A whistleblower alerts authorities that brokers in a large brokerage firm may have violated a number of regulations regarding communications. The US Securities and Exchange Commission (SEC) commences an investigation regarding whether one broker “tweeted” about a pending hostile takeover on his Twitter account and whether another broker received insider information about the takeover on his “wall” after a client “blogged” about it on Facebook. The firm receives a demand from the SEC to retain all electronically stored information relating to the investigation.
The Internet Has Changed How We Communicate
When the Federal Rules of Civil Procedure regarding electronic discovery were amended in 2006, the Judicial Conference and the Supreme Court recognized that they could not anticipate how communications would develop over time. As a result, they adopted broad language permitting discovery of information “stored in any medium.” This has allowed the Federal Rules to remain flexible in the evolving world of electronic communications. It is the flexibility of the Internet, however, that continues to outpace organizations’ electronically stored information (ESI) retention and discovery policies and to challenge an organization’s ability to monitor and manage its communications.
The number of people—and organizations—using social networking sites and other Web 2.0 technologies to communicate is rapidly increasing. The purposes of such uses are limitless. Organizations use them to market their brands, share information, negotiate and develop contractual relationships, keep tabs on the competition and keep in touch with their customers. Individuals use them to quickly share both personal and professional information, to network and to keep up-to-date on the latest industry and social developments. Industries are increasingly adapting these technologies for their own data management and internal communications. Examples of popular social networking sites include:
- Facebook and MySpace are social networking web sites where individuals and organizations can connect with others to communicate privately, share photographs and make global announcements. Facebook and MySpace are web-based applications hosted on off-site servers; they are accessible directly from an Internet browser and boast users of more than 200 million and 185 million, respectively.
- LinkedIn is a web site that paved the way for professionals to network in cyberspace. It provides the technology to post a resume, send messages and connect with current and former colleagues; it has upwards of 40 million users.
- Twitter is a free social networking and micro-blogging service that enables its users to send and read each others’ updates, known as “tweets.” “Tweets” are limited to 140 characters, are displayed on the author’s profile pages, and are delivered to other users who have subscribed to them.
Other types of Web 2.0 technologies include wikis, blogs, collaboration software like SharePoint and Google Docs and video-sharing sites such as YouTube.
The Developing Legal Landscape
We may not yet know exactly how the legal system will treat Web 2.0 technologies, but history provides us with a roadmap. Each time a new technology has developed, from facsimile to email to instant messaging, the legal community has eventually accepted these new communication formats, ratified their use and, where applicable, subjected them to regulation.
In fact, some federal courts have already moved in this direction, describing Facebook messages as a hybrid between emails and blog postings. Some US federal courts have permitted the discovery of communications shared on web sites such as Facebook and MySpace to the extent such communications relate to subjects at issue in a litigation. Similarly, in February 2009, a court in Ontario, Canada, specifically held that a party maintaining a Facebook profile is in control of that information and, therefore, must produce information relevant to the issues in the litigation contained on the site.
Further, the groundwork has already been laid for government regulation of the use of these technologies, particularly in light of the current economic crises and the call for greater government regulation of the financial industry, including sectors that have not previously been regulated, like hedge funds. In addition to existing government regulations such as the record-keeping requirements of the Securities Exchange Act of 1934 and the Sarbanes-Oxley Act, the potential use of social networking sites for soliciting business, communicating about business activities, and discussing and negotiating contracts will most certainly contribute to financial regulators’ interest in the preservation of Web 2.0 records.
Best Practices: Develop A Policy, Communicate It, Enforce It
Organizations need to get on top of this trend now, rather than waiting for circumstances to force the issue. As with all new technologies, communications via Web 2.0 systems like social networking sites will be used by your organization, will be recognized by the courts, will be subject to regulation and will be sought in discovery. The best strategy for any organization is to proactively adapt to this evolution and invest in the proverbial “ounce of prevention.”
- Understand how your organization is using social networking and other Web 2.0 technologies. Counsel, IT administrators, records management and business units should meet and discuss the use emerging technologies.
- Determine whether there is a legitimate business need for the use of social networking and other Web 2.0 technologies at your organization. Where there is not, consider taking steps to block employee access to those sites.
- Educate employees—including legal personnel—on the use of social networking and other Web 2.0 technologies. Company personnel should understand what these technologies are, how they are used and the risks of such use, including regulatory and litigation risks.
- Incorporate Web 2.0 technologies into your current business and document retention policies, as appropriate. Consider developing policies that are mindful of the business uses of these technologies and any legal or regulatory requirements, but also instruct employees on how to minimize the risks of such use. One option is to put in place procedures for monitoring your organization’s use of social networking sites and other Web 2.0 technologies, and for ensuring that employees understand that their use of these social networking sites on behalf of the organization is being monitored.
- Think about developing procedures and methodologies for capturing the fluid data of Web 2.0 in its various incarnations. Software can be put in place to support the retention of those technologies where required, procedures can be established to notify third parties of the need to secure that data where applicable, and processes can be put in place to identify and collect such data when necessary. Keep in mind that, because each technology is different, a blanket procedure may not be sufficient.
- Finally, an organization should periodically audit its own policies to ensure it is complying with its own requirements, industry standards and adapting to new technologies.
Learn more about Mayer Brown's Electronic Discovery & Records Management practice or contact
Anthony J. Diana at firstname.lastname@example.org, Michael E. Lackey at email@example.com or Thomas A. Lidbury at firstname.lastname@example.org.