Alerts

E-Discovery Newsletter—April 2012

Alerts / April 27, 2012

With the rise of Facebook, Twitter, LinkedIn and others, the world of social media has become intersected with e-discovery in ways many would have never imagined. Below are a few articles that discuss that intersection, as well as how businesses and professionals can be better prepared before a problem develops.

Stay informed with the latest E-Discovery news and information by subscribing to our E-Discovery and Technology blog. The Discovery Advocate blog is presented by members of the E-Discovery and Technology Team, providing a practical look at modern discovery practices and the developments and trends that impact today’s litigants in the trenches of litigation.

Please contact any member of Baker Hostetler’s E-Discovery and Technology Team with questions.

SEC Staff Recommends Review of Record-Retention Policies to Reflect Social Media Content and Communications Made by Registered Investment Advisors

By Alberto Rodriguez

The staff of the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) recently published an advisory alert regarding investment advisors’ use of social media and recommended that firms using social media adopt and periodically review the effectiveness of recordkeeping policies and procedures regarding social media in the face of changing technology. See National Examination Risk Alert by the Office of Compliance Inspections and Examinations issued January 4, 2012. The OCIE calls social media “landscape-shifting” for investment advisors because of the way it has changed traditional two-party, advisor-to-client communication into an interactive, multi-party dialogue among advisors, clients and prospective clients. Particularly relevant to the e-discovery and technology fields are the recordkeeping responsibilities required by the federal securities laws that the OCIE says are equally applicable to social media content and communications. Since social media is conducted online, proper organization and maintenance of electronic records will be essential for investment advisors who wish to fully satisfy their recordkeeping obligations while making maximum use of social media for their business.

The highly interactive nature of social media creates a variety of new regulatory risks for investment advisors. For example, the “Like” feature, which allows any person to virtually “approve” of an Internet post, is a seemingly innocuous tool on many social media sites. However, use of the “Like” button in an investment advisor’s social media site could, depending on the circumstances, constitute a “testimonial” which is prohibited under SEC Rule 206(4)-1(a)(1) if it pertains to an investment advisor’s services. The OCIE staff says that the use of the “Like” feature could be deemed a “testimonial” if it is an explicit or implicit statement of a client’s experience with an investment advisor. This seemingly harmless feature, if used by an investment advisor on his or her website, could, therefore, cause that investment advisor to publish a testimonial without any such intention and run afoul of Rule 206(4)-1(a)(1).

Section 204 of the Investment Advisors Act and SEC Rule 204-2, promulgated thereunder, set forth the recordkeeping obligations of registered investment advisors. Specifically, Rule 204-2 requires investment advisors to make certain books and records available relating to their advisory business and to keep them for a specified period of time. In addition, Rule 204-2 requires investment advisors keeping required records in an electronic format to maintain them in a manner that allows the records to be arranged and indexed. In the OCIE staff’s view, the content of the communication is determinative. Therefore, social media content should be scrutinized regularly to determine whether it falls into one of the specified categories of books and records.

The OCIE staff advises that a firm that intends to communicate, or permit its registered investment advisors to communicate, through social media sites may wish to determine whether it can retain all required records related to social media communications and make them available for inspection. This is particularly important because social media offers multiple ways to communicate with existing or potential clients from status updates, discussion boards, emails, texting, direct messaging or chat rooms. The OCIE staff particularly recommends that investment advisors review their document retention policies to ensure that any required records generated by social media communications are retained in compliance with the federal securities laws and in a manner that is easily accessible for a period of not less than five years as required by SEC Rule 204-2. Registered investment advisors should also consider whether their retention policies account for the volume of communication and “unique communication channels” available to each particular social media site. The OCIE staff makes clear that investment advisors that “communicate through social media must retain records of those communications if they contain information that satisfies an investment advisor’s recordkeeping obligations under the Advisors Act.” (emphasis added).

The OCIE staff suggests that investment advisors consider adopting compliance policies and procedures that address the following factors relating to the recordkeeping and production requirements of records generated by social media communication.

