Preventing Digital Sexual Harassment in the Workplace

by Daniel Garrie
Part 5 of 5

This series of blogs gives the reader a perspective on the rights, duties, and responsibilities of employers and employees with respect to preventing digital sexual harassment in the workplace.

The post Preventing Digital Sexual Harassment in the Workplace (Part 5 of 5) appeared first on Law & Forensics.

Preventing Digital Sexual Harassment in the Workplace

by Daniel Garrie
Part 4 of 5

This series of blogs gives the reader a perspective on the rights, duties, and responsibilities of employers and employees with respect to preventing digital sexual harassment in the workplace.

Part Four. Review of an Employer’s Technological Systems

In the previous post I discussed a possible framework for courts to use in approaching the use of monitoring software to prevent digital sexual harassment in the workplace. I want to expand on the analysis in this post and explain exactly how courts could implement this approach.

In the first step of this analysis, a court should determine whether the employer’s technological infrastructure had the capability to monitor and block the particular digital communications alleged in the plaintiff’s action. To determine this, the court should explore various aspects of a defendant’s technological environment, including infrastructure and policies.

First, the court should ask whether the defendant protects valuable digital information such as financial data, customer records, or sensitive intellectual property. The court should be mindful that an employer who protects its digital information is likely to monitor its web applications because early detection enables the defendant to avert serious economic damage. For example, employers in the media industry protect their media with both physical and digital technologies, often using some form of encryption and an access monitoring tool, to ensure that employees do not make unauthorized copies of the media for pre-release.

Second, the court should consider whether the defendant employs any real-time suspicious activity and policy violation detection technologies. Some financial institutions, for example, implement instant messaging systems with real-time logging capabilities that not only enable the institutions to comply with the message storage requirements that are established under the Sarbanes-Oxley Act but also allow them to track instant message conversations as they occur. The court should examine whether the defendant’s inaction with respect to digital sexual harassment is reasonable in light of the specific capabilities of its monitoring technology. When such technology is actively used, the court should further explore the process and design of the system, focusing on whether the defendant monitors and blocks communications.

Third, the court should examine whether the defendant utilizes user tracking technology capable of recording employees’ actions with respect to a particular Web-based tool set, such as the “research trail” provided by Westlaw. When an employer uses such tracking devices, the court should ascertain whether the employer could have reasonably modified this monitoring and tracking technology to protect employees from sexual harassment in the digital workplace.

Fourth, the court should determine whether the defendant uses real-time technology to monitor its systems for suspicious behavior related to the activities of its users. For example, when a user mistypes his or her password three times, the system may flag the account or send an alert in real-time to a monitoring party. Such technology assists banks in preventing fraud or abuse of financial accounts and is common in the financial sector.

Fifth, the court should review all of the defendant’s logging systems. Financial and medical organizations rely heavily on these systems to access data that enables forensic computer experts to construct an audit trail and deliver evidence of transactions. Hospitals also often use this technology to track the protection of patients’ digital records and demonstrate that the records are released only to authorized parties.

Sixth, the court should determine whether the defendant uses a form of early end-user management monitoring technology. This technology monitors end-users from the end users’ location. For example, global companies with worldwide customers use tools that monitor the location from which their customers communicate. Employers frequently use this technology to ensure that employees perform work off-site and that clients receive authorized services.

These six elements are intended only as guidelines for courts, since different companies combine them uniquely and in addition to other forms of technology. Regardless of the individual characteristics of the different tools and their uses, however, these guidelines can help determine the degree of actual tracking, monitoring, and blocking of digital activity in light of the capabilities of an employer’s particular technological system.

In the next and final post in the series on digital sexual harassment in the workplace, I will give a few final thoughts on responding to sexual harassment in the 21st century and alternative means of response from the bench.

The post Preventing Digital Sexual Harassment in the Workplace (Part 4 of 5) appeared first on Law & Forensics.

Law & Forensics is pleased to announce the release of our proprietary hardware and software solution, Forensic Scan.™

Forensic Scan is an all in one solution for detection of zero-day exploits, cyber intrusions, and a host of malware and viruses.  In addition to detection of a number of cyber security issues, Forensic Scan provides users with the ability to cut the inspection time by 90% and reduce the cost by 75% saving you precious time and money. Not only does our scanning solution scan all valid files, it also recovers deleted files and scans them also for all known infections. 

Our experiences have identified that many infected systems have been sanitized by the hacker groups in an attempt to cover their tracks, resulting it hundreds of infected file fragments being left in deleted space.  In some cases establishing that hackers have taken embedded ownership of a box can only be established by the infected status of deleted files.

Product Features:

• Systems suspected of being compromised never leave the premises, instead encrypted forensic images of the hard drives are created and shipped to Forensic Scan for analysis.
• Upon arrival the forensic image is analyzed and deleted files are recovered for further analysis.
• The content of the forensic images and recovered files are scanned simultaneously by 40+ different malware engines.
• A malware scan using 40+ different malware engines takes approximately four hours.
• No stone is left unturned in an attempt to document which files may have been or are infected.
• Formal reports are generated detailing which malware engines did and did not detect known infections.

For our current or perspective clients, we offer Forensic Scan as a standalone solution to a number of cyber security issues. For more information please contact us directly at 1-855-529-2466, or at info@lawandforensics.com.

