A Federal court in New Jersey sanctioned Outback Steakhouse for failing to preserve enough video camera footage of a customer’s slip and fall.

Despite the restaurant manager’s efforts to export nearly 30 minutes of surveillance video, the court determined the selective collection and preservation of but a few minutes of video that preceded the plaintiff’s fall on an alleged greasy substance was insufficient.  Because the DVR system used by Outback was configured to overwrite its data every seven days, by the time the Plaintiff sent her preservation letter (some twelve days later which sought a total of 48 hours of video) the relevant electronic evidence had already been destroyed.

It was revealed during discovery that Outback had a policy and a procedure in place to check the floor as they work and to report incidents to management, but it did not have a policy (or any employee training) on the preservation of electronic evidence, thereby leaving each manager to determine how much video evidence to collect.

In response to the permanent loss of the additional requested video evidence, Plaintiff filed a motion for sanctions pursuant to Federal Rule of Civil Procedure 37.  The court determined that because Outback was a sophisticated litigant, it was aware it had a duty to preserve relevant evidence.  The court found Outback failed to fulfill its duty because it left the task of determining what to preserve to individual restaurant managers who were given no guidance on how to execute the company’s preservation duties.  As such, the court ruled the jury could be instructed that Outback intentionally failed to preserve the disputed video evidence and that it may presume the lost video footage was unfavorable to Outback.

Slip and fall cases typically involve the routine application of the facts to long established premises liability laws, and this one does not appear to be any different.  However, it is quite instructive on the issues of (i) electronic evidence preservation and (ii) company policies and procedures.

You can read the Court’s opinion in Nagy v. Outback Steakhouse here.

A few takeaways to consider:

Best Practices regarding Surveillance Camera Footage

• Take Inventory: Businesses should act quickly after an incident has occurred to determine what video evidence exists.  This inquiry should focus not only on your own video systems/evidence but also third-party video feeds such as neighboring businesses and homes, traffic cameras, and municipal/police surveillance systems.
• Data is ephemeral. As seen in the Outback case, the surveillance video was overwritten by the system after just seven days. Third-party data retention could be even less, so act fast to canvass the area and request their cooperation to preserve the evidence (even if they don’t want to turn it over immediately without a subpoena or court order).
• Video systems are highly proprietary. You may need to hire a forensic expert to preserve the data at issue.  Often with surveillance camera/DVR data, the information is saved in a proprietary format and requires a product-specific export tool (and possibly even a viewer) to access the videos.  While a forensic image of the hard drive located within the DVR system might satisfy the company’s preservation obligations, the image may prove useless unless there is a way of exporting and viewing it in a usable, and cost efficient, format.
• Have a written Evidence/ESI Policy and Procedure. For businesses that deal with public invitees, injuries are bound to occur.  In addition to any policies and procedures for the reporting of accidents/injuries, it behooves businesses to include in those policies an evidence policy that addresses the types of evidence that should be preserved, by whom, and when.  As seen in this example, the local restaurant managers are tasked with deciding what video to save, and how much.  Given that Outback had a policy on floor sweeps, preserving an entire day’s video could have proven the employees fulfilled their duties as directed.

Best Practices for preserving ESI in General:

• Begin the preservation process early. Litigation takes place months/years after the fact, and ESI-related discovery issues may not be known until it is too late to preserve the evidence.  Forensically imaging an entire computer or smartphone, or as in the Outback case, exporting a full day worth of video, may seem like an over-indulgence, but when compared to fighting a spoliation motion, it is money well spent.
• Handle With Care: Metadata on-board. Hiding behind your documents, photographs, and emails is its metadata. Metadata is constantly being updated as the user interacts with the ESI.  As such:
  • when dealing with thumb drives and other external storage devices, don’t insert them to see what they contain. Too often the file access dates will be updated by anti-virus scans or search functions conducted by the client and/or attorney.  Rather, they should be delivered to an expert for preview/preservation.
  • When dealing with specific, relevant emails, don’t forward the subject email, add it as an attachment to a new email when sending to counsel. The internal metadata (header) of the original email needs to be preserved—forwarding it replaces the original metadata with the forwarded email’s information.  Tracing it will only lead back to you, not the original sender.
  • When dealing with documents, preserve both the internal metadata and its system metadata. Internal metadata travels with the document, but system metadata can only be found on the device on which the file was created/saved/modified/edited.  You may need to image an entire device in order to satisfy your preservation obligations, even if you think the document is the only relevant piece of evidence in your case.

