Be careful who you sue – your Facebook page can and will be held against you.
I have talked about unknown privacy exposures lurking in companies regardless of size. I am often surprised that potential damaging, confidential, and privacy exposure related content is not more actively protected. The cost of eDiscovery and litigation continues to soar. Even when unavoidable, the time and human resources needed to find all relevant information increases the risk associated with the desired outcome. In a recent conversation, a company incurred process failures which required going through terabytes of information to document what went wrong and address compliance and federal regulations. So it’s not just litigation.
Although personal lawsuits, in two recent cases, social media site (Facebook) was used to counter the plaintiffs’ claims of inability to perform previous activities. In the first instance, the plaintiff had fallen down a parking garage stairwell and claimed she sustained permanent injury and was in constant pain, yet her Facebook page showed her as a bridesmaid, vacation pictures, off-roading, and drinking a large cocktail at a restaurant (maybe that was due to the pain?). The second instance was a woman who claimed that an auto accident prevented her from playing sports and the pain was worse in cold weather. Her Facebook page showed pictures of her skiing, which were taken after the accident. In both cases, the court accepted the Facebook pages to determine the outcome of the lawsuits.
Back to business. Emails are continuing to rise as a culprit in costing global companies considerable amounts of money. The same scenario and issues also apply to enterprise collaboration/social networking applications. With courts now accepting all different forms of content as admissible for corporate litigation including tweets, blog postings, comments, organizations are going to have to take a more pro-active role in identifying and securing information they don’t particularly want shared with the world. If it came from your company it can and will be held against you.
Although our technologies address this problem, it is still a large project to tackle as each business group may have ‘confidential’ information they want protected. On the other hand, ‘malicious insiders’ account for 38% of data exposures so the organization is once again at the mercy of end users.
How does your company handle, if at all? If not, why?