You Have Mail (Better Read It): District Court Finds EEOC 90-Day Deadline Starts When Email Received

If a letter from the EEOC is in your virtual mailbox but you never open it, have you received it? Most of us are familiar with the requirement that a claimant who files an EEOC charge has 90 days to file a lawsuit after receiving what is usually required a “right-to-sue” letter from the agency. This is one of the deadlines that both plaintiff and defense counsel track on their calendars. But when is that notice officially “received” by the claimant — especially in these days of electronic correspondence? In Paniconi v. Abington Hospital-Jefferson Health, one Pennsylvania federal court decided to draw a hard line on when that date actually occurs.

A Cautionary Tale

Denise Paniconi worked for a hospital in Pennsylvania and filed a charge of discrimination with the EEOC alleging race and religious discrimination. The EEOC investigated and issued a right-to-sue letter dated September 8, 2021, which gave her 90 days to file her complaint. She filed her complaint 91 days after the EEOC issued the letter. The employer moved to dismiss the complaint for failing to comply with the 90-day deadline.

What ordinarily would just be a day counting exercise took a twist because of how the EEOC issued the notice. The EEOC sent both the plaintiff and her lawyer an email stating that there was an “important document” now available on the EEOC portal. Neither the plaintiff nor her lawyer opened the email or accessed the portal until sometime later. They argued that the 90-day filing deadline should run from the date that the claimant actually accesses the document, not from the date the EEOC notified them it was available.

The court dismissed the complaint for failing to meet the deadline. The opinion noted that although the 90-day period is not a “jurisdictional predicate,” it cannot be extended, even by one day, without some sort of recognized equitable consideration. Paniconi’s lawyer argued that the court should apply the old rule for snail mail  ̶  without proof otherwise, it should be assumed that the notice is received within three days after the issuance date. The court disagreed and pointed out that no one disputed the date that the email was sent  ̶   it was simply not opened and read by either Paniconi or her lawyer. The court said that there was no reason that those individuals did not open the email and meet the 90-day deadline.

Deadlines Are Important

This is another example of how electronic communication can complicate the legal world. The EEOC has leaned into its use of the portal, and the rest of the world needs to get used to it. The minute you receive an email or notice from the portal, you need to calendar that deadline. Some courts (at least this one) believe that electronic communication is immediate, and you may not get grace for not logging on and finding out what is happening with your charge. Yet another reason to stay on top of your emails.

© 2022 Bradley Arant Boult Cummings LLP

Small and Mid-Sized Businesses Continue to Be Targeted by Cybercriminals

A recent Ponemon Institute study finds that small and mid-sized businesses continue to be targeted by cybercriminals, and are struggling to direct an appropriate amount of resources to combat the attacks.

The Ponemon study finds that 76 percent of the 592 companies surveyed had experienced a cyber-attack in the previous year, up from 70 percent last year. Phishing and social engineering attacks and scams were the most common form of attack reported by 57 percent of the companies,  while 44 percent of those surveyed said the attack came through a malicious website that a user accessed. I attended a meeting of Chief Information Security Officers this week and was shocked at one statistic that was discussed—that a large company filters 97 percent of the email that is directed at its employees every day. That means that only 3 percent of all email that is addressed to users in a company is legitimate business.

A recent Accenture report shows that 43 percent of all cyber-attacks are aimed at small businesses, but only 14 percent of them are prepared to respond. Business insurance company Hiscox estimates that the average cost of a cyber-attack for small companies is $200,000, and that 60 percent of those companies go out of business within six months of the attack.

These statistics confirm what we all know: cyber-attackers are targeting the lowest hanging fruit—small to mid-sized businesses, and municipalities and other governmental entities that are known to have limited resources to invest in cybersecurity defensive tools. Small and mid-sized businesses that cannot devote sufficient resources to protecting their systems and data may wish to consider other ways to limit risk, including prohibiting employees from accessing websites or emails for personal reasons during working hours. This may sound Draconian, but employees are putting companies at risk by surfing the web while at work and clicking on malicious emails that promise free merchandise. Stopping risky digital behavior is no different than prohibiting other forms of risky behavior in the working environment—we’ve just never thought of it this way before.

Up to this point, employers have allowed employees to access their personal phones, emails and websites during working hours. This has contributed to the crisis we now face, with companies often being attacked as a result of their employees’ behavior. No matter how much money is devoted to securing the perimeter, firewalls, spam filters or black listing, employees still cause a large majority of security incidents or breaches because they click on malicious websites or are duped into clicking on a malicious email. We have to figure out how employees can do their jobs while also protecting their employers.


Copyright © 2019 Robinson & Cole LLP. All rights reserved.

