Subscribe
Share
Share
Embed
HR entrepreneur Mike Coffey, SPHR, SHRM-SCP engages business thought leaders about the strategic, psychological, legal, and practical implications of bringing people together to create value for shareholders, customers, and the community. As an HR consultant, mentor to first-stage businesses through EO’s Accelerator program, and owner of Imperative—Bulletproof Background Screening, Mike is passionate about helping other professionals improve how they recruit, select, and manage their people. Most thirty-minute episodes of Good Morning, HR will be eligible for half a recertification credit for both HRCI and SHRM-certified professionals. Mike is a member of Entrepreneurs Organization (EO) Fort Worth and active with the Texas Association of Business, the Fort Worth Chamber, and Texas SHRM.
The chain of custody of digital evidence is so important to maintain carefully, and that's something that I think a lot of, HR people, IT groups just don't quite understand. And I wish they did because I've I've seen a lot of investigations go off the rails before they even really get started just because there's there's chain of custody and and preservation issues that, that occurred even before the digital forensics person was even called in to to assist.
Mike Coffey:Good morning, HR. I'm Mike Coffey, president of Imperative, bulletproof background checks with fast and friendly service. And this is the podcast where I talk to business leaders about bringing people together to create value for shareholders, customers, and the community. Please follow Rate and Review Good Morning HR wherever you get your podcast. You can also find us on Facebook, Instagram, YouTube, or at goodmorninghr.com.
Mike Coffey:It's rare to conduct an internal investigation of any complexity that doesn't involve emails, text messages, electronic files, access control records, telephones, video, or other digital information that may help us understand who did what when. And these records are often spread across the organization in dozens of different silos, making it difficult for an investigator to locate, much less preserve, digital evidence. Joining me today to discuss the use of electronic records in investigations is Noel Kirsch. Noel is a principal with the public accounting and consulting firm Crowe LLP, where he leads the firm's national digital forensics practice. He has almost 20 years experience in digital forensics, working on everything from criminal, civil, and family law cases to internal investigations for corporate clients.
Mike Coffey:Noel will be presenting at the HR Southwest Conference in October about protecting sensitive data when employees leave the company. Welcome to Good Morning HR, Noel.
Noel Kersh:Hello, Mike. Thank you very much for that intro. Appreciate it.
Mike Coffey:Well, let's start by what you do day in, day out. So what is digital forensics?
Noel Kersh:So digital forensics is the, forensic science that deals with digital evidence. It's our job to extract the digital evidence, preserve it in a certain way that, conforms to the rules of evidence in in courts so that the the data that we're collecting is admissible in in a court of law. So we take the data that we extract off a computer, device, whatever it is, cell phone, interpret the information on it, and then basically tell you what what it's showing us to offer our opinions as far as what it's showing a person did or didn't do, things like that.
Mike Coffey:And by digital, it's basically anything that's electronic or is captured electronically from a computer. And I get we think about computers and we think about emails and things like that, but I mentioned I've had cases where I needed digital, access control records of who who swiped their their key fob in at a certain time. I've done public information requests to get actual records from a major tollway authority about when vehicles were actually, you know, scanned going through the tollways, things like that. So it's any kind of of just electronic information. Right?
Noel Kersh:Correct. Yeah. It could be could be anything. And, when I started in forensics, you know, many, many years ago, the the number of the number of devices and the sources of data was was was tiny compared to what it is today in 2024. It's amazing.
Noel Kersh:You listed a couple there, like the toll road, data, things like, even print logs on on printers. You know, there's electronic data exists in the cloud. Cloud computing is a big thing these days. It obviously didn't exist back in 2006 when I started in forensics. So, the number of data sources has exploded, as technology has has just naturally evolved.
Noel Kersh:So it's, makes our lives more more more complicated, but also more exciting at the same time.
Mike Coffey:So we've talked to you know, we talked about all these different devices and places where information is recorded. How often in your experience does that that digital information really make a difference in the investigation?
Noel Kersh:I would say I've conducted several 1,000 investigations, of computers. You know, like I said, examined several 1,000 devices and had the opportunity to really locate information on computers that was the the smoking gun. And it's a unique experience to, you know, participate in the legal system in that way where, there's that nugget of truth that hadn't been found until you found it on a piece of on a piece of digital evidence. And it's, it's one of the things I love the most about what I do is participating in the legal system and and the in this country. There's I can give you lots of examples of cases where I've worked where there's been a, piece of evidence that was found that really kinda turned the whole case a different direction from what that was originally with the original way that it was going, or the original way that the fact finders and the courts thought it was headed.
