It seems all too easy to poke fun at Charlie Sheen’s antics of late. And, while they serve as cautionary tales in numerous contexts, his use of social media to launch his “tiger blood” fueled rampage against his former employer may mean that these rants may actually turn into evidence someday soon in his breach of contract action. On one hand, his public meltdown was surely a high water mark for social media as a window into the real-time (can’t look away) train wreck that is now Mr. Sheen’s career. After all, he now has over 3 million Twitter followers and for those who don’t expressly follow his now infamous rants (e.g.,“#winning”) other media outlets stand by to repost and re-tweet every scintillating (less than 140 character) proclamation.
For those who think that they’d prefer to have less Sheen in their daily diets, let’s use his 15 minutes of über-fame to examine the impact of social media on the traditionally email oriented electronic discovery process we’ve all come to know and love. On balance, while the electronic discovery and regulatory issues are all fundamentally the same, the social media genre does genuinely pose a range of tactical and strategic challenges.
Accept Reality and Plan Accordingly
For many organizations, it’s easy to exhale as they’ve finally reigned in some of the email chaos during the 2000s. But, this small victory in the larger information management war has been eclipsed by new challenges posed by social media. The problem isn’t just that the types (Twitter, LinkedIn, Facebook, Flickr, YouTube, etc.) are increasing at a mind numbing speed, but the volumes of accumulated data (1 billion tweets per week) is also proliferating wildly. A recent article published under the Sedona Conference’s aegis, The Impact of the Internet and Social Media on Records and Information Management: Unexpected Bedfellows Highlight the Need for Effective Information Management –Now More than Ever points out:
“Most commentators agree that, if social networks in the workplace are inevitable, corporations must resign themselves to the inevitable and prepare accordingly. …
To combat these risks, companies must understand the interactions between IT and legal and how they intersect in the world of Records and Information Management. Companies must also employ a cross-discipline approach to issues in order to properly address access rights, digital security, Records and Information Management policies and programs, short and long-term data storage strategies, audit processes, enforcement protocols, incident and litigation response plans, and employee education programs.”
The authors correctly state: “[h]ard decisions need to be made, and resources committed, but an ounce of current prevention now may certainly outweigh the inevitable pound of information loss.” This “pound” is most often paid out by organizations in response to electronic discovery costs, which are axiomatically linked to the amount of electronically stored information (ESI) a company needs to collect, process, review and produce for the matter at hand.
So, like the first stage in the Kübler-Ross grief process (denial), organizations need to accept the reality of social media, understand the implications (cost, risk, information security challenges, etc.) and start to plan accordingly. Yet, the denial seems to be ever-present. In a recent survey by the Electronic Discovery Reference Model (EDRM) it was shockingly noted that “[w]ritten policies for social media are non-existent,” with 85 percent of industry professionals admitting that “no written policies existed within their organizations regarding the preservation of data for any of the wildly popular social networking sites.”
Deploy the Right Information Governance Policies
Step one in this challenging task is to reign in the authorized/unauthorized use of social media. This likely doesn’t equate to the wholesale prohibition of all social media (which would be nearly impossible to enforce). Instead, the goal should be to define what is permissible via policies and procedures, and that in turn should be used to identify expectations of reasonable corporate conduct. This effort should inherently recognize that there are legitimate business purposes (ideally with defined corporate objectives), as well as individualized usages (that nevertheless may still be supportive of company goals) for the use of social media. In all instances it will be important to calculate the benefits of the social media activity (increased collaboration, real-time communication, ubiquity, etc.) with the risks (lack of information control, reduced productivity, etc.).
Organizations may also consider which of their own social media forays constitute a business record and whether or not they should be proactively archiving/capturing/preserving such ESI to create a robust document trail if social media ever becomes a factor in litigation. Unfortunately, as with a number of other quickly developing paradigms such as cloud computing, there’s often a “ready, fire, aim” approach where the legal, risk and compliance ramifications aren’t well thought out prior to deployment.
Social Media Use Cases Proliferate
In just the past few months there have been numerous instances where social media has taken center stage in the electronic discovery and compliance realms. Here are just a few recent examples:
- Facebook – In what’s been called the Facebook firing case, the National Labor Relations Board (NLRB) jumped in to chastise an employer for allegedly firing an employee due to a Facebook post (where she allegedly called her boss a “mental patient”). The NLRB said that policy was in violation of the National Labor Relations Act, which gives employees the right to discuss “the terms and conditions of their employment with others.”
