For The Defense, February 2012 - DRI Today

More documents

Recommendations

Info

Electronic Discovery drives among other forms. See, e.g., Zubulake I, 217 F.R.D. at 317 (“[plain tiff] is entitled to discovery of the requested e-mails so long as they are relevant to her claims”); Antioch Co. v. Scrapbook Borders, Inc., 210 F.R.D. 645, 652 (D. Minn. 2002) (“[I]t is a well accepted proposition that deleted computer files, whether they be e-mails or otherwise, are discoverable.”) Moreover, due to Virtually anyone entering the workforce today for the first time is a digital native, and digital natives will soon outnumber the rest. the unique nature of computerized data litigants can discover even “deleted” electronic information because a backup or emergency system will often save it. See Simon Property Group, L.P. v. MySimon, Inc., 194 F.R.D. 639, 640 (S.D. Ind. 2000) (“[C]om puter records, including records that have been deleted, are documents discoverable under Fed. R. Civ. P. 34.”). The discoverability of emerging social media presents some unique challenges. Information from internal instantmessaging chats, virtual desktops, Yammer, Facebook, or Twitter posts can provide evidence vital to disputes and regulatory proceedings: “Indeed, such evidence may be the new ‘smoking gun’ in many cases.” Steven C. Bennett, Civil Discovery of Social Networking Information, 29 S.W. Law Rev. 413, 413–14 (2010). In 2006, the U.S. Supreme Court amended the Federal Rules of Civil Procedure to create a category for electronic records that for the first time explicitly named e-mails and instant- message chats as records that businesses should probably archive and produce when relevant. Although the case law discussing the discoverability of information on the newly emerging external and internal social networks is less than robust, the limited authority on point indicates that litigants may potentially discover that information. 28 ■ For The Defense ■ February 2012 Flagg v. The City of Detroit was a key case that addressed discovering instant messaging and other social online tools. No. 05- 74253, 2008 WL 787039, at 3–7 (E.D. Mich. Mar. 20, 2008). In Flagg, the court stated that the plaintiff could pursue some but not all text messages exchanged between officials or employees during specific time frames. The court also stated that it would put into place a mechanism to review the text messages. The courts have made it clear that litigants can discover those things individuals or organizations post publicly. See Katiroll Co., Inc. v. Kati Roll & Platters, Inc., No. 10-3620 (GEB), 2011 WL 3583408 (D.N.J. Aug. 3, 2011) (ordering the defendant to re-post a Facebook profile picture showing an allegedly infringing trade dress to allow the plaintiffs to copy it); Offenback v. L.M. Bowman, Inc., No. 1:10-CV-1789, 2011 WL 2491371 (M.D. Pa. June 22, 2011) (acknowledging that the “scope of discovery into social media sites ‘requires the application of basic discovery principles in a novel context’” and that “the challenge is to ‘define appropriately broad limits… on the discovery ability of social communications’”); McMillen v. Hummingbird Speedway, Inc., No. 113-2010 CD, 2010 Pa. Dist. & Cnty. Dec. LEXIS 270, at *4 (Pa. Ct. Common Pleas Sept. 9, 2010) (holding that it would be unrealistic for a Facebook user to expect that his disclosures would be confidential); see also Bennett, supra, at 450 (explaining that most sites, such as Twitter, have subpoena processes, which requires subpoena by e- mail, and Facebook, which requires issuing subpoenas through the California courts). Mitigating Risks Companies must carefully weigh the pros and cons when making decisions about using social media in the workplace. Whether to host an internal social network or allowing employee access to public social networking tools can significantly impact a business’ bottom line. Many companies have banned the use of Facebook and Twitter in the workplace while others have taken a more moderate stance on the posting of information. Choosing an approach requires examining the utility of the program at issue, and then balancing the risks and the benefits. Companies should be aware that simply “blocking access” may not remedy perceived problems. Although 30–40 percent of companies say that they ban sites such as LinkedIn, Twitter, and Facebook, in a survey last spring a company called Palo Alto Networks detected Facebook use on 92 percent of the 347 enterprise networks that claimed to block it. Additionally, Twitter was detected on 87 percent of corporate nets, while LinkedIn and MySpace were detected at 83 percent and 82 percent respectively. Dan Tynan, How to Tame the Social Network at Work, InfoWorld