Introduction - Emails Can Hurt!
During the 2016 United States elections, there was much controversy over the use of a private email server by Hillary Clinton, the Democratic nominee for President.1 It has been suggested that this controversy, and the way it played out particularly in the final days of the election campaign, cost Mrs. Clinton the presidency.
In 2018, a similar controversy played out concerning the use of a private email account by Ivanka Trump, the daughter of the President and one of his key advisers.2 Regardless of one's political affiliation or personal views on the equivalence of these two controversies, the message is the same, emails can be dangerous!
Emails Can Destroy a Business
In the business world, emails can be not only dangerous but also very expensive.
The Vioxx Matter
The drug Vioxx was introduced by Merck in 1999 for the treatment of pain associated with osteoarthritis. It was subsequently taken off the market in 2004 after the increased risk of cardiovascular disease was discovered. Merck faces over 30,000 lawsuits from individuals who claim to have suffered cardiovascular problems while taking the drug.3
Merck continued to deny liability, but found itself in hot water, partly because of several internal emails that were produced during discovery. The plaintiff's lawyers argue that Merck knew of the problems of Vioxx, and produced the emails as evidence. The documents showed that scientists at Merck were worried about Vioxx's potential cardiovascular risks as early as 1997, two years before Merck began selling the drug. "I just can't wait to be the one to present those results to senior management," said an angry Merck scientist, Dr. Alise Reicin, in a 1997 e-mail after cardiovascular symptoms emerged with Vioxx.
Imagine how this might play out in front of a jury? Well, in 2005, the jury awarded the widow of Mr. Robert Ernst $253.3Million after finding Merck liable for the death of Mr. Ernst in May 2001 after taking Vioxx.4 Merck's stock price fell almost 8% the day after the verdict, wiping billions of dollars off the company's valuation.
The plaintiff's lawyer offered jurors a trove of company documents and e-mail messages5 that revealed how Merck researched Vioxx's heart risks and presented what it knew to doctors and consumers.
In the Vioxx matter, it was the preponderance of overall evidence that persuaded the jury, there was not a single "smoking gun" that directly led to the verdict. That is not always the case.
Fen-Phen (Pondimin) Lawsuits
The drug combination fenfluramine/phentermine, usually called fen-phen, was an anti-obesity treatment introduced in the 1990s and marketed by American Home Products (later known as Wyeth) as Pondimin. It was shown to cause potentially fatal pulmonary hypertension and heart valve problems, which eventually led to its withdrawal and legal damages of over $13 billion.6 In 2017, 20 years after Pondimin was pulled from the US market, claims were still being filed and payments were being made to plaintiffs.7 The total bill to Wyeth is in excess of $20Bn.
In the Pondimin case, the "smoking gun" was an email sent in 1996 by a Wyeth executive, that said "Am I off the hook or can I look forward to my waning years signing checks for fat people who are a little afraid of some silly lung problem?" Imagine how you would feel if you were a member of the jury, and (ahem) a little overweight.
The Opioid Epidemic
In a more recent and ongoing case, it was reported on 26 March 2019 that Purdue Pharma, the maker of OxyContin, settled a lawsuit with the state of Oklahoma for $270 Million.8 Part of the reason for the settlement was damning evidence from emails that members of the Sackler family that owns Purdue Pharma directed efforts to mislead the public about the dangers or opioid addiction.9
Emails and Sexual Harassment
Sometimes emails can be sent carelessly as an attempt at humor that backfires with a tremendous explosion. In 1995, Chevron settled a sexual harassment claim for $2.2M, after an emailed joke was presented to the jury. The email was entitled "25 reasons beer is better than women," and repeated a variation of a joke that persists even today on some corners of the internet.10
It is good practice for an organization to have a sexual harassment policy (often as part of the employee handbook) that explicitly prohibits sexual harassment in any form, including via email.
There are many web sites which can offer guidance on good email etiquette, and these are helpful.11 But there are additional guidelines that can help protect you if you work in a litigious industry, especially one which is highly regulated such as banks, medical devices, drugs or aviation.
This stands for "Pick Up The Phone." In other words, try and use oral communication in preference to email if you can. There is no point in sending an email to someone you can see in the adjacent cubicle unless it is necessary for the work you are doing.
Always have a confidentiality disclaimer on email
Emails that contain confidential information (i.e.: anything of interest to the company), should include a disclaimer, usually as part of the author's signature block. An example of a disclaimer is:
The information contained in this email (including any file attachments transmitted with it) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorised review, use, alteration, disclosure, copying or distribution is prohibited. If you have received this email in error, please notify the sender by return email and destroy all copies of the original message. Any confidentiality or privilege is not waived or lost by any mistaken delivery of this email.
Consider what happens if an email is printed out and thrown out in the trash. Once it is outside the company (e.g.: in a dumpster12) it is in the public domain, and could be produced in a lawsuit. If it has a confidentiality disclaimer, then at least there is an argument as to why the email should be inadmissible. This of course is not bullet proof, but is generally good practice.
The idea of a Blind Courtesy Copy (BCC)13 is that the contents of an email can be communicated to someone without the other recipients knowing about it. The problem is that BCC is never blind, it is always traceable. BCC emails clutter up the recipients' inbox and waste time and energy which creates longer term problems.
In general, send emails only to those people who are affected by it or need to know. Also, understand that metadata of an email may be just as important in a lawsuit as the content of the email. The metadata includes the location (IP address) of the originating computer, the time and date it was sent, the servers through which it was routed, the list of addressees, and many other pieces of information that can be useful in a lawsuit.