Noel Kersh:And so it's, it's not every case, obviously, that we find the smoking gun, but there are there are many that I can like, that I've worked on where we found a piece of information that kind of turned everything on its head and and really kinda shifted the focus of of where this the matter was heading and what the fact finders thought, thought before we found that piece of evidence.
Mike Coffey:And, of course, the hope is when you're on the corporate side doing an investigation into allegations of bad behavior or just concerns about the loss of proprietary or sensitive information that, you know, the hope is that you can get to that information before it turns into litigation. Can you talk a little bit about some of the experiences you've had in working on the corporate side? Do you feel like executives and leaders take the digital evidence preservation information, I mean, the the requirement for that, seriously enough? Or is it I wish I knew now what I knew then? Or what should I knew then, know what I know now kind of thing?
Noel Kersh:It's kind of all over the all over the board, really. Some organizations have have been down this road before and some haven't. And so a lot of times, I I go into a new engagement where I'm sort of gauging the, experience level of the organization. Have they done this before? Are they familiar with what forensics does and how we how we can be used?
Noel Kersh:Because we're a we're an investigative tool that can be used to to find the truth and really kind of explaining. And there's there's an education that happens where I'm explaining to the HR department. This is what this is what you can find with us. Here's what we can do. Obviously, there's budgetary concerns and everything, and we try to figure out what what makes sense and how deep we wanna dig and where we wanna go and and how we can get to where they want to in the investigation with the quickest and and cheapest, option.
Noel Kersh:But there's there's always a an education that takes place where we're trying to, like, explain to them this is what's going on. I wish I had a dollar for every time I had a client call and say, you know, we need an investigation on this. We suspect that this has happened. We had our IT group look at it before we send it to you. And those are very frustrating because, when that happens, it tells me right off the bat.
Noel Kersh:I know I'm dealing with with a company that doesn't quite understand digital evidence, and so that's one of the first things I do is just explain the impact that that little extra step that isn't necessary has on on the, on the investigation and our and our and our potential to to find smoking smoking guns.
Mike Coffey:So Yeah. Talk more about that. The well meaning, IT department that accessed somebody's computer and moved some files around or the hiring man or the frontline supervisor who thought they were being clever and being their own version of, you know, Rockford Files and got in there and started doing their research. What is how does that screw up the digital evidence?
Noel Kersh:I like to use the analogy of, you know, everybody's probably watched a version or 2 an episode or 2 of, of CSI. Think about it this way. If if between the time that the crime occurred and the time that, you know, the CSI team showed up with their van with all their tools and all that kind of stuff. If between the time the crime occurred and them showing up, somebody went into the the crime scene with a whole bunch of bleach and just started cleaning stuff up and moving things around and handling the victim, handling the evidence, handling the the gun or whatever, the case may be. And then brought in the CSI team after that and said, tell us what happened.
Noel Kersh:I mean, they're gonna have a really difficult time figuring out what happened because bleach has been used on the crime scene. Somebody else other than the the suspect has handled the the weapon that was used to commit the crime. All these kinds of things really alter the the the CSI team's ability to really get to the facts. And in a digital evidence realm, obviously, we don't have fingerprints and and and weapons and things like that that were used to commit the crime, but our our evidence, our fingerprints, and and and everything is are dates and times that the operating system is recording for digital evidence. Those dates and times are what I use to answer the questions about what did this person do or not do, what occurred at after this at this specific time and and and such.
Noel Kersh:So, yeah, them an IT team going in or a manager that just needs to copy a few files off the computer because they're critical to support their business. I get it. Not trying to be critical of that. I understand the business case. I've owned my own companies before, so I get it.
Noel Kersh:But the impact that that has is we have to we have evidence that's been that's been touched. There's been a team that's gone in and and and touched the evidence that we need to be as pristine as possible so that we can attribute everything that we're seeing on the computer as this is this is what the suspect did. It's the the chain of custody of digital evidence is so important to maintain carefully. And that's something that I think a lot of, HR people, IT groups just don't quite understand. And I wish they did because I've I've seen a lot of investigations go off the rails before they even really get started just because there's there's chain of custody and and preservation issues that, that occurred even before the digital forensics person was even called in to to assist.