Daily, Oct. 18, 2010. In short, “employees are very motivated when it comes to getting on Facebook.” Id. With mobile devices, businesses can lessen security risks and ease discoverability headaches by issuing company- owned devices rather than allowing employees to use their own for business purposes. A business should install remote wipe capability and password protection as standard protocols. Implementing restrictive policies, setting parameters for use, and monitoring usage are additional helpful measures that a company can take to ensure employee compliance and defensible business practices. Acceptable Use Policies Companies allowing access to outside networking tools or implementing internal systems should prioritize developing comprehensive acceptable use policies with input and compliance oversight by members of their legal, human resources, and IT departments. Because an acceptable use policy is only valuable if employees know about and adhere to its provisions, a robust and well- publicized internal rollout and ongoing employee education are critical for success. Incorporating a company’s acceptable use policy into a corporate audit program is something else to consider. Auditing social networking policy compliance can become a catalyst for improving effectiveness and efficiency by providing insight into business processes; however, audit reports can also become discovery targets in litigation. In implementing an acceptable use policy consider specificity, education, enforceability, separation, discoverability, visibility, formality, and accessibility limits. First, by “specificity,” we mean that an umbrella computer usage policy may
not be sufficient to encompass the specific concerns related to social networking, for example, especially if social networking is not mentioned. Second, in terms of “education,” employees must receive education about an acceptable use policy and understand the repercussions of violating the policy. Third, company must enforce an acceptable use policy. Fourth, an employer can require employees who use social networking for business purposes to create separate business accounts based on business e-mail addresses as a condition to using certain sites in the workplace and on the employer’s equipment, including mobile phones, desktops, and laptops, establishing “separation” between acceptable business use and personal use. Fifth, an employer should ensure “discoverability” by making employees aware that the information that they post on social networking sites, their e-mails, and conversations may be subject to legal holds and legal collection obligations. An employer should formulate a written agreement stating that in exchange for an employee’s access and use of social networking in the workplace, the employee will grant consent for the disclosure of the information from his or her business profile page, including e-mail, posts, notes, and all features of Facebook or Twitter used for communication purposes in the event that the employer needs the information for litigation or general auditing purposes. Sixth, by “visibility” we mean that an employee should have no expectation of privacy in communications on social networking sites made through the employee’s business account, on an employer’s computer network, or on the employer’s hardware, including desktop computers, laptop computers, and mobile phones. Seventh, “formality” means that an employer should remind employees that the rules that apply to their normal business conversations and communications also apply with respect to social networking in the workplace. Eighth and finally, an employer should define the privacy settings “accessibility limits” that an employee account should maintain in his or her business accounts. For example, an employee profile should be set so that an Internet search would not reveal information about the employer’s business contacts or clients. Records Retention, Preservation, and Collection As mentioned previously, employees’ use of social networking and mobile devices for business purposes increases the scope of discoverable information that a company has to manage, and so a company may need to modify data retention procedures to accommodate discovery- related legal duties. If a company anticipates litigation, after consulting with counsel a company should consider issuing a litigation hold that encompasses information posted on social networking sites. A company should also work with the company IT departments to explore the application of tools that automatically retain and preserve electronic records aligned with the company’s legal hold instructions. Given the rapid pace of technological innovation, however, it is likely that