Enterprise eDiscovery now has to factor social media into its makeup. Facebook, Twitter, Instagram, and other social platforms contribute on a daily basis to the enterprise data stream. And when that information is called for in a legal context, organizations must have appropriate measures in place to comply with requests for access. These measures, in turn, have to cover the complexity that these new data sources have introduced.
What Is eDiscovery?
In legal terms, discovery is the compulsory disclosure of documents relevant to a case, before it comes to trial. If you’ve watched television dramas like Law & Order, you’ll probably be familiar with the concept. Discovery enables one side in a litigation to get information from the other side, concerning the facts in the case.
Electronic discovery or eDiscovery (used interchangeably with e-discovery) is an aspect of this pretrial information sharing process that concerns itself with data generated or stored by electronic and digital means. The term covers any process in which electronic data is sought, located, secured, or searched with the intention of using it as evidence in a civil or criminal case.
Under US law, the Federal Rules of Civil Procedure were amended in 2006 to include electronically stored information or ESI. Though this was initially applied to company emails and electronic documents, the terms of this amendment were “intended to be read expansively to include all current and future electronic storage mediums.” That definition now includes data storage in the cloud and on social networking sites.
Irrespective of how briefly it’s stored, the courts will treat the information as discoverable, if it’s relevant to a civil or criminal case. Any time that litigation is likely or pending, companies have an obligation to preserve relevant or potentially relevant data that’s in their custody, or under their control.
How Social Media Can Influence Legal Cases
As the digital economy has evolved, social media platforms have become an integral part of many enterprise operations. From the creation of brand awareness through to the posting of industry news, commentary, or the use of social sites for customer engagement and technical support, these platforms now play host to diverse forms of corporate data. And with that comes the potential for this information to become relevant in cases of dispute, or infractions of the law.
There are many ways in which information on social media could have legal implications. For example, poorly configured privacy settings on Facebook could lead to confidential communications or trade secrets being shared publicly. Or an indiscreet tweet on Twitter might find its way to a business competitor or corporate stakeholder.
Should any of this information later become relevant to a legal case, eDiscovery requires that it be disclosed – perhaps with negative consequences for the company it originated from.
As legal commentators at Morningside Translations put it in 2017: “…it is important to understand that content you have posted on the internet can and will be used against you in a court of law.”
The Challenges Posed By Social Data
Unlike other types of ESI such as emails, or Office-type documents, information posted on social media may be hosted on a range of different platforms, each with its own methods of storing and cataloging data. The information may be personal or business-related, and feature language and abbreviations that are difficult for search and analysis engines to properly detect. And social media posts may have a short life-span, being edited or deleted on the whims of the commentator.
Many posts are written anonymously, and not physically stored on their author’s computer or the servers of the organization that they work for. Third party storage sites such as the servers of a social platform, its advertising and supply chain partners, or contractors associated with the author and their company may be involved.
For the purposes of eDiscovery, much of the value of social media information comes from the metadata associated with it, such as dates, time-stamps, or geo-location tags. Any or all of these could prove instrumental in a legal case. And with the weight of the law behind them, attorneys and legal translators may be empowered to use collection tools for capturing and indexing data from public social media accounts across the globe.
Being prepared to meet such demands despite the complexity and diversity of the information involved, poses a challenge to organizations, in complying with e-discovery mandates.
Companies Will Deal With eDiscovery By Updating Document Retention Policies
One of the first steps that companies should take is to update their document retention policies, to include social media activity. These may be based on modified versions of their existing practices concerning the storage of email and digital documents, and the “time before shredding” of both physical and computer-based files. These policies should also be crafted with an eye toward complying with any relevant industry standards or regulatory compliance frameworks.
With a reasonable set of directives in place, this should make it difficult for a litigating counsel to argue that an organization has destroyed relevant, and possibly damaging information.
Companies Will Also Deal With eDiscovery By Seeking Outside Help
Questions about stewardship and data governance can arise with eDiscovery from social media. For a particular post or comment that isn’t actually stored on a company’s own machines, it may be difficult to establish whose servers it currently resides on – and who was responsible for keeping it there. But e-discovery requires that any relevant information that’s requested by the courts should be produced – usually within a certain time, and with the prospect of penalties, if it isn’t.
For this reason, many organizations turn to third-party contractors for capturing and storing information generated by their social media activity. This doesn’t necessarily mean cloud storage, as some industries (such as the finance sector) have regulatory requirements for organizations to safeguard the privacy of their customer data, and retain the ability to establish clear audit trails for their customer interactions. And unless a contractor can give strong assurances about security and data duplication, cloud storage may not be the safest option.
Vendors for off-site data storage should be able to work with an organization’s legal counsel and IT / litigation support departments to draw up clear terms defining who owns the data in question, and to impose strict conditions on who can get access to it. Contract terms should also spell out the exact amount of time for which data is held, and allow for companies to download information to their own servers on demand. Provisions for the encryption of personal information are also advised.
Managing Your Social Presence
The actual generation of data that might be called upon for eDiscovery should also be regulated, through an enterprise-wide policy on social media usage. This should start with an assessment of what social platforms are actually being used, and for what purposes.
In-house and external counsel should be consulted in drawing up policies for how social media may best be used to advance the organization’s business objectives. Guidelines should be drawn up for employees, describing how their use of social media should stay in line with these goals. Policy terms should, if deemed necessary, spell out any sanctions or penalties that will result from improper use of these channels.
Training programs and working guidelines for human resource management can help cement these ideals into the minds of workers. Social media best practices should also be incorporated into employee monitoring and enforcement processes for regulatory compliance.
On the technical side, the organization’s information management protocols should be modified if necessary to facilitate the preserving of social media data. This may require some fine-level management, in determining what kinds of original content and responses to feedback or commentary are likely to be of relevance in a legal context.
Finally, any information that’s preserved from social media sources should be held in a format that’s compatible with standard eDiscovery review tools.
Share this Post