Goldberg, the intellectual property attorney at Proskauer Rose, knows of companies that have let IM and other communications technologies creep into corporate use without a formal policy. Other companies don't archive IM consistently, leaving it up the users to turn on or off that feature at their desktops, he says.
Those are common situations that can lead to coming unprepared to court and risking fines or sanctions. "You have to know where this stuff is and how to retrieve and preserve from the system before a lawsuit arises," he says. "It's too late to figure it out under the heat of litigation."
My Data, Pretty Please?
But that's just it. Locating and getting your own data isn't as simple as it used to be. Some of the familiar techniques for making regular e-mail discovery-ready don't translate. With e-mail, for example, you can set servers to archive a snapshot of all employee accounts on a given day, at a given time, and save it for X-number of days. E-mail administrators can then move a designated snapshot to backup tapes and delete the rest. You can't do that with text messages because your wireless provider controls that data, not you. CIOs have to understand the vendor's retention and deletion policy and negotiate something different, if necessary.
Putting data in the hands of third parties this way adds a layer of complexity and expense to discovery that e-mail evidence doesn't usually entail. There are only two ways you can get that data back: ask for it or subpoena it. Which way it goes depends on what your contract says.
It's a best practice for a contract to specify which company controls the data, regardless of who stores it, Goldberg says. Ideally, the third party will comply with your data retention and destruction schedules, but that's something you must negotiate and, depending on how complex the rules are, pay extra to get. An individual text message is small. But a few thousand employees traveling with BlackBerrys can produce heavy and expensive volumes. "Do some cost shopping," he advises.
Prohibiting a particular Web 2.0 technology may not work because people will find a way to use it anyway, says Michael Harnish, chief technology officer of Fios and former CIO at the law firm Dickinson Wright.
"Experience has taught us that if there's an expedient way to further business, it will be done," he says, "whether it's condoned or not condoned."
With texting, Harnish says, if you equip employees with cell phones that block data, they will use their own. With IM, if you close the software ports used by AOL's AIM and Microsoft's MSN Web Messenger, employees can try Google Talk, Meebo, Skype, Yahoo Messenger and a list of other services. Or they might simply conduct company business on personal accounts. Sarah Palin did it. The Alaska governor and Republican candidate for vice president conducted state business on a personal Yahoo Mail account and is being sued by a political activist to reveal 1,100 messages withheld in a public records request.
Harnish says the key lesson for CIOs who pay attention to how text messages are fairing in the courts is this: Don't pretend employees aren't using text for business or in ways that could harm the business. Learn what employees are doing and get ahead of them, he says. Write a policy and train them on the practices and methods acceptable.
That awareness is critical, he says. When litigation starts, you'll have a much more detailed picture of the ground you'll have to cover to comply with e-discovery requests, saving time and money.
Fino, the CIO at Dean Foods, cautions fellow CIOs: "If we were thinking that the urgency of discovery would go away, we were mistaken. This will be the norm for a good, long time."
This story, "Text Messaging, Facebook Can Get You in Legal Trouble" was originally published by CIO.