Social Media: the Next eDiscovery Elephant in the Corner

By Johannes Scholtes posted 09-19-2011 05:27


For enterprises social media applications such as blogs, LinkedIn, Facebook, and Twitter bring both business opportunities and risk. There are many channels and the volume of data is enormous. Most organizations don’t even know if and how employees are using them. The combination of business sensitive information and a mass broadcast capacity keeps legal departments awake at night. IT struggles with the fact that social media sites are operated outside of a business’s firewall and are not in their direct control. In a recent survey by the Enterprise Strategy Group (ESG) 41% of the questioned legal professionals indicated that identifying and collecting from new data sources as SharePoint and the cloud is challenging.  In short, social media composes new challenges for both IT and legal departments.

At this moment there are no specific laws and regulations for the governance of social media. It is up to enterprises to internally decide how to use and govern social media. Industry analyst Gartner however predicts that by year-end 2013, half of all companies will have been asked to produce material from social media websites for e-Discovery.

In spite of the difficulties and lack of clear guidelines organizations must learn to deal with the issue of managing, preserving and if needed producing social media data.

This whitepaper presents an overview of the current situation and provides companies insight in how clear internal policies and software to support the preservation and production of business’s social data can help organizations manage social media in a business environment.

Social Media - the numbers

Social Media have become an integrated part of daily life. The paramount availability and easy access to the internet at home and on mobile devices allows people all over the planet to interact and share information, opinions, video and photo’s whenever and with whomever they feel like. One glance at the dazzling numbers tells it all:

  • In 2009 already two-thirds of the world’s internet population visited social networking or blogging sites
  • Social media accounts for one in every six minutes spent online
  • Last year Americans spend a third of their online time (36 percent) communicating and networking across social networks, blogs, personal email and instant messaging, and that number is rapidly growing
  • In February 2011 the average number of Tweets people sent per day, was 140 million. On March 11 of that same year it was 170 million and the number is still growing
  • Facebook has more than 750 million active users. 50% of their active users log on to Facebook every day
  • The US houses 114.55 million, the Netherlands 6.30 million, Germany 18.81 million and the UK 19.27 million active social networkers 
  • “750 million photos were uploaded to Facebook over New Year’s weekend 2011”

Social Media at the workplace

After initial hesitation, many companies have come to embrace social networking sites such as Facebook and Twitter, blogs and other web-based tools for client development, recruiting, branding and other business purposes. HR departments were quick to find social networking sites useful in recruiting and screening for potential candidates.

For marketing and communication professionals social media tools present an unique opportunity for expending brand exposure far beyond and at lower cost than traditional forms of advertising.  And being an almost instantaneous method of communicating with the customers, social media can be extremely responsive.

However, for enterprises use of social media is a double-edged sword, bringing both business opportunities and risks. In the combination of personal and sensitive information and the capability to mass broadcast to a wide audience, loom various threats.

Disruption and legal risks

A disruptive effect to businesses seems to be the most obvious (and potentially costly) risk. When the average user spends almost one hour a day on Facebook and users send an average of 170 million tweets per day, some of these activities (not work related) will be done from business devices, and during working hours. In a survey from spring last year 10.5% of the UK population admitted to being less productive at work due to social networking sites.

More dangerous are the legal risks. Employees can harm their employer's reputation by using social media to criticize the company, its partners or its customers. And imagine how easy it is for an employee – willingly or not - to reveal confidential information in a blog entry that can be viewed by millions of readers. Or consider the consequences when a manager posts discriminatory comments about his employees on his public Facebook page. This can potentially break privacy laws, be seen as slander or defamation and leave a company open to public judgment, as well as private litigation.

With social media, the blurry line between professional and personal networking also imposes threats for employees. Social network sites can provide information about potential employees, and provide evidence in possible disciplinary matters or employment tribunal claims.  A study from Microsoft a few years ago revealed that 79 percent of the surveyed recruiters reviewed online information about job applicants. 70 percent said they rejected candidates based on what they found.

It is not wise to criticize supervisors on Facebook or call in sick to work and then posts Facebook updates revealing that you are enjoying a day off to go the beach.

Rules for Social Media at the workplace

The law continues to develop in the area of social media, but so far there is no generally recognized right to privacy in social media postings (also see next chapter). As an employer there are some laws you need to consider, especially when using social networks in the recruitment process.