As a business owner, often your most valuable asset is your employees. But what happens when your best employee leaves without reason or mentions she or he is going to work for another company? This should raise a red flag if that employee has access to your company’s sensitive data and/or intellectual property.

Even if you don’t suspect any nefarious motives, in addition to conducting an in-depth exit interview, another pro-active measure a company can take to protect itself is to engage a computer forensic expert to forensically image the departing employee’s computer hard drive (i.e. create an exact bit-by-bit mirror copy).

By having the hard drive imaged immediately, the digital evidence is preserved just as it was the day the employee last laid his or her fingers on the keyboard. Preserving the hard drive has two primary benefits:

• An analysis of the forensic image can be conducted quickly if needed (if, for example, the employee left and “failed to mention” he was going to work for a competitor or open his/her own shop); and
• The evidence would not be trampled upon. Often the company’s IT department will re-issue the computer to another employee thus making forensic analysis more difficult). Even worse, the computer hard drive could be wiped/destroyed and a new one inserted into the shell.

In the event the forensic image does need to be analyzed, the electronic fingerprints the employee left behind can reveal (i) what files were copied to external devices (thumb drives / USB hard drives), (ii) the file folders to which the ex-employee browsed prior to departure, (iii) which websites/cloud storage sites the ex-employee navigated to on the Internet, (iv) the personal or company email the ex-employee sent to her/himself or the new company, and (v) the files s/he may have deleted.

The next time a key employee leaves your company, contact us to discuss which data preservation options best fit your needs.

Post by Steve Hilary, Digital Forensic Examiner
Certified Computer Examiner (CCE)
Encase Certified Examiner (EnCE)
AccessData Certified Examiner (ACE)
New Jersey License Private Detective

Social media is a staple in life.

Social media is a staple in life. It is the way in which many people obtain news, communicate with one another, and even conduct political conversations. Therefore, it makes sense that employers want to utilize social media when conducting employee screening investigations on potential employees. While using social media can be helpful, it is important to be mindful of the ways in which social media can, and should, be used in this delicate process.

Farm; Don’t Hunt with Social Media

Social media is a wonderful screening tool that can be used to farm information to create a full picture. The idea is to browse everything available to the public and get to know your candidate through this public persona. As opposed to running criminal background checks and credit reports, which allows you to hunt for specific information, social media is an open-ended search process. Anything can be found through the social media profiles and activities, whether the information is more of a personal nature or even a professional nature.

Therefore, do not be closed-minded when perusing a candidate’s public profiles and activities online. Reviewing information such as profiles, as well as postings, Reddit activity, Twitter follows, and even Instagram and Snapchat activity can create an in-depth picture of whom you are potentially hiring.

Stay Within Legal Guidelines

Since social media is an open book for those who offer public glimpses into their lives and activities, it is easy to get swept away in the idea that anything goes. However, this is still an employment situation with federal and state guidelines in place to protect the rights of employment candidates.

For instance, in New Jersey it is illegal to mandate an employment candidate provide you credentials to access their social media accounts. Employees have the right to privacy. Unless they have purposefully, and willfully added you as a friend or follower, you can only have the same access any member of the general public has to the candidate’s social media.

In addition, hiring decisions cannot be based on discriminatory facts, such as age, race, creed, sexual orientation, or other similar factors. Social media gives you an insight to all of these types of issues surrounding a potential candidate. Therefore, tread lightly and do your best to only focus on the activities at hand, as opposed to facts that you know to be discriminatory.

Finally, it is best to have a clear policy in place for your hiring staff and management regarding the use of social media for employee screening purposes. This is something to design with your HR team and legal team to ensure you are following the guidelines set forth by any and all laws affecting the hiring process.

Social Media’s Standard Practices

Beyond the legal issues (click the link to view a national summary), there are several standard practices that may be a good idea to follow when researching potential or even current employees on social media. While the following concepts may not be illegal they may put you into a generally difficult position, at best, or be unethical, at worst.

1. Do not “friend” employees or candidates on social media. This creates a level of personal connection that may be detrimental, especially if any adverse action is to be taken with that employee in the future.

