Ten social media legal risks for employers
The increasing use of social media sites can have huge ramifications for both employers and employees, as John Chalton reports.
When some holiday photos of science teacher Kirsty Cook-Bell were posted on social media site Facebook in October 2010 they seemed harmless.
Yet the fact that they could be seen by pupils alarmed her employer, Grace Academy, near Birmingham, which suspended her.
This incident illustrates the impact that social media is making on the workplace and the challenges employers face in dealing with the ramifications. These include monitoring usage, protecting intellectual property and sensitive information, recruiting via social media sites and protecting the organisation's reputation.
Banning the use of social media sites by employees is favoured by many UK employers.
Jon Ingham, a social media and HR consultant, says: "About two-thirds of organisations in the UK ban access to social media sites at work. One organisation I work with is in the financial services sector. The value of its information is so high that the risks of competitors getting hold of it or the risk of a virus justifies the ban.
"But I struggle to understand why so many organisations ban access to social media sites and blogs as it can stop employees gaining access to knowledge that may be valuable. Also it can make an employer look old fashioned, especially in the eyes of younger employees or would-be ones."
Gagandeep Prasad, associate at Charles Russell, says the most common risks posed by social media to employers are:
- defamatory comments and damage to brands;
- potential breaches of security and confidentiality;
- risk of cyber bullying/harassment and/or discrimination against employees or third parties; and
- loss of productivity because of time wasted on social media sites while at work.
She says: "Employees are entitled to a degree of privacy in their working environment but this is to be balanced against the legitimate interests of the business."
Employers that wish to monitor social media usage should, says Prasad, take into account the relevant legal parameters before and when doing so.
"The primary legislation is the Data Protection Act 1998 and the accompanying codes of practice. The Employment Practices Data Protection Code includes important practical guidance in Part 3 on carrying out workplace monitoring.
"Other legislation includes the Regulation of Investigatory Powers Act 2000, which governs the interception of communications over public and private networks and the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000. This provides for circumstances where, in a business context, it is lawful to intercept communications without consent."
Minimise risks through social media policies
Apart from banning social media usage at work, DLA Piper employment partner Mary Clarke says: "The most important means of minimising risks is by having a social media policy, either as a standalone policy or as part of an email and internet policy. Also, it can be useful to incorporate specific provisions into employment contracts."
The policy should be created, she says, by management, HR and IT and must be appropriate and feasible for the employer and readily understood by the employee. Points to cover include what access to social media sites is allowed, how usage is monitored and whether or not an absolute ban is in place.
Sarah Clayton, employment partner at Heatons, says: "The policy should remind employees that they must not disclose confidential or proprietary information, make any derogatory, untrue or discriminating comments about the company, its employees or clients, or any comments that are likely to bring the company into disrepute."
Prasad adds: "If the policy is controversial, it may be good practice for the employer to consult with employees and/or their representatives about the proposed policy and the business reasons for having it. It also has the advantage of publicising the policy and ensuring employees understand what they can and cannot do."
Ten social media legal risks for employers
1. Employee posts derogatory comments about employer
Employers, says Prasad, can take disciplinary action that could lead to dismissal, depending on the nature of the comments. They should ask the employee to remove the offending posts. If that fails, they can ask the site's hosts or owners to remove the content. If this fails, then an injunction can be sought. Libel proceedings can also be brought if comments are considered defamatory, but employees have the right to freedom of expression and if their posts are genuine complaints about work and conditions they may not be defamatory.
David Buckle, head of employment at Cubism Law, says: "In the absence of any express contractual clause, an employee has implied duties of fidelity to their employer and not to bring their employer into disrepute. This duty extends to the employee's off-duty time. On this basis, it is possible that the employee has committed a conduct offence. However, the damage caused will often be speculative and difficult to substantiate."
If the employee is dismissed and lodges a claim for unfair dismissal, the employment tribunal may, says Buckle, examine the potential impact of the posting, for example the number of hits it received. If the posting is judged to be insubstantial or not especially damaging, the tribunal may find in the employee's favour.
2. Employee posts video clips on a social media site that may bring employer into disrepute
This is a similar situation to posting derogatory comments. Employers can take disciplinary action against the employee and ask the website to remove the offending clip. If it doesn't, then an injunction may be sought and damages claimed.
3. Employees leak confidential information about their employer via a social media site
Unless told otherwise, employees have an implied duty not to release confidential information during the course of their employment. To do so can be an act of gross misconduct and result in summary dismissal. "This is more likely to cover financial information," says Buckle. "However, where the information is already in the public domain, through posted accounts or announcements, it is unlikely this will be protected as the information is no longer confidential. In appropriate cases, restrictive covenants should be used to protect the employer's interests. Injunctions can be sought to prevent the use of this information, although this can be costly."
4. Employee airs controversial views on blogs in which his/her employer is named
Clayton says: "Employees should be required to include a disclaimer on any blogs that they publish that make it clear that the views expressed are those of the employee and are not representative of the employer's view."
5. Rejecting an applicant because of the content of their Facebook profile
The level of risk would depend on the nature of the content with age, religion, gender, and sexual orientation potential pitfalls. "If the employee has revealed personal details and it could be inferred that the reason for not selecting the individual was because of one of the protected characteristics," says Prasad, "then the employer could be at risk of a discrimination claim. If there are no discriminatory reasons then there is no risk as there is no contractual relationship between a potential job applicant and the employer."
6. An employee takes lists of contacts they have built up from social media sites accessed in work and their own time and then leaves to work for a rival
Clarke says: "Ultimately, an employer in these circumstances may need to seek a court injunction to prohibit the ex-employee and their new employer from using the client contact list on the basis that the list is confidential information. Obtaining one could be difficult. Customer details held on a system such as LinkedIn are arguably public and not confidential.
Also, if this is the only place where records of an employee's business contacts are held, it will be difficult to establish that this information belongs to the employer rather than to the employee. Such issues make it essential for employers to ensure that employees are obliged to record client contact details on an internal database and that this information is expressed to belong to the company and be returnable on termination.
Where appropriate, express contractual restrictive covenants and confidentiality provisions should be used.
7. Employees post user-generated content on internal sites without checking copyright status or accuracy
Distributing documents, pictures, or "works" of another without the owner's permission is likely to amount to an infringement of copyright laws for which the employer could be held liable.
Clarke says: "Employers should address this issue specifically in a social media policy, any email and internet policy and also in the disciplinary policy. The dissemination of copyrighted information should be clearly stated to amount to a disciplinary offence that could result in disciplinary action including, in serious cases, dismissal."
8. Employees spend too much time at work on social media sites
Employers that allow access at work should be clear about the parameters they set. If not, says Buckle: "Employees may have claims arising from the confusion as to how much time they are allowed to spend. It is often easier to impose a blanket ban on such matters, which, if clearly stated in their relevant policies and contracts, can be used to substantiate allegations of misconduct if employees abuse the situation. It is also possible to raise performance issues generally if employees are failing to complete their set duties, irrespective of the reason for this failure."
9. Using information posted on blogs when making recruitment decisions
If an applicant has a blog, employers may be tempted to use such information to help make hiring decisions. If blogs give details on the individual's sexuality and religious beliefs, and the blogger is rejected, there may be a risk of a claim. Clayton says: "Employers who do so could be faced with claims from unsuccessful candidates that their selection was on such grounds and, therefore, discriminatory."
10. Cyber-bullying of other employees
Employers should ensure that they have up-to-date, effective social media policies that set out clear consequences for non-compliance. Disciplinary policies should make it clear that cyber-bullying may constitute gross misconduct and could result in summary dismissal.