellphone is owned or paid for, even in part, by the corporation, an individual may lose his or her expectation of privacy in text communication for purposes of the Fifth Amendment. See Couch v. United States, 409 U.S. 322, 336 (1973) (“We hold today that no Fourth or Fifth Amendment claim can prevail where, as in this case, there exists no legitimate expectation of privacy.”).

The law on when an employee may be able to bar an employer from access to text messages is similarly unsettled. In the typical employee cellphone “reasonable expectation of privacy” fact pattern considered by the courts, an employer seeks texts sent from an employee’s phone to defend itself against a wrongful termination suit. A federal court applying California privacy law held that a former employee had only a limited expectation of privacy in the use of his jointly owned cell phone, and so could not shield the metadata records of his phone calls and text messages from discovery by the employer. Mintz v. Mark Bartelstein & Assocs. Inc., 885 F. Supp. 2d 987, 999 (C.D. Cal. 2012). In discussing the employee’s limited expectation of privacy, the court considered such factors as who paid for the phone plan (the employer), who purchased the phone (costs split between employer and employee), the original ownership of the phone number (the employee), the company phone policy and the employee’s knowledge of that policy, and the company’s knowledge that the employee was using the phone to make personal calls.

Not all courts consider those factors, however, and some have afforded a heightened expectation of privacy to the actual content of text messages, even on purely employer-owned devices, because “[c]ell phone and text message communications are so pervasive that some persons may consider them to be essential means or necessary instruments for self-expression, even self-identification.” City of Ontario, Cal. v. Quon, 560 U.S. 746, 760 (2010) (assuming that an employee, who sent texts from an employer-owned device that were reviewed and led to discipline, had an expectation of privacy in those messages). This heightened expectation of privacy, however, is by no means uniform and cannot be relied on in the investigation (or other) context.

Though business-related texts on corporate-owned cellphones may well be corporate records subject to standard preservation requirements during investigations and litigation, most corporations lack a uniform policy regarding the preservation (or deletion) of such messages or lack the technological means to easily collect them. Texts may thus escape the best efforts of in-house counsel placing corporate documents under litigation or investigation holds, potentially at the company’s and individual’s peril if relevant evidence is later shown to have been deleted after a hold was put in place.

The use of more ephemeral communication channels like Signal pose even more complex problems in internal investigations, as they might not be recoverable even if considered a corporate record. Executives using those channels should be wary, however. If an individual executive employs texts, emails, and also more rarely uses an ephemeral form of communication, an investigator may have reason to wonder why certain communications are “too sensitive” for the other frequently used modes of messaging. By the same token, communications that may someday be needed to provide an innocent explanation for certain actions by an individual may be lost from the record available to the defense if an ephemeral channel is used. And communication formats that are supposed to be ephemeral may in fact be preserved in some form or may, in rarer instances, be available on service of a subpoena to the software platform. Chat formats such as Slack and other instant messaging services present potentially similar complexities that are yet to be developed in internal investigation practices and in case law.

To avoid potential pitfalls with regard to texts and other mobile messages, we recommend the following considerations:

1. Companies should devise, train employees about, and regularly enforce uniform policies regarding the ownership and/or funding of corporate cellphones and the preservation or deletion of employee text messages and other mobile messages on those phones.

2. Companies should put in place collection methods for employee text and mobile messages that take into account employee privacy considerations while still permitting full access to documents that would be considered corporate records.

3. Companies should carefully consider, and develop uniform and effective policies around, the corporate use of ephemeral forms of communication such as Telegram, Signal, WhatsApp and the like.

4. Litigation and investigative holds should specifically call out relevant text and other ephemeral mobile messages for preservation, and any ephemeral communication modes should not be used once a hold is in place.

5. Document gathering in internal investigations should prioritize collection and review of relevant text messages and other ephemeral messages from executives along with, or even at a higher priority than, corporate email, ideally before any interviews take place.

There is no doubt that text messages and other mobile messages as a communication tool among business colleagues are here to stay. If anything, these forms of communication are likely to become even more ubiquitous as time goes on. Accordingly, companies should put in place appropriate internal controls such as those outlined above as soon as practical, and these types of communications should be prioritized in evidence gathering during corporate internal investigations.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Farella Braun + Martel LLP | Attorney Advertising

Written by:

Farella Braun + Martel LLP
Contact
more
less

Farella Braun + Martel LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.