It’s no secret that the use of social media has skyrocketed. In 2012, according to Burson-Marsteller, eighty-seven percent of Fortune Global 100 companies used some form of social media. In 2009, more communications occurred via social networking sites than e-mail.
Increased use has created a plethora of information that quickly has become a highly-desired source for discovery. Gartner predicts that “[b]y the end of 2013, half of all companies will have been asked to produce material from social media websites for e-discovery.”
With respect to admissibility, social media information is treated the same as other forms of electronically-stored information. Among other factors, it must be authenticated and relevant.
Authentication of Social Media Data
Authenticating social media evidence raises particular issues; including false profiles, account hacking and “Photoshopping.” These issues may be offset by the electronic footprints inevitably left by social media users, however. Forensic examination of devices or corroboration by social media sites may provide a panoply of authenticating data points; including identifying the location of the post, the device or application from which the post was made, timestamps, user IDs, handles, usernames of re-posters, account IDs, recipients of a post and associated links. Key to this inquiry is engaging a partner who can provide the necessary forensic support.
Discoverability of Social Media Data
It is now well-established that social media data may be discoverable if it is relevant. If a user shares information publicly, e.g., via public postings or prior disclosure; it may be discoverable. On the other hand, private messages that are made on a social media site may be protected. Courts diverge on the scope and manner of disclosure.
In Crispin v. Christian Audigier Inc., 2010 U.S. Dist. Lexis 52832 (C.D. Cal. May 26, 2010), the court noted the distinction between private messages and postings and comments on a “wall”. Here, the court protected private e-mail messages made via Facebook and MySpace, because the Stored Communications Act, part of the Electronic Communications Privacy Act of 1986, applied. But the court remanded the issue of whether the user’s privacy settings made his postings and comments “public” and accordingly not shielded by the Stored Communications Act.
In EEOC v. Simply Storage Mgmt.., LLC, 270 F.R.D. 430 (S.D. Ind. May 2010), the court pointed out that the users’ expectation of privacy in using their Facebook and MySpace accounts did not protect communications made via those sites from discovery. The court noted that the users had “already shared” the information at issue. The court ordered production of the following communications relevant to the case: “any profiles, postings, or messages (including status updates, wall comments, causes joined, groups joined, activity streams, blog entries) and SNS [social networking sites] applications for claimants . . . .”
Preparation for Discovery
With social media data on the rise, corporations and counsel should take steps to address and prepare for certain unique issues:
Act early — users constantly update and change data as well as privacy settings.
Determine whether relevant information resides on social media sites, weighing the costs of obtaining such information.
Use discovery requests to determine all social media sites used by the opposing party and request all relevant postings and messages.
Consider the steps necessary to authenticate the requested information, including engaging a trusted partner to provide forensic support.
Engage a trusted partner who can preserve, collect, review and produce the information in a defensible manner.