Internet Newsletter for Lawyers |
|---|
"72% of UK firms have dealt with Internet misuse in the workplace - 69% of all dismissals were associated with online pornography."
"87% of employees can't resist reading bosses' e-mails."
"51% of employees admitted they would download company information if requested by a friend."
These are authentic findings from different surveys in the past three months and all are potential Internet nightmare scenarios which arise from three sources: technology nightmares, from the use and operation of technology systems; legal nightmares, from failure to comply with legislative and regulatory provisions; and operational nightmares, from failure to adequately manage personnel in their use of the technologies.
There are four key risks in respect of e-mail. It must be sent so that only the intended recipient can read it. There must be no opportunity for interference with its content. The recipient must be sure of the identity of the sender and it must not be capable of repudiation at a later stage.
A hacker's objective is to breach an enterprise's security system. A hacker might introduce viruses into a network, deface a web site, use illicit credit cards, or corrupt data. Recently, both the Consumers Association and the Inland Revenue have been embarrassed by details of customers' and taxpayers' records respectively appearing unsecured and open to public view on their respective web sites.
A determined intruder can employ software to detect and identify passwords, but often, problems originate with password holders. People tend to select easily identifiable passwords and codes - In a recent survey, the most commonly used password was found to be "password"! Passwords provide limited proof of identity and carry no legal validity or possibility of verification. They need continual updating and can be costly to manage.
A virus may have no effect or may cause complete system failure. Infection occurs in various ways, for instance, booting up a PC with an infected disk or CD, or running an infected program. Imagine the damage to a firm's reputation from a virus infiltrating and replicating its database and spreading this globally.
A survey of law firms in 2000 found: "54% of legal firms do not have a disaster policy in place. 68% of these are medium-sized law firms. Of the 46% of firms who do have a policy, over half (52%) had never tested the plans."
Clients will increasingly expect electronic services to be available outside traditional working hours. In an e-conveyancing transaction, there may be electronic links with the estate agent, the mortgage provider, a pensions provider, an accountant and the land registry. Imagine an e-conveyancing chain with completions scheduled for a specific day, if the firm's system is "down"' for 12 hours!
A domain name must be correctly registered. It is possible to miss variations on a name that might infringe another organisation's rights. Once registered, any renewals and changes to the firm's organisation and personnel will need to be recorded appropriately.
A visitor might rely on advice and information given on a web site, and subsequently act upon it to their detriment. Liability in deceit can arise for a web site statement that is knowingly false or reckless as to its truth - or under the Misrepresentation Act 1976 where a party enters a contract on the basis of a misrepresentation and suffers loss. Dated information and information from a linked site may also give rise to an action for negligence.
An online advertisement is accessible globally and therefore potentially subject to the law of every country in which it is seen. Advertising raises the question of compliance with domestic and foreign legislation and codes of practice, as well as professional regulations. Yahoo! has recently been involved in proceedings in the French courts for advertising the availability of Nazi memorabilia through its web site in France.
There are two key "copyright" risks arising from web sites: unauthorised reproduction by another of material posted on the firm's web site and posting of content on the firm's web site taken from another site without permission. A firm must ensure compliance in respect of material posted on its web site, or in respect of any use of its own material on another site.
Improper management of data stemming from: processing, use, storage, loss, inaccuracy, lack of consent and unauthorised transfer can expose a practice to both civil and criminal proceedings.
Confidentiality can be put at risk through Internet technologies. E-mail can be sent to the incorrect recipient, or accidentally and erroneously copied. Sensitive information stored on systems and networks and can be accessed inappropriately. Information sharing and collaboration raise questions of access to particular types of information and the nature of the access to be allowed. Breach of confidentiality may expose a law firm to civil proceedings or professional disciplinary sanctions.
