Social media and employment: checklist

Nicola Doran of Osborne Clarke concludes a series of articles on the impact of social media on employers with a checklist of measures that employers can take to reduce the risks to their business from employees' misuse of social media. 

1. Make clear the organisation's rules on employees' use of social media during working hours. 

Employers should make clear whether or not employees are permitted to access social media sites (and other non-work-related websites) during work time and give guidance on the amount of time spent on such sites that they deem acceptable. While a complete ban on personal internet use may be excessive and counter-productive, employers may choose to limit employees' personal use.

Employers that make clear their position on employees' use of social media during working hours will be in a better position to take action against employees who breach their requirements by spending an excessive amount of time viewing or updating social media sites while they are at work, than employers that fail to do so. Employers can set out their rules in a policy on social media use (or in their internet use policy), as well as including this in their disciplinary rules.

Where employees use social media as a business tool on the employer's behalf and to promote its activities, the policy should take this into account.

2. Ensure that the social media policy makes clear the employer's approach to content that could bring it or its clients into disrepute.

Employers should make clear in their social media policy that employees must not post material that could damage the employer's reputation or the reputation of its clients or other related third parties. The social media policy (or internet use policy) should:

  • prohibit employees from posting comments that criticise the employer, its clients or third parties or their staff, services or facilities;
  • make clear that the prohibition on making comments that could be damaging to the employer and related parties applies to social media use on the employer's behalf and to personal use;
  • require employees to remove offending content if they are asked to do so;
  • make clear that the prohibition on making damaging or defamatory comments applies whether they are made during work time or employees' personal time;
  • clarify the legal risks associated with the misuse of social media (for example a successful defamation claim against the employer and/or employee);
  • stipulate that employees' personal views do not represent those of the company and that employees must make this clear in postings that could be linked to the employer; and
  • set out the potential disciplinary consequences, including summary dismissal where appropriate, for employees who post comments that may bring the employer or its customers or suppliers into disrepute.

An employer will be in a better position to defend a claim of unfair dismissal where it has dismissed an employee for posting damaging or defamatory comments, if it has made clear that this is prohibited, than it would be if it has not set this out.

3. Ensure that the monitoring of internet and social media usage at work complies with legal requirements.

Some employers may want to monitor employees' internet use to ensure that employees are not using social media sites excessively or inappropriately during work time. Monitoring involves the processing of personal data and is subject to the requirements of the Data Protection Act 1998 and the Information Commissioner's Office (ICO) Employment practices data protection code (PDF format, 1.2M) (on the ICO website). An employer should carry out monitoring in a proportionate manner and only after it has undertaken an impact assessment to balance its needs against the impact of monitoring on its employees and their human rights (namely the right to respect for private and family life) and considered less intrusive alternatives.

The employer should provide its employees with details of how it will monitor their use of social media, the purpose of monitoring and how it will process the data that it collects. It can set this out as part of an information technology or data protection policy.

When carrying out monitoring, employers must also comply with the Regulation of Investigatory Powers Act 2000 and the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (SI 2000/2699). Particular care must be taken if the employer is to intercept personal emails. (See Monitoring use of social media during work time in the first article in this series for more details.)

4. Include cyber-bullying within the anti-harassment and dignity at work policies.

Cyber-bullying occurs where the perpetrator's use of information technology creates an intimidating, hostile, degrading, humiliating or offensive environment for the victim. Employers may be liable for acts of bullying and harassment by their employees, including cyber-bullying, even where the harassment takes place outside the workplace, if there is a connection with the workplace. Therefore, employees' social media postings that amount to cyber-bullying could result in liability for the employer, even if they make them outside work time. Further, under the Equality Act 2010, employers may also be liable for harassment by third parties such as clients, suppliers and contractors.

An employer will have a defence against a harassment claim if it has taken all reasonable steps to prevent the harassment. Therefore, equal opportunities and anti-harassment/bullying policies should include cyber-bullying within their remit and clearly state that online behaviour, whether or not it takes place during work time, must conform to appropriate standards and that employees who are found to have harassed and bullied other staff or other parties connected with work will be subject to disciplinary action. Employers may also wish to consider including a term in supplier and service agreements to the effect that they will not tolerate inappropriate use of social media that impacts on the employer's own staff.

5. Include breaches of the social media policy in the disciplinary policy.

Employers should include breaches of the social media/internet usage policy within the disciplinary policy and procedure, including the non-exhaustive list of actions that potentially amount to gross misconduct.

Similarly, the disciplinary and social media policies should make clear that employees will be required to cooperate with investigations into alleged breaches, including handing over relevant passwords and login details.

As mentioned above, an employer will be better placed to take action against an employee whose social media use has created a potential liability for it, if it makes clear its rules at the outset and the potential consequences, than if it fails to do so.

6. Be consistent when taking disciplinary action against employees in relation to breaches of the social media policy.

Employers should be consistent in how they address employees' misuse of social media. Inconsistent treatment may result in successful unfair dismissal and/or discrimination claims. By setting out guidelines for staff and managers on social media use and training managers in how to deal with transgressions fairly and consistently, employers are more likely to adopt a fair approach and reduce the likelihood of successful claims.

7. Have clear guidelines on how social media should be used to promote the organisation's activities.

Some employers use social media websites for marketing, promotional and recruitment purposes. The risk of liability for employees' posts that are defamatory or discriminatory is greater where those posts are made on the employer's behalf than it is for personal postings, as they are clearly made in the course of employment. Therefore, it is advisable for employers to set out clear guidelines for employees who will be posting material on social media sites on their behalf. Employers should:

  • spell out the risk of liability for content that is defamatory or discriminatory;
  • point out that, where confidential information or personal data is publicised without consent, this will amount to a potential breach of the Data Protection Act 1998;
  • make clear what type of information should and can be included in postings about the organisation;
  • clearly define the circumstances in which employees are deemed to be posting comments that represent the view of the employer or their own views;
  • specify the circumstances in which employees must seek approval for, and further guidance on, communications; and
  • explain how employees should deal with comments that are made by parties that have accessed relevant sites.

8. Control the number of employees who can post on the employer's behalf on social networking sites.

To limit the potential risk of damage to reputation and liability for defamatory postings or data protection or privacy breaches, employers should control the number of employees who are authorised to post on social networking sites on their behalf.

9. Train employees who post on behalf of the employer about what they can and cannot post.

Employees who are responsible for posting on behalf of the organisation should be given training in their responsibilities so that they can fully understand the potential legal liabilities that may arise for both the employee and the employer if they use social media inappropriately. Training should include guidance on the type of material that employees are authorised to post and highlight the potential risks if employees make inappropriate posts.

10. Manage the risk of employees retaining client lists on termination.

Employees who add business contacts to personal social networking accounts (for example LinkedIn) during their employment are likely to want to retain these contacts when their employment terminates. To help protect their business interests when employees leave, employers could:

  • require employees to keep separate social media profiles and contacts for their personal and professional lives (so that the employer can more easily reclaim work-related material);
  • include a provision in the social media policy and employment contracts that work contacts made during the course of employment (whether or not through social media) amount to confidential information belonging to the employer and accordingly must be surrendered on termination of employment; and
  • ensure that restrictive covenants that prevent the solicitation of, and dealing with, the employer's clients are robust and enforceable.

The next topic of the week article will be the first in a new series on elder care and employment and will be published on 5 September.

Nicola Doran (nicola.doran@osborneclarke.com) is a solicitor in the employment team at Osborne Clarke.

Further information on Osborne Clarke can be accessed at www.osborneclarke.com.