Issue link: https://epubs.iltanet.org/i/43390
social media outside corporate networks, and each site represents a different set of relationships and entities that probably does not include the supervising corporation, assent for each account or site captured/ monitored is appropriate. This practice minimizes the risk that employees may later claim that a particular site was outside the scope of any agreement, or potential claims from third parties that may have had content captured without authorization from at least one party. At this point, there is limited guidance on whether third parties must assent to monitoring or capture of social media. This is an area of law that will likely remain unsettled for some time. Wherever possible, create separate business identities for social media to minimize capture of personal or private information. Capturing inherently personal or private content rarely provides value to an organization. In fact, for most businesses, it would likely create new risks or obligations. Perhaps the most compelling reasons for organizations to carefully consider methods for capturing interactions are the duties it assumes once in possession. At the very least, organizations that are intentionally capturing interactions, or are likely to include interactions that could contain personal or private information, will be required to appropriately protect that information according to a variety of obligations. A few examples of risk would include the possibility of individuals within the company making inappropriate comments regarding the following: • Personal interactions that deal with health-related discussions • Discussion of personal, political or religious views 16 Corporate Law Departments ILTA White Paper • Interactions associated with sexual orientation or identity • Participation in certain associations or organizations unrelated to the business • Financial information or issues In general, when viewed in the context of what organizations are compelled to govern in social media, most will find that a business identity that is separate from purely personal interactions is best for its employees and the organization. Some will argue that employees can subvert organizational policies by using nonauthorized accounts for business interactions, and that is true. However, it is no different than it is today with personal email accounts over which organizations rarely have controls. If employees are intent on undermining governance mechanisms, they will be creating unregistered identities regardless. Prepare to deploy solutions that can govern the three primary categories of interactions. Most regulated organizations are taking a measured approach to social media and starting with a limited number of employees and approved social media sites. In the near term, this means that organizations should appropriately focus on certain categories of models or capture methods. In the long term, they should become familiar with the different ways employees can interact with social media and options to govern the full breadth. Inside-Based Interactions: These are interactions with social media sites that arise from within a corporate network or on a corporate-controlled device. This allows an organization options to capture or control interactions on the device itself, or at the