The free wheeling world of social networking is rapidly working its way into Corporate America and, as it does, is creating a new world of eDiscovery and legal hold challenges that most companies have neither the will nor the tools to handle. One attorney, Matt Kesner, the CTO of Fenwick and West and who runs the computer forensics group within that firm, even goes so far to say in a recent Symantec eDiscovery virtual round table that organizations who use social networking have lost control and it can seem sort of hopeless to get your arms around this new form of electronically stored content. But what is happening in response to this new wave of social networking is that some organizations are making employees responsible for the content they create on these Web 2.0 sites and instructing them to act as their own records managers.
The push behind making employees more responsible for the content they create on these social networking forums is being driven in part by the difficulty that electronic discovery already presents now without even factoring in today’s social networking sites. In this same roundtable, George Socha, the President of Socha Consulting and co-founder of www.edrm.net, finds that most attorneys are not trained on how to deal with eDiscovery as it exists today, much less with the new complexities that blogs, Facebook, Twitter and wikis create. He says, “Attorneys’ eyes just roll back in their heads and they fall off their chairs and curl up like possums hoping no one will ever pay any attention to these social networking sites as they just don’t want to deal with them.”
The difficulty in doing eDiscovery on these social networking sites is how to understand the context in which information is presented since context is such a big part of the communication. Kesner finds that when you go into the back ends of these systems, information does not exist as a single page but as data in 5 or 6 different databases. Kesner laments, “Pulling that together so you can search it and understand the context is pretty darn difficult.”
Another problem with these social networking sites is that they lend themselves to people talking far too freely about things they would not have said years ago in formal business communications. This is probably one of the worst parts of these less formal forms of communications as it can lead people into saying something embarrassing, according to Kesner. He says, “We (Fenwick and West) have seen an inverse relationship between how formal the communication is and how freely people talk about things that you would not have seen in a written letter years ago. We already regularly see this occurring in IM and chat sessions.”
So what are organizations to do? The era of social networking is upon us and organizations do not have the option of burying their heads in the sand and pretending that social networking is not happening as it is not only naïve but dangerous from a litigation perspective. Some individuals such as Qwest Communication’s Director of Risk Management, David Fong, are already dealing with these issues. Qwest permits its employees to engage in these activities but employees do it under their own identity and not as a Qwest employee unless specifically approved to do so by Qwest.
Kesner advises that employers treat each employee like a records manager. While you can’t give them in-depth training, you can give them some training so they understand the implications of what they are saying. Hopefully they will realize they need to be more circumspect in their communication even if it does seem like a less formal environment. They also need to be educated on what content needs to be saved in these communications so your organization can continue to do business.
The experts at this round table essentially implied that whatever separation a person thinks exists between their personal life and their business life is gone. While the separation of one’s personal and business life has undoubtedly been occurring for some time, social networking is now pushing it over the edge such that no matter what you do in the virtual world or where you do it, it is becoming inextricably linked to both your personal and your business and/or professional life.
Socha goes on to say that organizations should not expect to have any success in squelching their employees’ use of these social networking sites and those that are having success are the exception, not the rule. He most often finds that if organizations attempt to suppress the use of these social networking tools among employees in sales and engineering that are already using it, they will generally have very poor luck in enforcing that policy. Socha concludes, “If organizations are able to suppress it and do it successfully, it is very helpful from a records management perspective, but most organization who try fail.”
The general recommendation of the experts present at the round table was rather for organizations to engage in the new opportunities that social networking presents and understand the requirements of their employees. Rather than trying to suppress these new means of communication and driving it underground which is what often occurs, direct them to use a specific set of platforms so if and when an organization needs to find that data, they know where to go look for it.
This is what Qwest is in essence trying to do: funnel its employees toward a specific set of platforms that it provides/approves so it can monitor them and keep its potential costs of eDiscovery and litigation from exploding. It then trains its employees as to what constitutes a record and what does not and reminds them frequently so as they engage in social networking, they do not unduly embarrass themselves or their companies as they use these new social networking tools.
Employees of today’s organizations are facing a brave new world where the line between their personal and business lives is gone. So in much the same way that the web has evolved into Web 2.0, so must employees also evolve to take on an “Employee 2.0” persona by assuming responsibility for the content they produce and managing it themselves regardless of where it is stored. As this round table highlighted, no longer should employees assume that just because they produce content privately on a social media website that it can never be linked to the company for which they work. And if and when that link is made, there is a distinct possibility that the content stored in any social media site could be subjected and exposed during a legal eDiscovery and made public for all to see.