Facebook, LinkedIn, Twitter. At times these social media outlets are purely personal communications. Other times, they are part and parcel of how a company does business. How does a company identify which social media data it must retain as part of its overall policies for preserving electronically stored information (“ESI”)? In large part, the answer may be found by examining the degree to which the social media communication is truly a company-related communication. If the company permits or authorizes social media communications on its behalf, it likely will need to take steps to preserve and review such data even if it is made by an employee on a personal, password-protected account on a home computer.
That is not to say a company must always be its employees’ keeper. When company employees create social media accounts for purely personal communications (e.g., a personal Facebook account), a company typically will not have any obligation to preserve such data, particularly where such accounts are accessible by a username and password known only by the individual employee and not the company. Companies can help insulate themselves from ESI obligations with respect to such accounts by enacting policies that prohibit any use of such private personal social media accounts for work-related communications on behalf of the company.