The Preponderance of Instant Messaging in the Workplace and its Inevitable Effect on eDiscovery
By Thomas Gersey, Esq., BlackStone Discovery
When it was introduced, e‐mail was a revolutionary new tool for the exchange of ideas, information, and pleasantries. What once took days to convey could now be relayed in seconds. Eventually e‐mail became a huge part of our working lives, changing the way we do business day‐to‐day. However, while many jobs got much easier, the job of a litigating attorney was about to change drastically. With the prevalence of e‐mail, companies are now producing a deluge of information – information that needs to be preserved, collected, indexed, and produced during the course of discovery.
Luckily, with advances in data storage technology have come similar advancements in the collection of this Electronically Stored Information (“ESI”). Historically, the mere thought of collecting and sifting through 100,000 records was enough to drive an attorney crazy. Now, the processes and protocols are in place to make a similar effort efficient and controllable.
However, while the early recognition by companies of the inherent business value of e‐mail has allowed attorneys, IT personnel, and e‐discovery professionals to stay ahead of this proliferation of data, instant messaging poses greater problems due to its more sudden acceptance as a business tool. What was once reserved for personal communications, is now being used across all industries (in some cases exclusively) as both a supplement and replacement for the more formal e‐mail.
And why shouldn’t it? The ability to share ideas and information in real‐time is an efficient upgrade to the delayed responses we experience even with e‐mail. As a result, counsel must be especially cognizant of this changing landscape, as the slow replacement of e‐mail with instant communications indicates coming changes in e‐discovery law that threaten to catch everyone by surprise. The bottom line is: What are our legal responsibilities from an e‐discovery standpoint in regard to instant communications?
Before developing a plan for dealing with new technologies, it is important to identify the weaknesses the new technology can create in a company’s discovery policies, and the potential exposure those gaps can lead to.
Lack of Control: The first problem to address is an organization’s lack of control over the communications tools that their employees are using. As employees discover new and more useful methods to do their jobs, they are going to be rapidly integrating those tools into their everyday duties. This is of particular concern for high‐tech companies where their employees are likely to be early adopters of new applications and web‐based services. The newer the technology, the more likely it is that the effects of that technology on e‐discovery have yet to be contemplated by the company’s counsel.
Ease of Deployment: One of the key benefits of instant messaging tools is the ease with which employees can download and begin using the software. Without restrictions in place, employees can link these messaging clients to their work devices, all absent any reporting or tracking by the company’s IT department. In addition, even where a messaging tool is not free and requires a personal license to use, employees are still willing to spend personal expense to upgrade their daily efficiency – a sort of “self‐service SaaS.”
Lack of Knowledge: Once a new technology is discovered to have been used, or is being used, by employees, counsel has the ability to better control the type of information that is being relayed via that communication tool as well as how much of that information will be retained. However, it creates a dangerous unknown for counsel in regards to (a) how much data has already been created and stored, (b) where is that data being stored, and (c) what does that information contain?
Threat of Discovery: As will be seen, current court rulings and statutory law are fairly silent on how to specifically deal with the day‐to‐day generation of instant messages. But as we have seen in the past, this does not alleviate companies from the duty to contemplate inevitable changes to the discovery rules, and to put in place policies and protocols that properly deal with the treatment of their data. This becomes especially important in light of the fact that there may be communications being created by, and retained for, their employees which will end up being discoverable. Without instituting a proactive plan immediately, companies run the risk of being required to produce potentially compromising information over which they had no control and of which they were unaware.
Privilege: The greatest risk a company faces related to the use of instant communications by their non‐ attorney employees is a lack of attorney‐client protection. Even as companies and counsel have become better at directing employees to protect their legal discussions by communicating them with an attorney via e‐mail, there are still instances where otherwise privileged conversations are being had sans any kind of request for legal advice. How dangerous, then, will employee conversations about legal matters become now that they are being had via instant messages? Employees who may neglect to loop in counsel on a legal matter from the outset of the conversation will now be having those conversations in the less formal, much more open format of an online chat. Absent a request for, or reflection of, legal advice in a communication, the likelihood of compromising information being relayed will increase significantly.