  • Whether each social media communication used is a required record; if so, a firm should determine the applicable retention period and the accessibility of the records.
  • Deciding the best format in which to maintain social media communications (e.g., screen print or pdf of social media page).
  • Conducting employee training programs to educate advisory personnel about recordkeeping provisions.
  • Arranging and indexing social media communications that are required records and kept in an electronic format to promote easy location, access and retrieval of a particular record.
  • Periodic test checking (using key word searches or otherwise) to ascertain whether employees are in compliance with policies and procedures.
  • Using third parties to keep records consistent with recordkeeping requirements.

The OCIE staff warns that taking these precautions does not guarantee that a firm will not run afoul of their recordkeeping obligations. Rather, investment advisors should, at a minimum, look at these factors and make sure that their document retention policies accurately take into account social media communications and other content and determine whether those policies can be improved through these suggestions. The OCIE staff recognizes that registered investment advisors are eager to leverage social media to market and communicate with existing clients and to promote their visibility in their field. However, registered investment advisors should ensure that they are in compliance with all of the regulatory requirements and be aware of the risks associated with using various forms of social media.

top of page

Holy Tweet! - #AngryWrkr2012 : What Can an Employer Do When a Disgruntled Employee Takes to the Web to Air His Work Grievances?

By Tracey Ellerson and Tiffany Cummins

A member of your staff posts on his coworker’s wall, “You should have seen the nasty mess in the office today . . . . Again . . . . I sure wouldn’t want my dog sleeping in that. My stupid, lazy boss told me to clean it up, and it wasn’t even my mess. I’m not doing that again. I don’t care if I get fired.” Can you discipline the employee for posting damaging remarks about your company for the entire world to see? Maybe not.

If you are an employer considering disciplinary action for an employee’s inappropriate or distasteful social media posts, you should beware. The National Labor Relations Board (“NLRB”) has expanded its foothold in regulating such conduct. On August 18, 2011, and again on January 24, 2012, the NLRB’s Acting General Counsel issued two reports addressing twenty-eight different cases that shed light on when it is lawful and unlawful under the National Labor Relations Act (“the Act”) to discipline employees for social media activities, such as posting comments on Facebook and Twitter.

The Act, dating back to 1935, limits the way employers may react to workers in the private sector who seek to create labor unions, engage in collective bargaining, or who take other forms of concerted activity in support of their demands. Because the Act covers most private-sector employees, the NLRB’s report has implications for most all employers, regardless of whether or not the workplace is currently unionized.

The reports focus on two sections of the Act:

(1) Section 7 – precluding an employer from engaging in conduct that would be viewed as interfering with “protected concerted activity,” which means employee activity pertaining to the terms and conditions of employment on behalf of a group of employees (as opposed to on behalf of the individual employee); and

(2) Section 8(a)(1) – precluding employer from enacting policies that restrain an employee’s right to engage in protected concerted activity.

And, the reports underscore two main points:

(1) Employer policies should not be so sweeping that they prohibit the kinds of activity protected by the Act, such as the discussion of wages or working conditions among employees; but

(2) An employee’s comments on social media typically carry no protection if they are “gripes” made solely on his or her own behalf, and involve no sharing of common concerns.

Does Social Media Activity Fall Under the Protection of the NLRA?

Yes, it may. The Act says that employees have the right to engage in concerted activities for the purpose of collectively bargaining for changes in the terms and conditions of employment. So what does this mean? Believe it or not, this means that covered employees who complain about their workplace using a very public social media forum may be legally protected from discipline. They can Facebook, Tweet, or blog their grievances without recourse, so long as the activity can be deemed to have been engaged in with the objective of initiating or inducing change in the workplace on behalf of a group of employees.

The reports offer several examples of protected employee conduct utilizing social media. Among others:

A. Employees complaining to each other via Facebook (with expletives) about their employer’s tax withholding practices;

B. Employees complaining to each other, again via Facebook, about their manager’s attitude and style, leading one to say that she hated “that place” and could not wait to leave and that it was the manager who brought on a lot of the drama and made it so bad;

C. After learning that she had been transferred to a lower paying position, an employee took to Facebook and, using expletives, said that her employer had “messed up” and that she was “done with being a good employee.” This post led to several more by others, including coworkers, that eventually led one to call for a class action;

D. A commission-paid employee posting on Facebook pictures and sarcastic commentary criticizing the inexpensive manner in which his employer conducted a sales event;

E. An employee passed over for promotion took to Facebook to complain about the selection process and to say that she “was pretty much told the work she had been doing wasn’t worth anything and that she couldn’t do it anymore,” prompting a coworker Facebook friend to comment that “it would be pretty funny if all the good employees actually quit”;

F. An employee posting negative comments on Facebook about a supervisor (including calling him a “scumbag”) who was investigating a customer complaint against the employee;

G. Multiple employees posting comments (which included swear words and sarcasm) on Facebook criticizing the work performance of their coworkers and staffing level problems.