2. Speak to the potential employee or candidate about the findings before making any decision. Sometimes social media is not truly an accurate portrayal of an individual. Maybe a photo was posted without the person’s permission. Maybe that photo was photoshopped and is not a truthful photo. Maybe the person was hacked and information on their social media account is inaccurate as a result.

3. Be cautious when making decisions based on findings on social media to make sure there is no breach of any legal duties.

It is not a bad idea to utilize all available resources to get to know the potential employee, however, when utilizing social media, make sure you are appropriately cautious in your approach. If you are in need of a company who specializes in employee screening and using all available resources while abiding by state and local laws, contact us at 856.429.0325. Our investigative experts will be happy to help you make sound hiring decisions without compromising ethics or legal requirements.

Corporate Spear Phishing on the Rise

No longer fooled by emails seeking help from friends stranded overseas or mugged in New York, scammers are looking for new ways to separate you from your money. And this time, they are thinking big—C-Suite big.  The FBI estimated that from October 2013 through December 2014, companies lost a total of $1.2 billion to CEO Fraud. The FBI blames internal security measures as the number one reason for these losses.

In one instance, the director of accounting for a company in Texas wired $480,000 to an account in China because he received an email from the “CEO” directing him to do it.  However, it was an individual posing as the CEO. The scammer had hacked into the company’s server and spent months learning how the company worked and the relationship between the CEO and the director of accounting. He then emailed the director of accounting and made what appeared to be a normal request in the ordinary course of its business. But for the scammer’s audacious request for $18 million to be wired to the same account a few weeks later, it might have continued unnoticed.

In another case, a magazine publisher lost $1.5 million. The accounting executive of the company sent the wire based on an email from the “CEO,” but prior to sending the second requested transfer, he asked the CEO if he had truly made the request, only to find that he did not.

Because these scams are targeted (known as spear phishing), they appear to come from trusted individuals, contain requests that appear normal, and are often not caught by spam filters because they are not mass-mailed.

In addition to standard internal control features for wire transfers that can and should be implemented, below are three practice pointers to help prevent this from happening to you and mitigating the loss if it does.

Training

Employees need to be trained in the ways in which scammers operate. Typically these scammers will purchase a list of emails from the Dark Web and begin sending phishing emails containing malicious attachments (or links to infected websites) to hundreds of addresses.  Once an unsuspecting employee opens the attachment (or clicks on the link) and the malware is installed, the scammer has access to the company’s network (at least as far as that employee’s computer can see into it).  Depending on the level of access, the scammer may move on if nothing can be exploited or next if the computer has access to company data/emails/etc.  Once the scammer decides to act, he may wait until the CEO/executive is away from the office, or simply alter the email address slightly to trick the non-observant receiver. For instance, jsmith@american.com may become jsmith@amer1can.com.

Proper training to prevent these issues include instructing employees not to open email attachments from a sender the employee does not know or recognize.  In addition, employees need to be instructed to look for variations in email addresses when being asked to complete tasks that are critical to the company’s business, such as releasing sensitive data, or giving access to portions of the company server reserved to departments other than the requesting party, and, most importantly, giving out the company’s money!

Many firms provide on-site and online training.

Cyber Security

Cyber security in the corporate world has become a yeoman’s task. As it pertains to CEO fraud, there are two primary fixes.  The first is to mandate company email accounts use two factor verification. If the CEO’s account is accessed from anywhere that is not a recognized, secure location, as designated by the user, a second verification method would need to be entered (either a code sent via text to the CEO’s phone or a pre-printed verification code).  This prevents a scammer from logging in from Starbucks.  The second is to institute an internal control to require more than one person’s authorization for money transfers or expenditures. Whether it be a wire transfer, check, debit, or other material financial transaction, the approval process should involve two individuals who are privy to the request, purpose, and related specifications.

Insurance Protection

Even the most vigilant company will still find itself a victim.  Traditional insurance policies contain some coverage for fraud protection, but as recent cases have shown, (AF Global Corp. v. Federal Insurance Company) they do not include this new type of fraud. Some of the policies will only pay a claim if the fraud was the result of a traditional negotiable financial instrument having been fraudulently forged or stolen, such as check fraud. Therefore, it is important to review your policies and work with your insurance company to provide a policy that includes coverage for monetary losses incurred by an electronic breach.