Breach: Not addressed here in full, but very relevant nonetheless, is the increased threat of security/data breach that arises with each additional piece of software that is introduced to a company’s network. Without a proper vetting of various messaging software, a company’s security may be at the whim of a single employee’s decision.
WHAT IS THE CURRENT LEVEL OF DUTY TO RETAIN IM’S?
Not surprisingly, the amount of information on this is sparse. The question of whether to retain instant messages and text messages has certainly been discussed, but it is not yet being challenged during litigation. The reasoning is most likely two‐fold: (1) Litigants are burdened enough with the collection and review of e‐mail and documents and don’t see the value in combing through chat logs, and (2) parties are loathe to request IM records for fear that they will be required to produce similar records of their own.
If a company is in the financial services industry, then they already know their standard. Per the SEC and NASD, financial services companies must retain their text messages and instant messages for at least three years. However, this requirement is very specific and rare. For any other company, the standard is much more lenient. There is essentially no known duty to preserve instant or text messages if a party does not routinely save those messages and litigation is not anticipated.1 The only decision that may arise for an organization will be when that company does not retain instant messages in the ordinary course of business and a continuing obligation to preserve data arises in connection with pending or anticipated litigation. In that situation, an organization must decide if the pending or anticipated litigation is sufficient so as to require altering the organization’s retention policy to begin retaining those records.
By that standard, and the overwhelming lack of court guidance on the subject, it would seem that counsel should be comfortable advising their corporate clients to not retain instant messages. They may be right to do so, but only under the prevailing thought that e‐mail is the dominant method of communication in the workplace. Unfortunately, recent studies say otherwise. A 2013 survey by Informa Telecoms found that users sent roughly 20 billion instant messages per day – thus overtaking traditional SMS messaging via phone. According to TechNewsWorld, an online technology news publisher, “80 to 90 percent of all companies have some instant messaging use by employees”, with 80% of that activity taking place over external programs.2 As employees make their work easier by incorporating the everyday technologies they are comfortable with, and as software start‐ups continue to create better enterprise IM systems, the replacement of work e‐mail with instant communications is almost inevitable.
The answer to the question of what level of preservation attorneys should be advising for their clients isn’t as simple as it seems. Despite the lack of standards or statutes, it should be clear that as people’s communication habits change, so too will the legal rules governing the preservation of those communications.
As of now, the Federal Rules of Civil Procedure do not specifically govern the treatment of instant message records. However, FRCP 34(a), which deals with defining ESI, doesn’t specifically exclude instant message records either. The code says, “electronically stored information” is discoverable if it is “stored in any medium” from which it can be obtained and “translated, if necessary,” into a “reasonably usable form.” While the statute is purposely vague, the Advisory Committee made it a point to expand on the language to contemplate that ESI may come in forms not known at the time of the construction of the rule. Specifically that ESI will eventually take new forms in the future, and attorneys should reasonably anticipate those forms.3
1 The Sedona Conference, International Principles on Discovery, Disclosure & Data Protection: Best Practices, Recommendations & Principles for Addressing the Preservation Discovery of Protected Data in U.S. Litigation (2011) 2 Seth A. Northrup & Li Zhu, Let’s Chat About the Legal Risks of Instant Messaging, Corporate Counsel, March 14, 2014.
IT’S ALREADY HAPPENING RIGHT UNDER YOUR NOSE: A CASE STUDY
If you are counsel or corporate management, the idea that information is being created and not controlled has to be a frightening proposition. How much scarier, then, would it be to find out that it is already happening as you read this?
There are already a large number of chat clients available to employees to improve their efficiency. Products such as HipChat and Cisco’s Jabber are already providing enterprise chat solutions for companies, while tech giants like Google, Microsoft, and Box are actively working on providing more advanced options.4 But the true leader in the space appears to be Sand Hill Road darling, Slack.com.
The Slack Problem
One of the fastest growing business applications in history, Slack is a team collaboration tool created and launched in April, 2014. The application is available free to online users, but Slack also offers enterprise solutions that provide customizable settings. They reasonably estimate that by the end of this year, there will be 2‐3 million workers around the world using Slack.5 The question isn’t whether instant messaging is going to replace work e‐mail – the question is whether or not it has already.
