Social Media and e-Discovery

Posted on September 26, 2011

0


Cloud adoption and social network content generation in the enterprise have serious implications for e-discovery. Employees are creating content outside the control of corporate IT governance and compliance with corporate policy is very hard to monitor. There are no clear rules for the governance of social media and it is up to individual organizations to decide how to use and govern social media. One thing is clear however; “organizations are required to retain records of communications related to the broker/dealers business that are made through social media sites”. This means every organization must ensure that it can retain records as required by SEC Rules 17a-3 and 17a-4 and NASD Rule 3110.

“If it exists, it is discoverable”

Social media data fits the definition of Electronic Stored Information (ESI) and thus businesses must deal with the issue of preserving and when asked, producing social media data that falls under the data retention policy. When a business maintains social media pages, it has a duty to preserve the data that may be relevant in anticipated or actual litigation. In e-discovery, there is no difference between social media and electronic or even paper artefacts. The phrase to remember is “if it exists, it is discoverable.”19

Debra Logan, vice president and analyst at Gartner believes by year-end 2013, half of all companies will have been asked to produce material from social media websites for E-Discovery. 

But producing material from social media sites brings extra challenges. Social media sites are operated outside of a business’s firewall by a third party. Information lives on servers that are not in the enterprise’s direct custody or control. Data is normally scattered on many sites and connected by many people or custodians.  And the retention policy or schedule of a business does not affect data located on social media sites.

Social Media and how to be prepared

It all begins with an inventory of what social media sites are being used and the development of internal policies and training programs to educate all employees of the risks of using social media. Research firm Gartner recommends: “key to avoiding or mitigating potential legal issues in the use of social media for business purposes is to have a governance framework, policy and user education.”

Training and education

Awareness comes first. Make sure your existing policies on computer use, confidential and proprietary information and harassment also address social networking. Employees should be aware that if they use the company’s email address or name, they must act in accordance with professional standards. Managers should be reminded not to reveal confidential information, and should be trained to follow and enforce the company’s policies. Managers should also be careful to becoming “friends” with subordinates as “friends” are bound to reveal personal information which may put the manager (and the company) in a bad position.

Gartner recommends firms to take the following four first steps :

  • Remind employees that the policies and common-sense guidelines they already know apply also to online interactions
  • Use examples to illustrate constructive and undesirable behavior
  • Stake out the most Sensitive “Hot Zones”(high-profile employees, officially recognized channels, privileged information, etc)
  • Give employees somewhere to go with concerns.

Modernizing the data retention policy

In the webinar “eDiscovery in the Age of Cloud Computing and Social Media” Mary Mack, Esq., Enterprise Technology Counsel of ZyLAB stresses the importance of updating your data retention policy to include:

  • SharePoint, blogs, social media
  • Unified messaging, voice files, Video
  • ADP and other financial service providers
  • Salesforce and other CRM systems
  • FexEx, UPS and other shipping
  • BaseCamp, Google docs and other collaboration tools

She also points out that it is important that every company dealing with suppliers in the cloud should ask itself which protocols the provider has in place for collection in terms of speed and quality. What can you expect from your cloud provider? What to include into your Service Level agreements (SLA’s)?

Software to aid in preserving data

Like all unstructured content and information, this cannot be controlled without some automation. After re-evaluation and revision of your existing information management strategy and content and retention policies, you need to decide if backup software is needed to help with preservation and production of your business’s social media data. 

With the help of specialized eDiscovery technology, users are able to collect data from different social media sources such as Twitter, Facebook and others. Tweets and information from Facebook for example can be collected by the solution based on queries or account information and preserved in a eDiscovery data repository. After the collection the data can be processed and additional automated analysis can be performed using text mining so that information can be structured automatically.  Names, topics and other entities can be extracted and used for visualization to improve the navigation and access the relevant data. Information in foreign languages is detected and translated if needed. After processing and analysis the information can be investigated and reviewed.

According to pre-defined information profiles, email alerts can be send when new information is collected that matches certain search criteria to inform investigators and reviewers.

So, many solutions for a new problem that you cannot ignore!

Advertisements