Facebook

EPIC Asks FTC to Investigate Facebook’s “Timeline”

Bill Tolson eDiscovery, Technology , , , ,

Last year I wrote two blogs titled Spoliation of the Facebook Timeline and Frictionless eDiscovery; social media addicts beware…

which discussed the potential privacy problems with the new Facebook Timeline feature. Yesterday the blog site: The ESI Ninja Blog posted a blog about further developments around privacy and the Timeline feature. The below content is from that blog:

EPIC Asks FTC to Investigate Facebook’s “Timeline”

Posted on January 10, 2012 at 6:44 pm by John M. Horan

When Mark Zuckerberg unveiled Facebook’s new Timeline feature at the company’s Sept. 22, 2011 f8 developer conference, he described it as “The story of your life . . . .  All the stuff from your life.”  According to a Sept. 22, 2011 Facebook Blog post,

The way your profile works today, 99% of the stories you share vanish. The only way to find the posts that matter is to click “Older Posts” at the bottom of the page. Again. And again.

. . .

With timeline [sic], now you have a home for all the great stories you’ve already shared. They don’t just vanish as you add new stuff.

The Timeline announcement came toward the end of an investigation by the Federal Trade Commission into Facebook’s privacy practices, culminating in the Commission’s Nov. 29, 2011 announcement that Facebook had agreed to settle FTC charges “that it deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public.”  In general outline, the FTC said, the proposed settlement

bars Facebook from making any further deceptive privacy claims, requires that the company get consumers’ approval before it changes the way it shares their data, and requires that it obtain periodic assessments of its privacy practices by independent, third-party auditors for the next 20 years.

Three days before the Dec. 30, 2011 close of the 30-day comment period on the proposed settlement, privacy rights organization Electronic Privacy Information Center (EPIC) urged the FTC to investigate whether Facebook’s new Timeline feature complies with the terms of the proposed settlement.  Echoing some of the concerns it raised in a Sept. 29, 2011 letter to the FTC regarding “frictionless sharing,” EPIC’s Dec. 27, 2011 letter to the FTC asked the Commission to: <the rest of the blog entry can be viewed here>

Who owns an employee’s social media account?

Bill Tolson eDiscovery, Technology , , , , ,

The New York Times published a story on December 25th of this year  titled: “A Dispute Over Who Owns a Twitter Account Goes to Court” raising questions around the ownership of a Twitter account that was opened by an individual who included the name of the company he was working for in his account name and posted to the Twitter account during business hours. The NYTimes story posed the question: Can a company cash in on and claim ownership of an employee’s social media account, and if so, what does that mean for workers who are increasingly posting to Twitter, Facebook and Google Plus during work hours?

The story revolves around a lawsuit filed in July of 2011 by the company Phonedog.com.  The defendant, Mr. Kravitz, a writer, began posting to his Twitter account under the name “Phonedog_Noah” and over time collected 17,000 followers. In October 2010, Mr. Kravitz quit his job at Phonedog.com telling him that he could keep his Twitter account in exchange for tweeting on their behalf occasionally and Mr. Kravitz agreed.

Mr. Kravitz changed the name of the account to “NoahKravitz” keeping all the followers to the original account and began posting.

The question the New York Times posed is an interesting one but I think another question that should be asked is; what should an employee do to ensure there is no legal claim by their employer to “their” social media presence?

First, the employee should inquire within their employer as to any social media policies that exist. Most of the employer social media policies I have seen go to great pains describing what employees can and can’t post about the company and its business to social media sites. Corporate content such as upcoming product releases, sales data, and company rumors are the most popular types of restricted content highlighted. Based on this case, additional policy elements should include not including the organization’s name in the employee’s social media handle as well as not accessing or interacting with the employee’s social media accounts during work hours and from infrastructure owned by the organization.

If the organization doesn’t have a published social media use policy, then the employee should follow common sense and:

  1. Not post about your employers business especially confidential content
  2. Not post organization or staff rumors
  3. Never include the organization’s name in the social media handle (remember, corporate brands are valuable and most companies will aggressively defend them
  4. And never access social media accounts while on “company time” and from company infrastructure

Like the case mention above, if the organization asks its employees to post comments about the organization, employees should get the request in writing first acknowledging the organization will not claim ownership of the employee’s social media account is the employee does what is requested and also describing the types of comments the organization would like the employee to post. The employee will then have to decide if they want to use their social media account for organization business.