Mike Coffey:So when I at the outset of an investigation, when I'm working with a corporate client, one of the first things I'm trying to figure out is what information may exist digitally, who has it, and what do we need to do to preserve it, so that, again, we're not screwing up that digital fingerprint on it or, you know, making it look like we created a document or that we edited a document. Are those the right questions, or what other questions should we be asking at the beginning of an internal investigation?
Noel Kersh:There's a number of questions that, you need to ask not only yourself as a team, but also in my presentation I'm gonna give at the HR conference in October is a list of exit interview questions that need to be asked of the person that's leaving the company. And it's a it's a pretty pretty healthy list and, happy to provide that to everybody that attends. It's a it's a very useful tool, and the and the purpose of those those exit interview questions is really to it's twofold, really. It's to assess what does this person have, make them aware of of what their responsibilities are to the company. And the last thing is just to get this person, you know, basically under oath.
Noel Kersh:You know? I recommend that you have them, like, do an affidavit that says, I don't have any information. If then a subsequent investigation determines that they lied in that statement, that helps your case whenever you're you're filing for a TRO and trying to get a court to do something. You know, right off the bat, you have a a sworn statement from them that you can prove with with evidence that is is completely false. So those are the questions that you would ask the the exiting person exiting, employee.
Noel Kersh:As far as questions you would wanna ask yourself, yeah, it's just a whole bunch of a good digital forensics person will come in and they work with you to identify all the data sources. What is what are we trying to prove? Like, there's there's a set of questions that I always ask my, my corporate clients. You know, what are we what are we trying to learn? What what's the what's the goals and objectives?
Noel Kersh:What's the scope of this investigation? And then I will work with you. It's my job then to ask the questions about, do you have an email system? What is it? Do you have how do you store you know, do you have a cloud storage account?
Noel Kersh:Do you have this? Do you have that? It's just for me to come in and kind of understand your your technology environment to kinda help you, work with you to identify what are those data sources so that we can make sure that those are all properly preserved and brought together so that we can use that as part of our investigation.
Mike Coffey:And I can only imagine how much easier your job would be if everybody's computer network was air gapped from the rest of the world, and
Noel Kersh:Yes.
Mike Coffey:We didn't have personal devices. We didn't have cloud computing and all of that. When it comes to well, let's talk about personal devices first.
Noel Kersh:Mhmm.
Mike Coffey:How many people have their own personal iPhone or Android device, and they've got company email on it? Maybe they've got access to, you know, cloud storage, things like that. They're downloading, sharing documents, working from their phones, working from coffee shops, on personal computers, whatever. How how would you prefer companies deal with those kind of devices and doing work on personal you know, bring your own device kind of situations, so that whatever the situation is, whether it's protecting sensitive data or down the road, we've got an investigation we need to conduct, and I need to be able to examine a device. How would you prefer companies set that up?
Mike Coffey:What would make the the evidence collection process the the cleanest?
Noel Kersh:So, yeah, the answer to your first question, you know, does who who has personal phones? Like, everybody. Everybody's got that. And, you know, I've been doing this a long, long time. And as my own I mean, I'm an employee as well.
Noel Kersh:Just naturally, data travels from your work, your machine, to your personal stuff. It's just it you need to print a file at home, you need a file that you wanna backup of a presentation that you're about to give just to make sure I've got it backed up in different places. It's not it's not meant to harm or anything at the time that that that data transfer occurred, but that information is in your possession. And so, that that happens, I would say, you know, 90% of the time, if not more, probably, you know, substantially more than that. Everybody does.
Noel Kersh:So because of that, it's one of the most difficult things to do is, you know, assess how much does this person actually possess, where is it, and then having them work with the company to get that information back. And, you know, it's the exercise is to go and take a look and see, you know, in their personal accounts and their personal devices and things like that. You need to take a look and see it. Do you actually have anything? And, you know, 9 times out of 10, they have it.
Noel Kersh:They didn't mean to have they didn't mean to have it. They just it just was there. But it's that one time when, you know, it's they didn't have any information. And then, like, right before they left, you know, a 150,000 files, they decided that they needed to have for some reason. You know, not not they weren't trying to steal data or anything like that.
Noel Kersh:It's completely innocent, but, which, you know, lets you decide if that's legitimate. Right.
Mike Coffey:So yeah. Everybody wants to save their own work product, their own history of what they've done while they're at this company. And often there's information in there that you may not want floating around in a USB drive someplace.
