For many businesses, the use of social media is a necessity. FaceBook, Twitter, Blogs, and YouTube are marketing vehicles that can help campaigns go viral at a fraction of the cost of traditional advertising. LinkedIn is a networking tool that can allow workers to find and connect with new business partners and customers. Simply put, businesses cannot afford not to be social. However, companies that dive into social media without the right policies and solutions to govern usage will encounter information governance and eDiscovery nightmares down the road.
This scenario has played out time and time again, most recently with email in mid 1990s. Originally, email was a tool reserved only for the highest level executives in a company. But, it quickly rolled out to the masses and became the dominant communication tool of the 2000s.
Email proved to be beneficial to businesses by easing and speeding collaboration. But, email also created costly nightmares in the form of reactive eDiscovery. With this new form of collaboration came new forms of data types and metadata types and the compression of mass amounts of email into personal archives (e.g. PSTs) that required expensive processing when litigation arose. Email, and most electronically stored information (ESI), was still fairly new, so companies could not forsee eDiscovery challenges associated with the massive volume of email coming. Who could have known how expensive it would be to process Terabytes of email only to find that a small percentage was even relevant to the case at hand? In the social media realm, however, companies can not hide behind ignorance. Instead, they can get ahead of social media by putting in place governance policies, processes, and tools to ensure that the email history lesson informs these new methods of collaboration.
Social media, like e-mail, has gained traction. In order to avoid the mistakes made in the email generation, companies must figure out ways on how to best collect and preserve social media content in the event it is needed for eDiscovery. Today, this practice is extremely immature. Across the board, 15% or less of eDJ’s The Cloud and eDiscovery survey respondents indicated having had to collect from a popular social media service.
Just because Social Media is not the dominant source of eDiscovery today does not mean that companies should not address it as part of a holistic eDiscovery strategy.
The legal community typically waits for case law to establish the rules of the game. There may not be an overwhelming amount of case law pertaining to Social Media, but one important case to note is “IN RE NTL, INC. SECURITIES LITIGATION; GORDON PARTNERS, et al., Plaintiffs, -against- GEORGE S. BLUMENTHAL, et al., Defendants.” Essentially, companies are on the hook for eDiscovery of social media. Per the case, if a company has “access to documents to conduct business, it has possession, custody or control of documents for the purposes of discovery.”[1]
But, social media information sources present tactical collection challenges. Take Twitter as a data source, for example. There a number of different ways to collect Twitter content: use the users’ Twitter credentials to collect from the account; create a case-based Twitter account and follow the users that need to be collected and preserved; or create a case-based Twitter account, search twitter.com for key words or phrases, and add those search results to the collection. In the case of sources like Twitter, collection protocol dictates not only searching and indexing the Tweet itself, but also any links in the Tweet and content from the destination of that link.
And the industry is beginning to arise around social media monitoring and collection. eDJ has talked with a number of companies that offer solutions in this area, including: Actiance; Autonomy; Gnip; Hearsay; NextPoint; SocialWare; SocialLogix; and X1 Discovery. What is most interesting is the different approaches these solutions offer to social media collection. Some require that users give permission for their accounts to be monitored and collected from while others do not.
Herein lies the big business decision companies need to make: do you want your employees to be social in an unfettered way? If I had to give my company my credentials for my Facebook or Twitter account, there is a good chance that my social experience would be forever changed and that I may not use social media as much. Is it worth it for a company to inherently change the social experience in order to monitor what employees are doing?
Also at issue is privacy in general. If a company collects information from Facebook, for example, and keeps that in a preservation repository, it could be in violation of Facebook’s policies should the user delete that information on their own account. Most social media publishers require that content go away when the account holder deletes it. Should a company be holding that information in an archive, it could be in violation of the publishers’ policies. There have not been big cases around this yet, but it is an issue that is slowly bubbling to the surface.
At the end of the day, companies have to ask, “can we afford to be social or can we afford not to be social?” Clearly, social media has business benefits. But, there are risks lurking in the shadows and no company wants to be caught unprepared should litigation arise. Getting the policies and tactics right upfront will go a long way toward mitigating risk. Any company engaging in social media should also be crafting a social media governance plan. Companies need to decide if they want to monitor workers, how (ask for permission or just monitor any on-network activity) to monitor workers, and how to deal with publishers’ policies. Best practices will begin to emerge as the year rolls on and there will be more on this topic from eDJ in the next post on Social Media Governance.
[1] Source: eDiscoveryLawAlert.com; www.ediscoverylawalert.com/uploads/file/IN%20Re%20NTL.pdf