The same holds true for creating a social media account which includes the organization’s name as in the case mentioned above: Phonedog_Noah. In many cases creating a social media account with the employers name may be considered part of the employment agreement and could be considered an organization’s asset. The employee should always ask if that is the case and if the employer doesn’t claim ownership at the start, the employee should get a statement in writing stating the employer has no claims on the social media account.

A social media presence has become an integral part of organization marketing and all parties involved need to understand up front what the expectations are and who owns the asset.

Discovery of Information on Personal Facebook Profile

Bill Tolson eDiscovery, Information Management , ,

From the E-Discovery Law Review Blog:

A Pennsylvania court recently decided that information posted by a party on their personal Facebook page is discoverable.  Largent v. Reed, Case No. 2009-1823 (C.P. Franklin Nov. 8, 2011) arose out of a chain-reaction automobile accident in which the plaintiffs, who were riding a motorcycle, were hit by a minivan that was hit by the defendant. Plaintiffs claimed serious and permanent physical and mental injuries, pain, and suffering as a result of the accident.

During the deposition of one of the plaintiffs, defense counsel discovered that the  plaintiff/deponent had a Facebook profile that she regularly accessed.  The defendant then accessed Plaintiff’s public profile and saw posts that contradicted her claims of serious injury.

The entire story can be read here:

Facebook Spoliation Costs Widower and His Attorney $700K in Sanctions

Bill Tolson eDiscovery , , , ,

The below article is from Abovethelaw.com by Christopher Danzig

In 2008, truck driver William Donald Sprouse pleaded guilty to charges of involuntary manslaughter for the accidental death of 25-year-old Jessica Lester. According to a bluntly-written news article from the time of the trial, Sprouse’s “truck rounded a corner on two wheels, flipped and rolled over onto Lester’s car, a crushing sixty thousand pounds landing where Jessica sat.”

Jessica’s parents and her widower, Isaiah Lester, won a massive wrongful death suit in 2010 against Sprouse and his employer at the time of the accident, Allied Concrete Company. A Virginia jury awarded them a massive $10.6 million. Clearly, the family’s wounds were still fresh.

But the courtroom odyssey was not over.

On October 21 (nearly a year later), Judge Edward Hogshire signed a “final order” (PDF) cutting the jury verdict in half in Lester v. Allied Concrete Company and William Donald Sprouse, and penalizing Lester and his attorney, Matt Murray, a combined $722,000 in sanctions:

Whereas, the court, having reviewed the evidence and arguments of counsel and carefully considered the extensive pattern of deceptive and obstructionist conduct of Murray and Lester resulting in the sanction award, finds that most of the substantial fees and costs expended by Defendants were necessary and appropriate to address and defend against such conduct…

To read the entire article, click here.

Spoliation of the Facebook Timeline

Bill Tolson eDiscovery, Technology , , , , ,

In a previous posting, I described the new feature in Facebook called “frictionless sharing”, a Facebook feature that will make sharing even easier by automatically sharing what you’re doing on a growing community of Facebook-connected apps. Potentially everything you do on the web could be shared on a timeline with your “friends” and any others (like attorneys) that get access to your page based, for example, on a Judge’s order for discoverable information.

The USA Today Tech section published an article titled “Facebook Timeline a new privacy test” a couple of days ago that got me thinking. From the USA Today article:

Up until now, Facebook accounts have focused on the most recent posts. With the new profile format, the most recent Facebook activities will be at the top. But as users go back in time, Timeline will summarize past posts — emphasizing the photos and status updates with the most “likes” or comments.

“A lot of people just don’t realize how much information they’ve shared in the past.”

This new timeline feature that takes much of what you have done on the internet and neatly organizes it into a timeline is a perfect target for eDiscovery. This brings up two questions; can you edit or hide items on your timeline and can you permanently delete data from your Facebook timeline? These two questions also highlight another question…if you edit your Facebook account and or remove something from your timeline, could that be considered spoliation in a legal proceeding?

Before I address the spoliation issue, let me address the first two questions.

1. Can you edit or hide items on your timeline? The answer is yes you can. From the Facebook help center:

How do I remove a story from my timeline?