For more on cybersecurity, see the National Law Review Communications, Media & Internet law page.

Resist the Urge to Access: the Impact of the Stored Communications Act on Employer Self-Help Tactics

As an employer or manager, have you ever collected a resigning employee’s employer-owned laptop or cellphone and discovered that the employee left a personal email account automatically logged in? Did you have the urge to look at what the employee was doing and who the employee was talking to right before resigning? Perhaps to see if he or she was talking to your competitors or customers? If so, you should resist that urge.

The federal Stored Communications Act, 18 U.S.C. § 2701et seq., is a criminal statute that makes it an offense to “intentionally access[ ]without authorization a facility through which an electronic communication service is provided[ ]and thereby obtain[ ] . . . access to a[n] . . . electronic communication while it is in electronic storage  . . . .” It also creates a civil cause of action for victims of such offenses, remedied by (i) actual damages of at least $1,000; (ii) attorneys’ fees and court costs; and, potentially, (iii) punitive damages if the access was willful or intentional.

So how does this criminal statute apply in a situation in which an employee uses a personal email account on an employer-owned electronic device—especially if an employment policy confirms there is no expectation of privacy on the employer’s computer systems and networks? The answer is in the technology itself.

Many courts find that the “facility” referenced in the statute is the server on which the email account resides—not the company’s computer or other electronic device. In one 2013 federal case, a former employee left her personal Gmail account automatically logged in when she returned her company-owned smartphone. Her former supervisor allegedly used that smartphone to access over 48,000 emails on the former employee’s personal Gmail account. The former employee later sued her former supervisor and her former employer under the Stored Communications Act. The defendants moved to dismiss the claim, arguing, among other things, that a smartphone was not a “facility” under the statute.

While agreeing with that argument in principle, the court concluded that it was, in fact, Gmail’s server that was the “facility” for purposes of Stored Communications Act claims. The court also rejected the defendants’ arguments (i) that because it was a company-owned smartphone, the employee had in fact authorized the review, and (ii) that the former employee was responsible for any alleged loss of privacy, because she left the door open to the employer reviewing the Gmail account.

Similarly, in a 2017 federal case, a former employee sued her ex-employer for allegedly using her returned cell phone to access her Gmail account on at least 40 occasions. To assist in the prosecution of a restrictive covenant claim against the former employee, the former employer allegedly arranged to forward several of those emails to the employer’s counsel, including certain allegedly privileged emails between the former employee and her lawyer. The court denied the former employer’s motion to dismiss the claim based on those allegations.

Interestingly, some courts, including both in the above-referenced cases, draw a line on liability under the Stored Communication Act based on whether the emails that were accessed were already opened at the time of access. This line of reasoning is premised on a finding that opened-but-undeleted emails are not in “storage for backup purposes” under the Stored Communications Act. But this distinction is not universal.

In another 2013 federal case, for example, an individual sued his business partner under the Stored Communications Act after the defendant logged on to the other’s Yahoo account using his password. A jury trial resulted in a verdict for the plaintiff on that claim, and the defendant filed a motion for judgment as a matter of law. The defendant argued that she only read emails that had already been opened and that they were therefore not in “electronic storage” for “purposes of backup protection.” The court disagreed, stating that “regardless of the number of times plaintiff or defendant viewed plaintiff’s email (including by downloading it onto a web browser), the Yahoo server continued to store copies of those same emails that previously had been transmitted to plaintiff’s web browser and again to defendant’s web browser.” So again, the court read the Stored Communications Act broadly, stating that “the clear intent of the SCA was to protect a form of communication in which the citizenry clearly has a strong reasonable expectation of privacy.”

Based on the broad reading of the Stored Communications Act in which many courts across the country engage, employers and managers are well advised to exercise caution before reviewing an employee’s personal communications that may be accessible on a company electronic device. Even policies informing employees not to expect privacy on company computer systems and networks may not save the employer or manager from liability under the statute. So seek legal counsel if this opportunity presents itself upon an employee’s separation from the company. And resist the urge to access before doing so.


© 2019 Foley & Lardner LLP
For more on the Stored Communications Act, see the National Law Review Communications, Media & Internet law page.

Personal Email Management Service Settles FTC Charges over Allegedly Deceptive Statements to Consumers over Its Access and Use of Subscribers’ Email Accounts

This week, the Federal Trade Commission (FTC) entered into a proposed settlement with Unrollme Inc. (“Unrollme”), a free personal email management service that offers to assist consumers in managing the flood of subscription emails in their inboxes. The FTC alleged that Unrollme made certain deceptive statements to consumers, who may have had privacy concerns, to persuade them to grant the company access to their email accounts. (In re Unrolllme Inc., File No 172 3139 (FTC proposed settlement announced Aug. 8, 2019).