automatic preservation technologies will continue to trail the evolution of communication platforms, creating burdensome discovery efforts, which will include retaining and preserving certain electronic records manually. This can be especially complicated for data such as instant messages or information created in an Enterprise 2.0 environment because the technology available to export data may be less sophisticated. A company should first determine whether it needs to retain and preserve information under the Federal Rules of Civil Procedure. Courts appear to be moving toward requiring companies to retain more and more types of information, even transitory information such as instant messages. See Alexi Oreskovic, Instant Headache, Law.com (May 20, 2005), http://www.law.com/jsp/cc/ PubArticleFriendlyCC. jspid=900005429200 (last visited Jan. 3, 2011). If subject to preservation, a company may need to take special steps to preserve continuously replicated or overwritten data appropriately. An organization should also consider instituting a plan guiding how it will collect data that it does not control, such as text messages stored on the servers of a wireless provider or data in hosted applications from a software- as- a- service vendor. Even controlled systems contain unmanageable information: a company should bring unified communications systems that combine messaging, voice, and video into the company record- keeping process. In considering cloud options, when a vendor or another third party will possess a company’s data, the company should make sure to incorporate provisions in the contract with the vendor requiring the vendor to cooperate with subpoenas for company information. Allowing employees to use public social networking tools, webbased technologies, and microblogging in the normal course of business offers tremendous marketing opportunities. Conclusion Despite the pervasiveness of Web 2.0 technologies and mobile devices in today’s workplace, a recent survey of management and human resource executives indicated that a majority of companies do not have written social media or acceptable use policies. Companies with employees and offices spread throughout the world especially rely on collaborative platforms and technologies such as internal social networks, instant messaging, and cloud computing—and it is nearly certain that employees in companies of all sizes and in every industry use applications outside of the companies’ internal networks. Failing to pay attention to or manage the exponentially burgeoning data resulting from today’s technologies can create serious legal risk and expense for all organizations. Those entities which attorneys counsel to manage their data strategically and proactively, however, will undoubtedly reap the rewards of increased efficiency, greater potential revenue, enhanced security, and legal defensibility. For The Defense ■ February 2012 ■ 29
Page 2 and 3: Complex Questions. Answered. Rimkus
Page 4 and 5: DRI—The Voice of the Defense Bar
Page 6 and 7: DRI Services 55 West Monroe Street
Page 8 and 9: DRI News DRI Committee Leadership G
Page 10 and 11: Pretrial Litigation Protect High-Le
Page 12 and 13: Pretrial Litigation and then to dem
Page 14 and 15: Women in the Law Shattering the Gla
Page 16 and 17: Women in the Law Two of these sugge
Page 18 and 19: Electronic Discovery From the Chair
Page 20 and 21: Electronic Discovery Controlling E-
Page 22 and 23: Electronic Discovery (GARP), in 200
Page 24 and 25: Electronic Discovery Having an effe
Page 26 and 27: Electronic Discovery Company-Enable
Page 28 and 29: Electronic Discovery Blackberry. Th
Page 32 and 33: Electronic Discovery Local Rules, P
Page 34 and 35: Electronic Discovery when electroni
Page 36 and 37: Electronic Discovery pdf (last visi
Page 38 and 39: Retail and Hospitality From the Cha
Page 40 and 41: Retail and Hospitality In the Real
Page 42 and 43: Retail and Hospitality In states wi
Page 44 and 45: Retail and Hospitality Defense coun
Page 46 and 47: Retail and Hospitality Shop, Stop a
Page 48 and 49: Retail and Hospitality Slip and Fal
Page 50 and 51: Retail and Hospitality N.E.2d 774 (
Page 52 and 53: Retail and Hospitality self- servic
Page 54 and 55: Government Enforcement and Corporat
Page 64 and 65: Defense Ethics and Professionalism
Page 66 and 67: Apex Doctrine, from page 11 a depos
Page 68 and 69: Port in the Storm, from page 17 and
Page 70 and 71: Ethics, from page 62 unteer as work
Page 72 and 73: Third, reassess and update informat
Page 74 and 75: advocates John A. Aberasturi, Reno,
Page 76: Deciding the direction of Medicare

For The Defense, February 2012 - DRI Today

Create successful ePaper yourself

Delete template?

Save as template?