You get to decide which stories appear on your timeline. Hover over a story on your timeline to see your options:

  • (Feature on Timeline): This allows you to highlight the stories you think are important. When you star a story, the story expands to widescreen. Starred stories are also always visible on your timeline.
  • (Edit): This gives you the option to:

  • Hide from Timeline: This removes stories from your timeline. Note that these stories will still show up in your activity log, which only you can see. They also may appear in your friend’s News Feeds.
  • Depending on the type of story (ex: status update, check-in, tagged photo), you may also have the option to:
  • Change the date of a story (ex: for an old photo, you can enter the date the photo was taken so it shows up in the right place on your timeline)
  • Delete a post (that you posted)
  • Report a post or mark it as spam (that someone else posted)

You’ll notice there isn’t a “delete” capability in the edit function.

2. Can you permanently delete timeline data from your Facebook account? As far as I can tell you can. In Facebook there is a feature called the “activity log” that is a record of all of your activity on Facebook. From the Facebook help center:

What is the activity log?

The activity log is a record of all of your activity on Facebook. So if you hide a story from your timeline, this story will still appear in your activity log. Your activity log is only visible to you. However, all of the stories in your activity log are eligible to appear on your timeline (unless you hide them from your timeline) or in your friend’s News Feeds.

The stories in your activity log are organized by the date they happened on Facebook. You can access your activity log by clicking the View Activity button on your timeline.

From the activity log you can:

  • Scroll through a history of all of your activity on Facebook
  • View and approve your pending posts
  • Filter the type of activity you see (ex: see all of your status updates or all of the links you’ve shared)
  • Choose which stories are featured on your timeline

You can also click the button to the right of each story. Depending on the story type (ex: status update, photo, app story), you may have the option to:

  • See the audience you shared
  • Delete posts
  • Report a post or mark it as spam
  • Change the date of a story
  • Remove an app from your account

So you can potentially delete items from your timeline… So this brings up my question on spoliation of the Facebook timeline; what, if anything, do organizations have to do to safeguard against altering the organization’s or employees personal Facebook timelines if pending litigation is foreseeable?

Obviously the Facebook timeline is potentially discoverable depending on the circumstances of the case. Organizations need to include the Facebook timeline in their litigation hold/eDiscovery process and to inform impacted employees of their responsibilities to protect potentially responsive information from within all of their personal accounts that could hold relevant ESI including the Facebook timeline data.

As a side note, it’s always a good practice to regularly remind employees not to mix business ESI with their personal accounts.

Frictionless eDiscovery; social media addicts beware…

Bill Tolson eDiscovery, Technology , , , , , , , ,

eDiscovery just got a lot easier…for opposing counsel.

Facebook’s new system to auto-share what you do around the web may catch many Facebook enthusiasts off guard. Even “power” users of Facebook will probably run into trouble with this “frictionless sharing” feature. Once it’s enabled on a site you won’t get any other warnings that you “tracks” are being broadcast to large numbers of people.  In fact, even those people who know exactly how this new feature works will need to be on guard against sharing some seriously embarrassing and or compromising updates.

For those not in the know, Facebook is making sharing even easier by automatically sharing what you’re doing on a growing community of Facebook-connected apps.

Huh? It could be the news articles you read online, the videos you watch, the photos you view, the music you listen to, or any other action within the site or app. In the future it could be the “stuff “you buy on-line or the profiles of people you view, or diseases you looked or the fact that you searched for information on the term “formaldehyde” on a specific day…

To be fair, currently,  you must explicitly authorize a site or app to share your information with Facebook. How this sharing mechanism works depends on the app. Authorizing the Washington Post or The Guardian Facebook apps allows you to read those news sites right within Facebook. The downside, however, is that everything you read is shared back to your friends via a timeline… This capability may also effect those news organizations which have jumped into this partnership opportunity. These news organizations may see a drop in views because potential readers will now have to first consider how viewing a particular story will affect their reputation; Do I really want to click on this story knowing my “friends” will know I viewed this?

A timeline… REALLY! Do your friends really need to know you viewed a website titled “BieberFever.Com” at 1:13 am last Thursday morning? Or that you read an article on setting up a Swiss bank account 57 minutes after you received notice of a pending lawsuit? Talk about making the opposing counsel’s job easier…every discovery request will automatically include Facebook accounts.

Another group that needs to be careful are employees. I can imagine an HR representative viewing an employee’s Facebook page to verify, via the employee’s timeline, they have been surfing the web for the last 17 days.

I have repeatedly warned friends that social media sites like Facebook are potentially dangerous in that what you (or an application) post to your social media site could be used against you by potential employers, current employers or attorneys. One question I suggest all social media addicts ask themselves before they post is; “Is this something I would feel comfortable showing up on the front page of the New York Times?”…Because someday it could.

