The Legal and RIM Challenges Posed by Social Networking

1. The Legal and RIM Challenges Posed by Social Networking ARMA Gaithersburg Chapter November 10, 2009 Meeting Christina Ayiotis, Esq., CRM Group Counsel� E-Discovery & Data Privacy, CSC Adjunct Professor, George Washington University Principal Financier, Princess Andrianna Isabella Ayiotis

2. Agenda Social Networking Tools Facebook LinkedIn Twitter Risk Mitigation Through Policy, Ethics Culture Online Communication Policy RIM Processes Security Discovery Issues Preservation Collection Form of Production

3. Social Networking Tools- Facebook (www.facebook.com) Personal vs. Professional Facebook helps you connect and share with the people in your life. Due Diligence- Background Checks Privacy Rights Access to Profile Through �Friending� Statement of Rights and Responsibility; Facebook Principles; Privacy Policy

4. Social Networking Tools- LinkedIn (www.linkedin.com) Personal vs. Professional LinkedIn is an interconnected network of experienced professionals from around the world, representing 170 industries and 200 countries. You can find, be introduced to, and collaborate with qualified professionals that you need to work with to accomplish your goals. LinkedIn is free to join . . . LinkedIn participates in the EU Safe Harbor Privacy Framework and is certified to meet the strict privacy guidelines of the European Union . . . All relationships on LinkedIn are mutually confirmed, and no one appears in the LinkedIn Network without knowledge and explicit consent. Executives from all Fortune 500 companies are LinkedIn members.

5. Social Networking Tools- LinkedIn (www.linkedin.com) Due Diligence- Background Checks Privacy Rights Access to Profile Through Corporate Contracts User Agreement/Privacy Policy Who Should Be in Your Network

6. Social Networking Tools-Twitter (www.twitter.com) Professional vs. Personal Share and discover what�s happening right now, anywhere in the world. In countries all around the world, people follow the sources most relevant to them and access information via Twitter as it happens�from breaking world news to updates from friends. Twitter is a free Web site designed to provide the exchange of public content in the form of 140 characters messages sent from the Web interface or from a user�s phone.� All users of Twitter agree to the Terms of Service and Privacy Policy at the time of sign up, which allows Twitter to govern the site.

7. Social Networking Tools-Twitter (www.twitter.com) Terms of Service/Privacy Policy Who Follows You Guidelines for Law Enforcement What user information does Twitter have? Private information requires a subpoena or court order Data retention information http://twitter.zendesk.com/forums/26257/entries/41949 Guidelines for Law Enforcement Submitted Jun 17 by crystal What is Twitter? Twitter is a free website designed to provide the exchange of public content in the form of 140 characters messages sent from the web interface or from a user�s phone.� All users of Twitter agree to the Terms of Service and Privacy policy at the time of sign up, which allows us to govern the site.Users may have a public or private account, and choose to view the 140 character messages of other Twitter users, which range from businesses (such as Comcast, Whole Foods, or Zappos) to political figures (such as BarackObama) to celebrities or popular accounts (such as Oprah or Britney Spears) to normal people. � � What user information does Twitter have? Most Twitter profile information is public, so everyone can see it.� A Twitter profile contains a profile image, background, and the status updates, or �tweets� of the account owner.� In addition, the user has the option to fill out location, include a URL, and write a �one line bio� or short phrase about themselves.� The tweets on a profile page update in real time, so the newest information is always available at the top.� Public profiles also show a list of whose tweets the account owner �follows� or subscribes to, as well as the account owner�s �followers� or, those who subscribe to the tweets of the account owner. Private information requires a subpoena or court order In accordance with our Privacy Policy and Terms of Service, non-public information about Twitter users is not released unless we have received a subpoena, court order, or other legal process document.�� Some information we store is automatically collected, while other information is provided at the user�s discretion.� Though we do store this information, it may not be accurate if the user has created a fake or anonymous profile.� Twitter doesn�t require email verification or identity authentication.�Data retention information Twitter retains different information for different time periods.� Twitter may retain user information longer than usual in the case of preservation requests.� Data preservation requests must be accompanied by a subpoena or court order.� Preservation requests must be signed and sent on law enforcement letterhead.� Requests may be sent via the methods described below, and unless otherwise required, the user will still have access to their account. � How to request user information with a subpoena or court order Twitter accepts subpoenas delivered by mail or fax. In order to expedite the process, subpoenas should include the URL of the Twitter profile in question, and details about what specific information is required. Twitter conducts most correspondence via email, so please include an email contact so we may contact you.� To contact us, email: lawenforcement@twitter.com Only email from law enforcement domains is accepted.� Non-law enforcement requests should be sent through our regular support methods.� Non-law enfocement mail will be deleted. http://twitter.zendesk.com/forums/26257/entries/41949 Guidelines for Law Enforcement Submitted Jun 17 by crystal What is Twitter? Twitter is a free website designed to provide the exchange of public content in the form of 140 characters messages sent from the web interface or from a user�s phone.� All users of Twitter agree to the Terms of Service and Privacy policy at the time of sign up, which allows us to govern the site.

