BY VINCENT SYRACUSE, PAUL SARKOZI, MATTHEW MARON,GEORGE DU PONT
Facebook, LinkedIn, Twitter. At times these social media outlets are purely personal communications. Other times, they are part and parcel of how a company does business. How does a company identify which social media data it must retain as part of its overall policies for preserving electronically stored information (“ESI”)? In large part, the answer may be found by examining the degree to which the social media communication is truly a company-related communication. If the company permits or authorizes social media communications on its behalf, it likely will need to take steps to preserve and review such data even if it is made by an employee on a personal, password-protected account on a home computer.
That is not to say a company must always be its employees’ keeper. When company employees create social media accounts for purely personal communications (e.g., a personal Facebook account), a company typically will not have any obligation to preserve such data, particularly where such accounts are accessible by a username and password known only by the individual employee and not the company. Companies can help insulate themselves from ESI obligations with respect to such accounts by enacting policies that prohibit any use of such private personal social media accounts for work-related communications on behalf of the company.
In some instances, however, companies will want to encourage or permit employees to use personal social media accounts for work-related communications. For example, recruiters at personnel staffing companies routinely use personal LinkedIn accounts to reach potential candidates. In such circumstances, even though the companies may not have the passwords or usernames for these accounts, the company may have a duty to preserve the social media communications they contain.
While a body of case law has not yet developed, there is no reason to believe that principles developed concerning other forms of “personal” ESI will not be applied to Facebook, Twitter and their social media cousins. See e.g. Equal Emp’t Opportunity Comm’n v. Simply Storage Mgmt, LLC, (applying traditional discovery principles to compel production of social network site data). For example, courts have required companies to produce relevant ESI that their employees stored in internet-based personal email accounts. See e.g. Helmert v. Butterball, LLC. Courts may well treat personal LinkedIn accounts the same way.
To ensure that companies will not face the extra costs of disputes with their employees to obtain access to the ESI they are required to produce, companies that rely on employee use of social media should establish clear policies governing the use of workplace computers and other electronic devices that access company systems (e.g., smartphones, tablets and other portable electronic devices) with a particular focus on regulating social media usage on company systems and the duties that may be triggered to preserve data generated from such usage. Companies should instruct employees to engage in work-related communications on behalf of the company only from accounts to which the company has access.
In addition, because social media can be accessed anywhere there is an Internet connection, companies should alert employees that even when they are outside of the office, certain work-related ESI generated on their personal social media accounts can be subject to the company’s preservation obligations, and that in the event litigation is reasonably anticipated or when faced with a subpoena, the company may instruct its employees to preserve social media content from their own personal accounts, which may contain relevant information.
Taking these steps may help ensure that companies will be able to access social media used by its employees on behalf of the company. However, companies that rely on their employees’ social media use also need to make sure that they can preserve such data to avoid spoliation claims. The Sedona Conference’s Primer on Social Media (available at thesedonaconference.org) notes that tools for preserving social media are constantly evolving, and some of the suggested methods currently used for preserving relevant social media data include capturing and preserving static images of relevant social media data or by using site monitoring software.
In making these recommendations, we offer an important caveat: Prior to requesting access to an employee’s personal social media account, a company should check with employment counsel to ensure the company does not run afoul of laws that prohibit asking employees for personal social media account passwords.