A worker’s incentive to switch from e‐mail to an application like Slack is obvious. The application offers persistent chat rooms organized by topic, as well as private groups and messaging. Employees can now discuss, in real‐time, their various projects with only the specific people they need input from. What once involved a multi‐recipient, 15 message e‐mail string, can now be resolved with a five minute chat where workers can share ideas, files, and links. The value created by this efficiency is extensive, but this is a potential nightmare for an eDiscovery professional.
The free version of the application allows you to view up to 10,000 archived messages, however, it also says that “although there are older messages than are shown below, you can’t see them.” This is a clear indicator that every instant message is being retained by Slack servers. So, even where a company has a clear policy to not retain instant messages absent a pending legal matter, employees may have already generated thousands of lines of discoverable content via a third‐party chat client.
3 Fed. R. Civ. P. 34(a) advisory committee’s note (2006) – (“Rule 34(a)(1) is intended to be broad enough to cover all current types of computer‐based information, and flexible enough to encompass future changes and developments. References elsewhere in the rules to ‘“electronically stored information”’ should be understood to invoke this expansive approach.”).
4 The enterprise chat software space is replete with options, including Lync, Google Apps, Yahoo, Facebook at Work, Voxer, Instantbird, Yammer, Pie, Let’s Chat, Sharepoint, etc.
5 The investor community has taken notice, and they seem to agree that enterprise chat software is the future of workplace communication. Slack’s initial round of financing netted them $43 million in April, 2014, and was quickly followed up by a $120 million round in October, 2014 (valuation: $1.2 billion). Most recently, Slack garnered a third round of financing for $160 million in April, 2015 (valuation: $2.76 billion).
There is a school of thought that describes instant messages as being the equivalent of an offline communication. But is a real‐time, online chat, the same as an interpersonal conversation, or should it be treated like e‐mail? A good indicator is often whether or not the chat was recorded. The Federal Rules of Civil Procedure say that ESI is “any . . . electronically stored information.” With Slack (and similar application) chats being recorded, it stands to reason that courts will be empowered to deem those conversations discoverable, whether directly from the producing party or via a third‐party subpoena/request. Your organization may be sitting on a mountain of producible, highly relevant evidence and not even realize it.
Further complicating matters is the issue of privilege. In eDiscovery, electronic conversations with an attorney or an acting agent of that attorney are rightfully withheld as privileged communications. In fact, most often communications that include an attorney (via cc) or which relay legal advice in some manner are also considered privileged. Such a broad allowance has made it easier for organizations to institute e‐mail policies requiring their employees to include counsel in a communication that raises the need for legal interpretation. Alternatively, employees may be directed to conduct legal inquiries via an offline conversation (in person, phone call, etc.) to solidify the attorney‐client relationship. How, then, is a company to preserve the privilege of a communication via chat? The benefits of instant messaging are that employees can collaborate in real‐time, allowing them to express ideas or questions as they arise, and to get immediate feedback without the delay of e‐mail. The risk, then, is that employees will feel free to discuss potentially damaging legal issues without the presence or feedback of an attorney. Now, combine (1) the data created outside the scope of the corporate retention policy that (2) has been recorded throughout on a third‐party server which (3) is likely to be discoverable pursuant to the Federal Rules of Civil Procedure that (4) was conveyed without the presence of an attorney. The result is the existence of potentially relevant and non‐privileged data over which the company has no control.
This increased use of instant messaging software in the workplace is only one facet of the problem. Despite the preponderance of potentially relevant IM data, the eDiscovery effects are only as significant as provided by court rulings and statute. And therein lies the urgency. Recent proposed amendments to Federal Rules of Civil Procedure 37(e) seek to impose a uniform standard relating to the remedies available to a court when ESI is not properly preserved. Whether or not ESI has been properly preserved will be subject to a three pronged test which emphasizes cooperation, proportionality, and reasonableness. Where FRCP 37(e) is found to have been violated, then a court – finding prejudice to the impacted party – can determine a remedy “necessary to cure the prejudice.”