In each of the above situations, the conduct was protected under the Act and could not be subject to employer discipline because: (1) the communications concerned the terms and conditions of employment; (2) the subject of the communication was brought to management’s attention, or the employee had reason to believe the communication would result in a discussion with management; (3) the communications addressed employees’ shared concerns; and (4) the communications were directed at coworkers or discussed with coworkers.

Now, let’s think about the employee who feels the need to seek a cleaner workplace by posting about it on Facebook. He’s chatting about the conditions of his employment; perhaps he told his manager about the issue; he could have reason to believe that he may have more success in enacting change for a cleaner work place with support from his colleagues; and yes, he’s communicating with a coworker who may agree. So, employers may need to think twice before they give him a pink slip.

Does Section 7 Give Employees the Green Light to Unleash a Torrent of Disparaging Remarks by Way of Social Media?

Generally, no. If the commentary is not directed toward coworkers or is not made with the intent to change the terms or conditions of employment, then the employee is not engaged in protected concerted activity. The reports address several situations in which an employee’s use of social media was not protected activity. For example, an employee who complained that her employer paid low wages and lacked sufficient equipment on a senator’s Facebook page was terminated. The NLRB explained that the communication was not protected activity (and the termination was not unlawful) because: (1) the post was not discussed with the employee’s coworkers; (2) the employee did not try to raise the issue with management, and she did not expect the senator to resolve the problems with her employer; and (3) none of the employee’s coworkers had met or organized any group action regarding the subject of the employee’s comments. Complaining by yourself about your employer to an outside entity that is not a union has never been protected activity.

In another case, a reporter created a Twitter account after being encouraged to do so by his employer. On that account, the reporter criticized his employer’s copy editors, made comments about area homicides (which were a part of his beat), and criticized an area television station. The NLRB stated the reporter’s subsequent termination was not unlawful because the Twitter posts did not relate to the terms and conditions of his employment, and the reporter did not seek to involve coworkers – both of which are required for activity to be protected under the Act.

And, in a final example, an employee took to her Facebook page to update her status with two comments: the first that consisted of an expletive and the name of the employer’s store and the second that stated, simply, the employer did not appreciate its employees. She was later terminated. Although one coworker “liked” one of the employee’s Facebook comments, the NLRB explained that communication was not protected activity (and the termination was not unlawful) as it was nothing more than an individual gripe: “The Charging Party had no particular audience in mind when she made that post, the post contained no language suggesting that she sought to initiate or induce coworkers to engage in group action, and the post did not grow out of a prior discussion about the terms and conditions of employment with her coworkers.”

Does Section 7 Give All Workers Protection?

No, not all workers. Assuming an employer is covered by the Act, different rules apply, and different actions are warranted, depending on an employee’s position. Supervisors, for instance, are not employees covered under the Act. Thus, their social media activity carries no protection under the Act.

Can Employers Enact Policies That Restrict Their Employees’ Use of Social Media?

Yes, but the policy should be narrowly defined. Employers’ policies should describe social media and outline which activities are subject to the policy. For instance, if possible, the policy should reference other relevant policies, including the employer’s anti-discrimination/harassment, computer use and confidentiality policies.

The reports address specific social media policy provisions which the General Counsel deemed overbroad and in violation of the Act because the provisions utilized broad terms that could be read to reach criticism of terms and conditions of employment. This includes commonplace terms like “inappropriate” or “defamatory.” For instance, one employer’s social media policy limited employee discussion of terms and conditions of employment to discussions conducted in an “appropriate” manner, thereby prohibiting, albeit implicitly, “inappropriate” discussions. Because the policy made no attempt to define the term, “appropriate,” the NLRB stated that employees might reasonably infer that comments critical of management would be considered “inappropriate” and forbidden, even though the policy expressly stated that it would not be interpreted to interfere with the employees’ right to participate in concerted activity. The NLRB thus concluded that the social media policy was unlawfully overbroad.