This settlement touches many relevant issues, including the delicate nature of online providers’ privacy practices relating to consumer data collection, the importance for consumers to comprehend the extent of data collection when signing up for and consenting to a new online service or app, and the need for downstream recipients of anonymized market data to understand how such data is collected and processed.  (See also our prior post covering an enforcement action involving user geolocation data collected from a mobile weather app).

A quick glance at headlines announcing the settlement might give the impression that the FTC found Unrollme’s entire business model unlawful or deceptive, but that is not the case.  As described below, the settlement involved only a subset of consumers who received allegedly deceptive emails to coax them into granting access to their email accounts.  The model of providing free products or services in exchange for permission to collect user information for data-driven advertising or ancillary market research remains widespread, though could face some changes when California’s CCPA consumer choice options become effective or in the event Congress passes a comprehensive data privacy law.

As part of the Unrollme registration process, users grant Unrollme access to selected personal email accounts for decluttering purposes.  However, this permission also allows Unrollme to access and scan inboxes for so-called “e-receipts” or emailed receipts from e-commerce transactions. After scanning users’ e-receipt data (which might include billing and shipping addresses and information about the purchased products or services), Unrollme’s parent company, Slice Technologies, Inc., would anonymize the data and package it into market research reports that are sold to various companies, retailers and others.  According to the FTC complaint, when some consumers declined to grant permission to their email accounts during signup, Unrollme, during the relevant time period, tried to make them reconsider by sending allegedly deceptive statements about its access (e.g, “You need to authorize us to access your emails. Don’t worry, this is just to watch for those pesky newsletters, we’ll never touch your personal stuff”).  The FTC claimed that such messages did not tell users that access to their inboxes would also be used to collect e-receipts and to package that data for sale to outside companies, and that thousands of consumers changed their minds and signed up for Unrollme.

As part of the settlement, Unrollme is prohibited from misrepresentations about the extent to which it accesses, collects, uses, stores or shares information in connection with its email management products. Unrollme must also send an email to all current users who enrolled in Unrollme after seeing the allegedly deceptive statements and explain Unrollme’s data collection and usage practices.  Unrollme is also required to delete all e-receipt data obtained from recipients who enrolled in Unrollme after seeing the challenged statements (unless Unrollme receives affirmative consent to maintain such data from the affected consumers).

In an effort at increased transparency, Unrollme’s current home page displays several links to detailed explanations of how the service collects and analyzes user data (e.g., “How we use data”).

Interestingly, this is not the first time Unrollme’s practices have been challenged, as the company faced a privacy suit over its data mining practices last year.  (See Cooper v. Slice Technologies, Inc., No. 17-7102 (S.D.N.Y. June 6, 2018) (dismissing a privacy suit that claimed that Unrollme did not adequately disclose to consumers the extent of its data mining practices, and finding that consumers consented to a privacy policy that expressly allowed such data collection to build market research products and services).


© 2019 Proskauer Rose LLP.
This article is by Jeffrey D Neuburger of Proskauer Rose LLP.
For more on data privacy see the National Law Review Communications, Media & Internet law page.

You’ve Got Mail: NLRB Requests Briefing on Standard for Employee Use of Employer Owned Electronic Communication Systems

In what could signify the beginning of the end for Purple Communications, Inc., 361 NLRB 1050 (2014) and guaranteed employee access to Employer computer systems for union organizing purposes, the NLRB issued a notice on August 1 inviting the filing of briefs on whether the Board should uphold, modify or overrule the decision.  Under Purple Communications (which we previously covered here), employees have a presumptive right to use their employer’s e-mail system to engage in protected activity under Section 7 of the NLRA on nonworking time, unless the employer can demonstrate circumstances allowing it to restrict such use.  Overturning Purple Communications could return the Board to the standard under Register Guard, 351 NLRB 1110 (2007), which permitted employers to impose Section 7-neutral restrictions on an employee’s non-work use of their e-mail systems, even if those restrictions ultimately limited the employee’s use of the employer’s e-mail for communications involving protected activity.

The NLRB issued the notice in response to a 2016 ALJ decision finding that an employer’s computer usage policy did not comply with Purple Communications standard, because it prohibited employees from using their work e-mail for any nonbusiness purpose.  Board Members Pearce (who was in the Purple Communicationsmajority) and McFerran dissented from the decision to solicit briefs.  Both dissenting Members contended that issuing the notice was inappropriate in light of the pending appeal of Purple Communications before the Ninth Circuit and their view that there has been no change in workplace trends or evidence showing that Purple Communications has created significant challenges for employers, employees, unions or the Board.

