Do You Know Where Your Data is Tonight?

rbeach
Randall Beach Partner, Whiteman Osterman & Hanna LLP

Posted on June 12th 2012

Where is your data?  If your company was asked this question 25 years ago, the answer would most likely be an easy one.  Your company’s data was on the few computers it had in the office, on employees’ desks and in the file room (the physical one down the hall). Today, the answer to that question is far more complex. Your company’s data is likely stored on internal servers, cloud servers, desktops, laptops, touchpads, smart phones, social media sites and, just maybe, employee desks and the file room down the hall.  

Why does the location of your data matter?  America is the most litigious society in the world.  That means, sooner or later, your company will be a party in a lawsuit.  One of the first phases of law suits is discovery.  That is when the other party is allowed to ask for and review your data.  In general, when the other party asks for your data, you have to produce it.

 If you don’t know where your data is, producing your data will be time consuming and very expensive.  Imagine having a discovery order that requires a data review of all your employee’s smartphones, computers, and iPads! Imagine having to expand that to your company’s social media pages, or even those of your employees.  If all of this imagining is not turning into a nightmare, you need to imagine harder.

E-discovery has been around since communications began to be transmitted via 0s and 1s.  Discovery orders routinely include electronically stored information (ESI) within the span of items to be produced.  ESI includes such things as emails, voice mails, texts, instant messages, data stored on the cloud, data stored on mobile devices, and, now, social media postings and other user generated content. 

The inclusion of social media content within discoverable ESI was established in the 2010 case of EEOC v Simple Storage Management. In that case, the court ruled that social media content must be produced if it is relevant to the case at hand.  Scarily, the Simple Storage court held that the permissible scope of discovery in that case included “any profiles, postings or messages (including status updates, wall comments, causes joined, groups joined, activity streams and blog entries) revealing or relating to emotion, feeling or mental state.”  A shorter way of saying that would have been everything.

So what does this all mean for your company?  First, your company needs to assert control over its data.  There should be clear policies regulating how and where company data is stored. If you allow a wild west, anything goes, atmosphere to engulf your data, there is high potential of embarrassment and high cost.

Second, you need to make it very clear to your employees that social media is included when it comes to data control. Develop policies that protect your data from landing on social media platforms, and alert employees to the fact that social media content can be discoverable. 

In the end, there will always be the risk of a rogue employee or hacker.  There will always be innocent mistakes and data seepage.  The critical thing is to make sure your company moves forward with eyes wide open and asserts control where it can.  Make sure that most nights, you know where your data is and where it will be in the morning.

rbeach

Randall Beach

Partner, Whiteman Osterman & Hanna LLP

Randall S. Beach is a partner at the law firm of Whiteman Osterman & Hanna LLP, where he has practiced since April, 2002. Randall concentrates his practice in the areas of social media law, commercial real estate, and cross-border transactions. Specialties Commercial Real Estate Law, Social Media Law, International Transactions
See Full Profile >