Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Social Media Can Hurt You In A Lawsuit
Social media postings could soon join email as a common part of the legal discovery process. Here's what SMBs need to know to protect themselves.
October 10, 2011
7 Min Read
10 Cool Social Media Monitoring Tools
Slideshow: 10 Cool Social Media Monitoring Tools (click image for larger view and for slideshow)
Social media has already become The Next Big Thing. Could it soon be the next big thing in business lawsuits?
The short answer: Yes, according to Jamie Brigman, director of product management and technical strategy at Applied Discovery. Brigman's employer, a LexisNexis subsidiary, does electronic discovery work for legal cases. Though not common today, Brigman said the information that companies and their employees share on social sites is poised become a significant piece of the discovery process during civil litigation over business-related disputes.
"[Lawyers] are always concerned about risk," Brigman said in an interview. "They're looking for what kind of information is discoverable in the future."
The potential legal risks of social media increase each time a site adds features intended to better collect--and share--information, business or personal. Take Facebook's recent platform overhaul, which included the introduction of the Timeline feature.
[ Plan ahead to reduce security threats. Read How SMBs Can Minimize Denial-of-Service Risks ]
"Their goal is to be able to tell a story," Brigman said. "It parallels, in litigation, what lawyers are trying to do: Tell a story about the person or the issue that they're investigating."
If you're like me, legalese is a foreign language, so first a definition: Discovery is the part of the litigation process in which each side has the right to access and review each other's information--including sensitive, private data--if it's deemed relevant to the dispute. Brigman said social media is not a common part of the discovery process today outside of divorce and personal injury cases. That doesn't mean it won't become one in corporate lawsuits. Brigman pointed to the legal industry's relatively slow move to view email in the same way as it treats paper-based documents. While email began changing business communications in the 1990s, Brigman said the medium didn't become a standard part of legal discovery until around 2004 or 2005. But just because lawyers weren't quick to recognize the prevalence of email didn't mean businesses--or more to the point, their employees--could click "send" without consequences.
"Electronic information is persistent," Brigman said, adding that once email became an everyday part of discovery, it was retroactive--what happened on email did not stay there. "All of that information was still around. With Facebook, it's even worse."
Brigman expects a shorter lag time for the legal industry with social media because of an ever-increasing cultural comfort with technology--it wasn't so long ago that email had a certain magic, and now it produces yawns. When the legal liability of social media data grows, the challenge for small and midsize businesses (SMBs) should sound familiar: Limited resources. Whereas a large company typically has teams of people devoted to legal, HR, brand management, public relations, and other areas charged with keeping the company in good standing, SMBs often have individuals handling those same functions--sometimes simultaneously.
"[SMBs] don't have the ability to go around policing every time they're mentioned in the public," Brigman said. "They certainly don't have the same amount of resources, typically, to lock down information."
Brigman noted two social scenarios that could expose SMBs to risk in legal discovery. The first involves employees acting, perhaps with the best of intentions, as official representatives of the business in social settings, even if they're not actually authorized to do so. Example: a consumer registers a beef with a company's product or service in an online forum, and an employee of that company chimes in to try and help. That could expose the company to legal risks down the line.
14 Leading Social CRM Applications
Slideshow: 14 Leading Social CRM Applications (click image for larger view and for slideshow)
"There are more outlets for people to act as agents of the company, when they really aren't, in the Facebook world," Brigman said. "I'm an employee of Applied Discovery on my Facebook page, and whatever I say comes with a tacit assumption that it's fairly valid if it's about Applied Discovery."
The second scenario is related but thornier: When someone lists their employer on a social site, that creates an indelible link between their personal and professional lives. Whether that person realizes it or not, their online behavior traces back to the company they work for. The general concept predates the online era--social media just magnifies the issue. "It's always been a tricky subject for employers," Brigman said.
So what's a smaller company with limited resources to do? The best approach, Brigman said, is a mix of policy and education. If your SMB doesn't have a social media policy, it needs one. Now. (Check out The BrainYard's must-haves for your policy, as well as why it needs regular checkups.) At least a basic level of online monitoring is also a recommended practice for SMBs, even if that simply means setting up a Google Alerts for your company and its applicable brand names.
"Having [a social media policy] is always the first step; enforcing it is always the second step," Brigman said. Even if enforcement is difficult, Brigman said having a policy is a crucial fallback position for SMBs in legal matters.
A good policy should clearly cover--and prohibit, as needed--personal use of company information in social media settings. While advising employees about their personal social media habits is a touchy subject at best, SMBs can educate their employees about privacy settings, security issues, and the sometimes blurry lines between personal and professional lives. When Facebook rolls out major changes, for example, make sure employees know how those changes impact corporate strategy--and by extension what they might mean in a personal setting.
"Get across the message that we're not trying to control your private life--we're trying to make sure it doesn't impact the company," Brigman said. In other words: What happens in Vegas should be restricted to your personal contacts rather than published for public consumption.
Another consideration: Brigman noted that some SMBs are likely not treating the social media marketing and other programs with the same degree of care that they do with other company assets, perhaps skipping brand or legal review processes. "The nature of social media is relaxed and conversational, so the default is that you see a level of informality that doesn't existing in other aspects of a marketing or PR plan," Brigman said. "I'm not sure today that most Facebook Pages go through the same amount of vetting." Given social media's rapid rise in business environments--and its apparent plans to stick around for a while--Brigman thinks they should.
The extent to which SMBs govern social media usage will depend largely on the company and its broader industry. Brigman said businesses that vie for federal contracts and those that operate under heavy regulation should err on the side of restrictive policymaking. He also noted that consultants, service providers, and others that trade on their reputation need to be particularly mindful of their social media presence.
For any business, the legal implications of social media, particularly in cases involving individuals within a company, are broad: "Any time you're talking about cases that turn on some degree of character and fitness, Facebook is going to be a logical place to go," Brigman said.
Surrounded by data? Demands from users for fast access? Endless retention policies? Cloud storage can help, say vendors. However, our survey reveals that IT is skeptical. Read our report now. (Free registration required.)
About the Author(s)
You May Also Like
Your Everywhere Security guide: Four steps to stop cyberattacksFeb 27, 2024
Your Everywhere Security Guide: 4 Steps to Stop CyberattacksFeb 27, 2024
API Security: Protecting Your Application's Attack SurfaceFeb 29, 2024
API Security: Protecting Your Application's Attack SurfaceFeb 29, 2024
Securing the Software Development Life Cycle from Start to FinishMar 06, 2024