Managing the Legal Risks of Social Technology — Part II
Having previously looked at some of the technical and social dynamics of various "Web 2.0" developments, such as Twitter™, Facebook™ and blogging, we discuss the legal risks attendant with these new communications channels — risks that organizations and companies must manage very carefully.
Business people, and the corporate counsel who coach them on compliance and related matters, need to remember that anything posted on social media can and will be used against them. We already know this lesson from a predecessor technology of Web 2.0, namely e-mail.
There is very little litigation today that is not impacted — often decisively — by the e-mail traffic surrounding one or both parties to the litigation. In the pre-Internet era, there was sometimes the "smoking gun" letter or paper-based memo. E-mail now serves the same purpose, but with much greater frequency because so much more of it is generated, and its colloquial, almost conversational tone lulls people into making admissions much more easily than they would in the more formal paper-based missive. In short, e-mail is like technological truth serum, and litigators are enthusiastically harnessing the often startling admissions made over this communication medium.
An Electronic Image is Worth Many Words
Social media has continued this phenomenon, and indeed multiplied its implications, by adding images and videos to simple e-mail text. For example, in Kitchener (Ontario), two young women were recently found guilty of theft when a picture of them — brandishing the stolen goods — was found on a social networking site. Short of a confession, it is difficult to imagine a pair of accused making an easier case for the Crown.
We are also starting to see personal injury case defendants making effective use of the myriad photos of plaintiffs posted on social networking sites. In a typical scenario, the plaintiff alleges certain physical injury and ongoing incapacities, but then on a social media site, the defendant finds photos of the plaintiff white water rafting. The problem for the plaintiff is that these high-energy, extreme-exertion photos were taken after the accident, contrary to the plaintiff’s claim that an incapacitating injury was sustained at the hands of the defendant. The impact of these images on a plaintiff’s case is devastating.
You Can Click, but You Can’t Hide
In one such case, the plaintiff argued that the smoking gun images were on a "private" sub-site of Facebook™, and hence should be considered private and non-producible. The court asked how many friends and acquaintances of the plaintiff had access to this sub-site. The answer was something over 300. The court concluded that this many users having access to the sub-site removed the sub-site from the realm of the private.
In essence, with a few exceptions, it is extremely difficult to argue that anyone who participates in the social media has a reasonable expectation of privacy in the digital wake they generate. Corporate executives must keep this in mind when they are considering using social media to interact with any number of their constituents. (Incidentally, many of today’s teenagers and twenty-somethings will regret not having learned this lesson 10 years from now when they are beginning to climb the corporate ladder, and unflattering digital images of them from an earlier era emerge, courtesy of the universal archiving and search capability of most Web 2.0 technologies.) The fact is, the Internet casts a very long digital shadow.
Inadvertent Intellectual Property Disclosure
A different risk posed by Web 2.0 technologies involves the inadvertent disclosure of intellectual property. Consider trade secrets. The law will afford protection to an organization’s trade secrets — including its confidential information — so long as the organization takes reasonable measures to keep the material confidential.
It is extremely easy, however, to let a secret slip out during a Web 2.0 chat, blog posting or tweet. Again, we have already had an analogue to this risk in the Web 1.0 environment, namely the errant e-mail (for example, adding a non-company name to the "cc." list on sensitive, trade-secret-laden e-mail, and then having to hope that the "recall" technology works). Blog postings, however, can heighten the risk because of their colloquial nature; it’s simply easier to "let the cat out of the bag" when you are engaged in an almost conversational exchange with a group of like-minded individuals outside your company. Web 2.0 communication is also similar to truth serum (like e-mail), but over time there will be a lot more of it.
Missing Filing Deadlines
There are many ways that Web 2.0 communication can compromise intellectual property beyond inadvertent trade secret/confidential information disclosure. With some IP assets, you have to act promptly to file for protection before public use or disclosure, or you can imperil your rights. An example would be one of your R&D people participating in a Web 2.0 chat forum and disclosing too much about a new upcoming product before the requisite patent is filed for it.
Again, this is not an altogether new risk (patent applications in the tech space have long often been filed on the eve of an industry trade show where the product was to be unveiled for the first time), but it is accentuated in an environment where researchers like to stay in close touch with former professors and classmates through Web 2.0 technologies. This risk is further heightened as more and more R&D is performed in collaborative relationships with third-party contractors.
In a similar fashion, assume your company is about to ship the first truckload of a new product into the US market. The product is being rolled out under a new trade-mark. Millions will be spent marketing/advertising the new brand. You are ready to get the US trade-mark registration cranked up, which you can do in advance of the first shipment. What you learn, however, is that a fairly extensive Web 2.0-oriented marketing campaign has already been underway for six months to get the US market ready for the actual product launch. How unfortunate. You should have been called in much earlier — and now the legal strategy for protecting the new brand in the US may be at significant risk.
Corporate Disclosure and Web 1.0
Another legal risk area impacted by Web 2.0 technologies is your corporate disclosure/investor relations policies. If you are a public company in Canada, you probably have a fairly detailed written policy on corporate disclosure. The policy enshrines a disclosure committee, whose role it is to ensure that material information about the company is disseminated in ways that are fair to investors and comply with applicable securities laws (both in Canada and elsewhere, especially the United States if you are also subject to the US disclosure rules).
Generally, securities regulators in the United States have been willing to allow public companies to make use of different electronic technologies to communicate with their investors and the market more broadly, provided certain steps are taken and principles observed. One such principle is that all constituencies of your company should receive the same information at the same time, thereby avoiding selective disclosure.
In the Web 1.0 world of the fairly passive corporate web site, this meant implementing certain policies and procedures to permit your own website to serve as a recognized channel of distribution of corporate information that is readily accessible to investors. If these rules were followed, your Web-based disclosure could satisfy legally mandated public disclosure requirements for US purposes. Canadian regulators generally look to a press release.
Corporate Disclosure and Web 2.0
There are essentially two approaches that can be taken if you are considering the implications of Web 2.0 on your procedures for corporate disclosure. One posture is simply not to allow executives to participate in social media. Some companies take this approach because they are nervous that the risks inherent in Web 2.0 interactions cannot be sufficiently managed and controlled to permit it to be a safe channel of corporate disclosure.
The other approach is to update your disclosure policy, and to coach your executives, so that you address the risks of Web 2.0 communications as best you can.
This would entail, among other things, the following: Your pre-Web 2.0 disclosure policy likely has a pre-issuance review process for items such as news releases. The policy would be updated to require that draft blog postings and tweets undergo the same pre-issuance discipline and rigour. Equally, your current disclosure policy probably restricts the number of executives who are permitted to speak for the organization. Presumably, only a sub-set of these same people would be authorized to post blog entries, or make tweets.
In terms of what they post and tweet about, one approach would be to restrict material for social media dissemination and discussion to only information about your company that had been previously disclosed through your more traditional disclosure channel(s). In a similar vein, blog posts and tweets might link to other company material that had been previously disclosed. This is an important way to overcome the 140-character limit of tweets.
Other suggestions for bringing discipline to Web 2.0 corporate disclosure include: maintaining up-to-date (ideally, real-time) records of the content and interactions your executives have with social media (including so that corporate counsel can monitor compliance with your company’s disclosure policy, as updated to cover social media issues); monitoring what other websites and Internet pundits have to say about your organization; and coaching executives about the risks of impromptu communications over social media.
In essence, it is not impossible to manage the legal risks presented by social media in a Web 2.0 world, but it is challenging. And it requires legal counsel and executives to communicate and co-operate together, so that the attendant risks are managed proactively, rather than as items generating regulatory intervention or litigation.