When allegations of employee misconduct are alleged, companies must respond swiftly.  Indeed, “insider threats” can cause significant damage to a company.  These threats come in many different forms, including:

  • Accounting fraud;
  • Theft of assets;
  • Unauthorized access to or manipulation of data; and
  • Threats, sexual harassment or other inappropriate forms of behavior or communication.

And so, when a threat is perceived or reported, an internal investigation – which aims to assess the validity of the alleged misconduct within the organization – may be necessary.  Although such investigations necessarily involve different steps and goals as the facts require, a typical element of an investigation includes collection and examination of written or recorded evidence, interviews with suspects and witnesses, and computer and network forensics.

McDonald’s Corp. v Stephen J. Easterbrook, (Index No. 2020-0658, [Del. Ch. Aug. 12, 2020] [Complaint]) reminds us that collecting and reviewing electronically stored information (“ESI”) is a critical step in a thorough investigation.

Factual Background:

In October 2019, it was alleged that then-CEO of McDonald’s Corporation (“McDonald’s”) Stephen J. Easterbrook (“Easterbrook”) engaged in sexual conduct with a company employee in violation of McDonald’s standards of business conduct policy.  In response to these allegations, McDonalds’s hired outside independent counsel to perform an internal investigation.  The investigation included interviews of Easterbrook and the company employee, and a review of all images, videos, and text messages stored on Easterbrook’s company-issued cellphone.  The investigation, however, failed to include any collection or review of Easterbrook’s company email.

Because none of the evidence counsel reviewed contradicted Easterbrook’s allegation that the relationship at issue was consensual, McDonald’s and Easterbrook entered into a separation agreement, wherein Easterbrook was terminated “without cause” and pursuant to which he received severance compensation and benefits under his existing compensatory arrangement.

Less than a year later, in July 2020, however, McDonald’s received a complaint from a different company employee that Easterbrook had engaged in sexual conduct with her, in violation of McDonald’s standards of business conduct policy.  This complaint resulted in a second internal investigation, which included the collection of review of Easterbrook’s, now dormant, McDonald’s email account.  It was during this July 2020 investigation that McDonald’s discovered several photographs and emails relevant to both the 2019 and 2020 complaint that had been deleted from Easterbrook’s company cellphone.  Unbeknownst to Easterbrook, although he deleted these emails and photographs from his company cellphone, a copy of the emails and photographs remained accessible on McDonald’s servers.  These emails and photographs provided indisputable evidence that Easterbrook repeatedly violated McDonald’s standards of business conduct policy.

Clearly, had McDonald’s been aware of Easterbrook’s misconduct in 2019 as documented by email communications, it would not have entered the separation agreement with Easterbrook.  And so, McDonald’s was forced to commence an action against Easterbrook, alleging that he breached his fiduciary duty by violating McDonald’s standards of business conduct policy and fraudulently inducing McDonald’s to enter into the separation agreement.


This lawsuit reminds us that in today’s age of e-everything, an internal investigation of any alleged misconduct must include collecting and reviewing ESI.  While efficiency and cost necessarily inform decisions, collecting and reviewing ESI (even if deemed a costly endeavor) must remain a priority in internal investigations.  Here, review of emails could have prevented subsequent litigation.

*Thank you to first year associate, James Maguire in the Firm’s Uniondale office, for his research assistance related to today’s blog.