Develop a Business Privacy Plan

By Carl Gilmore, Attorney, Woodstock Legal Consultants LTD
For lawyers, subpoenas are an important discovery tool for obtaining information. Discovery is a legal term for investigation, and it can occur through a demand for records, in person depositions, subpoenas or other forms. In the business world, any type of discovery can open a door for revealing potentially sensitive information.

Discovery is intended to allow an attorney to obtain information directly and that may lead to other evidence directly impacting upon a case. So, courts usually uphold the right of a litigant to at least review information, even if it is never used in a case.

Some discovery compliance cannot be avoided. Earnings records, benefits, and perhaps employment contracts are often relevant.

Businesses should plan for the possibility a litigant may try to discover private information. Develop a business privacy plan early, and make sure it is implemented well before it is needed.

Legal case decisions about privacy generally focus upon whether a reasonable expectation of privacy existed, so the first rule of privacy is to keep secrets secret. It is impossible to argue stolen secrets when the secrets are voluntarily, although perhaps unwittingly, handed out.

A privacy plan should assess the current privacy environment and business practices, making adjustments responsively. Here are a few points to consider.

  • Clear unnecessary files
  • Keep company technology separate
  • Ensure Cloud services are safe
  • Establish a clear policy

The costs of data retrieval can be prohibitively expensive for many cases. Unless there is a need to keep messages, delete them. The harder it is to retrieve data, the less likely it can be revealed. Data management policies should be in place to clear data as a business routine.

When employees use company technology for personal purposes, it can be difficult to separate what is personal from what is company information. Using a company electronic mail account for personal uses could result in the revelation of all the emails. The costs of computers are low these days, and the costs of providing a work-only laptop or desktop would be instantly recouped in avoiding lost productivity resulting from a hard drive having to be turned over for inspection. The same is true for cell phones or tablets. Dedicate business devices for business, and monitor them to ensure integrity.

Cloud computing has taken off. It is unclear whether Cloud use breaches confidentiality. Initially, legal opinions suggested The Cloud’s placement of data on a third-party server as being a breach of confidentiality. It now appears courts are catching up with the times, recognizing the intent is not revealing information. But, frankly, few lawyers are clear about the Cloud because there are few reported opinions or statutes.

Cloud providers should state clearly in their service agreement what will happen if they receive a subpoena or request from a government agency.

Make sure employees are aware of the command to separate personal from business technology, including the reasons for separating communications. Establish and enforce consequences if guidelines are not followed. The best plans will not protect your business if nobody adheres to them.

In the information age there is no way to avoid keeping electronic records, but there are ways to eliminate or mitigate data revelation.