- LinkedIn – In a recent breach of contract action, an employer claimed it had evidence of improper solicitation of its employees through the LinkedIn connections of one of the defendants.
Electronic Discovery Costs Rise in Concert with Social Media
While “ESI is ESI” to some extent, there are tactical challenges with conducting electronic discovery of social media. Using the EDRM model as a guide, the first main hurdle will be Identification. In this stage, the challenge will be to identify (ideally through data maps and corporate policies) the instances of social media that are being legitimately used within an enterprise. This process is typically linked to key players, versus searching the entire data universe for specific key terms.
Once this thorny issue is confronted, the even bigger challenge involves determining how to manage the risk-laden Preservation process. Here, the highly dynamic nature of social media stands in contrast with its email counterpart, which in many ways was designed to be used in a linear, threaded format. The preservation of social media has two main challenges. The first one is access since the information may be private or semi-private. In this setting, the recent case of Romano v. Steelcase Inc. (N.Y. Sup. Ct. 2010) shed light on some of the privacy issues:
“[W]hen Plaintiff created her Facebook and MySpace accounts, she consented to the fact that her personal information would be shared with others, notwithstanding her privacy settings. … Since Plaintiff knew that her information may become publicly available, she cannot now claim that she had a reasonable expectation of privacy. As recently set forth by commentators regarding privacy and social networking sites, given the millions of users, ‘[i]n this environment, privacy is no longer grounded in reasonable expectations, but rather in some theoretical protocol better known as wishful thinking.’”
Assuming the privacy issue can be overcome, the next issue is encountered during the Collection phase, since it will be hard to actually preserve social media in situ because the content is dynamic and at the whim of the user and the applicable site. Aside from a few recent developments like Facebook’s “Download Your Information” feature and the library of Congress’ decision to archive all tweets since March, 2006, most social media ESI is fleeting and hard to collect. The current brute force methodology is to simply take screenshots of the relevant blog, tweet or status update. The challenge with this approach isn’t necessarily with admissibility (see below). Instead, this static modus operandi makes it nearly impossible to utilize analytical tools to search and review the social media content. Assuming the use cases and volumes continue to proliferate at current speeds (which is a safe bet), then leveraging analytical tools becomes that much more important in the effort to control costs.
Over time, enterprises will attempt to funnel users into corporate social media platforms that have governance abilities built in, particularly export functionality that will permit more advanced search and analytics from purpose-built e-discovery applications. But, for now, the herding cats exercise will continue as the corporate community tries to keep up with the faster moving user base.
Admissibility is an Open Question
Not to be forgotten, the core underpinning to a successful collection of social media content is the ESI’s admissibility, since the ability to use data in court is the sine qua non for conducting the electronic discovery process in the first place. In the seminal case on the admissibility topic, Lorraine v. Markel Am. Ins. Co., (2007), United States Magistrate Judge Paul W. Grimm noted that “[v]ery little has been written, however, about what is required to insure that ESI obtained during discovery is admissible into evidence at trial.” He went on to note that “[t]his is unfortunate, because considering the significant costs associated with discovery of ESI, it makes little sense to go to all the bother and expense to get electronic information only to have it excluded from evidence or rejected from consideration during summary judgment because the proponent cannot lay a sufficient foundation to get it admitted.”
While it’s difficult to quickly summarize the authentication requirements for social media, it is an important aspect that can be achieved a number of ways (pursuant to FRCP 901, which only provides illustrations). The most likely course would be to utilize the “personal knowledge” approach, which permits authentication by testimony “that a matter is what it is claimed to be.” Other approaches, such as utilizing metadata (which works well for more static ESI) will be less applicable for social media since it is more ephemeral.
Many have proclaimed that social media will soon render email obsolete as the primary form of corporate communication. While this remains to be seen, social media is quickly elbowing its way into the electronic discovery conversation and this new kid on the block needs to be taken seriously, or the unwary practitioner may unwittingly find out (via tweet) that their case has been dismissed because of spoliation.