Your organization’s social media problem can’t be cured with antibiotics

Bill Tolson eDiscovery, Technology , , , , , , ,

You can’t control what employees do away from work on their own time and using their own equipment but companies do have a right to control their brand and that includes how they are represented by their employees on social media sites. For that reason, every organization should develop, implement and enforce a corporate-wide social media policy for all employees (because if you don’t enforce it, then do you really have a policy?).

Gary MacFadden was kind enough to pose a great question in response to my last blog posting titled “Did you hear the one about the Attorney who thought social media was a dating website for singles over 40?”. Gary pointed out that it would be helpful if I could give examples of a corporate social media policy (what it involved) and what the employee education process would be to make employees aware of the policy. With that in mind, here are some aspects of a corporate social media policy:

  1. A policy author with contact information in case employees have questions
  2. An effective date
  3. A definition of what social media is
  4. A description as to why this policy is being developed (for legal defense, brand protection etc)
  5. A description of  what social media sites the company officially participates in
  6. A listing of those employees approved to participate on those sites
    1. The fact that any and all approved social media participations will be done only from corporate infrastructure (this is to protect approved employees from discovery of their personal computers)
    2. A description of topics approved to be used
    3. A description of those topics not approved to be used
    4. A description of any approval authority process
    5. A description of what will happen to the employee if they don’t follow the approved process
  7. A direct statement that unapproved employees that make derogatory remarks about the organization, publish identifying information about clients, employees, or organization financials, talk about organization business or strategy etc. in any social media venue will be punished in the following manner…
  8. A description of how these policies will be audited and enforced

Once the policy is developed, it needs to be communicated to all employees and updated by legal representative on an annual basis. This education process could include steps like:

  1. A regularly updated company intranet site explaining the policy.
  2. A description and discussion of the policy in new employee orientation activities.
  3. A printed description of the policy which the employee signs and returns to the organization.
  4. An annual revisiting of the policy in department meetings.
  5. The publishing of an organization “hot line” to your corporate legal department for real-time questions.

On a related topic, for legal reasons you should be archiving all approved social media participations much like many companies now archive their email and instant message content.

This practice will seem rather draconian to many employees but in reality the organization needs to protect the brand and always have a proactive strategy for potential litigation.

A sampling of various organizations social media policies can be found here. I was particularly impressed with Dell’s.

From a previous blog post titled ”Beware: your facebook posts could end up in court”

Social networking posters beware…your Facebook and other social media accounts may be seen by more than just your friends; in fact, what you post and tweet could become court evidence.

But many of us don’t consider these implications when tweeting and posting. Current employers, potential employers and, yes, even attorneys review social networking sites for information on workers, job candidates and litigants.

Individuals as well as organizations need to carefully consider what they post to these sites. In the personal injury case of McMillen v. Hummingbird Speedway, Inc., No. 113-2010 CD (C.P. Jefferson, Sept. 9, 2010), Hummingbird Speedway, Inc. sought access to plaintiff’s social network accounts, requesting an eDiscovery production of his usernames, log-ins and passwords.

The olaintiff objected, arguing that the information on those sites was confidential.  Upon defendants’ Motion to Compel, the court found the requested information was not confidential or subject to the protection of any evidentiary privilege and ordered its production to defendants’ attorneys within 15 days. Additionally, the court ordered that plaintiff should not take steps to delete or alter the existing information on his social network accounts. The court said:

Specifically addressing the expectation of privacy with regard to Facebook and MySpace, the court found that any such expectation “would be unrealistic.”  The court then analyzed the relevant policies of the two sites, and concluded as to both that, “[w]hen a user communicates through Facebook or MySpace, however, he or she understands and tacitly submits to the possibility that a third-party recipient, i.e., one or more site operators, will also be receiving his or her messages and may further disclose them if the operator deems disclosure to be appropriate.”  Accordingly, the court determined that defendant could not successfully assert that his accounts were confidential.  In so holding, the court also noted the possibility that communications could be disclosed by friends of the account holder with whom the communications were shared.

Organizations need to establish and enforce employee social media policies to lower their risk and better protect their brand.

Did you hear the one about the Attorney who thought “Social Media” was a dating website for singles over 40?

Bill Tolson eDiscovery, Information Management, Technology , , , , , , , , , , , , , , , , ,

A definition of the term social media from Merriam-Webster states “forms of electronic communication (as Web sites for social networking and microblogging) through which users create online communities to share information, ideas, personal messages, and other content.”