8. Risk Mitigation Through Policy, Ethics Culture Social Networking and Reputational Risk in the Workplace. Deloitte LLP 2009 Ethics & Workplace Survey Results http://www.deloitte.com/dtt/cda/doc/content/us_2009_ethics_workplace_survey_220509.pdf 15% of Executives Addressing Issue in Boardroom 17% have programs to Monitor and Mitigate 60% Executives- �Right to Know� 53% Employees��None of Employer�s Business�

9. Risk Mitigation Through Policy, Ethics Culture Online Communication Policy Dell� � . . . communications [must be] transparent, ethical and accurate.� Dell�s Code of Conduct Inside and outside the company Word of Mouth Marketing Association Code of Ethics (www.womma.org/ethicscode.htm) RIM Processes Security Inside the Network/Four Walls http://www.dell.com/content/topics/global.aspx/policy/en/policy?c=us&l=en&s=corp&~section=019 Dell recognizes that online communication tools such as weblogs ("blogs") and other online channels (chat rooms, etc.) increasingly serve as channels for direct interaction with customers, the media and other Dell stakeholders. The company's commitment to being direct supports open communications by employees and other Dell representatives, providing such communications are transparent, ethical and accurate. All online communication by Dell employees or company representatives on behalf of Dell is subject to Dell's Code of Conduct and applicable Electronic Dialogue policies, laws and regulations. Dell's Code of Conduct sets forth a standard of personal responsibility for employees both inside and in some cases, outside the workplace. Dell's Online Communication Policy adopts the same standard. Dell also recommends that its suppliers to adopt the standards outlined below. Any Dell employee or representative engaging in online, electronic dialogue as a delegate of the company is required to meet a standard that mandates: Transparency of Origin. Dell requires that employees and other company representatives disclose their employment or association with Dell (e.g., Richard@Dell) in all communications with customers, the media or other Dell stakeholders when speaking on behalf of Dell. Dell requires that employees, suppliers and other company representatives provide contact information on request. Accurate Information. Dell employees and other company representatives may not knowingly communicate information that is untrue or deceptive. Communications should be based on current, accurate, complete and relevant data. Dell will take all reasonable steps to assure the validity of information communicated via any channel but it is the employee's or other company representative's responsibility to assure accuracy in the first instance. Anecdotes and opinions will be identified as such. Ethical Conduct. Dell employees and other company representatives will not conduct activities that are illegal or contrary to Dell's Corporate Code of Conduct, Privacy Policy and related policies. Protection of Confidential and Proprietary Information. Dell employees and other company representatives must maintain the confidentiality of information considered Dell company confidential, including company data, customer data, partner and/or supplier data, personal employee data, and any information not generally available to the public. Dell employees or company representatives who fail to comply with this policy will be subject to discipline, up to and including termination of employment from Dell. In addition, depending on the nature of the policy violation or the online channel content, participants may also be subject to civil and/or criminal penalties. Additionally, Dell subscribes to the Code of Ethics established by the Word of Mouth Marketing Association (WOMMA). The WOMMA Code of Ethics is available at http://www.womma.org/ethicscode.htm. Dell's adherence to the WOMMA code means: Consumer protection and respect are paramount to Dell employees, suppliers and other company representatives. Dell demands honesty of relationship and opinion and identity. Dell respects the rules of the venue. Dell manages relationships with minors responsibly. Dell promotes honest downstream communications. Dell protects consumer privacy and requires specific permission to disclose consumer information to any outside organization for its use in marketing. http://www.dell.com/content/topics/global.aspx/policy/en/policy?c=us&l=en&s=corp&~section=019 Dell recognizes that online communication tools such as weblogs ("blogs") and other online channels (chat rooms, etc.) increasingly serve as channels for direct interaction with customers, the media and other Dell stakeholders. The company's commitment to being direct supports open communications by employees and other Dell representatives, providing such communications are transparent, ethical and accurate. All online communication by Dell employees or company representatives on behalf of Dell is subject to Dell's Code of Conduct and applicable Electronic Dialogue policies, laws and regulations. Dell's Code of Conduct sets forth a standard of personal responsibility for employees both inside and in some cases, outside the workplace. Dell's Online Communication Policy adopts the same standard. Dell also recommends that its suppliers to adopt the standards outlined below. Any Dell employee or representative engaging in online, electronic dialogue as a delegate of the company is required to meet a standard that mandates: Transparency of Origin. Dell requires that employees and other company representatives disclose their employment or association with Dell (e.g., Richard@Dell) in all communications with customers, the media or other Dell stakeholders when speaking on behalf of Dell. Dell requires that employees, suppliers and other company representatives provide contact information on request. Accurate Information. Dell employees and other company representatives may not knowingly communicate information that is untrue or deceptive. Communications should be based on current, accurate, complete and relevant data. Dell will take all reasonable steps to assure the validity of information communicated via any channel but it is the employee's or other company representative's responsibility to assure accuracy in the first instance. Anecdotes and opinions will be identified as such. Ethical Conduct. Dell employees and other company representatives will not conduct activities that are illegal or contrary to Dell's Corporate Code of Conduct, Privacy Policy and related policies. Protection of Confidential and Proprietary Information. Dell employees and other company representatives must maintain the confidentiality of information considered Dell company confidential, including company data, customer data, partner and/or supplier data, personal employee data, and any information not generally available to the public. Dell employees or company representatives who fail to comply with this policy will be subject to discipline, up to and including termination of employment from Dell. In addition, depending on the nature of the policy violation or the online channel content, participants may also be subject to civil and/or criminal penalties. Additionally, Dell subscribes to the Code of Ethics established by the Word of Mouth Marketing Association (WOMMA). The WOMMA Code of Ethics is available at http://www.womma.org/ethicscode.htm. Dell's adherence to the WOMMA code means: Consumer protection and respect are paramount to Dell employees, suppliers and other company representatives. Dell demands honesty of relationship and opinion and identity. Dell respects the rules of the venue. Dell manages relationships with minors responsibly. Dell promotes honest downstream communications. Dell protects consumer privacy and requires specific permission to disclose consumer information to any outside organization for its use in marketing.

10. Discovery Issues Preservation Lack of Physical Possession Requires Collection Subpoenas/Warrants Collection Forensic Allocation of Costs Form of Production Screen Shots, Wayback Machine �Native� Format, TIFFs, etc.