By Daniel Estrada
August 6, 2009
In a business world increasingly dominated by Twitter addicts and Facebook friends, what your employees say online can and will be used against you.
Despite the many benefits of social networking, organizations face significant risks at the hands of zealous online communities. Like it or not, user-created content has become a natural extension of your company’s marketing message.
The Social Media Revolution
Around the world, companies are embracing the power of social media to connect with customers and manage their brands.
There’s no question that social media sites are dominating the Web. A March 2009 study conducted by Nielsen found that two thirds of the world’s Internet users use social media. The study also reported that an average user spends 10 percent of Internet time on social media sites, which in February of this year surpassed the average time spent using e-mail.
With any new technology come new problems.
Many companies now use social networking sites like Facebook and MySpace to screen job applicants. This raises important legal questions about the collection of protected information, such as an applicant’s age and race.
Moreover, most organizations have dealt with some form of lost productivity due to Internet use at work, and the explosion of social media has only made this more difficult to control. Employers may also be held liable for the statements their employees make online.
But the most significant risks stem from the nature of electronic data. Information posted on the Internet essentially exists forever, because it is so often copied, e-mailed, and archived without our knowledge. This lack of control creates more sophisticated challenges than most organizations are prepared to handle:
Bad publicity. Employees or customers may post derogatory information online. Negative messages are usually syndicated much more quickly than positives ones.
Loss of intellectual property. Publishing details about products or services may waive a company’s claim for patent or trade secret protection. And even well-intentioned users may infringe on copyrights or misuse trademarks.
Regulatory investigations. Improper disclosures will quickly get a company into regulatory trouble. The SEC now monitors the Twitter activity of publicly-traded companies.
Unfortunately, many General Counsels and CIOs mistakenly think that their existing policies provide adequate protection against these risks.
Litigation is one of the most overlooked risks of managing electronic data.
When companies get sued, they are legally required to provide copies of relevant electronically stored information (ESI) to their opponents. This includes e-mail, voicemail, and electronic documents, as well as information posted on the web. In civil litigation, all relevant ESI is considered evidence.
The process of preserving, collecting, and searching electronic evidence is called electronic discovery. In the context of e-discovery, the litigation exposure created by social media becomes evident: discovery is even more challenging when information is not stored internally but on one or more third-party systems. Today, many lawsuits are lost or settled because of the extreme burden e-discovery creates.
Corporate leaders should be asking questions about the organization’s ability to comply with e-discovery obligations:
Can all of the company’s data (including third-party information) be cost-effectively identified, collected, searched and produced in a legally defensible way?
Does the company have a clear legal hold policy that outlines how potentially relevant evidence will be protected from destruction?
Do the company’s current policies and procedures affect its litigation exposure?
The Bottom Line
Organizations must develop strong policies and implement them in a defensible way. If there are no internal resources with the hybrid legal and IT experience needed to execute a smart e-discovery strategy, it’s advisable to hire outside expertise.
Getting your e-discovery ducks in a row may be a tall order, but it can be done. Here are some guidelines:
1. Know your enemy. Find out what kinds of social media tools are being used in your organization and why.
2. Don’t try to ban social media. Locking down your company’s Internet access is an unrealistic goal, and it sends the wrong message to employees.
3. Establish good policies. Consider legal risks in all of the company’s existing policies, including corporate communications and acceptable use policies.
4. Educate employees. Communicate why policies are important for the well-being of the organization and its staff.
5. Solicit feedback. Ask users for their input about policy changes. This will go a long way in ensuring adoption.
6. Keep it short. Make policies clear and understandable, and cut the legal jargon. Provide guidelines and examples to help employees understand the company’s expectations.
7. Require employees to certify (in writing) their understanding and compliance with all corporate policies.
8. Track and audit the use of social media sites. This will provide valuable insight about policy compliance and the nature of social media use.
Most importantly, learn to embrace social media for all of its benefits. Used properly, social media tools enhance your brand, foster collaboration, and help build the kinds of relationships you need to develop successful teams.
And remember: a thoughtful, proactive approach can mitigate even the most daunting technology risks.
Daniel is president of D.C. Estrada, a Grand Rapids-based e-discovery consulting firm that helps clients assess litigation risks, translate between Legal and IT, and implement defensible discovery strategies. He can be reached at [email protected].