Another definition of “social media” from online matters reads “Social media is any form of online publication or presence that allows end users to engage in multi-directional conversations in or around the content on the website.”

Examples of social media include facebook, myspace, LinkedIn, twitter, YouTube, and WordPress (free blogging site) among many, many others. Social media is not limited to desktop computers either. Cell phones, smart phones, PDAs, iPhones and iPads are popular examples of mobile devices which can be connected to social media capabilities.

How popular is social media these days?

Facebook: 750 million plus active users (July 2011). Users spend over 700 billion minutes per month on facebook.

Twitter: 175 million total Twitter accounts, 119 million Twitter accounts following one or more other accounts (March 2011) with 177 million tweets sent in one day on M arch 11, 2011

LinkedIn: 100 million users (March 2011)

Based on the above numbers, the social media phenomenon has become a major source of electronic data which in turn means a major target in litigation.

Social media content as a source of evidence in civil litigation has become a popular topic in legal magazines, blogs, twitter posts and other information sources. There are several challenges around social media content from the employee’s point of view and its use in litigation. Individuals tend to view social media content the same way they thought about emails and voicemails years ago – transitory, something that was private and didn’t exist for long anyway. People are shocked that potential employers are looking at the individual’s public facebook page, twitter postings or LinkedIn profile to get a better idea of a job candidate’s background or when police view the same content to help build a case against someone.

“Seriously officer, I wasn’t at that party where someone got shot…I was visiting my grandmother in Fresno”

“Really?… then how come there’s a picture of you at the party holding a bottle of Jack Daniels in one hand and a Glock 9mm in the other hand?”

Does an employer have a right to an employee’s social media content? Some qualifying questions to determine this  would be:

  1. Has the employee mixed personal and business related content in their social media activity?
  2. Was the employee’s social media activity initiated from within the organization’s infrastructure or using their equipment?

In a 2010 US District Court decision, Equal Employment Opportunity Commission v. Simply Storage Management, L.L.C. and O.B. Management Services, the defendant, Simply Storage, sought to discover from  two employees claiming sexual harassment against their supervisors, all photographs and videos posted to their Facebook and My Space accounts, electronic copies, or alternatively hard copies, of their profiles which includes updates, messages, wall comments, causes/groups joined, activity streams, blog entries, blurbs, comments and applications. The EEOC objected to production on the grounds that the request was overbroad, not relevant, unduly burdensome, and improperly infringed on privacy and compliance would harass and embarrass the claimants. Simply Storage defended the request arguing that the claimants’ had put their emotional health at issue implicating all their social communications.

The Court ruled that the EEOC must produce relevant Social Networking Sites (SNS) communications in accordance with its guidelines noting first that SNS content is not shielded from discovery simply because it is locked or private.

In another case, TEKsystems, Inc. v. Hammernick et al., No 0:10-cv-00819, filed in the United States District Court for the District of Minnesota, is the first-known restrictive covenant lawsuit regarding allegedly unlawful conduct via social media (in this case, LinkedIn).

When Hammernick’s employment with TEKsystems ended, she went to work for Horizontal Integration, Inc., also an IT staffing firm. The complaint alleges that, after her employment with TEKsystems ended, Hammernick unlawfully communicated, on behalf of Horizontal Integration, with at least twenty “Contract Employees” via LinkedIn, the premiere social networking website used for business and professional purposes.

The allegations against Hammernick list, by name, the sixteen Contract Employees that she allegedly “connected” with on LinkedIn, in violation of her employment agreement with TEKsystems. This case raises the legal question whether merely “connecting” with professional contacts via professional networking websites constitutes a violation of a restrictive covenant prohibiting such “solicitation” or “contact.” Does the mere existence of a network of professional contacts equal solicitation? Will compliance with a non-solicitation restriction require individuals to “disconnect” or “de-friend” colleagues, customers, or clients of former employers until the non-solicitation period expires?

Smartphones are a super highway into your private social media content

Recently, California’s Supreme Court reached a controversial 5-2 decision in People v. Diaz (PDF), holding that police officers may lawfully search mobile phones found on arrested individuals’ persons without first obtaining a search warrant. The court reasoned that mobile phones, like cigarette packs and wallets, fall under the search incident to arrest exception to the Fourth Amendment to the Constitution.

Do you have a Twitter app or LinkedIn app on your smart phone? Does it automatically enter your logon and password when you start the app? If they do then law enforcement could take a look at you private facebook, LinkedIn or Twitter accounts.

