Joshua Kubicki
It's no secret that the heavyweights of the social media realm—Facebook, Twitter, and LinkedIn—are gaining more digital body mass daily with their exponential growth of new users. And while no one would ever call Google a lightweight, in the social media realm Google was sorely lacking. . . until now. With the rollout of Google+, the internet-search giant has lobbed a swift uppercut to the standing champions: in a little under a month, the site reached over 25 million users sharing over one billion items a day, all "by invitation only."
Google+ got off on the right foot by using effectively its most precious resource: user data. By taking advantage of user profiles through Gmail, Google Docs, Chrome, Picassa, Blogger, YouTube, and other Google products, it aggregated user profiles, preferences, videos, photos, and friends, all under one roof.
Initially, social media platforms were used for personal purposes, such as sharing photos and announcing life events, with a limited network of friends or schoolmates. As the platforms' technology improved and their popularity increased, so did their purpose, with individuals incorporating work associates as "friends" or "followers"—and companies capitalizing on the promise of new marketing opportunities.
With the boundaries between the personal and professional realms now blurred, the question of "personal privacy" vs. "company policy" is inevitably encountered. And with the arrival of Google+, those boundaries promise to become all the more hazy, which translates to a specific and pressing business need for executives to be keenly aware of—and proactive about—the risks social media present. Although significant legal precedents are currently lacking (most related cases are settled out of court), it is only a matter of time before social media data will be the primary focus—if not the cause—of corporate legal disputes. When this occurs, corporate leadership and general counsel will be obliged to offer up any or all corporate social media data at the behest of a plaintiff or defendant, not to mention possibly that of employees as well. And the monetary cost and reputational damage potentially inflicted by the ever-growing mountain of searchable, discoverable data is staggering.
According to data from comScore, Alexa, and Flurry Analytics, an average person spends 74 minutes per day on the Internet and an 81 additional minutes on mobile apps. Twitter users send upward of 200 million tweets per day. All Internet users combined send a staggering 13,800,000 messages, 5,700,000 status updates, and 30,000,000 comments every hour. Practically every item is potential evidence in a lawsuit. If your company hasn't been called on to produce social media evidence yet, be prepared. According to Gartner research, [http://www.ediscovery-news.com/half-of-all-companies-will-have-been-asked-to-produce-material/] by the end of 2013, more than half of all companies will be asked to produce this evidence in litigation.
To make matters worse, much of that avalanche of social media data is entered into the public record. Without some compelling reason why this data should be privileged, it becomes part of an ever-growing body of potential evidenceTwitter saves all users' tweets, and last year, the Library of Congress acquired the entire public Twitter archive; Facebook pages are maintained until the user deletes or overwrites them; Google+ data is similarly stored.
And while it catalogues, saves, and stores another library of user data, Google+ is also changing how social media users share by building more perceived privacy into their system. By allowing users to create "circles" of friends, separating work colleagues from friends or family, Google+ is inviting users to potentially share more than they currently do on Facebook. But could "perceived privacy" in a social media context be even more dangerous for companies?
Employees might be more comfortable sharing private information with only their friends, knowing their colleagues won't see the picture or post. But that information still becomes part of the body of discoverable data. Employees may think they are only posting to specific circles on Google+, to only their friends on Facebook, or are protecting their tweets. But in the fine print of Terms of Service, users are not ensured a right to privacy for anything posted on a third-party, semi-public, "free" social media platform. And as case law around social media develops, users' privacy will further dissolve as more social media platform providers are forced to hand data over to the courts.
Of course, you don't want to completely limit your employees' access—nor, in reality, can you, and to do so would inhibit your company's own growth. Social media engagement provides great opportunities for businesses to promote themselves, and it allows employees to build personal brands and use their networking skills to uncover opportunities and foster innovations. So how can your organization strike the right balance between participating in social media and self-preservation?