The post Hardware + Software for Zero Day Hacks appeared first on Law & Forensics.

Preventing Digital Sexual Harassment in the Workplace

by Daniel Garrie
Part 3 of 5

 This series of blogs gives the reader a perspective on the rights, duties, and responsibilities of employers and employees with respect to digital sexual harassment in the workplace.

Part Three. Judicial Response to privacy in the workplace 

In this installment on preventing sexual harassment, I will look at the judicial response to privacy in the workplace and the framework under which courts should consider responding to digital acts of sexual harassment. The Second Circuit illustrated the diminished expectation of privacy in the workplace in Leventhal v. Knapek, holding that an employee does not have a reasonable expectation of privacy with respect to his or her digital activities in the workplace. In support of the same principle, Congress enacted the Electronic Communications Privacy Act of 1986 (ECPA) and the Stored Communications Act (SCA), both of which grant employers the right to monitor employees’ e-mail communications as long as the monitoring occurs in the ordinary course of business. The majority of case law interpreting the ECPA has found that employers can monitor employees’ e-mail messages with or without consent, and even without notice.

These judicial and congressional actions have expanded employers’ ability to monitor employee’s electronic communications without violating federal privacy laws. Because employers have access and control over employee’s electronic communications, employers are now in a position to minimize digital sexual harassment in the workplace. For example, employers can block e-mails containing sexually explicit terms and restrict wallpaper settings on corporate computers so users cannot display inappropriate or offensive material; they might also monitor employee use of social networking sites; and they could review phone calls, text messages, and data use on a company-issued mobile phone. The ability and the right to monitor all employee digital transmissions places employers in an ideal position to take simple, proactive measures to prevent most instances of digital sexual harassment.

The rights and abilities of employers to read digital communications sent and received by employees should compel courts to extend the holdings of the Blakey line of cases, among others. Because employers who use blocking and monitoring technology have notice of potential digital sexual harassment before it reaches the intended recipient, employers should bear the burden to provide reasonably sufficient technical protection that limits exposure to such sexual harassment. Unfortunately, courts have not bridged the gap between employers’ freedom to monitor employee acts and employers’ responsibility to prevent employee acts capable of causing harm. More precisely, many courts have yet to address whether an employer should be entitled to plead an affirmative defense to digital sexual harassment claims when the employer has failed to monitor the digital work environment, prevent digital sexual harassment, or institute mechanisms to facilitate employee complaints of digital sexual harassment.

To combat this, I propose a framework for using the affirmative defense in cases of digital sexual harassment. First, it should focus on the employer’s preventive efforts rather than corrective measures. Second, it should reduce or eliminate the employee’s obligation to take advantage of these preventive opportunities, as employees are often unaware of or unable to access monitoring and blocking software.

To apply this, a court should first examine the defendant employer’s technological infrastructure to determine whether its existing information technology was capable of monitoring and blocking the digital communications responsible for the sexual harassment claim. If the court ascertains that the technology lacked this capability, the court should allow the defendant to plead the affirmative defense. If the court finds that the employer had and deployed monitoring and blocking information technology capable of detecting and blocking content typical of sexual harassment, it must then determine whether the employer took reasonable steps to monitor and block the communications in question. At this stage, the employer has the burden of proving that it took reasonable efforts to prevent the communications based on the capabilities and normal use of its information technology systems. If the employer cannot establish that its use of monitoring and blocking technology was reasonable, the court should deny the affirmative defense.

Under the framework of this test, the availability of the affirmative defense is contingent on the presence and use of technological systems that are capable of monitoring and blocking digital communications. By placing the burden on the defendant, the court would properly hold employers responsible for the alleged hostile work environments that they control. This approach reflects the reality that, unlike in the physical workplace, preventive measures can effectively eliminate sexual harassment in the digital workplace.

In the next post I want to take the framework discussed above and expand on the analysis of how a court should implement each step.

The post Preventing Digital Sexual Harassment in the Workplace (Part 3 of 5) appeared first on Law & Forensics.

Daniel Garrie Instructs 7th Circuit’s Pilot e-Mediation Program

May 14, 2013

Law & Forensics is pleased to announce that Daniel Garrie, Senior Managing Partner and Founder of Law & Forensics, was recently selected to serve as an instructor for the 7^th Circuit E-Mediation Pilot Program. This program is the first of its kind in the country, training mediators to facilitate swifter and more economical deliberations over discovery disputes involving electronically stored information.

For this program the 18 participants were selected from across the country, who also have extensive experience with e-discovery and technology. Daniel Garrie, along with Judge Nan Nolan (Ret.), taught this select group of attorneys how to best apply their legal and technical backgrounds to assist in mediating disputes for civil cases whose remedies are less than $50,000.

The 8-hour course covered mediation techniques, managing clients, and addressing technical issues and potential pitfalls. In return for this training, the mediators agreed to volunteer their time for cases with heavy discovery loads, but comparatively small monetary returns. As more and more ESI is produced by litigants, even smaller contract disputes can come with an expensive e-discovery price tag. This program aims to assist the courts and the parties with discovery in order to re-focus attention back on the real issues of the case.

For more information, contact us at press@lawandforensics.com.

The post Daniel Garrie Instructs 7th Circuit’s appeared first on Law & Forensics.