On July 20, the U.S. District Court for the Southern District of New York imposed sanctions against UBS Warburg for destroying relevant e-mail messages during the course of litigation (Zubulake v. UBS Warburg LLC, et al., 2004 U.S. Dist. LEXIS (S.D.N.Y, July 20, 2004)). The Court ordered UBS to pay expenses and attorney fees incurred by the plaintiff, granted plaintiff’s request for further discovery, and agreed to instruct the jury that a negative inference may be drawn against UBS as a result of the missing evidence. The case provides important guidance for counsel on electronic discovery issues and record management, and the Court notes counsel is expected to take some affirmative steps: (1) “identify sources of discoverable information”; (2) “put in place a litigation hold and make that known to all relevant employees by communicating with them directly” and not only repeat these instructions “regularly” but also “monitor compliance”; (3) “call for employees to produce copies of relevant electronic evidence”; and (4) “safeguarding any archival media” the client must preserve. Given the notoriety of the case, these practices will likely become a de facto standard in evaluating electronic discovery issues and requests for sanctions. Got litigators? Call Rimon—we not only have knowledgeable litigators, but we also have an entire team of professionals skilled in data management, record retention, and compliance in and out of litigation. Try us, you’ll like us.
Disaster Recovery – The Short List
Disaster recovery and continuity planning is still on everyone’s mind. Recent trends focus on data management and recovery—not necessarily to ensure continued operations in the event of an unplanned interruption, but most notably to ensure that regulators can monitor, audit and enforce compliance with the laws and regulations that have arisen in the wake of 9-11, and the corporate ‘scandals’ that have plagued businesses over the past few years.
But as many of you know, record-keeping and data backup is only a piece of the puzzle, albeit an important one. Two years ago (September 2002), Rimon conducted a legal briefing to review the issues related to continuity planning, and this month we thought it might be helpful to repeat some of the simple tips that may help you think about disaster recovery. Of course, if you would like a copy of the presentation, or help, just let us know.
- Get senior management support: Without it you have no money or authority.
- Identify, evaluate, prioritize: Which critical operations must continue?
- Retrieve and restore: What resources need to be available?
- Plan, plan, plan: Alternate locations, communication methods and control centers. Avoid single points of failure.
- Money: Emergency cash and lines of credit.
- Communicate: Media, emergency personnel, employees, customers and suppliers.
- Practice, practice; Test, test, test: Got the message?
- Educate, train and inform: Everyone should be advised and trained in his or her role.
- Update, plan, update, plan: Continuity planning is a continuous process.
- Insurance: Not prevention, but damage control and worth considering.
- Consider others: Employees, customers, suppliers, business partners. Involve those who will be affected, to the extent you can.
- Think relationship, not lawsuit: Contracts can be roadmaps for cooperation.
- Tear up the plan and start again: What if your primary plan doesn’t work?
- Think globally, act locally: International operations have international problems.
- Safety first: Safety of people is the first priority. Good people can overcome the toughest challenges—treat them accordingly.
CAN-SPAM: It’s Not Phat!
Federal Commercial E-Mail Legislation Takes Effect A major change in the law that affects privacy and commercial e-mail on the Internet took effect on January 1, 2004. The CAN-SPAM Act of 2003 doesn’t simply establish an “opt-out” framework for commercial e-mail, it completely pre-empts state law. Although an individual consumer doesn’t have the right to sue an offender under the Act, the Federal Trade Commission, along with the Attorneys General of each state, do. So what should you know?
First, the Act only applies to commercial e-mail—an e-mail whose primary purpose is promoting a commercial product or service. Although the FTC has not yet promulgated any regulations under the Act, simply because an e-mail has a URL link to a commercial website or refers to product or service doesn’t make it commercial e-mail. There are, of course, certain obvious exemptions built into the law. Product safety recall information or e-mails notifying you about changes or important notices concerning your subscriptions, memberships, purchase confirmations, accounts or e-mail related to your employment—all of these are so-called “transactional relationship messages” where the main purpose is communication related to a commercial transaction, rather than promotion or advertising.
Second, what does the law require. Starting January 1, 2004, all commercial e-mail (even if an existing business relationship exists and whether or not the e-mail was solicited or not) must contain a clear and conspicuous notice that a consumer can opt out of future e-mails and provide a web-based means to do so. A consumer’s request to opt out must be honored within 10 business days and marketers can’t sell or share the e-mail addresses of those who have opted out. The e-mail must also clearly identify itself as an advertisement—unless a consumer has specifically asked to receive commercial e-mail from a particular commercial entity. Third, the e-mail must contain a postal, physical address of the sender. Although it is not yet clear if a post office box is enough, the less-risky approach is to have a street address.
The Act has a number of other requirements related to labeling—for example, the subject (header) must accurately reflect the body or content of the message and the sender (the sponsor of the promotion) must be identified. Although the Act preempts state commercial e-mail laws, beware of the fact that state fraud, trespass and certain consumer protection laws can still apply.
Violations of the CAN-SPAM Act are criminal offenses and involve both fines and potential jail time upon conviction. As with most Federal crimes, aggravating factors increase the penalties and implementing good faith and reasonable measures to attempt to comply with the Act can lessen them. These penalties can be serious—jail-time of up to five years, $250 per e-mail up to $2 million in fines (which can be tripled up to $6 million if aggravating factors are present) and all computers and software used in the commission of the crime can be forfeit.
Although the primary purpose of Legal Bytes is to enlighten and inform you, it obviously does promote Rimon and encourages you to call us when you need legal support. Accordingly we will always give you the opportunity to opt out of receiving our publication by email and when we send you an e-mail, it will be clear as to what it is and who is sending it. This is not just the law, it’s good practice.
Instant Messaging – SEC Regulations Likely
According to the TowerGroup (Bank Technology News, January 2004), an estimated 15 percent of the securities industry in North America uses Instant Messaging for sharing market-related data with client. As we mentioned in our July 2003 issue, the NASD is already requiring member firms to retain records of instant messages for at least three years, and is requiring them to supervise the use of instant messaging technology by their employees. It is likely that
SEC regulations will emerge specifically on the subject this year or next year at the latest.
In the meantime, most securities dealers are choosing to be safe rather than sorry, and are attempting to apply the same rules they have for e-mails to instant messages as well—although the technology isn’t going to make that chore easy. Stay tuned.