Also be aware, if you voluntarily disclose or enter your mobile phone password in response to police interrogation, any evidence of illegal activity found on (or by way of) your phone is admissible in court, regardless of whether or not you’ve been Mirandized.

Its obvious social media is a new speed bump in the eDiscovery landscape. Employers need to create policies to address their concerns and educate their employees about these policies and the consequences of not following them.

Court Reviews Plaintiff’s Facebook Account to Identify Material Subject to Discovery

Bill Tolson eDiscovery, Technology , , , , ,

Offenback v. L.M. Bowman, Inc., No. 1:10-CV-1789, 2011 WL 2491371 (M.D. Pa. June 22, 2011)

From eDiscoverylaw.com

In this case arising from a car accident which the plaintiff claimed resulted in physical and psychological injuries, the parties invited the court to conduct a review of Plaintiff’s social networking accounts “in order to determine whether certain information containedwithin Plaintiff’s accountsis properly subject to discovery.” Using Plaintiff’s log-in information, the court reviewed Plaintiff’s Facebook account, including “a thorough review of Plaintiff’s ‘Profile’ postings, photographs, and other information.” (Plaintiff’s MySpace account was not searched asit hadnot been accessed since November 2008 and Plaintiff could not locatethe log-in information.) The court then identified potentially relevant information to be produced, including, for example, photos and updates indicating recent motorcycle trips and “photographs and comments suggesting that he may have recently ridden a mule.” In finding that some of the “public information contained in Plaintiff’s account is properly subject to limited discovery in this case,” the court noted Plaintiff’s acknowledgment that “limited [relevant] ‘public’ information is clearly discoverable under recent case law.”

The court closed this opinion with a footnote expressing its “confusion” as to why its assistance was required in this instance and reasoning that because Plaintiff was most familiar with his own account, “it would have been substantially more efficient for Plaintiff to have conducted this initial review and then, if he deemed it warranted, to object to disclosure of some or all of the potentially responsive information.” The court acknowledged that the “scope of discovery into social media sites ‘requires the application of basic discovery principles in a novel context’” and that “the challenge is to ‘define appropriately broad limits … on the discovery ability of social communications,’” but reiterated its point that (subject to a properly narrow request) “it would have been both possible and proper for Plaintiff to have undertaken the initial review of his Facebook account to determine whether it contained responsive information” and to thereafter involve the court if a dispute remained as to whether that information was subject to production.

The full opinion can be see here

Beware: Your Facebook Posts Could End Up in Court

Bill Tolson eDiscovery , , , , , , , , ,

Social networking posters beware…your Facebook and other social media accounts may be seen by more than just your friends; in fact, what you post and tweet could become court evidence.

But many of us don’t consider these implications when tweeting and posting. Current employers, potential employers and, yes, even attorneys review social networking sites for information on workers, job candidates and litigants.

Individuals as well as organizations need to carefully consider what they post to these sites. In the personal injury case of McMillen v. Hummingbird Speedway, Inc., No. 113-2010 CD (C.P. Jefferson, Sept. 9, 2010), Hummingbird Speedway, Inc. sought access to plaintiff’s social network accounts, requesting an eDiscovery production of his usernames, log-ins and passwords.

Plaintiff objected, arguing that the information on those sites was confidential.  Upon defendants’ Motion to Compel, the court found the requested information was not confidential or subject to the protection of any evidentiary privilege and ordered its production to defendants’ attorneys within 15 days. Additionally, the court ordered that plaintiff should not take steps to delete or alter the existing information on his social network accounts. The court said:

Specifically addressing the expectation of privacy with regard to Facebook and MySpace, the court found that any such expectation “would be unrealistic.”  The court then analyzed the relevant policies of the two sites, and concluded as to both that, “[w]hen a user communicates through Facebook or MySpace, however, he or she understands and tacitly submits to the possibility that a third-party recipient, i.e., one or more site operators, will also be receiving his or her messages and may further disclose them if the operator deems disclosure to be appropriate.”  Accordingly, the court determined that defendant could not successfully assert that his accounts were confidential.  In so holding, the court also noted the possibility that communications could be disclosed by friends of the account holder with whom the communications were shared.

Organizations need to establish and enforce employee social media policies to lower their risk and better protect their brand. Check out this related blog titled “Companies Need a Social Media Policy” for suggestions on establishing a corporate social media policy. And for all of us posters, bloggers and tweeters, be careful what you say; otherwise, it could be read back to you by an employer or judge.