Noel Kersh:Yeah. This is one of those things that I talked about in the presentation too is, you know, there's there's protocols that can be followed to examine those devices. And, because they they do contain your information, but they also contain the former employee's private information as well. So both of those things have to be respected. And so the protocols that I've got, I'm happy to provide those.
Noel Kersh:They deal with both things, like respecting their privacy and and and confidential and even privileged information, but then also getting your info your company's information back from them. And so that's that's something that I like I said, I'd talk about in the presentation. But one thing that companies can do about this is have policies in place whenever they whenever they they join the company that that tells them, you know, when you leave, we're we are gonna get our information back from you. You know, we're allowing you to use your device, but that doesn't mean that, you know, our data that gets on your device still belongs to us. It's not yours.
Noel Kersh:And, you know, we intend to get that back upon you to part of the company. That's one thing from a policy perspective. From a technology perspective, there are systems that the IT group can use that, when a person does use a personal device for work purposes, it registers with the the system. And that way, you have a log of every device that they've had access to your your company's network. Or, like, if your cell phone is used, access company, email, that system will have a log for that device.
Noel Kersh:And so we'll have a nice list of these devices that you've communicated with our network, and so we wanna take a look at those and get those back. And so that's those are a couple of things from a policy perspective as well as from a technology perspective that companies can do to, protect their information.
Mike Coffey:It seems like a few years ago, there was more than a few, there was a lot of conversation around personal devices and companies having virtual sandboxes that would be, you know, if you wanna use your phone, you access our network through this. None of our files can pass through this, and so we've we've got everything secure. But I it doesn't seem that I've really heard much about that since post COVID, certainly, when everybody went remote. Are those are those still being used out there, or is that just is that too much work for your average employee to fool with and they just want the the easier way of accessing the data?
Noel Kersh:I've seen the virtual sandbox being used in, like, the larger, more complex organizations that have the the technology and know how to first put that in place and then maintain it. So it requires some expertise and, obviously, to to be able to have a system like that in place and then to be able to support it. The midsize to the smaller size companies don't have that technology, advancement or even are aware that that kind of technology solution even exists, and so it's not in place. So that's that's been what I've seen, in my my experience.
Mike Coffey:And so, you know, everybody's using personal advices. We've got all this information out there. It sounds like an employer really at the beginning of the employment period ought to have really, really clear expectations as for both the employee and the the employer as to what we're gonna store where, what our data practices are, who's responsible, and how we're gonna hold you accountable to it. Not just when you leave, though. Right?
Mike Coffey:Everybody every employee has a has a obligation to con you know, to cooperate with an internal investigation. And that means if employee a says employee b sent them these text messages and employee a is showing you these messages on their their phone, HR may need to be able to walk over to employee b and say, we need to see your phone right now before you before you have a chance to do anything. What do those policies generally look like? Do you see many employers have them in place before something goes wrong, or is that something they they always implement after they've they've they've been burned?
Noel Kersh:It's more the it's more the former, unfortunately. It you know, it's more more more likely, the scenario typically is they didn't think about that until they encounter that situation. So I always advise clients to be proactive in, you know, drafting their policies to that can anticipate these types of scenarios. And so, again, that's where a good expert you know, getting a relationship with a good forensics company really pays off in spades when the situation arises. So you're not scrambling and and going, boy, I wish we had this.
Noel Kersh:No. Talk to people that have been there before and can tell you this is this is the policies that you need to have in place in order to help protect you when that scenario happens. And so, I mean, it's something that, like I said, that a good good forensics company will do is help you draft those those policies. That's not I'm not I don't draft policies, but I can certainly tell you the scenarios that come up. And then what things need to be in place, you know, from a from a policy perspective that you need in order to protect yourself and and also to what some of my other clients are doing that maybe they could possibly leverage for for their company's policies.
Noel Kersh:So, yeah, it's typically you know, it's hard lessons learned, and it's difficult to watch, you know, where it's like, yeah, this is this is something you we need to we need to get remedied ASAP. You know, now that you've encountered the situation, got nasty or whatever, this is what you need to do to to avoid that in the future.
Mike Coffey:What about cloud computing then? Because it's amazing to me how many companies I come across who's who are using the Google Suite for all their stuff and seem to have very few guardrails around how and where it can be accessed or just employees storing their own stuff on their own Google Cloud, you know, for easy access. How how often do you encounter issues with accessing information in the cloud or out there on on a third party server altogether?