Perhaps in recognition that workplace communication technology has clearly expanded beyond e-mail, the notice welcomes briefing on what standard the Board should apply to other methods of employee communication on employer-owned equipment (e.g., instant messages, text messages, and social media postings). While the Board has limited its holdings in the area of computer usage to employer e-mail systems, this notice may indicate a move by the Board to apply a consistent standard to all forms of workplace communication platforms.

 

© 2018 Proskauer Rose LLP.
This post was written by Michael J Lebowich and Jordan Simon of Proskauer Rose LLP.
For more labor and employment news, check out the National Law Review’s Labor and Employment Page.

Will Your Company’s Insurance Cover Losses Due to Phishing and Social Engineering Fraud?

Six Tips for Evaluating and Seeking Coverage for Business Email Compromises

If your company fell victim to a business email compromise – a scam that frequently involves hackers fraudulently impersonating a corporate officer, vendor, business partner, or others, getting companies to wire money to the hackers – would your insurance cover your loss?  There is reason to be concerned about this sort of attack, as the FBI has explained that the “scam continues to grow and evolve, targeting small, medium, and large business and personal transactions. Between December 2016 and May 2018, there was a 136% increase in identified global exposed losses” in actual and attempted losses in U.S. dollars.  The good news for policyholders is that courts across the country have been ruling that crime insurance policies should provide coverage for this sort of loss, at least where it is not specifically excluded.

How do business email compromises work?

In early versions of business email compromises, the hackers send emails that appear to be from company executives, discussing corporate acquisitions, or other financial transactions, and are received by company employees in the finance department.  See, e.g.Medidata Sols., Inc. v. Federal Ins. Co., 268 F. Supp. 3d 471 (S.D.N.Y. 2017), aff’d, — F. App’x — (2d Cir. 2018).  The employee is told that the transaction is highly confidential, and that the employee should work closely with an attorney or other financial advisor to help close the deal.  The employee then is told to wire money to cover the costs of the transaction, very often to a foreign country.  Having been defrauded, the employee logs in to an online banking site, and approves a wire transfer.

In other versions of a business email compromise, hackers get access to email accounts of one party, sometimes via a brute force attack where an attacker breaks into a system by guessing a password, or via a phishing attackwhere a user is fooled into typing a username and password into a fraudulent site.  Then, the hacker sends out emails from the compromised account, pretending to be a vendor, and asking for payment to be sent to a different bank account.  See, e.g.Am. Tooling Center, Inc. v. Travelers Cas. & Sur. Co. of Am., — F.3d — (6th Cir. 2018).  Again, having been defrauded, the employee has money wired to the fraudster, instead of to the vendor.

Will insurance cover losses due to business email compromises?

The answer to whether insurance carriers will cover these losses – without court intervention – is “it depends.”  Recent decisions have ordered insurance carriers to provide coverage.  And the insurance industry has been scrambling to write new endorsements for their insurance policies that the insurance companies say provide coverage for business email compromises.

A common place for seeking coverage for these losses is under crime insurance policies.  Many crime insurance policies include coverage for “computer fraud,” “funds transfer fraud,” or even “computer and funds transfer fraud.”  Exemplar “computer fraud” coverage applies to “direct loss” of money resulting from the fraudulent entry, change, or deletion of computer data, or when a computer is used to cause money to be transferred fraudulently.  Exemplar “funds transfer fraud” coverage applies to “direct loss” of money caused by a message that was received initially by the policyholder, which purports to have been sent by an employee, but was sent fraudulently by someone else, that directs a financial institution to transfer money.  A reasonable policyholder, which fell victim to a fraudulent scheme via a computer, or transferred funds because of a fraudulent scheme, likely would think that computer and funds transfer fraud coverages would apply to the losses.

What have courts said?

Two recent decisions from federal courts of appeal have resulted in coverage under crime policies for business email compromise losses.

The first is the July 6, 2018 opinion issued in Medidata Solutions, Inc. v. Federal Insurance Co., No. 17-2492 (2d Cir.).  The Medidata trial court ruled that a crime insurance policy provides coverage for a fraudulent scheme and wire transfer.  The Court of Appeals for the Second Circuit affirmed the trial court’s decision.  In Medidata, the policyholder’s employees received emails that purported and appeared to be from high level company personnel but were, in fact, sent by fraudsters.  Based on those emails, and messages from purported outside counsel, Medidata wired nearly $5 million to the fraudsters.  It sought coverage under a crime policy that it bought from Chubb that had computer fraud, funds transfer fraud, and other coverages.  The trial court ruled that computer fraud and funds transfer fraud coverages both applied.  It rejected the arguments that the loss was not “direct” because there were steps in between the original fraudulent message and the wiring of funds.