The reports offer other examples of broad social media policy provisions that may run afoul of Section 8(a)(1) of the Act. According to the reports, an employer cannot:

A. Generally prohibit its employees from discussing the company, its employees or its competitors;

B. Broadly prohibit its employees from posting pictures of themselves online, which depict the employer in any way;

C. Broadly prohibit its employees from using social media in a way that “may violate, compromise, or disregard the rights and reasonable expectations as to privacy or confidentiality of that person;”

D. Generally prohibit “defamation,” “harassment,” “rude and discourteous behavior,” “inappropriate discussions,” or “offensive conduct,” without qualification; or

E. Blanketly prohibit its employees from using the employer’s logos or photographs.

By contrast, the reports make clear that employers may lawfully prohibit employees from publishing specific kinds of disparaging or harassing remarks using social media. In one recent case, for instance, the NLRB approved of an employer’s social media policy that prohibited the posting or display of comments about coworkers, supervisors or the employer that were “vulgar, obscene, threatening, intimidating” or a violation of the employer’s anti-discrimination and anti-harassment policies.

What Can Employers Take Away From the Reports?

Employers should consider the following:

A. Review and modify existing social networking policies to comply with these requirements.

B. Train supervisors and managers on the requirements of the law so that they do not create liability by wrongfully reacting to protected employee behavior.

C. Profanity generally will not justify discipline for protected concerted activity. Having said that, threats of violence or harassment implicating race, religion, or sex, for example, are not protected. So, if an employee posts, tweets or blogs in a manner so as to infringe on such protected classifications, the employer can, and should, take action.

D. Concerted activity about the company or its employees does not lose its protected status just because a statement is false or defamatory; the statement must be maliciously false to lose its protected status under the Act which means the employee must make the statement actually knowing that it is false or with reckless disregard for whether the statement is true. The mere fact that a statement is false, misleading or inaccurate is insufficient to demonstrate that it meets the maliciously false standard.

E. Policy provisions concerning social media usage should not be overly broad and should contain disclaimer language that the “policy will not be construed or applied in a manner to limit employees’ rights under Section 7 of the NLRA.”

F. Policy provisions concerning social media usage should state and serve a legitimate business purpose.

G. As with all employment policies, social media policies should be applied and enforced consistently.

This area of the law is destined to become increasingly complex and difficult for employers to balance company rights and interests with those of their employees.

The Act applies to private employers engaged in interstate commerce, but excludes railroad, airline and public employers. (Those employers are governed by different statutes.) So who or what is engaged in interstate commerce? While this has been the subject of considerable legal debate, employers whose work involves or relates to the movement of persons or things (including intangibles, such as information) across state lines or from foreign countries are typically engaged in interstate commerce. Consequently, timeshare resorts, which serve the needs of their owners and guests nationwide, are likely engaged in interstate commerce, thus falling within the ambit of the Act’s coverage. 

top of page

Privacy Settings: The Fact that Defense Counsel Isn’t Your Facebook Friend Won’t Protect You

By Ted Jacobs and Jonathan Nowakowski

Does an individual have a “right to privacy” to information on his non-public social media page? The common belief amongst users is that a user has a “right to privacy” to information on his social media pages where privacy settings have been set to restrict access. However, a recent series of court decisions in Canada, the Southern District of Illinois, New York, Colorado and Pennsylvania have determined that not only is there no social networking privilege, but that there is no reasonable expectation of privacy to material posted on social media sites, regardless of privacy settings.

The issue before the courts has been primarily whether a party is permitted access, by court order, to the non-public portions of an opposing party’s social media pages in order to access information refuting the opposing party’s claims. These requests are most often seen in cases where an individual is seeking damages for loss of enjoyment of life and/or permanent injury, or in the family law context. The requesting parties generally claim that either: (i) based upon relevant information observed on the publicly available portions of the individual’s social media page; or (ii) based upon the fact a person actively maintains a private social media page with the public profile providing no relevant information, the requesting party has a good faith belief that relevant information exists in the non-public portion of the social media.

