Social Media: Creating & Enforcing Company Policy

Social Media Policies Must Address Emerging Privacy Issues

The social media revolution is exploding on both the personal and professional fronts. Few lawsuits have been filed over social media disputes in the workplace so far, but legal experts agree it is only a matter of time. Although the potential liabilities associated with employees’ blogs, Facebook® pages and Twitter® activity, are still unclear, employers can still protect their organizations from myriad risks by implementing a comprehensive social media policy. 

“It’s a hugely important point that employers have to address social media and computer use policies to protect the employer from statements made by employees, because they can’t control what employees say or do,” says Damian R. LaPlaca, a partner at Donovan Hatem. “They can protect themselves by making and enforcing social media policies that provide that what employees say is a statement of the employee, not a statement of the employer.”

Policy Considerations
A good social media policy must also mandate that employees not disclose sensitive business information. “The policies absolutely have to have some provision that says do not misuse and disclose confidential company and third-party information,” LaPlaca says. “Because if you don’t have such a policy and an employee does transmit confidential information, then the third party could have a cause of action against the employer for not supervising and maintaining the confidentiality of its information.”

Even the transmission of information about routine work via social media could come under scrutiny. For example, an engineer who sends plans and specifications about a project through a blog or Facebook could be violating the confidentiality between the employee and client, LaPlaca says.

Additionally, the policy should direct employees who blog about work to include a statement that their writings are their own views and not attributable to the employer. The policy should indicate that the employer monitors employee use of company computers including email and social media during office hours. Finally, the employer must enforce its right to monitor such employee activities, says LaPlaca.

“There are a lot of unknowns out there. That is why employers are just trying to find their way through this morass of potential legal issues,” LaPlaca notes.

Expectations of Privacy
At the heart of the debate over social media risks is the issue of employees’ reasonable expectation of privacy.
Employees tend to think that if their social media account is password-protected and restricted to only a certain group of people, then the information is private. But that’s not true, LaPlaca says, because the information can essentially be forwarded to anyone.

Potential disputes involving employees’ reasonable expectations of privacy must be determined on a case-by-case basis. If an employee voluntarily consents to an activity that impacts privacy interests, the employee will be less likely to prevail on a claim, explains LaPlaca. Importantly, there is no expectation of privacy where an employer has instituted a policy removing that expectation, he adds. 

Employee Rights
But employers must be careful that their social media policies do not infringe on employees’ rights as well. “Employers need to make sure that their policies don’t overstep the bounds of what an employee has the right to do as an employee,” LaPlaca says. 

Under the National Labor Relations Act, employees have the right to engage in concerted activities. Therefore, employees are allowed to have wage and hour discussions, for example, using social media.

The American Medical Response of Connecticut Inc. found out the hard way that it could not enforce a policy that prohibited employees from “disparaging” the employer. The National Labor Relations Board (NLRB) got involved after the company fired an employee for posting comments about a supervisor on the employee’s Facebook page. The NLRB said employees, union or not, are allowed to discuss the terms and conditions of their employment with coworkers and others.

The NLRB also complained that the company instituted overly broad rules in its employee handbook about blogging, Internet posting and communications between employees. The parties announced a settlement in February 2011.

Information Overload
Employers can get into trouble for investigating non-employees’ social media habits, too.

Many human resource representatives and recruiters use Google™, Facebook, and LinkedIn® to check out prospective job candidates, says Deborah Kelly, deputy general gounsel at Dickstein Shapiro. The problem is, such social media resources often yield too much information. 

Google or Facebook searches, for example, reveal a wealth of information about individuals that employers are barred from taking into consideration when hiring—including age, relationship status, religion, sexual orientation and race. Yet, an employer who does not conduct a thorough search to uncover red flags such as a criminal history could be liable if the individual is hired and acts out later, Kelly notes. Or, if the employer does not hire the applicant based on prohibited information found on a Facebook page, the organization could be hit with a failure-to-hire lawsuit.

To avoid these problems, Kelly recommends that employers separate the decision-making and the background-checking processes. Initial decision making should be “social media blind,” she says, with any potential issues discovered through social media not raised until the final stages of recruitment, says Kelly. If possible, designating a social media checker will help ensure the hiring process is free from discrimination.

In the future, social media training for employees will become mandatory, like sexual harassment training, Kelly says.

Gaining Access
When an employer gathers evidence on an employee via his or her social media activities and wants to use it, many employers question how and when such information may be used, says Pam Moore, a partner at McCarter & English.

For example, an employee taking Family and Medical Leave Act posts on his Facebook page that he went skiing for the weekend. One of his Facebook “friends” happens to be a coworker who brings the posting to their supervisor’s attention. But to use the information against the employee, the company must first go through procedures under the Stored Communications Act, Moore notes. 

“It’s extremely difficult for employers to gain access from strange providers” (such as Facebook), says Moore. In fact, providers can be sued for releasing such requested data, she adds. 

“Just because you have a policy in place, the landscape is changing so quickly it’s critical for you to vet the question of whether you can use information from social media in disciplinary actions,” Moore says. 

Future Challenges
Insurance coverage for social media-related claims is still in the theoretical realm, says Joann Lytle, also a partner at McCarter & English. But employers are starting to investigate their options. “Companies are going to their insurance brokers to talk about what kind of insurance they should buy,” she notes.

Standard commercial general liability policies contain exclusions for bulletin boards and chat rooms, says Lytle. Employers should check their coverage for personal and advertising injury to see if defamation is covered and what the exclusions are, she advises. 

With so many uncertainties, the first thing an employer should do is put its CGL insurer on notice of potential claims or circumstances that could give rise to a lawsuit, says Lytle. Carriers are also introducing new products targeting these emerging risks, including policies that cover cyber liability and social media liability.

Some companies may have very specific concerns, such as medical information exposure, for example, Lytle adds. Therefore, employers must evaluate their insurance needs according to their concerns and potential exposure by examining how the company and its employees use social media.