On appeal, the Second Circuit ruled that Medidata’s loss was “direct” under the insurance policy language.  “Federal Insurance further argue[d],” as carriers have done in many business email compromise cases, “that Medidata did not sustain a ‘direct loss’ as a result of the spoofing attack, within the meaning of the policy.”  Slip op. at 3.  The Court of Appeals held that because “[t]he spoofed emails directed Medidata employees to transfer funds in accordance with an acquisition, and the employees made the transfer that same day,” the loss wasdirect.  Id.  The court rejected the insurance carrier’s argument that the loss was not direct because “the Medidata employees themselves had to take action to effectuate the transfer”; the employees’ actions were not “sufficient to sever the causal relationship between the spoofing attack and the losses incurred.”  Slip op. at 3.  The Court of Appeals did not address the trial court’s ruling that funds transfer fraud coverage applied, “[h]aving concluded the Medidata’s losses were covered under the computer fraud provision.”  Id.

Shortly after Medidata was issued, the Sixth Circuit decided on July 13, 2018 that computer fraud coverage applies to losses resulting from a business email compromise in American Tooling Center, Inc. v. Travelers Casualty & Surety Co., No. 17-2014 (6th Cir.).  There, the policyholder (ATC) wired money to fraudsters, instead of a vendor, because of a business email compromise.  The Sixth Circuit reversed the district court, ruling that the losses are “direct,” covered by crime insurance.

In a decision that will be published, the Court of Appeals held there was “‘direct loss’ [that] was ‘directly caused’ by the computer fraud,” even though the policyholder had engaged in “multiple internal actions” and “signed into the banking portal and manually entered the fraudulent banking information emailed by the impersonator” after receiving the initial fraudulent emails.  Id.

Holding that coverage applied, the Sixth Circuit distinguished the Eleventh Circuit’s decision regarding computer fraud coverage in Interactive Communications v. Great American, No. 17-11712, ___ F. App’x ___, 2018 WL 2149769 (11th Cir. May 10, 2018).  Id. at 9-10.  After the policyholder in American Tooling had “received the fraudulent email at step one,” it “conducted a series of internal actions, all induced by the fraudulent email, which led to the transfer of the money to the impersonator at step two.”  The loss occurred at step two; as such, “the computer fraud ‘directly caused’ [the policyholder’s] ‘direct loss.’”  Id. at 10.  By contrast, the Sixth Circuit explained, the policyholder in Interactive Communications only suffered losses at step four in a significantly more complicated chain of events.  See id. at 9-10.

These decisions are great news for policyholders pursuing coverage under crime policies for losses resulting from business email compromises.  And, in light of this new authority, policyholders would be well-advised to examine denial letters carefully, giving due consideration to whether these decisions could be used to argue in favor of coverage.

What options are available to policyholders going forward?

Cynical viewers of insurance history might view the state of coverage as similar to what the industry has done in the past.  That is, initially, cover new claims under “old” policies.  Then, after claims get expensive, hire coverage counsel to tell courts why the carriers must not have meant to cover these new claims (whether the drafting history reflects such an intent or not).  Next, get insurance regulators to approve exclusions purportedly tailored explicitly to the risk, and, at the same time, sell new policy endorsements (often for additional premium) that provide lower limits of coverage for the risk.

That’s what is happening in connection with insurance for business email compromises.  At least one insurance group that drafts crime insurance policies has asked for a definition of computer and funds transfer fraud to be changed, and a new social engineering fraud endorsement to be approved for sale.  Insurers have rolled out these endorsements with limits of coverage that often are capped at low amounts, and might also have high retentions.  These endorsements frequently are available for crime policies and, sometimes, are available for cyberinsurance policies as well.

So what are some options for policyholders trying to structure an insurance program for these risks?  These questions should provide helpful tips:

1. What does the insurance policy include? Policyholders would be well-advised to see whether the insurance program includes social engineering fraud endorsements or coverage parts.

2. What are the applicable limits? Policyholders would be well-advised to check the policy limits that would apply to those coverages.  Binder letters might not disclose a sublimit, and the policyholder might not realize the limit of coverage is lower than the full policy limit until it is too late.

3. Are coverages available under more than one policy? At the time of policy renewal, policyholders would be well-advised to consider asking whether social engineering fraud coverage can be added to a crime program and a cyberinsurance program.

4. Will excess coverage apply, and, if so, when? Policyholders would be well-advised to explore whether excess policies will provide this coverage, and, if so, will “drop down” to attach at the level of any sublimit, to avoid donut holes in the coverage.

