Loading ...Recent changes to Facebook promise to let friends share content more easily and to allow users to follow the lives of others through subscriptions. The more freely information flows, the better, right? Based on the way FaceBook and Twitter usage has grown, that would certainly seem to be the case. As we pointed out in our information governance webinar with ViaLumina, Ltd., one of the primary value propositions of Information Governance (IG) is creating business value through better usage of information. The other side of the IG value coin is risk management; the free flow of information through social media presents real risks – both for corporations and individuals.
More and more client inquiries focus on collection of social media content. FINRA is one regulatory body that has state that social media content must be treated like any other electronic content. To that end, many archiving vendors now have ways to capture Twitter feeds and store alongside emails and instant messages. Depending on how active a Twitter user the employee is, this could result in a lot of data flowing into the archive. With the increasing usage of social media, organizations are looking to get ahead of the curve in terms of collecting it.
X1 Discovery recently briefed EDJ on its social media collection offering, X1 Social Discovery (to be released October 18, 2011). I was fascinated to learn both what is collectible and how many ways there are to collect certain social media content. For example, X1 Social Discovery can get Twitter content in 3 ways:
- Use the users’ Twitter credentials to collect from the account
- Create a case-based Twitter account and follow the users you need to collect from
- Create a case-based Twitter account, search twitter.com for key words or phrases, and add those search results to the collection
The solution not only searches and indexes the Tweet itself, but also any links in the Tweet and indexes the main page referenced in the link. This can be very valuable in an investigation scenario. X1 Social Discovery collects from Twitter and FaceBook for the time being, but the vendor reports that LinkedIn collection will be available by the time of general release on 10/18.
One of the scenarios that X1 demonstrated for us really got me thinking about the responsibility of individuals, as potential custodians, to protect their own privacy. The X1 team showed us how they could track users on FaceBook and report back what the users liked or commented on if the user kept that visible to the public. Given the complexity of FaceBook’s privacy settings and the fact that many people don’t know how to use them, this could become a big issue. To date, it seems that availability of electronic evidence is the standard for admissibility (I’m over-simplying here, I know…but if the evidence exists and can be proven authentic, it will more than likely get used). To that end, it is incumbent upon us as individuals to protect our privacy and be sure we know what we make public.
next question is once you have it archived, now what? how do you efficiently supervise (monitor, sample?) a potentially many-to-many network? how do you follow information flow? whats your regulatory risk profile? how to you quickly understand what is working and what is not, so you can correct/educate/remediate? Compliance is all about control…….storing it is step 1, now what?
September 29, 2011 at 3:43 pm
Eddie Cogan
no profile information available
Agreed – future research will look at ways to preserve, collect, process, review, and produce social media content. We’ll look at ways to do that in up-and-coming solutions as well as alongside other collections from other sources. And, we will look at ways to stay actionable on that info – whether making case decisions or taking actions for compliance.
Thanks for the comment.
September 29, 2011 at 4:10 pm
Barry Murphy
Member Type: Other | Role: Consultant | Size: Solo | Years of Experience: 15 | Certifications/Licenses: N/A
“…the responsibility of individuals, as potential custodians, to protect their own privacy.”
How about the responsibility of custodians to comply with a legal hold? To date, the predominant blogosphere chatter on accountability for proper preservation has (rightly) centered on attorney culpability and its increasing incidence in sanctions. Certainly, legal-hold “integrity” (read: enforcement) must be spearheaded and “owned” by the lawyers (which begs the question – will we reach a point where no one is willing to sign the 26 (g) (1) declarations, especially given the infrequency of 26 (e) (1) supplementary filings?). The rise of ESI based in social media is just the latest example of custodian-managed, potential evidence. And the common use of custodial “self-collection” approaches and a disproportional scarcity of closed-loop legal-hold processes (e.g., absent defined metrics and regular audit-based variance analysis and reporting) – coupled with huge stores of ESI which are “managed” (largely or exclusively) by individuals or groups of custodians – makes custodial accountability for legal-hold integrity a critical requirement.
The same problem exists (and is, increasingly, solved) in the information security world – where many large companies routinely train and periodically test (for both awareness and understanding) “end user” capability and accountability for protecting critical company information from loss. People get fired, in some cases, for violations of information loss-prevention policies: increasingly, there is both audit and enforcement in place to ensure compliance (because, let’s face it – if there weren’t radar guns, would anyone obey speed limits?) which get very little resistance from “end-users” or their management. Info-sec people long ago realized that you can’t build technology walls high enough to offset end-user indifference. Corporate attorneys should consider a similar “trust, but verify” model with respect to moving preservation and collection efforts up the process-effectiveness continuum to “repeatable, predictable and demonstrable” – in a word, defensible.
October 7, 2011 at 12:50 pm
Joe Treese
Member Type: Firm | Role: Consultant | Size: Solo | Years of Experience: Too many | Certifications/Licenses: eD Academy & Advanced eD, GU
It will be interesting to watch how much responsibility gets put on the custodian. There are issues with self-collection, especially if there is a non-cooperative custodian involved. It seems to me that the social media issue will cross personal and work lives even more so than email did/does. The tools for social media collection are new – it will be another best-of-breed versus suite battle. At the very least, it will be fun to watch it play out.
October 7, 2011 at 1:39 pm
Barry Murphy
Member Type: Other | Role: Consultant | Size: Solo | Years of Experience: 15 | Certifications/Licenses: N/A