In addressing the issue, various courts have investigated the purpose of social media sites, the dissemination of a plaintiff’s information on those sites, the Fourth Amendment and any relevant laws governing privacy of information in the electronic age in the jurisdiction. In one such case, a Canadian court determined that the purpose of social media sites was to enable people to share information about their personal lives; therefore, depriving an opposing party of this potentially relevant information risks the assurance of a fair trial.[1] Furthermore, the court stated that an opposing party cannot “have a serious expectation of privacy” given that this information was shared with numerous other sources on the social media site, nor can that party “hide behind self-set privacy controls.”[2] Similarly, in New York, a court determined that upon joining social media sites, users are informed that their information may be disseminated to third parties a variety of different ways, and, therefore, cannot have a reasonable expectation of privacy about personal information published on those sites.[3]

The New York court also held that the Fourth Amendment’s right to privacy does not protect “places” therefore, information that an individual knowingly exposes to the public is not subject to the protections of the Fourth Amendment.[4] This line of reasoning was continued by a Pennsylvania court, which held that the Stored Communications Act, designed to protect digital and electronic information under the Fourth Amendment, does not protect an individual’s privacy of stored Internet communications, but rather applies only to the enumerated entities.[5]

Where the courts appear to differ on this issue is the duration and scope of discovery once access of an individual’s social media page has been permitted. Some courts have conducted an in camera inspection of the individual’s non-public social media site, where other courts refuse to do so.[6] Some courts have permitted a limited period of time for access, whereas other courts have just ordered a plaintiff to turn over the login requirements without a timeframe.[7]

Ultimately, the courts that have addressed this issue have almost categorically determined the following:

(i) information sought from an individual’s non-public social media page is discoverable if it is determined relevant, material and necessary for the opposing party’s defense;

(ii) an individual does not have a reasonable expectation of privacy of information published on social media page, regardless of privacy settings; and

(iii) if the information sought is relevant, material and necessary, the opposing party’s need for access to the individual’s non-public information on social media pages outweighs any privacy concerns of the individual.

Some courts have acknowledged that their holdings in these cases must be narrowly construed, and not permit “fishing expeditions” or a requesting party’s entitlement to private social media information.[8] Rather, the requesting party must show a good faith belief that relevant information exists in the non-public portion of the opposing party’s social media page, either by a review of the public portions of the page, or sometimes with just the existence of a private page, depending on the court.[9]

The message emerging from these cases is that privacy settings are no defense to shield information from a reasonable request for relevant discovery contained in non-public social media pages. A requesting party may seek, and obtain, full access to an opposing party’s social media site upon showing a reasonable belief that the social media site contains information relevant to the opposing party’s claims – regardless if the information is admissible at trial or not. Therefore, it is imperative that both clients and their counsel are aware of all content and potential liabilities concerning use of social networking sites, and refrain from publishing sensitive, non-public or privileged information, particularly when litigation is pending.


[1.] Leduc v. Roman, 2009 CarswellOnt 843 (February 20, 2009).
[2] Id. at *20.
[3] Romano v. Steelcase, Inc., 907 N.Y.S.2d 650 (Suffolk Co. 2010) at pp. 7-8.
[4] Id. at p. 6.
[5] See Largent v. Reed, No. 2009-1823, 2011 WL 5632688 (Franklin, Nov. 8, 2011).
[6] See Zimmerman v. Weis Markets, Inc., No. CV-09-1535, 2011 WL 2065410 (Pa.Com.Pl, May 19, 2011 at FN2; Offenback v. L.M. Bowman, Inc., 1:10-CV-1789, 2011 WL 2491371 (M.D.Pa 2011).
[7] See Zimmerman at p. 5; Largent at pp. 13-14; Romano, p. 8.
[8] See Zimmerman; Patterson v. Turner Construction Company, 88 A.D.3d 617, 931 N.Y.S.2d 311 (2011).
[9] Zimmerman at FN8.

top of page

Spoliation Evolved: Deleting Clients’ Unsavory Social Media Content Will Cost You

By Sean H. Sobel

When most attorneys think of the doctrine of “spoliation,” they picture shadowy figures shredding crucial documents or stripping hard drives of damning emails and files. Prior to 2011, a vast majority of spoliation issues revolved around the physical destruction of discoverable information either on paper copies or hard drives and servers. However, following a contentious 2011 personal injury case, a new area of spoliation is sure to grow rapidly. Something as simple as clicking “delete” on a client's Facebook page caused one attorney to lose millions, and potentially end his legal career.