5. Will other policy provisions provide coverage, beyond narrow endorsements? If the policyholder faces a claim, policyholders would be well-advised to determine whether other coverages might apply to the losses, notwithstanding a social engineering fraud endorsement.

6. What happens if the insurance carrier says, “no,” or that sublimits apply? If the insurance carrier denies coverage, or tries to apply a sublimit, policyholders would be well-advised to be mindful of the interpretation that two Courts of Appeals have used for computer fraud coverage in similar contexts.

 

© 2018 BARNES & THORNBURG LLP
This post was written by Scott N. Godes of Barnes & Thornburg LLP.

Meeting of the Minds at the Inbox: Some Pitfalls of Contracting via Email

This issue comes up regularly when informality creeps into negotiations conducted electronically, bringing up the age-old problem that has likely been argued before judges for centuries: one party thinks “we have a deal,” the other thinks “we’re still negotiating.”  While email can be useful in many contract negotiations, care should be taken to avoid having to run to court to ask a judge to interpret an agreement or enforce a so-called “done deal.”

With limited exceptions, under the federal electronic signature law, 15 U.S.C. § 7001, and, as adopted by the vast majority of states, the Uniform Electronic Transactions Act (UETA), most signatures, contracts and other record relating to any transaction may not be denied legal effect solely because they arein electronic form.  Still, a signed email message does not necessarily evidence intent to electronically sign the document attached to the email. Whether a party has electronically signed an attached document depends on the circumstances, including whether the attached document was intended to be a draft or final version.

There have been a number of recent cases on this issue,  but the bottom-line, practical takeaways are as follows:

  • Consider an express statement in the agreement that performance is not a means of acceptance and that the agreement must be signed by both parties to be effective.

  • If you do not believe the agreement is final and accepted, do not begin to perform under the agreement unless there is an express written (email is ok) agreement by the parties that performance has begun but the contract is still being negotiated.

  • When exchanging emails relating to an agreement, be prudent when using certain loaded terms such as “offer,” “accept,” “amendment,” “promise,” or “signed” or  phrases of assent (e.g., “I’m ok with that”, “Agreed”) without limitations or a clear explanation of intent.

  • Terms of proposed agreements communicated via email should explicitly state that they are subject to any relevant conditions, as well as to the further review and comment of the sender’s clients and/or colleagues. To avoid ambiguity, to the extent finalizing an agreement is subject to a contingency (e.g., upper management or outside approval, or a separate side document signed by both parties), be clear about that in any email exchange that contains near-final versions of the agreement.

  • Parties wishing to close the deal with an attachment should mutually confirm their intent and verify assent when the terms of a final agreement come together.

  • While it is good practice to include standard email disclaimers that say that the terms of an email are not an offer capable of acceptance and do not evidence an intention to enter into any contract, do not rely on this disclaimer to prevent an email exchange – which otherwise has all the indicia of a final agreement – from being considered binding.

  • Exercise extreme caution when using text messaging for contract negotiations – the increased informality, as well as the inability to attach a final document to a text, is likely to lead to disputes down the road.

While courts have clearly become more comfortable with today’s more informal, electronic methods of contracting, judges still examine the parties’ communications closely to see if an enforceable agreement has been reached.

Now, for those who are really interested in this subject and want more, here comes the case discussion….

Last month, a Washington D.C. district court jury found in favor of MSNBC host Ed Schultz in a lawsuit filed by a former business partner who had claimed that the parties had formed a partnership to develop a television show and share in the profits based, in part, upon a series of emails that purported to form a binding agreement.  See Queen v. Schultz, 2014 WL 1328338 (D.C. Cir. Apr. 4, 2014), on remand, No. 11-00871 (D. D.C. Jury Verdict May 18, 2015).  And, earlier last month, a New York appellate court ruled that emails between a decedent and a co-owner of real property did not evince an intent of the co-owner to transfer the parcel to the decedent’s sole ownership because, even though the parties discussed the future intention to do so, the material term of consideration for such a transfer was fatally absent.  See Matter of Wyman, 2015 NY Slip Op 03908 (N.Y. App. Div., 3rd Dept. May 7, 2015).  Another recent example includes Tindall Corp. v. Mondelēz Int’l, Inc., No. 14-05196 (N.D. Ill. Mar. 3, 2015), where a court, on a motion to dismiss, had to decide whether a series of ambiguous emails that contained detailed proposals and were a follow-up to multiple communications and meetings over the course of a year created a binding contract or rather, whether this was an example of fizzled negotiations, indefinite promises and unreasonable reliance.  The court rejected the defendant’s argument that the parties anticipated execution of a memorialized contract in the future and that it “strains belief that these two companies would contract in such a cavalier manner,” particularly since the speed of the project may have required that formalities be overlooked.