First, create a social media policy in collaboration with the key stakeholders in your organization. Depending on the nature of your business and the size of your organization, you will need to determine how to best frame your social media policy. "Closed" policies tightly restrict employee access to social media through site blocks put in place by IT. However, companies that enact broad bans on social media miss an opportunity to allow their employees to engage with the public or their peers positively. On the other side of the spectrum, free access often creates huge liability traps: Will your employees require guidance on what they can and cannot do, or do you need to implement strict prohibitions forbidding employees from engaging in social media at work? Does your organization fall somewhere in between?
A policy is worthless if the employees don't understand it. While it may be time-consuming, it is recommended that employees be trained on the policy, on the platforms in question, and on their appropriate use. Usage policies may vary from department to department—your marketing team, for example, may need to have a more open policy than administrative employees. Nevertheless, training should encompass an overarching theme that ties it all back to the company's social media policy. Also, training should be updated and re-administered on a frequent basis, as social media sites and habits change frequently. Of particular concern are the evolving privacy settings and practices that each platform administers and that companies and their employees need to read and understand.
Finally, contemplate how you will collect, monitor, and preserve social media evidence to comply with any applicable laws or regulations, such as FINRA Rules. Astonishingly, while social media is a form of electronically stored information to which all the rules of discovery apply, very few companies collect and retain social media data created by employees on behalf of the brand. As such, you'd be best off developing a strategy for preserving social media that falls within the parameters of your current records retention policy.
As Google+ grows to join the social media elite, company leadership needs to have a plan to handle another deluge of potentially discoverable data. Preparing both your company and your employees will help assure you're not left scrambling when it comes time to produce related social media data for a legal matter. Ample preparation will save you time and money—and it could save your company.
Joshua Kubicki is the senior director for legal and corporate practices at Applied Discovery, a division of LexisNexis. He is responsible for creating a dialogue with local and international commercial and private organizations to promote sound technology, information governance, and compliance practices. Prior to joining Applied Discovery, Joshua held a variety of senior leadership positions with various businesses and operated his own strategic consulting shop serving the international legal market. He regularly engaged Global 100 corporations and global law firms in preparing for and responding to various high-stakes legal events, such as U.S. Department of Justice and congressional investigations and complex multibillion-dollar litigation.
Google+ got off on the right foot by using effectively its most precious resource: user data. By taking advantage of user profiles through Gmail, Google Docs, Chrome, Picassa, Blogger, YouTube, and other Google products, it aggregated user profiles, preferences, videos, photos, and friends, all under one roof.
Initially, social media platforms were used for personal purposes, such as sharing photos and announcing life events, with a limited network of friends or schoolmates. As the platforms' technology improved and their popularity increased, so did their purpose, with individuals incorporating work associates as "friends" or "followers"—and companies capitalizing on the promise of new marketing opportunities.
With the boundaries between the personal and professional realms now blurred, the question of "personal privacy" vs. "company policy" is inevitably encountered. And with the arrival of Google+, those boundaries promise to become all the more hazy, which translates to a specific and pressing business need for executives to be keenly aware of—and proactive about—the risks social media present. Although significant legal precedents are currently lacking (most related cases are settled out of court), it is only a matter of time before social media data will be the primary focus—if not the cause—of corporate legal disputes. When this occurs, corporate leadership and general counsel will be obliged to offer up any or all corporate social media data at the behest of a plaintiff or defendant, not to mention possibly that of employees as well. And the monetary cost and reputational damage potentially inflicted by the ever-growing mountain of searchable, discoverable data is staggering.
According to data from comScore, Alexa, and Flurry Analytics, an average person spends 74 minutes per day on the Internet and an 81 additional minutes on mobile apps. Twitter users send upward of 200 million tweets per day. All Internet users combined send a staggering 13,800,000 messages, 5,700,000 status updates, and 30,000,000 comments every hour. Practically every item is potential evidence in a lawsuit. If your company hasn't been called on to produce social media evidence yet, be prepared. According to Gartner research, [http://www.ediscovery-news.com/half-of-all-companies-will-have-been-asked-to-produce-material/] by the end of 2013, more than half of all companies will be asked to produce this evidence in litigation.
