Text Messaging, Facebook Can Get You in Legal Trouble

way text messages are handled in court varies by district and judge. In Michigan, for example, the messages of a city official on a city-issued device are public record, as Detroit's ex-mayor now knows. But in June, judges in a California case concluded the opposite. They found that messages on a city-issued device are protected from an employer, at least when senior managers fail to enforce consistently their own governance policy.

In the 2006 case, police officers in Ontario, Calif., sued the city's pager provider, Arch Wireless, for violating their privacy by giving their bosses transcripts of their sometimes sexually-explicit chat, conducted on pagers provided by the city. Arch argued that the police department's computer usage, Internet and e-mail policy allows for the monitoring of users' content.

But police department officials didn't regularly monitor pager texts, according to testimony, and officers developed a "reasonable expectation of privacy," the court concluded. Unlike SkyTel in Michigan, Arch in California was wrong to provide the messages. CIOs looking for firm rules across regions about text as evidence are out of luck, says Nolan Goldberg, an intellectual property attorney at Proskauer Rose.

"There's general guidance, but not much case law," Goldberg notes.

Avoidance Won't Work

A CIO's smartest move then, says Kroll's Brill, is to work closely with company lawyers to set and manage employee expectations of privacy. For example, when you install a new technology, amend your existing policy to address it specifically, he advises, even if it is simply by adding the words "text and instant messaging" to the existing passage about e-mail. (See: "Managing the Social Networking Data Sieve")

Next--and don't get lazy about this--maintain a regular schedule of monitoring and keep records to prove you're consistent, he says. "Don't have a de facto policy. Have an affirmative policy," he says. Otherwise, the policy is open to interpretation and you may not get a judge who sees it your way.

From a technology perspective, companies should be ready to produce old text messages and IMs as soon as legal proceedings begin, says Steve Wharton, vice president of infrastructure at Dean Foods, a $12 billion dairy company.

A lawsuit, an inquiry from the U.S. Department of Justice or an audit by a regulatory body such as the Securities and Exchange Commission usually has a deadline attached, Wharton notes. Blowing it can result in fines, as well as ticking off the judge or investigator. He and CIO Art Fino watch discovery issues closely because, he says, as the biggest milk producer in the United States, Dean Foods receives two or three requests for information each year from the DoJ, which monitors dairy industry competition. "We're organized, yet it's quite a fire drill for 30 to 60 days," Wharton says.

While those inquiries are active, the company must retain all pertinent electronic data and retrieve, sort and search it to respond to DoJ requests. For IM and e-mail, Dean Foods is evaluating several outsourced archiving vendors, including AT&T, Google's Postini service, IBM and USA.net. They store messages by user for a yearly fee, but don't offer sorting and searching for e-discovery. Dean Foods will farm that out to another company when needed. Fino and Wharton haven't addressed wireless text messages yet, but considerations include how much it will cost to have telecommunications vendors or a storage service company archive the messages in a way that's searchable later.

"We've got a pretty good strategy for IM, and mobile will follow," Wharton says. At building materials manufacturer Owens Corning, the technology department wouldn't sanction IM until this year, waiting for better archiving controls and tools for keyword searches, says David Johns, CIO of the $5 billion company. "We have our [desktop software] image locked down pretty well, so it was difficult if not impossible to have employees bringing in their own" applications, Johns says.