By Ashley Smith, Navigant
It used to be that electronic discovery, or e-discovery, could be conducted entirely within a company’s own servers. Email archives and file directories provided a complete picture of corporate documentation. That’s no longer true, however. Corporate communications are supplemented, or even dominated, by social media, text messaging, connected devices (ie, the internet of things (IoT)) and more, making record keeping much more complex. Businesses must consider, and plan for, the inevitable requirement to collect electronically stored information from disparate data sources.
In particular, data retention policies can no longer ignore social media sites and the potentially relevant information they hold. In case after case, the courts have upheld the need to not only consider, but in fact review and produce, data from sources such as Facebook, Twitter and LinkedIn. The issue is no longer if social media should be collected, but rather how it can be collected.
It’s important to remember that the standard for social media discovery is the same as any other digital media record under the Federal Rules of Civil Procedure. More often than not, data collected from social media includes verifiable metadata and text – and despite what you may think, it is reasonably accessible. In fact, many social media sites provide application programming interfaces (APIs) that interact with the social media source to capture data. These tools are essential during the collection and extraction process.
Social media sites don’t just contain news feeds for an individual’s travel adventures or photographs of recent dinners out; these are just the colourful candy coating. Beyond that exterior lie person-to-person and group messaging features, holding a rich trove of potentially relevant content. Depending on the user’s settings, these messages may not be saved, and collection tools may not capture them by default. It is critical that the party collecting the data considers these issues during the interview and collection process.
In addition to the APIs available for the collection of social media content, fragments of information can often be reconstructed from the internet cache on an individual device. This leads to an important question regarding the type of data collection performed. A full forensic, or bit-by-bit, image of the original media is the only way to ensure you have the necessary file fragments to reconstruct easily recoverable deleted files or internet cache items. In comparison, a targeted acquisition will only capture the active data files; it does not capture deleted file fragments and may not capture the temporary internet cache. It is critically important that all efforts are made at the time of collection to capture potentially relevant data. If you don’t collect it, you don’t have the option to review it later.
In the United States, the majority of businesses issue devices to their employees to be used during the course of their employment. The information security policies of these businesses (and, to oversimplify it, the data privacy laws of the United States) favour the companies’ right to the property over the individual’s right to privacy. This is not the case in many foreign jurisdictions, but in the US, if you’re using the company’s device or network to access a social media site or instant messaging service, you’ve waived your right to privacy and the company has the right to collect any information from that device/network. Bring-your-own-device (BYOD) policies can complicate these issues, and it is therefore critically important for companies to include internet usage parameters in their employee policies.
You may be thinking to yourself, “Fantastic! I always consider these types of data sources and collection techniques at the time of collection; I’m covered!” Unfortunately, that may not be the case. It’s important to remember that just because the data was collected, it doesn’t necessarily mean it will make its way through to review.
In many instances, these new data sources – social media, text messaging, instant messaging, etc – aren’t getting left behind at the time of collection, but are rather being filtered out during data processing. The underlying files that support social media threads and content are often the same file types that are filtered in processing. Special handling is often required to parse these files, and deliver them to a traditional discovery review environment. Ultimately, the responsibility lies with the legal team to understand and confirm the data that is to move from the collected image, through processing, and finally to review.
Regardless of the type of investigation or litigation, counsel must stop thinking of social media, and other messaging services, as non-standard. They are the new standard and need to be incorporated into the ordinary data retention and ESI collection policy. For the corporation, this requires attention from both network administrators and in-house counsel to ensure policies and procedures are in place to address the challenges associated with these data collections. For outside counsel, this involves incorporating these data sources into the discovery process. The collection tools and methods may be more complex, but this is simply a reflection of the evolving ways in which businesses and people communicate.