  • The Information Commissioner’s Office (ICO) has not issued specific guidance on the use of online profiles to inform recruitment decisions. There are recommendations like “give the applicant an opportunity to make representations should any of the checks produce discrepancies” .
  • Data Protection Act (DPA): in the US, some states have laws protecting employees' legal off-duty activities and political activities or affiliations.
  • Section 7 of the National Labor Relations Act protects employees who engage in "concerted activities" that includes the right to discuss the terms and conditions of employment with colleagues and outsiders. 
  • Federal and state whistleblower laws protect employees who complain about misconduct and potential securities fraud violations.

But in spite of numerous privacy laws, as employee you would do better to play it safe an exercise caution in what information you share. There are many cases highlighting the hazy line between work and private lives. In Australia computer technician Damian O'Keefe was dismissed after posting insults about his manager from his own computer and out of hours on his Facebook page. The tribunal's deputy president, Deidre Swan, said "common sense would dictate that a worker could not publish insulting and threatening comments about another employee. The fact that the comments were made on the applicant's home computer, out of work hours, does not make any difference." 

Social Media and the law

The effects of publicly available information stretch out beyond the recruitment process and are entering courts. Mrs. Annelies B. from Belgium for example, refused to pay her ex-boy friend alimony for their son, claiming she had no money herself. On Facebook however she was showing off with a new laptop and luxury trip to Rome. Her ex-boy-friend printed it all and submitted 18 pages in court where it was accepted as evidence.

In the case of Zimmerman versus Weis Markets Inc. the County judge granted the defense motion seeking access to the private portions of the Facebook and MySpace accounts of a personal injury plaintiff, finding no privilege for information on private sections of social websites. Based on what was observed on the publicly available portions of the plaintiff’s Facebook and MySpace pages, the defendant discovered that the plaintiff’s interests included “ridin” and “bike stunts” and his MySpace page contained recent photographs depicting him with a black eye and his motorcycle before and after an accident. Additionally, there were photographs of the plaintiff wearing shorts, and his scar from this accident is clearly visible. The defendant argues that this is relevant because at his deposition, the plaintiff claimed he never wears shorts because he is embarrassed by his scar.

No expectation of privacy

Court rulings cited Facebook and MySpace policies, which warn users there are limitations on the level of privacy. “Where there is an indication that a person’s social network sites contain information relevant to the prosecution or defense of a lawsuit… and the law’s general dispreference for the allowance of privileges access to those sites should be freely granted.” 

Facebook itself warns that they will disclose information “To respond to legal requests and prevent harm. We may disclose information pursuant to subpoenas, court orders, or other requests (including criminal and civil matters) if we have a good faith belief that the response is required by law. […] We may also share information when we have a good faith belief it is necessary to prevent fraud or other illegal activity, to prevent imminent bodily harm, or to protect ourselves and you from people violating our Statement of Rights and Responsibilities. This may include sharing information with other companies, lawyers, courts or other government entities.”

That social networks contain valuable information has also been discovered by law firms. In their “Social Media as Evidence Recommendations” a US law firm, proactively promotes the use of social media sites or programs to obtain and review information shared by an individual; ”a party can learn more information about its opponent and strengthen its case even further. Our firm can work with you to utilize this method while investigating claims. In doing so, we will help you observe a claimant’s online presence and assist you in determining which information, communicated by a claimant, you own and can review.”

Social Networks: The Next eDiscovery Elephant in the Corner

It is clear that data in social networks are the next elephant in the corner. After having dealt with exponential data volumes, email and multimedia in the past years, there is a new dimension to records management and eDiscovery: not only do we have even more data than ever, we also no longer have control over that data within our secure corporate networks: it is now in the cloud, which basically that means it is everywhere and nowhere and we no longer own the data! Implementing eDiscovery and records management will be an even bigger challenge!

There are technical solutions, that can help you and your organization to manage these new risks, but you should also implement good service level agreements with your SaaS, cloud providers and social media networks that your organization uses. That in itself can be a challenge as well! If you are not able to do that, think more than twice before you allow your employees to use social networks!


#ElectronicRecordsManagement #EnterpriseInformationManagement #enterpriseinformationarchiving #e-discovery #SharePoint #socialmedia