In Lester v. Allied Concrete Co., Nos. CL08-150, CL09-223 (VA. Cir. Ct. Oct. 21, 2011), Isaiah Lester sued Allied Concrete Company for negligence and wrongful death after Lester’s wife was killed in an accident with an Allied truck. With the help of his attorney, Matt Murray, Lester was awarded a record $10.6 million dollar jury verdict. However, their victory in the courtroom was short-lived.

Nearly a year after the verdict, the judge in the case signed a final order, which levied harsh sanctions due to spoliation and cited an “extensive pattern of deceptive and obstructionist conduct of Murray and Lester.” Did Murray and Lester destroy potentially embarrassing medical documents or withhold emails that could otherwise damage their case? Not quite, but while the judge’s final order laid out instances of spoliation that were novel at the time, they are sure to be rehashed in future cases.

During the discovery phase of the Lester case in 2009, Murray received a discovery request seeking the contents of Lester’s personal Facebook account. Attached to the discovery request was a photo of Lester wearing an “I [heart] hot moms” t-shirt while holding a beer can, which Murray presumed was taken from Lester’s Facebook account and dated after the death of Lester’s wife. Murray immediately told an assistant to tell Lester to “clean up” his Facebook page because “we don’t want blowups of this stuff at trial.”

After the assistant told Lester to “clean up” the page, Murray decided that it would be best if the page was deactivated altogether, since the discovery request sought production of the Facebook page on the day the response was signed. Murray posited that if the Facebook page was deactivated prior to signing the discovery responses, then he would have nothing to produce. On the discovery response, Lester stated “I do not have a Facebook page on the date this is signed, April 15, 2009.”

Unfortunately for Murray and Lester, the Court did not see eye to eye with their plan. Defendants quickly realized that Lester deactivated his Facebook account and filed a Motion for Sanctions. Murray and Lester’s actions were undeniable, as Defendants brought in an expert to testify that according to Facebook’s IP logs,[1] multiple pictures were deleted and Lester’s profile was deactivated just one day before the discovery responses were sent back to Defendants. At the Motion for Sanctions hearing, Lester and Murray admitted there had been spoliation.

Despite the admission of spoliation by Lester and Murray, the Court levied severe penalties on both men. First, the Court cut the $10.6 million dollar jury verdict in half. Second, sanctions were levied against Murray to the tune of $542,000, and against Lester in the amount of $180,000. Lastly, the Court referred Murray’s violations to the Virginia State Bar, which has yet to complete their review.

The main takeaway from this case is that all of these sanctions, over $6 million worth, came as the result of a single click on Lester’s Facebook profile. With the explosion of social media sites, and the lack of time and difficulty it takes to remove embarrassing information from these sites, cases like Lester are sure to repeat themselves. While the production of information posted on social networking sites is nonetheless constrained by relevance, it may not be worth the risk of a Court’s determination that harmful, embarrassing and/or inappropriate postings on Facebook and other social networking sites may be discoverable.

If you have any questions about the forgoing, please contact any member of Baker Hostetler's E-Discovery and Technology Team.

top of page


[1] For an in-depth discussion on how Facebook’s IP logs were used in this case, see Peter Coons, eDiscovery in Social Media—Controversial Facebook Photo Sparks Debate (2011), http://www.d4discovery.com/2011/12/ediscovery-in-social-media-controversial-facebook-photo-sparks-debate
Baker & Hostetler LLP publications are intended to inform our clients and other friends of the Firm about current legal developments of general interest. They should not be construed as legal advice, and readers should not act upon the information contained in these publications without professional counsel. The hiring of a lawyer is an important decision that should not be based solely upon advertisements. Before you decide, ask us to send you written information about our qualifications and experience. © 2012 Baker & Hostetler LLP