Exterro's Legal GRC Breakdown

Get your daily dose of news, best practices, and technology from Exterro's e-discovery, privacy, and digital forensics experts here.


BYOD and Social Media Changing the E-Discovery Landscape

Created on April 9, 2013

There are few topics currently as buzzworthy in e-discovery as the proliferation of social media data (e.g. Facebook, Twitter, texting) and the “Bring Your Own Device" (BYOD) movement. Most of us consider these natural technological evolutions with social media and mobile devices becoming the primary forms of communication for a vast swath of the population. Corporate legal and IT teams are starting to see the impact of these trends on e-discovery requirements and practices and are understandably a little uneasy with this new reality.

A new report by 451 Research, entitled E-Discovery and E-Disclosure 2013, examines these evolving technology trends and their impacts on e-discovery and information governance practices. Here are some of the highlights...

Social Media a Corporate Blessing and Curse

Social media is not an entirely new topic in e-discovery. As the report states, “Social media and mobile data have changed the legal landscape in e-discovery, as the proliferation of social data has made e-discovery a factor in legal matters where it was rarely an issue before." The report references small-scale divorce actions and slip-and-fall cases, the kind of matters not typically associated with e-discovery demands. The E-Discovery Beat previously reported on a wrongful death case where a Facebook picture was used to repudiate the plaintiff's account that he was grieving the death of his wife. The plaintiff was eventually sanctioned for trying to delete social media evidence after it was requested by the opposing party. Just last week, we analyzed another case involving a party that deleted Facebook photos out of fear that they'd contradict claims that the plaintiff sustained serious injuries as the result of an accident.

Cases, like the ones described above, involving personal social media blunders are certainly an emerging discovery issue. A more pressing topic for corporate legal teams, however, involves the use of social media sites by employees and the risks of having sensitive company information shared publicly.

Many organizations have embraced the business value of social media. Today, it is very common to see companies advertising products, broadcasting company news and finding other ways to creatively engage with customers via websites like Facebook, LinkedIn and Twitter. Internally, organizations are also utilizing social media to foster communication with stakeholders, solicit group employee feedback and quickly disseminate information. All of these various uses of social media deliver benefits; however, they represent yet another source of discoverable electronically stored information (ESI). But unlike traditional e-discovery data sources like email, the ability to preserve and defensibly collect social media data is limited due to the fluid nature of the content.

What's more, many organizations haven't established clear guidelines for social media use by employees. According to the report, companies tend to reside on the extreme edges of the social media governance spectrum; with some opting to ban social media use altogether and others not placing any restrictions whatsoever. In its Primer on Social Media, The Sedona Conference suggests a more balanced approach: “...a written policy that sets boundaries and guidelines is sound business practice…Whether the policy focuses on business use, individual use, or both, or whether it authorizes multiple spokespersons or restricts access to a select few, the most significant reason for an organization to implement a written social media policy is that in this age of democratization, a well-constructed policy ensures that the organization is speaking with a unified voice."

BYOD and the Comingling of Enterprise and Personal Data

Similar to the social media trend, the BYOD movement has thrust corporate legal and IT teams into a new arena. And unlike social media that is still primarily seen as a personal communication tool, BYOD is more directly tied to work activities. This creates greater e-discovery complications. In fact, a growing number of professionals use smart phones, tablets and thumb drives as their primary means for completing work tasks. As the report explains, the very corporations now concerned about controlling the risks brought on by BYOD are partly responsible for its growth: “Seeing an opportunity to cut costs, some enterprises were all too happy to embrace BYOD, letting employees bring their personal devices in lieu of supplying equipment."

According to the report, one of the major challenges faced by corporate legal and IT teams is the comingling of corporate data and personal data. “If it's unclear what data is personal and what data belongs to the enterprise, e-discovery is a major challenge," the report states. These risks aren't limited to mobile devices either. With so many people now working remotely, personal desktop computers are also becoming sites for comingling of personal and enterprise data.

Apathy Towards Information Governance

With the concerns brought on by the social media and BYOD movement, one might assume that comprehensive information governance would be a top priority for organizations. In fact, a 451 Group survey cited in the report revealed that comprehensive information governance “may not be achieving the universal acceptance some might accept," with less than half of enterprise customers surveyed believing that having an information governance program is very important. Not surprisingly, larger organizations were more inclined to place a greater priority on information governance than smaller ones, as were companies in heavily regulated industries, such as defense, financial services and telecommunications.

What seems to be the largest impediment to comprehensive information governance initiatives? The 451 Group survey data suggests that it's a lack of sponsorship from senior management. On the one hand, this seems quite surprising given that senior management should, in theory, be focused heavily on risk aversion. However, this is also a group that tends to be relatively removed from the day-to-day management of data, so exposure to the realities on the ground as a lower staff member from IT or records management may be limited.

Despite a seeming lack of enthusiasm around comprehensive information governance, the report did indicate that a growing number of enterprises are bringing e-discovery tasks in-house as part of a comprehensive strategy. The primary driver of that trend is enterprises seeking greater control and predictability over e-discovery costs. The availability of more comprehensive e-discovery technologies covering most, if not all, of the EDRM has also helped to drive the movement towards corporate e-discovery investment, according to the report.

To learn more about information governance and the emergence of Big Data, read the recent Peer-to-Peer magazine article, published by ILTA, “Five Steps to a Defensible Data Reduction Plan."