This puts tremendous pressure on organizations and their counsel to determine what constitutes reasonable, proportional steps in preservation going forward. As the types and location of data, across internal and external systems, continues to grow, the definition of what is reasonable and proportional will begin to change. If a company is creating 75% of their relevant information via instant message, then a court is likely to determine discovery of that content to be both reasonable and certainly proportional. Without a concerted effort to plan accordingly, organizations and their attorneys run the risk of significant sanctions when their productions come up short.
Luckily, there is good news. First, applications like Slack and its counterparts are often customizable. If using a paid service, an organization can customize retention and archiving preferences to match their policies and protocols, and do so as a reasonable litigation cost. Secondly, eDiscovery professionals, such as BlackStone Discovery, offer solutions that can help organizations rein in and organize any existing information, while creating a detailed plan to control future data.
PLANNING FOR THE FUTURE
As data gets strewn across more and more platforms and resources, being able to track and preserve it becomes more difficult. This is especially problematic when employees are creating data via third‐party software. The ideal solution is the implementation of front‐end Information Governance, or “IG.” IG will allow an organization to not only audit and track the information that is currently being generated, but it will also allow for the company to track information created in the past and bring it under the umbrella of their corporate ESI policy. Going forward thereafter, any new tool used to communicate, store, or create information can be mapped to the organization’s network.
Audit the Information
The first step is to determine what information is being created that is not being tracked. A BlackStone Discovery IG professional can assist by preparing a detailed data map which identifies all data nodes in the organization, especially those that are operating outside the purview of the company’s ESI policy. By mapping the data to a central location, an organization can be sure that all of the company’s information is being covered by the retention and preservation protocols. Mapping the data sources will also allow for the discovery of new, untracked information during scheduled future audits. This will give an organization not only the peace of mind that their information is under control, but also a detailed and defensible policy should a court ever question their methodology.
Establish an Instant Messaging/Chat Policy
Once potential weak spots have been identified, an organization should evaluate the need for instant messaging. Most likely it is too late, and the use of IM software is already entrenched. If the decision is made to use IM for work‐related matters, the company should consult their BlackStone Discovery IG professional to help determine the strengths and weaknesses of a potential enterprise IM system. Such a system should be for work‐related discussions only, with no public messaging feature. It should also be customized to conform to an instant messaging policy, created in conjunction with the IG professional and counsel, meant to govern the use, content, retention, and scheduled, defensible destruction of IMs.
Once all data sources have been identified, and an instant messaging policy has been created to supplement the general ESI records retention policy, the organization should identify previously untracked data. This data can then be brought into conformity with the new records retention policies where it can be analyzed for adherence to expired disposal dates, outstanding legal holds, etc.
Confidence in eDiscovery
The immediate benefits are obvious. Data has been identified and brought under control, allowing the organization to perform an eDiscovery collection with peace of mind. The threat of unknown, incriminating data being produced has been greatly reduced. At the same time, the company has established a defensible framework that they can be confident in should their productions be challenged.
The secondary benefit is that an organization and its counsel can expand the scope of their own discovery requests. With the knowledge that their instant messaging data is properly controlled and preserved, counsel can push for the production of IM chats from the opposition without worrying about the quality of a reciprocal production.
This analysis is just the tip of the iceberg, and staying ahead of the game in the preservation and control of instant messaging data is only the start. With the proliferation of mobile devices, video messaging, voice texting, wearable technology, virtual technology, and any number of new methods of communication, it will be imperative that companies and their counsel consult with eDiscovery and Information Governance professionals to insure that they are prepared to deal with the future of “big data.”
ABOUT THE AUTHOR
Thomas J. Gersey is an Information Governance and Litigation Readiness (IG|LR) specialist of BlackStone Discovery’s Client Solutions division. Thomas holds a Juris Doctor and a Master of Laws from the University of San Diego School of Law and is admitted to practice in California.
Thomas is a seasoned veteran, boasting nearly a decade of experience as an attorney and litigator for large corporate entities and eDiscovery vendors. At BlackStone Discovery, he not only manages time‐sensitive, high‐ volume cases, but also plays a critical role in the creation of data maps and protocols, and the consulting of BlackStone’s partners who are undergoing discovery requests or seeking to bolster their information governance and litigation‐readiness plans