Noel Kersh:One of my, one of my case examples, I had a case where I worked where the client came to me and said, we suspect this person's taken the taken data from them. In fact, we know that they've taken data from us because our we've had clients that have shown us documents that they sent to them that were our data. So, you know, how did this happen? Here's this computer. Take a look.
Noel Kersh:Tell us what you see. Looked at so examine the computer, looked at the typical, you know, transfer methods, USB, email, webmail, those types of things, even looked at cloud storage, and didn't really see anything that really raised the alarms and and certainly not to the degree. There was a lot of files this person had that the company became aware of that they were in possession of. And so it was sort of this, like, the computer didn't tell us anything, which is odd. So I started asking questions like, how do you store you know, where where is where is this?
Noel Kersh:You mentioned you had a Dropbox account when we started this. You know, we need to collect that Dropbox account. I wanna take a look at the logs and see what's what's going on there because every Dropbox account or every cloud storage account will have logs of activity, including, you know, IP addresses of the people that connected, dates and times they connected, what they download, did they upload, that kind of stuff. All that information is stored, by these companies in in pretty detailed log files. And so we took a look at the company Dropbox account and, noticed an IP address that wasn't the company's literally, the Monday after this person left accessing the Dropbox account.
Noel Kersh:And so, you know, we started doing digging on that IP address that turned we were able to tie it to this person's new employer. And long story short, the issue was the company had a shared Dropbox account, and they didn't think to change the password when that person left, that everybody used to access the Dropbox account. And so this former employee went to his new company, Monday morning, went to dropbox.com, entered in the credentials for the account, downloaded everything to his new work computer, and he was off the races. And so that's an example of, you know, cloud computing gone wrong. And, again, it's one of those lessons learned.
Noel Kersh:You know, now the company has, they changed their policies, access policies for that account. And also, you know, if we do have a shared account, we have very strict policies to get executed when a person leaves so that we're changing those passwords and things like that. But, yeah, those are some hard lesson learned. I do see that quite a bit where there are access issues or or things being accessed downloaded from those accounts to personal computers is where I see that the most is a person uses a a personal, computer to access the company's Dropbox account before they leave the company and download stuff to it. That's the most common thing.
Noel Kersh:The the example I gave you is pretty uncommon, thankfully. But the most common thing I do see related to cloud, storage accounts is just somebody using a personal computer or device to access the company's Dropbox account and or cloud storage account and download data to their personal device, and it stays there unless we go and remediate it.
Mike Coffey:And let's take a quick break. Good morning. HR is brought to you by Imperative, bulletproof background checks with fast and friendly service. A few weeks ago, I asked the attendees at an HR conference to raise their hand if they wouldn't wish to know that their candidate for a new CFO was convicted of embezzlement 8 years ago, or that an employee driving a forklift in their warehouse was convicted of negligent homicide after an auto accident 10 years ago. Unsurprisingly, not a single hand went up.
Mike Coffey:Unfortunately, most background check companies only provide employers with criminal convictions in the past 7 years, ignoring even significant records that may be relevant to an employer. Of course, just because someone has an older record doesn't mean that they're unsafe in a given role. But if an employer doesn't know about the older criminal record, they can't make the determination as to whether it's relevant. 25 years ago, I found it imperative to help risk averse clients make well informed decisions about the people they involve in their business. In the employment context, this means background check investigations with deeper research and more thorough reporting than most background check companies offer.
Mike Coffey:You can learn more about how imperative helps our clients protect their employees, customers, the public, and their own asses I'm sorry, their own assets at imperativeinfo.com. If you're an HRCI or SHRM certified professional, this episode of Good Morning HR has been pre approved for 1 half hour of recertification credit. To obtain the recertification information, visit goodmorninghr.com and click on research credits. Then select episode 168 and enter the keyword digital. That's digital.
Mike Coffey:And if you're looking for even more recertification credit, check out the webinars page at imperativeinfo.com. And now back to my conversation with Noel Kirsch. I speak a lot about AI in the HR realm and the ethical issues around that and the practical issues. And one of the questions that's continually asked, and and I'm hoping maybe you'll give me an answer to that other than not yet because that's what I keep saying, is have you seen litigation where somebody's queries to chat gpt or Claude or whatever are, are requested from a, you know, from from one of those companies to see, you know, did they Google, or did they ask chat gpt, you know, how do I kill my spouse? Those kind of things.