Enforceability of Electronic Signatures

A Minnesota appellate court decision from last year highlights that, unless circumstances indicate otherwise, parties cannot assume that an agreement attached to an email memorializing discussions is final, absent a signature by both parties.  See SN4, LLC v. Anchor Bank, fsb, 848 N.W.2d 559 (Minn. App. 2014) (unpublished). The court found although the bank representatives intended to electronically sign their e-mail messages, the evidence was insufficient to establish that they intended to electronically sign the attached agreement or that the attached document was intended to be a final version (“Can you confirm that the agreements with [the bank] are satisfactory[?] If so, can you have your client sign and I will have my client sign.”).

A California decision brings up similar contracting issues. In JBB Investment Partners, Ltd. v. Fair, 182 Cal. Rptr. 974 (Cal. App. 2014), the appellate court reversed a trial court’s finding that a party that entered his name at the end of an email agreeing to settlement terms electronic “signed” off on the deal under California law. The facts in JBB Investmentoffered a close case – with the defendant sending multiple emails and text messages with replies such as “We clearly have an agreement” and that he “agree[d] with [plaintiff’s counsel’s] terms” yet, the court found it wasn’t clear as to whether that agreement was merely a rough proposal or an enforceable final settlement.  It was clear that the emailed offer was conditioned on a formal writing (“[t]he Settlement paperwork would be drafted . . .”).

Performance as Acceptance

Another pitfall of contracting via email occurs when parties begin performance prior to executing the governing agreement – under the assumption that a formal deal “will get done.”  If the draft agreement contains terms that are unfavorable to a party and that party performs, but the agreement is never executed, that party may have to live with those unfavorable terms. In DC Media Capital, LLC v. Imagine Fulfillment Services, LLC, 2013 WL 46652 (Cal. App. Aug. 30, 2013) (unpublished), a California appellate court held that a contract electronically sent by a customer to a vendor and not signed by either party was nevertheless enforceable where there was performance by the offeree.  The court held that the defendant’s performance was acceptance of the contract, particularly because the agreement did not specifically preclude acceptance by performance and expressly require a signature to be effective.

An In-Depth Analysis of the NLRB’s Decision to Permit Employees to Use Employer Email Systems for Union Organizing and Other Non-Work Purposes

Sheppard Mullin Law Firm

The rights of employees under Section 7 of the National Labor Relations Act have been given quite the digital treatment over the last few years.  In its newest decision issued on December 11, 2014, the National Labor Relations Board ruled that “employee use of email for statutorily protected communications on nonworking time must presumptively be permitted by employers who have chosen to give employees access to their email systems.”  The full decision can be found here.

In Purple Communications, Inc. and Communications Workers of America, AFL–CIO. Cases 21–CA–0951 51, 21–RC–091531, and 21–RC–091584, the Board overturned its previous decision in Register Guard, 351 NLRB 1110 (2007), which held that employees do not have a right to use their employers’ email systems for Section 7 purposes.  But, as seen in recent years, the Board has embraced the digital age and has concluded that employee Section 7 rights include everything from social media to, in this case, company email.

Like most companies, Purple Communications, Inc., has an “Internet, Intranet, Voicemail and Electronic Communication Policy” in its employee handbook.  Among other things, this policy prohibits employees from using the “computer, internet, voicemail and email systems, and other Company equipment” to engage in “activities on behalf of organizations or persons with no professional or business affiliation with [the] Company” or “sending uninvited email of a personal nature.”  The Communications Workers of America filed an unfair labor charge regarding this policy, and the Administrative Law Judge found the policy lawful under Register Guard, dismissing the allegations.  This new decision by the NLRB then followed.

In overturning Register Guard, the Board stated that email has “effectively become a natural gathering place pervasively used for employee-to-employee conversations” and the fact that this “gathering place” is virtual does not undermine the role that email plays in Section 7 protected workplace discussions.  In fact, the Board concluded that “email’s effectiveness as a mechanism for quickly sharing information and views increases its importance to employee communication,” especially in the seven years since Register Guardwas issued.  Interestingly, the Board relied on empirical evidence regarding the rise in “teleworking” and email usage for all work functions, at the physical workplace and remotely, to demonstrate that email has become a significant platform for employee communication.  Accordingly, it was held that email’s use for Section 7 activity must be protected under the NLRA.  The Board will no longer “perpetuate” an “outmoded assessment of workplace realities.”

