Social Media Ediscovery: Investigating Employee Misconduct

Most business organizations implement email and social media archiving solutions to automate regulatory compliance and speed up open data request response times. But they often forget the crucial component that is entwined with all the reasons behind archiving ‒ the human factor.

Employee misconduct investigations can be the result of various HR-related scenarios that require the HR and IT teams to look at an employee’s electronic communications to define the pieces that could be relevant to a legal case or dispute. This process of searching through various databases to locate the ESI relevant to a possible lawsuit and protect it from deletion and alteration is called ediscovery.

There are two main issues that complicate HR ediscovery:

1. The relevant data usually appears in various forms and formats and is located on various systems (Word documents, Google Drive, email, PDF documents, chat apps, social media posts…)
2. The data might be missing or impossible to locate if the company doesn’t have properly established retention policies and an ESI lifecycle plan.

Some of the employee litigation scenarios that require ediscovery include negligent employee hiring and retention, accounting and workplace safety-related lawsuits, as well as various cases of employee misconduct like:

• fraud or embezzlement
• sexual harassment in the workplace
• threats
• theft of assets or intellectual property/trade secrets
• unauthorized access to classified or sensitive data and
• other types of inappropriate forms of behavior and communication

How employees threaten compliance

Companies have to archive electronic communications in a strictly defined and secure way because of compliance regulations. However, they also need to ensure that data is not tampered with before or after it gets archived because data authenticity is the foundation of successful compliance and also because ESI can be requested for ediscovery. Then again, proving data authenticity and integrity is key.

To prevent data tampering, CSOs, CIOs and IT Managers need to choose a data archiving solution that will allow them to limit access to the archived information and define levels of access so that only those employees with the highest privileges can view and manage the business-critical, sensitive and personally identifiable information.

Investigating employee misconduct – types of insider threats

Communications data which is regularly sent and received via email, social media or internal instant messaging and collaboration apps and project management tools, includes all kinds of sensitive information – customer details, intellectual property, accounts information, to name a few.

There are two main types of insider threats to data:

• A malicious insider: this is a person who acts maliciously with intent. This may be someone who has access to sensitive information, for example, a sales administrator, an exec, or an IT staff member with privileges. With access to so much sensitive data, what happens if the employee decides to leave or develops a grudge against the company? What if they send this data outside the company, or try to sell it for cash?
• A non-malicious insider: this is a person who unintentionally violates data protection and compliance policy. Clearly, these insiders greatly outnumber the former group. They violate policies without meaning to do so. For instance, they may email confidential documents to their personal address in order to carry on working at home. Either way, the company’s confidential data is still at risk.

According to Harvard Business Review, insider threats account for 39% of all data breaches. The actions of someone inside the company can make your business vulnerable, damage your company’s reputation and cost you millions of dollars.

Allegations of misconduct have cost the US Congress a staggering $17 million in the last 20 years. According to a recent case study by Worklogic, the costs of misconduct for a single employee were between $200k and $300k, while the costs of the simple steps needed to minimize the risks of misconduct across the organization were only $12,500. But what exactly are those simple steps? What can companies do to minimize misconduct?

Social media ediscovery and employee misconduct cases

What is social media misconduct?

Employee misconduct is defined as carelessness or negligence that shows an intentional disregard of the employer’s or fellow employee’s interests.

Certain instances of misconduct are not considered a criminal offense and are dealt with internally. Other, more serious offenses such as theft, fraud, discrimination or sexual harassment are labeled “gross misconduct” and typically lead to dismissal and court action.

Since October 2017, more than 70 powerful men from various industries in the US have been fired or resigned for allegations of sexual misconduct. The issue has gained intense media scrutiny which highlighted the need for companies to have better control and oversight of employee behavior and actions.

Most official business channels like email are monitored and leave a permanent record. Since social media is one of the most prominent forms of communication (in and out of the workplace), it has a vast potential to harm organizations if employees are not instructed on how to use these channels properly. Potential pitfalls include reputation damage, disclosure of confidential and sensitive information or causing liability to the employer. This is why it’s crucial to implement social media policies and controls.

Oversight, oversight, oversight

How can you prevent employee social media misconduct in the workplace? Although monitoring employees’ electronic communications is controversial and often considered intrusive, it is becoming a best practice for reasons such as checking the personal use of company systems and detection and prevention of crime, harassment and misconduct in the workplace.

Employers need to consider email and social media management as crucial parts of the company’s risk management strategy. According to Osterman Research, as much as 75% of relevant corporate information, including confidential and sensitive data, is contained in emails employees exchange daily.

In addition, social media presence is now a fundamental asset for businesses of all sizes. Improper use of these channels can result in deliberate or inadvertent leakage of corporate information, trade secrets and intellectual property. Both email and social are potential pools of valuable corporate information that also contain evidence that can be used in internal investigations and ediscovery.

Data archiving solutions ensure compliance and detect employee misconduct

We already explained that the preservation of employee email, social media posts and instant messages can be crucial in employee relationships investigation and employee misconduct cases.

Data archiving technology involves multi-purpose archiving solutions that can provide much-needed assistance in employee misconduct cases. Without an archiving software, going through employees’ communication manually would be a painstaking process that could take months and cost thousands of dollars.

The beauty of archiving solutions is that they ensure compliance within the email and social media systems and encourage compliance within the ranks of employees. An archive is a catch-all, tamper-proof solution which stores every single message that goes in and out of the organization in near-real time.

Employers can use archiving software not only to retain business records, but also to proactively monitor email and social media activity and identify malicious keyword patterns. Both malicious and non-malicious employee threats can be successfully neutralized if employees are aware that their communications are automatically monitored and that the HR department will be alerted in case something inappropriate gets communicated.

An archiving solution captures all email and social media content and stores its unique, time-stamped copy in an inalterable, tamper-proof format. Archivers possess super fast search functionalities that yield precise results in a matter of seconds and options such as legal hold, which allow compliance officers and lawyers insight into a specific person’s communication way past the general retention period set by company or compliance standards.

Archiving software lets you create a keyword list with profanity words to get alerts when someone uses them in official channels. You’ll also be able to run or schedule periodical, weekly searches to check what’s being communicated.

In other words, having an archive in place will allow you to locate evidence of employee wrongdoing quickly and efficiently, be it an incriminating email or a hateful comment on Facebook that later got deleted. Surely, an archive will also provide proof that could vindicate an employee that got wrongfully accused.

Educate, inform & archive

In conclusion, employees need to be aware that confidential information, trade secrets and customer information must be communicated carefully and using appropriate channels. For improved corporate governance, companies should make sure they:

• preach corporate accountability
• clearly communicate what constitutes social media misconduct
• create and implement a social media policy
• insist that staff read the employee handbook and confidentiality agreements
• notify employees that their online landscape is being monitored and archived
• organize training and refresher courses on social media use

Finally, organizations need to understand that information governance and compliance can no longer be limited to email, but should incorporate alternative channels that employees use for communication, including social media, instant messaging apps and text messages. Data archiving technology combined with clear internal policies is a win-win combination that will help any company to minimize, detect and handle instances of employee misconduct.