Mike Coffey:I always say, if you're gonna do that, go to the public library and use a dummy account and don't put it on. But, you know Yeah. But if somebody did ask, is this disease if a a manager asked JGPD, is this disease covered by the Americans with Disabilities Act? And then they fire this this employee who's got this illness. It's premeditated now or or they should have known.
Mike Coffey:So have you seen those cases where those kind of queries have have happened yet?
Noel Kersh:We have a case actually right now where there is, a request out to the, to the chat gpt to produce that exact information.
Mike Coffey:Interesting.
Noel Kersh:It's pending, so I don't know the outcome of that yet, but that's the first one that I've been involved with where that request has been made. And, this person was a really heavy user of ChatGPT, and, and so it provides a window into what was the person thinking, what were they doing, where was their mind leading up to, you know, their departure from the company. And so at the beginning, we talked about, you know, additional data sources. That's new data source that, I think is just becoming, you know, a new source of information for investigations that that, will play a pivotal part in the future, really, I think, of all investigations eventually. But, you know, the days of old of everybody going to Google and doing Google searches is kind of the same it's kind of the same thing that people are using AI for these days.
Noel Kersh:And I have seen some unbelievable Google searches. I've I've seen people Google how to delete data off your work computer that isn't detectable by digital forensics investigators. I'm like, give me a break, man. Don't Google that, first of all, because that's one of the things we're gonna take a look at. I've seen them, you know, Google how to get out of employment agreement by seeing them look for, you know, good employment attorneys.
Noel Kersh:You know, they were already planning their exit, planning litigation, like, before they even left and and all kinds of stuff. So that that is a useful data point in investigation because, again, it provides some insight into what is that person thinking and doing. And like I said, Chat GPT and the other AI tools are gonna become similar to what we've been using web searches as a as a useful tool for determining, you know, for helping us with our investigations.
Mike Coffey:And there's all and I think a lot of HR folks don't realize, but there's always the risk that you're conducting your investigation. You think, okay. I've completed the investigation. I don't have to try to protect this electronic data. We've terminated the employee based on this information.
Mike Coffey:I can move on. But every now and then, those terminations turn into litigation. Post investigation regardless of an outcome because you could have a a complainant who wasn't happy with the outcome or, you know, an accused who wasn't. What should an employer do, you know, post investigation? How long should they continue to preserve an electronic record that's, you know, that's in state or whatever you would wanna call it of what the what the information looked like at the time of the investigation?
Noel Kersh:This is actually, again, part of my presentation where I my my presentation really goes from the very beginning where it's called 2 weeks notice. It's so it goes from the point that you're given the 2 weeks notice by your employee all the way to, you know, basically the end of litigation and all, you know, all those major milestones in there, like, you know, do an investigation. And then step, you know, 2 is making an making a decision. Like, what do we do with the information that we gain from the from the investigation? Is it litigation?
Noel Kersh:Do we try to reach out to them and and take care of this outside of litigation kind of in a, you know, try to avoid going to court if we can, see if they'll they'll play ball with us and that kind of stuff. And so it it's, I'm gonna give an answer, but it's gonna be I think there's a lot more there's a lot more to it that I can dive into. But if it does go to litigation, there are, you know, obviously, you need to preserve all the information that's involved with it. There's a duty to preserve, that you have and also your former employee has that are required by law once it goes into a litigation situation. You have to notify all employees that are internal, to not delete anything.
Noel Kersh:If there's other people that are involved with investigation, basically, you need to put them on a litigation hold so that nothing happens to their information until this investigation is concluded or litigations are concluded. And so, you know, there's there's a number of steps that have to take place in order to not run a foul of the law. So if you do go into litigation, you don't wanna be, you know, guilty of of, you know, spoliation or not, you know, not doing not preserving everything you should have, that kind of stuff. So there's a lot of things that have to happen once it gets into litigation realm. But the answer to one of your questions was, you know, how long does this need to to to be preserved?
Noel Kersh:I mean, it needs to be it needs to be preserved. I need to get need to get information or advice, I guess, from your counsel on how long to keep it. But, typically, it's at the conclusion of litigation, which, I mean, I've seen litigation go on for 10 years. In the worst case, most of the time, it's usually a 1 to 2 year type thing where, it kinda winds itself through the court system and and takes takes its own own precious time these days, to get everything resolved. But, yeah, you need to hold on to that information for some some period of time, and we just point you to counsel as far as to give you the best advice on on those duties to the to the company.