Speculation in an email can easily be taken out of context and presented as "the company's view." In general, present just facts unless specifically asked for something else. If you are asked to speculate, or you want to present speculation, then ensure it is labelled as such with language such as "in my personal opinion," or "you asked me to speculate so this is my thinking."
A business email is not the place for sharing jokes, funny pictures, cat videos, or anything else that is not pertinent to the business. Keep those matters for your personal email system.
Don't use Business Email system for personal matters, and vice versa
A business email system is owned by and should be used for the business. Do not mix business and private emails on the same domain. Note, this does not mean that you can't have multiple email accounts or multiple clients on one computer or your phone - for example a business account and a personal account. But even if you do this, your personal emails stored on the company's property are accessible to and may be found by the company. It is better to have two separate computers - many people nowadays have two phones, one for business and one for personal use.
Email is not Private
You do not own the emails you send and receive on your company's email system. Most employment agreements formally stipulate that the company owns the data you generate, including on the company's email system.
Think before hitting send
Before hitting send, re-read the email with this question in your mind: "How would it look if this email was published on the front page of the newspaper or shown on national TV news?"
Be diligent about what you receive
If you receive an email that you believe may be troublesome, don't hesitate to go back to the sender and ask for it to be rewritten or ask for more clarity. Failure to do this can be interpreted as tacit agreement with the sender. Imagine the plaintiff's lawyer's question "When you received the email from Mr. Smith that was obviously troublesome, you did nothing about it, so you obviously agreed with it, right?" The truth here is secondary, it is the impression to a jury which can be damning.
Delete old Emails - or don't!
Unfortunately, many people use their email client (like Outlook) as an archive for years of communication - and this presents a huge risk to the organization. The notorious breach of security at Sony in 2014, was surpassed in 2017 by the data security breach of 1.5 terabytes of data from HBO in 2017. Much of what was stolen was old emails of key executives, which were later used for ransom demands.
It is good practice for an organization to have an email retention policy which specifies how long emails are kept, and when old emails are deleted (and other electronic documents such as text messages, tweets, and social media posts). In many industries, there are regulations that require an organization to have such a policy (such as the Sarbanes-Oxley financial regulations, the HIPPA regulations concerning personal healthcare data), and FDA and various other agencies which specify retention of data used to obtain regulatory approval of devices or drugs. It may be necessary to have a policy which distinguishes between mandatory retention (e.g.: scientific data used as part of a regulatory submission), and the rest which is not required to be kept for a long time.
Typically, there is no reason to keep any emails longer than two months. Any content (e.g.: attachments) of the email which needs to be kept longer should be moved to a different platform than the email client. In many lawsuits, once a party has been notified of a pending lawsuit, it is necessary and obligatory to preserve all emails that may be pertinent to the lawsuit. This is referred to as a "litigation hold." Many contemporary email systems have a feature to implement a litigation hold on the email server.14 If there is no data retention policy that automatically deletes old emails, the risk is that some old emails will be found in discovery that could be damaging to the defendant.
DO NOT destroy old emails (or other documents) if they should be kept as a result of a litigation hold. It can be a federal crime - just ask Arthur Anderson, who was indicted for obstruction of justice for destroying documents when it learned that Enron was under investigation.15
Remember, "Delete" doesn't mean delete
Even when you hit "Delete" the email usually doesn't go anywhere - the operation merely frees up space on your computer by allowing the email to be overwritten. Deleted emails can often (usually) be found in discovery in a lawsuit.
Even if the originating and receiving computers are completely destroyed, the email is not gone. Most corporate email systems use continuous backup to preserve information and those backups can also be found in discovery.
Email is a very useful and indispensable business tool. But like many sharp tools, if it is used indiscriminately, it can cause injury. Follow simple guidelines, practice self-discipline and be vigilant about those around you who may err, and you will minimize the risk to you personally and the organization.
Failure to do so may result in a lawsuit, during which you may be deposed, and have to testify, and one or more expert witnesses may be called to interpret what is said in the best light.
- 5 Most of the documents presented at trial are publicly available - https://www.industrydocumentslibrary.ucsf.edu/drug/results/#q=case%3A%22Ernst%20v%20Merck%22&h=%7B%22hideDuplicates%22%3Afalse%2C%22hideFolders%22%3Afalse%7D&subsite=drug&ca/li>che=true&count=103
- See for example https://www.thebalancecareers.com/how-to-write-and-send-professional-email-messages-2061892
- "Dumpster diving" is a technique used for years in industrial espionage, and wise companies nowadays are going to extraordinary steps to prevent it. See https://www.forbes.com/sites/quora/2017/06/05/how-do-fortune-500-protect-themselves-from-corporate-espionage/#7d46b1f25ced
- For those old enough to remember, this used to mean "Blind Carbon Copy."
- For example, Microsoft has a Litigation Hold feature in the Exchange Server product - see https://docs.microsoft.com/en-us/exchange/policy-and-compliance/holds/holds?view=exchserver-2019
Peter A. Crosby has over 35 years experience in the Medical Devices Industry. He has been the CEO of six medical device companies (public and private) in four countries, and has been a member of the board (including chairman of the board) of over 10 companies. Mr. Crosby has served as an expert witness in many cases including product liability, intellectual property (patent disputes), and commercial contracts disputes. He has testified in three cases in which the outcome hinged on interpretation of "commercially reasonable efforts." His services are available to attorneys representing plaintiff and defendant.
©Copyright - All Rights Reserved
DO NOT REPRODUCE WITHOUT WRITTEN PERMISSION BY AUTHOR.