Posted Apr 01, 2011 09:40 am CDT
As corporations boldly venture into the worlds of Facebook, Twitter and other online communities, many legal departments cringe with the knowledge that those digital excursions are leaving their organizations vulnerable.
A 2010 survey released by the Deloitte Forensic Center found that 62 percent of information technology and legal professionals have qualms about corporate America’s rush to embrace social media. And 44 percent expect all the posting, chatting and carousing around the Web will result in more e-discovery challenges.
Employees often believe their rants and raves are safe as long as they remain behind privacy walls erected by megasites like Facebook. But the hard fact is that legally there are many instances when privacy is not private.
“As the case law currently stands, such posts are generally protected from disclosure by third-party service providers. But at least a few courts have held that, when relevant, ‘private’ posts are discoverable directly from parties to the litigation,” says Margaret N. Boyle, an associate at Babst, Calland, Clements and Zomnir in Pittsburgh.
Barry Rozen sees such expectations of privacy as even more suspect. “The key notion here,” says Rozen, a computer forensics examiner and founder of Litscovery, a Freehold, N.J., e-discovery services provider for small and midsize law firms, “is that just because the post in question was not made available to the public at large does not mean that the information is not relevant, or that it was not publicized to even one person who is then free to repost that message to the entire world.”
The murkiness in the law is further complicated by the fact that many social networks retain and exercise the right to redefine what they consider to be private without first consulting users for feedback. Facebook, for example, caused an uproar when it unilaterally loosened its privacy settings, a move ultimately muted after user backlash.
No wonder that the Deloitte study, “E-Discovery: Mitigating Risk Through Better Communication,” found a full quarter of IT and legal pros believe their organizations are unprepared to handle the e-discovery demands of social media. An additional 36 percent believe their companies are only somewhat prepared.
Deloitte advises corporate legal and IT departments to learn to speak the same language—fast. Only 23 percent of legally oriented respondents believed their IT counterparts understood the legal requirements associated with e-discovery. And an identical percentage of IT people felt the legal side really grasped the technological limitations of e-discovery requests.
“The predominant lack of effective communication between legal and IT functions can have serious repercussions—including sanctions, lost cases and severe fines,” says Toby Bishop, director of the Deloitte Forensic Center in Chicago.
And Kenneth N. Rashbaum of Rashbaum Associates in Manhattan cautions legal to go deep on security qualifications when outsourcing a team charged with immunizing a company against cyber-related missteps: “Security, especially [these days], is too hot an area to leave to a company that says, ‘Yeah, we have someone here who does that,’ rather than a company that makes security its core competency.”
See “The Trouble with Terabytes.”