Mike Coffey:Yeah. Whenever I do an internal investigation for a client, any of that you know, I want them to always keep all the paper and all of that Yeah. For, you know, really quite honestly, whatever the statute of limitations would be for somebody to bring a civil suit. And I tell them the same thing. You should really talk to an expert.
Mike Coffey:I'm not your guy on this, but you should talk to somebody who can store this person's hard drive in the state it was. I mean, I understand you had to put this computer to somebody else, but you need at least a reliable legally reliable version of what this hard drive looked like in at that at that time. And hold I mean, storage is it's cheaper to store that electronic stuff than it is the paper. And and
Noel Kersh:so Absolutely.
Mike Coffey:But but you gotta keep track of remembering where you put it. But, you know, you you may need that in 3 years. I mean, there's a lot of a lot of employment related laws have, you know, 5, 7 year, look back periods depending on what it
Noel Kersh:is. Yeah. And there's the there's different I mean, there's different rules, you know, based off of where the the litigation is is filed. And so that's, again, that's where the council can can give you advice on what those what those rules are in those different areas of the country. But, yeah, that's that's a service that we do for several of our clients where, you know, we advise our our clients that, you know, hey, just as a standard policy for anybody that has, you know, manager and above, if that works, or all of our salespeople or whoever has access to the key kings of the kingdom, you know, like the the keys of the kingdom, anybody that has access to that just by by policy, not even if there's any suspicions at all.
Noel Kersh:Everybody may leave, and it may just be great. You may have no evidence that there may be even a problem. Just have an image made of it. I mean, it's it's not it's not very expensive. We get computers just by automatically.
Noel Kersh:It comes from a company. We need preservation only. We preserve it, put on the hard drive, and I ship it back to, my client. They have an evidence room. They have a storage container that we help them get, and it goes in the storage container and it stays there.
Noel Kersh:And then you have no idea how many times they have called us and said something came up. What drive do we need to pull? So have you guys take a look at it. It's this drive. Send it to us.
Noel Kersh:We do an investigation, give them report. Sure enough, you know, the evidence shows something nefarious happened. And, again, it's one of those situations where it was like, everybody seemed okay. Like, it didn't didn't have any any hint of any any issues. But, yeah, it's if I could make one policy that every company has to follow, that would probably be it.
Noel Kersh:It was just, you know, just as a standard policy for when people leave, just make a copy of their drive, hold on to it for a couple of years, and then if nothing happens, you can delete it. But Evinced storage and hard drives these days are so cheap, and, boy, it can save you so much money in the long run. Just just do that.
Mike Coffey:And you often don't even know if it's confidential or proprietary information. All of a sudden, it could be 18 months or 2 years before your competitor actually can leverage that and it starts to become very obvious. And then you're like, oh, wait. Joe went to work for them about 2 years ago, and now they've got an almost identical product where and now we need to go back and look. And was, you know, did was Joe in cahoots with them?
Mike Coffey:That's my favorite investigative term in cahoots, before we, ever got you know, before he ever termed. And but if you don't know, you don't you know, if you don't have that information, can't know. But, hey, we're out of time. Thank you so for joining me, Noel. I really appreciate it.
Mike Coffey:Absolutely. It's interesting.
Noel Kersh:Appreciate it, Mike. Thank you.
Mike Coffey:And you can hear more from Noel at HR Southwest on October 13th through 16th. You can also watch how the sausage is made as I record 2 podcasts live from the conference, and you can hear me and my friend and previous guest, Jim Zada, discuss artificial intelligence during the legal exchange. You can review the entire HR Southwest 2024 agenda at HR Southwest dotcom. And thank you for listening. You can comment on this episode or search our previous episodes at goodmorninghr.com or on Facebook, Instagram, or YouTube.
Mike Coffey:And don't forget to follow us wherever you get your podcast. Rod Rob Upchurch is our technical producer, and you can reach him at robmakespods.com. And thank you to Imperative's marketing coordinator, Mary Anne Hernandez, who keeps the trains running on time. And I'm Mike Coffey. As always, don't hesitate to reach out if I can be of service to you personally or professionally.
Mike Coffey:I'll see you next week, and until then, be well, do good, and keep your chin up.