If you do have such coverage, your insurance company will need to follow the evidence to learn how the fraud took place.  Therefore, it is important to direct employees not to delete the emails related to the fraud. They emails can be examined forensically to help support your claim.

For more information relating to training, prevention, and investigation, contact the experts at Maragell at info@maragell.com.

Effective September 3, 2015, it became unlawful to conduct credit checks on nearly all potential and current employees if your business is located in the City of New York and you have more than four people on staff (including owners). As an employer, it is important to know the exceptions to this new limitation in the field of Human Resource Management.

What is actually prohibited?  According to the New York Commission on Human Rights (“NYCHR”), the governing body for this Ordinance, an employer cannot obtain a consumer credit report and use it in the hiring process unless the position falls within a specific list of exceptions.  According to the NYCHR, a consumer credit report refers to a credit score, credit accounts, bankruptcies, judgments, or liens whether obtained from a third party source or from the prospective employee directly.

While the Ordinance is being promoted by the City as the most stringent of its kind in the U.S., it does have its exceptions.   The onus is upon the employer to document the exception used to obtain a credit check.  The exceptions include:

• Positions in which federal or state law requires credit background reports, such as FINRA licensed companies;
• Police Officers, peace officers, or positions with a law enforcement or investigative function at the Department of Investigation (“DOI”);
• Any positon subject to a DOI Background Investigation;
• Positions requiring bonding under federal, state, or city law or regulation;
• Positions requiring security clearance under federal or state law;
• Non-clerical positions having regular access to trade secrets, intelligence information, or national security information;
• Positions requiring responsibility for funds or assets worth $10,000 or more; and
• Positions involving digital security systems.

It is important to consult an attorney or HR Specialist when making hiring decisions to determine whether or not you are complying with this, and other local, state and federal laws.  Before you do so, here are few practice points to get you started:

• Research each position to determine if it fits within one of the exemptions—it may require you to develop a list of what is a trade secret or business intelligence that warrants extra HR security for that position and therefore, based on the assessment reached, exempts that hire from the Ordinance’s limitation;
• Research your industry online to determine if there are federal or state guidelines that require credit history verifications for your industry;
• Use Google and LinkedIn and other social media platforms when making your hiring decisions to the extent your state does not ban such research or prevent you from using protected activity found on these sites against the candidate (i.e. cannot use evidence of a person’s gender preference, marital status, age, etc. against them).
• Create a log to document the exemptions used and the factual basis for each exemption claimed; and

The NYCHR has issued an official Guidance about the application of the Ordinance (see https://www1.nyc.gov/assets/cchr/downloads/pdf/CreditHistory-InterpretiveGuide-LegalGuidance.pdf) and it is expected it will continue to update the public on this topic via its FAQ page (see https://www1.nyc.gov/site/cchr/media/credit-check-law-frequently-asked-questions.page)

Despite pressure from business leaders and private detectives, the latest version of the New Jersey Senate Budget and Appropriations Committee’s “Opportunity to Compete Act” [SENATE, No. 2124] continues to impose restrictions upon New Jersey employers when advertising for, and interviewing, prospective employees as it applies to criminal records.

According to the Committee, it determined that “[r]emoving obstacles to employment for people with criminal records provides economic and social opportunities to a large group of people living in New Jersey, increasing the productivity, health and safety of New Jersey communities.” It also asserted “[c]riminal background checks by employers have increased dramatically in recent years, with estimates of 90 percent of large employers in the United States now conducting background checks as part of the hiring process…. and that [b]arriers to employment based on criminal records stand to affect an estimated 65 million adults in the United States with criminal records.”

Concerned by employment advertisements in New Jersey that include language regarding criminal records that either explicitly preclude or strongly dissuade people from applying, the Committee advanced its bill to the entire Senate to tackle these obstacles to employment.

If passed, the bill will preclude an employer (of 15 or more people) from requiring a job applicant to complete any employment application that makes any inquiries regarding the applicant’s criminal record during the “initial employment application” process. It will also preclude the employer from making any oral or written inquiry regarding an applicant’s criminal record during the initial employment application process. The term “initial employment application” means the period from advertisement through completion of initial interview.

If an applicant discloses any information regarding the applicant’s criminal record, by voluntary oral or written disclosure, during the initial employment application process, the employer may make inquiries regarding the applicant’s criminal record during the initial employment application process.

