Keoghs Insight


Lindsay Bottomley

Social Media Analysis - unlocking the chain of evidence

Fraud Aware March 2019

Whether helping to validate the impact of a genuine incident on a claimant, or supporting concerns that individuals denying pre-accident knowledge or associations were in fact closely acquainted, Social Networking Analysis has increasingly become a key tool in the Intelligence Analyst’s armoury when investigating suspected fraud.

The volume of social media content available to analysts has never been greater, and the ability to effectively, and compliantly, interrogate social media content can often be the difference between success and failure in an investigation.

If used wisely, Social Networking Analysis gives us the insight we need to look at a person’s lifestyle, routines, friends and relatives. We can also review the activities and behaviours of individuals before and after an event and use this to help paint a full picture of life before an incident, during the recovery/prognosis period and post-trauma. It effectively creates a story.

However, it is also easy to be blinded by social media content, and whilst the compliant use of such evidence delivers results, there are many pitfalls that can undermine effective analysis and investigation.

Risks associated with Social Networking Analysis include:

  • A breach of GDPR or Data Protection Act (2018), not only exposing an organisation to an adverse ICO referral but also a claim for damages for breach of GDPR / DPA rights
  • Undermining the admissibility of evidence obtained, negatively affecting potential case outcomes and leading to increased cost and overall indemnity spend
  • Adverse publicity and reputational damage

To minimise these risks, there are some basic principles that must always be adhered to:


Understand the terms & conditions of the sites you propose to interrogate. Many specifically prohibit use for commercial purposes, whereas others only permit use for commercial reasons in very limited circumstances. Whilst breaching terms & conditions such as these is unlikely to make evidence inadmissible, it will enable claimants to contest the legitimate basis of collection and potentially cause trial judges to scrutinise more closely the credibility and effectiveness of the information actually obtained.


Similarly, many social networks are now more effective at identifying commercial use of their content for screening purposes, taking proactive steps to prevent this via account shutdown and legitimate denial of services. For example, we know of a number of organisations that have repeatedly encountered analysts’ accounts being closed down by site administrators.


It is therefore essential that analysts use legitimate profiles, utilising an email address and mobile number genuinely attributed to that analyst. That does not mean using personal profiles, as it is entirely legitimate for analysts to separate their private/personal use of social media from their professional role. At Keoghs, we achieve this by utilising specific “workplace” profiles, set up using correct names, plus mobile and email address allocated and recorded by Keoghs for compliance purposes.


Conduct appropriate GDPR / DPA Risk Assessments – use of Legitimate Interests as the lawful basis for processing under GDPR is not automatic. The GDPR requires the party seeking to rely on legitimate interests to perform a legitimate interests balancing exercise to ensure that the interests of the controller really do outweigh the rights of the data subject. Similarly, the exception contained within s15 & Schedule 2, Part 1, para 2 DPA [2018] is not a blanket exception, and must be applied to the specific circumstances of each case. It is therefore good investigative practice to perform a risk assessment before commencing Social Networking Analysis to validate that there are compliant grounds for doing so.


Validate the data subject before commencing detailed Social Network Analysis. Utilise publicly available information and open source data, cross referenced to key data points, and known information such as occupancy list/family members or mention of any particular hobby.


Never make “friends” with the subject in an attempt to access closed profiles. Equally, never engage in social media conversation. These are simply not legitimate tactics, and must never be used. If a connection is made in error, that profile should be sanitised and closed down to avoid any opportunity to take advantage.


Ensure that your findings are admissible. Any social media captured by an analyst is merely a document until the chain of evidence is completed. It is therefore essential to capture the chain of evidence, given what you see today may have disappeared tomorrow. Do not just capture screenshots. Follow the simple model of ‘identify-validate-capture-secure’.


Be prepared to prove the results through a full witness statement from the relevant analyst. This means that the person conducting the Social Network Analysis must be competent in the production of evidence – whether under the CPR or CJA rules – and capable of giving evidence in court.


Ultimately, when conducting Social Networking Analysis, the process of validation is key. What’s worse - being unable to find crucial evidence on a case you have a gut feeling about or not capturing the information at your disposal? Or misplacing that piece of silver which, when melted down with the rest, would have created the bullet that blows the case out of the water? I’d say the latter.

Equally, however, that analysis must be compliant. Many social media sites have implemented more robust privacy controls following scandals such as Cambridge Analytica, and so maintaining a proactive and compliant approach to effective Social Network Analysis is key.

Only then can the full benefit of Social Networking Analysis be truly unlocked, risks managed and mitigated, and optimum results delivered.

For more information, please contact Lindsay Bottomley