The Board attempted to preemptively address employers’ concerns about the ruling, by stating that this decision is a “limited one,” in that it addresses only email and not any other types of electronic communication systems.  Moreover, businesses are not prevented from monitoring their computers and email systems for legitimate management purposes.  Finally, the Board stated that an employer may justify a ban on non-work use of its email system if it can point to “special circumstances” that necessitate the ban, including system overload, the nature of the business, and excessive costs.  Regardless, the Board’s dissenting members apparently are not convinced, arguing that this decision will lead to significant problems down the road.

Interestingly, the Board fails to directly address the decision’s effect on other types of policies that could be affected, such as non-solicitation and non‑distribution policies.  The Board distanced itself from the issue, stating that “we do not find it appropriate to treat email communication as either solicitation or distribution per se.”  The dissent took issue with this stance and predicts that this decision will make it very difficult to determine what communications violate lawful restrictions against solicitation in the future.

Although the Board did not outright declare Purple Communication’s electronic communications policy unlawful, employers should be wary of overly broad or restrictive electronic communications policies.  As with the onslaught of social media decisions and subsequent policy revisions, employers should take a hard look at their electronic communications policies in light of this decision and consider whether their policies put them at risk in this evolving digital age.

ARTICLE BY

OF

Not Just Your (Company) Email System Anymore! re: NLRB Purple Communications Ruling

Godfrey Kahn Law Firm

On December 10, 2014, the National Labor Relations Board (Board) ruled in Purple Communications, Inc., 361 N.L.R.B. No. 126, thatemployees have a right, protected by the National Labor Relations Act (Act), to use an employer’s email system during non-working time for communications protected by the Act(e.g., to discuss union issues or other protected concerted activities protected by Section 7 of the Act). The Board has thus overruled prior precedent, as set out in Register Guard, 351 N.L.R.B. 1110 (2007), that the Act did not give employees the right to use their employer’s email systems for Section 7 purposes.

A copy of the December 10, 2014 Board decision can be found here. The following passage sums up the scope of the Board’s ruling:

First, [this ruling] applies only to employees who have already been granted access to the employer’s email system in the course of their work and does not require employers to provide such access. Second, an employer may justify a total ban on nonwork use of email, including Section 7 use on nonworking time, by demonstrating that special circumstances make the ban necessary to maintain production or dEmail Selection on Computeriscipline. Absent justification for a total ban, the employer may apply uniform and consistently enforced controls over its email system to the extent such controls are necessary to maintain production and discipline. Finally, we do not address email access by nonemployees, nor do we address any other type of electronic communications systems, as neither issue is raised in this case.

The Board’s decision may be appealed by the employer, but even if it is not appealed, the email issue will likely continue to be litigated before the Board. For now, employers should review their electronic communications policies to ensure compliance with the Board’s new standards or to, at a minimum, understand their risk.

ARTICLE BY

OF

How to Measure Your Email Marketing Performance

The Rainmaker Institute

Email newsletters have proven to be one of the most effective methods for attorneys to market themselves to prospects, clients and referral sources.  Every year, email marketing service provider MailerMailer provides a report on email marketing metrics across 34 different industries, including Legal.

They have just issued their 2014 report, based on data gathered from 62,000 newsletter campaigns totaling 1.18 billion emails sent between Jan. 1, 2013 and Dec. 31, 2013.  Here are the results — and what should be your new benchmarks — for your law firm newsletter:

Open rate (what percentage of your recipients opened your email):  13.5%

Click rate (what percentage of your recipients clicked on a link in your email)::  1.6%

Click-to-open rate (of the recipients who opened your email, what percentage of them clicked on a link):  11.8%

Bounce rate (the percentage of emails that cannot be delivered):  2.4%

Every email service (Constant Contact, Mail Chimp, iContact, etc.) provides these statistics for each newsletter you send out.  If your newsletters are not delivering at rates that meet or exceed the benchmarks above, you have a problem.

Here’s what you should consider to improve your click, open and bounce rates:

Are your subject lines engaging to entice people to open your email?  Short subject lines — 4 to 15 characters — generate the highest open and click rates.

Are you sending emails on the right day and at the right time?  The highest open rates occur on Mondays and the highest click rates occur on Sundays.  Open rates peak during the early part of the day, between 8 a.m. and noon.

Is your email list updated regularly and cleaned of old, undeliverable email addresses?  Bounce rates are inescapable but can be improved if you send out emails on a regular basis.

Have you segmented your email list so you can tailor your content to your different audiences?  Targeted emails deliver 18 times more revenue than general blast emails.

Are your emails personalized? Personalizing the message content can boost open rates significantly.

Do you use a responsive design template so your emails are displayed properly for every screen size?  More than half of emails are now opened on mobile devices.

If your newsletters are performing at or above these benchmarks, you may still have some work to do: if you don’t know the source of your success, you can’t repeat it.

ARTICLE BY

OF