To make matters worse, much of that avalanche of social media data is entered into the public record. Without some compelling reason why this data should be privileged, it becomes part of an ever-growing body of potential evidenceTwitter saves all users' tweets, and last year, the Library of Congress acquired the entire public Twitter archive; Facebook pages are maintained until the user deletes or overwrites them; Google+ data is similarly stored.
And while it catalogues, saves, and stores another library of user data, Google+ is also changing how social media users share by building more perceived privacy into their system. By allowing users to create "circles" of friends, separating work colleagues from friends or family, Google+ is inviting users to potentially share more than they currently do on Facebook. But could "perceived privacy" in a social media context be even more dangerous for companies?
Employees might be more comfortable sharing private information with only their friends, knowing their colleagues won't see the picture or post. But that information still becomes part of the body of discoverable data. Employees may think they are only posting to specific circles on Google+, to only their friends on Facebook, or are protecting their tweets. But in the fine print of Terms of Service, users are not ensured a right to privacy for anything posted on a third-party, semi-public, "free" social media platform. And as case law around social media develops, users' privacy will further dissolve as more social media platform providers are forced to hand data over to the courts.
Of course, you don't want to completely limit your employees' access—nor, in reality, can you, and to do so would inhibit your company's own growth. Social media engagement provides great opportunities for businesses to promote themselves, and it allows employees to build personal brands and use their networking skills to uncover opportunities and foster innovations. So how can your organization strike the right balance between participating in social media and self-preservation?
First, create a social media policy in collaboration with the key stakeholders in your organization. Depending on the nature of your business and the size of your organization, you will need to determine how to best frame your social media policy. "Closed" policies tightly restrict employee access to social media through site blocks put in place by IT. However, companies that enact broad bans on social media miss an opportunity to allow their employees to engage with the public or their peers positively. On the other side of the spectrum, free access often creates huge liability traps: Will your employees require guidance on what they can and cannot do, or do you need to implement strict prohibitions forbidding employees from engaging in social media at work? Does your organization fall somewhere in between?
A policy is worthless if the employees don't understand it. While it may be time-consuming, it is recommended that employees be trained on the policy, on the platforms in question, and on their appropriate use. Usage policies may vary from department to department—your marketing team, for example, may need to have a more open policy than administrative employees. Nevertheless, training should encompass an overarching theme that ties it all back to the company's social media policy. Also, training should be updated and re-administered on a frequent basis, as social media sites and habits change frequently. Of particular concern are the evolving privacy settings and practices that each platform administers and that companies and their employees need to read and understand.
Finally, contemplate how you will collect, monitor, and preserve social media evidence to comply with any applicable laws or regulations, such as FINRA Rules. Astonishingly, while social media is a form of electronically stored information to which all the rules of discovery apply, very few companies collect and retain social media data created by employees on behalf of the brand. As such, you'd be best off developing a strategy for preserving social media that falls within the parameters of your current records retention policy.
As Google+ grows to join the social media elite, company leadership needs to have a plan to handle another deluge of potentially discoverable data. Preparing both your company and your employees will help assure you're not left scrambling when it comes time to produce related social media data for a legal matter. Ample preparation will save you time and money—and it could save your company.
Joshua Kubicki is the senior director for legal and corporate practices at Applied Discovery, a division of LexisNexis. He is responsible for creating a dialogue with local and international commercial and private organizations to promote sound technology, information governance, and compliance practices. Prior to joining Applied Discovery, Joshua held a variety of senior leadership positions with various businesses and operated his own strategic consulting shop serving the international legal market. He regularly engaged Global 100 corporations and global law firms in preparing for and responding to various high-stakes legal events, such as U.S. Department of Justice and congressional investigations and complex multibillion-dollar litigation.
Subscribe to Corporate Counsel