Notwithstanding the foregoing, employers should be aware that if the employment is for a position where a criminal history record background check is required by law, rule or regulation, or where an arrest or conviction by the person for one or more crimes or offenses would or may preclude the person from holding such employment as required by any law, rule or regulation, or where any law, rule, or regulation restricts an employer’s ability to engage in specified business activities based on the criminal records of its employees, the restrictions of the bill do not apply.

This last exception is key for many of our clients. For our non-regulated clients that send employees into regulated entities like banks, hospitals, and mortgage lenders, their contracts routinely contain clauses that require all employees to be screened and failure to produce proof of a background check can void the contract.

Hence, when advertising for a position, consider all job assignments the candidate may be obligated to fulfill. If a potential assignment is in a regulated industry where a background check will be needed, the bill’s restrictions on advertising and interviewing may not apply.

Effective December 1, 2013, New Jersey employers will be prohibited from requiring both job candidates and current employees to disclose the user names and passwords to their personal social media accounts.  Last Thursday, Governor Christie signed into law a revised version of Assembly Bill 2878 making it a violation of NJ law to do so.  An earlier version of the same bill had previously provided for a private right of action allowing individuals to sue for violations of the law.  As of now, only civil penalties (up to $2,500) can be imposed and are to be collected by the Commissioner of the New Jersey Department of Labor and Workforce Development.

Under the new law, employers can still monitor social media accounts that are open to the public, are provided by the company for use by the employee, or in the case of suspected wrongdoing, to conduct an investigation of a current employee’s social media account if the account is used for business purposes of the employer or if used to engage in business-related communications, but only if the employer independently received information about the suspected wrongful conduct (i.e. in a lawful manner from a third party).

Key Practice Points:

1. Employers should review their application and background check forms and conform them to the new law.
2. Social media policies should be updated to warn employees that the use of personal social media accounts for business purposes may entitle the company to examine them for compliance with company policies regarding marketing, advertising, data transfer, regulatory affairs, and other business rules.
3. Managers should be made aware of how they may conduct examinations of social media sites to enforce the issues raised in Point 2 above.  The NJ federal court case of Ehling v Monmouth Ocean Hospital Service Corp  (decided August 20, 2103) and the NJ state court case of Pietrylo v. Hillstone Restaurant Group (decided July 24, 2008) both provide real world examples of how these issues may play out when an employer begins to peek under the gurney/table.
4. Litigants must be wary of using usernames/passwords found on company computers to access these social media sites.  Properly crafted computer use policies may enable an employer to use information found on company equipment even if it is from a password protected account.  Moreover, employees who configure their social media sites to automatically boot at start-up should be made aware that the employer may have instant access to those sites in the event the employer takes possession of or simply uses the computer for legitimate business purposes.

For additional information, please give us a call or email us at info@maragell.com.

Reading the Tea Leaves

This morning, the Today Show’s investigative reporter, Jeff Rossen, revealed once again the pitfalls of cutting corners when it comes to conducting employee background checks.  In his report, Jeff highlighted the plight of several prospective employees who were denied positions because the firms hired to conduct their background checks failed to use reasonable procedures to vet the information they retrieved.

Unfortunately for US employers, there is no central location they can check to determine if a prospect has a criminal record.  To obtain a “national criminal record check,” a search must be conducted at the federal, state, county, and if warranted, municipal, levels for every place the prospect ever lived, worked, visited or vacationed.  No employer would incur the cost to conduct such a search (nor could it given the need for the prospect to divulge his/her life’s itinerary).

Instead, employers often rely upon database searches as an alternative to conducting a thorough manual background check.  The trade-off is that while such research is cost and time efficient, the databases often link erroneous dates of births, crimes and litigation matters to individuals with similar names and social security numbers.  Until a human being takes a moment to analyze the data and compare it to what was provided by the prospect, as well as comparing it to other pieces of independently developed information about the prospect, the type of misinformation described in Rossen’s report will continue to be conveyed to the employer.  Background checks are an art form, not a mouse click.

Practice Tip:  If your firm must rely upon database searches for budgetary reasons, ask the prospective employee for a 10 year address history.  Use it to compare it to the results from your background check firm.  If crimes are listed on the report in states the prospect did not live, question your vendor—demand they check with the courthouse directly.