You just received notice of a potential claim against your company. You immediately send out a litigation hold notice to all employees instructing them not to destroy any materials relating to the claim.
Knowing the important role that electronic information is likely to play in the threatened case, you take extra care to identify all possible sources of information including network servers, back-up servers, cloud servers, back-up tapes, personal computers, home computers, external hard drives and flash drives, as well as BlackBerrys, iPhones and other handheld devices.
With a list as comprehensive as this, you feel confident that you have identified every possible repository of relevant information. But have you?
As social media sites like Facebook, LinkedIn and Twitter gain in popularity, an entirely new source of electronic information has emerged. Although similar to e-mail in some respects, social media have unique characteristics that may impact their use as a discovery tool.
Unlike e-mail, many social media allow users to set their own privacy settings, designating user information as “private” (viewable only by friends or connections) or “public.”
This feature has created the expectation in some users that anything marked private will always remain private.
But unlike most server-based e-mail systems, social media are web-based, which means information received or sent by a user is not stored on the user’s computer or on the company’s servers, but retained by the social media provider, making it much more difficult for the user or the user’s employer to preserve and retrieve information from the account if it becomes relevant to a lawsuit.
This presents several interesting questions for in-house and outside counsel regarding the use of social media in discovery.
First, are a user’s “private” communications discoverable? And if information from a social media site is not stored on the user’s computer, can it be obtained directly from the provider?
Lastly, what obligation, if any, does an employer have to preserve information from the company’s or its employees’ social media accounts?
Despite social media’s popularity, there are few reported cases and little legal authority on these issues. The few cases that do exist have focused on the first two issues, generally holding that “private” communications are discoverable from the user, but not the provider.
In Romano v. Steelcase, the New York Supreme Court held that the defendant in a personal injury action was entitled to full access to the plaintiff’s MySpace and Facebook accounts.
In granting the defendant’s motion for access to the plaintiff’s accounts, the court found that people who share information on social networking sites cannot expect that information to remain private and cannot use privacy settings to shield disclosure of materials that are necessary to the defense of the action.
The court further noted that “privacy concerns are far less where the beneficiary herself chose to disclose information” and that the plaintiff had “no legitimate reasonable expectation of privacy” because “neither Facebook nor MySpace guarantee complete privacy.”
Likewise, in McMillen v. Hummingbird Speedway, Inc., the Pennsylvania Court of Common Pleas held that where there is an indication that a person’s social network sites contain information relevant to the prosecution or defense of a lawsuit, full access should be “freely given.”
The court rejected the plaintiff’s argument that the private portions of his account were confidential because, according to the court, Facebook’s terms and privacy policies put the user on notice that their postings may be disclosed to third parties and that Facebook has access to every posting.
Disclosure less certain
Courts appear less likely to favor disclosure when the information is sought from the provider as opposed to the user.
The U.S. District Court for the Central District of California recently held that social media providers may not divulge any private messages sent and received through social media sites.
In Crispin v. Audigier, the plaintiff filed a lawsuit alleging that the defendants breached an oral license to use the plaintiff’s artwork in garments manufactured by the defendants.
During discovery, the defendants served subpoenas duces tecum on Facebook, Media Temple, and MySpace seeking the plaintiff’s basic subscriber information, communications between the plaintiff and another artist, and communications that referred or related to any of the defendants.
The plaintiff moved to quash the subpoenas arguing, among other things, that the subpoenas violated the Stored Communications Act, which prevents “providers” of communications services from divulging private communications to certain entities and individuals.
The court agreed with the plaintiff that the social media sites were “providers” within the meaning of the SCA with respect to the sites’ private messaging services and private wall postings and comments, and so quashed the subpoena insofar as it sought such private communications.
There does not appear to be any reported cases on a company’s obligation to preserve information from the company’s or its employees’ social media accounts.
Based on recent discussions in the e-discovery blogosphere, which rely in part on a recent Utah Bar Journal article, the consensus appears to be that information from social media sites is within the scope of “electronic information” as defined in Fed. R. Civ. P. 34 and, therefore, should be preserved if relevant to a lawsuit.
These discussions do not address the trickier question of how to preserve such information if it is not stored on the user’s computer or server. Of course, if a company has its own social media account, it can take steps to ensure that no information relevant to a pending or threatened lawsuit is manually deleted.
The company can also advise employees, via a properly drafted litigation hold notice, not to delete any relevant information from the employees’ personal social media accounts. Beyond preventing manual deletions, any additional preservation likely will have to be done with the cooperation of the provider.
Meeting e-discovery obligations
Although the law regarding these issues is still developing, there are a few steps you can take now to make sure that you are meeting your e-discovery obligations:
• Confirm that your litigation hold letter is broad enough to cover social media;
• Work with your company’s information technology department to understand how social media communications are stored on the company’s servers and/or computers;
• If you anticipate that information from the company’s social media account is likely to become relevant in a particular lawsuit, work with the provider to understand its preservation policies and procedures and, if necessary, request that measures be taken to preserve the relevant information;
• Confirm that your Internet usage/technology policies address the use of social media by employees and advise employees that information posted on a social media site may be discoverable in litigation;
• Remember to specifically request social media communications in your discovery requests to opposing parties; and
• Remember to stay informed of the latest developments in the ever evolving world of discovery in the age of Web 2.0.
Laura E. D’Amato and Elizabeth K. Levine are members of the litigation and professional liability groups at Goulston & Storrs in Boston. They can be contacted at ld’firstname.lastname@example.org and email@example.com. Research assistance was provided by real estate associate Brian W. Dugdale.