The speed and informality of e-mail facilitates the inadvertent formation of contractual relations. An inexperienced employee may exceed authority and conclude a contract online rendering the employer liable, irrespective of whether the employee had actual authority. Recently, both Kodak and Argos have advertised goods online at incorrect prices and visitors have claimed that agreement to buy at those prices constituted a legal contract. Kodak reached a settlement, and Argos argued that their advertisement did not constitute an offer in the legal sense.
Internet technologies now enable many traditional legal services to be provided at a distance. Care must be taken to ensure compliance with applicable statutes and regulations. Awareness of relevant legislation is required and an ability to manage the resources of the practice to ensure compliance at all levels.
There is potential for considerable confusion in delivering electronic services with an international element. For instance, a potential enforcer of intellectual property rights may have to consider each jurisdiction involving the offending material and the enforcement implications. Where lawyers are advising parties to a globally networked transaction, it is vital to keep abreast of all developments in which foreign laws and jurisdictions may be relevant.
"Electronic" defamation might occur by publication in e-mail, on a Web site; or a discussion group. Liability can attach to the publishers, so a firm might attract liability for employees' statements in, or ostensibly within, the scope of their employment. One city law firm pursued a successful libel action against a malicious e-mailer when staff at their client company received defamatory e-mail concerning the company's managing director. Disclosure was ordered and the e-mails were traced to a laptop computer owned by the defendant. The complainant was awarded damages of £26,000.
In Western Provident Association v Norwich Union Assurance Co (1997), the defendant settled a claim in the sum of £450,000 and costs for a defamatory allegation in an internal e-mail suggesting that the claimant was in financial difficulties.
In Godfrey v Demon Internet (1999), the claimant successfully sued the defendant for failure to remove defamatory comments about him posted on a bulletin board by another party. There has recently been a similar case where action was taken between individuals involving remarks posted on the Friends United web site.
Obscene material can be accessed, published, displayed and distributed in the workplace. It is an offence to send an offensive, indecent or obscene message by means of a public telecommunications system, for example, e-mail and to possess (including storage on a computer) any indecent photograph or pseudo-photograph of a child.
Harassment may well arise through irresponsible use of e-mail, which lends itself to inappropriate and improper language and expression. Partners of a law firm are vicariously liable for the acts of their employees and may be liable if the employee's conduct is within their control.
There are endless opportunities for employees to abuse e-mail. There have been a number of high profile cases where the improper use of e-mail resulted in professional embarrassment. These risks arise when communicating with external sources as well as with employees working from remote locations. One recent instance became known as the "Busty Blonde" case - where, allegedly, an internal e-mail suggested replacement of a leaving member of staff by a "busty blond"'.
Other risks include: receiving instructions, giving undertakings and the issue, service and settlement of court proceedings by e-mail. Employees might fail to apply virus-checking or security procedures, through forgetfulness or laziness. Consider the implications of the accidental unauthorised despatch to a claimant's solicitor of an attachment containing details of a client insurer's confidential calculations upon which are based an offer to settle a personal injury claim.
Similar problems arise in respect of the Web. In business hours, employees can visit inappropriate sites, download and distribute unsuitable material, or take part in unauthorised chat rooms. Employees can waste time browsing web sites and making private online purchases.
Employees must be aware of their responsibilities for ensuring web site content is accurate and up to date, and that advertisements, disclaimers, copyright and data protection notices are accurately posted. Employees must understand the possible criminal and civil risks involved.
Risks arising from electronic legal services raise additional concerns. Employees may not fully understand the implications of concluding a contract online. Similar concerns arise during a transaction where an employee provides a professionally binding undertaking. Employees responsible for management of electronic payment systems must understand their functions and implications and the need for adequate checking systems to prevent fraudulent use.
At the end of Crimewatch, the presenter exhorts viewers "not to have nightmares". But with Internet technologies - can you afford not to?
Rupert Kendrick LL.M solicitor, a former partner in a medium sized firm, is now a consultant and writer on legal IT. He is author of Managing Cyber-Risks (Law Society Publishing, May 2002). Email rupkendrick@aol.com
Back to Contents.