Social media - Trojan horse?

The sacking by Virgin Atlantic in late 2008 of 13 flight attendants who had been critical of the company’s safety standards on the social network site Facebook, and who had described passengers as “chavs” on the online forum, was one of the first of a subsequent steady stream of media stories illustrating how employees, while arguably gaining social utility by joining such sites, have found them seriously damaging to their careers.

The potential for reputational and other forms of damage to be suffered by companies whose staff find it difficult to distinguish between their private and professional lives online is growing, given the surge in memberships of sites such as MySpace, Bebo, Flickr, Twitter and particularly Facebook, which alone claimed to have over 26 million users in the UK as of July this year. For some users who frequently disregard any privacy settings which may be available, these sites can operate as a cyber repository in which freedom of expression reigns regarding current and former employers alike.

Statistics indicate that approximately 50% of social media site members are under 30 years of age, and this demographic group in particular often appears to view their internet persona as a separate entity from their professional identity and post content accordingly, without apparent thought to possible consequences. Some disgruntled employees and ex-employees have gone to the extent of setting up specific social networking groups which are dedicated to criticising their current and former employers online, such as the group who titled themselves “Survivors of 118 118”. While such groups, or indeed comments made on an individual’s site, can be removed by request to a website host, often content can remain accessible on the internet by use of a search engine.

Many UK businesses have put a blanket ban in place on employees accessing such sites in the workplace, by using internet filters – known by some as “Faceblocking” – their stance most likely prompted by concerns regarding staff interaction impacting on profitability. However for those businesses, understood to be approximately 50% of UK employers, taking this approach, the potential for damage to their carefully honed reputation persists by staff using PCs at home, or internet-enabled mobile devices such as iPhones, to make inappropriate posts which then enter the public domain.

Legal perils

For legal services firms in particular, where issues such as confidentiality are key, the range of manifest risk arising is extensive and the ramifications of a heat-of-the-moment type posting or exchange between employees online are far reaching. Potential issues exist with staff being able to make defamatory comments online regarding not only their employers but against clients, suppliers and fellow employees. If an employee makes an ill-judged post whether on their employer’s computer or otherwise, and can be identified from that post as an employee of that particular business, this can theoretically give rise to a potential claim against their employer by affected fellow employees or indeed aggrieved third parties by virtue of their vicarious liability for their staff.

In addition to possible reputational damage to a business, the risk of possible fallout from an online breach of confidentiality by staff, whether of internal strategic matters or of client confidentiality, is very real, as illustrated by alleged online breaches of confidence regarding patients last year by pharmacists employed by a major retailer, which resulted in damaging publicity for the company and a serious investigation for those involved.

Further danger exists for employers if content posted by staff on social media sites can be construed as bullying or harassment of fellow employees, following the case of Majrowski v Guy’s and St Thomas’ NHS Trust [2006] UKHL 34, where the House of Lords held that an employer could be held vicariously liable under the Protection from Harassment Act 1997 for harassment suffered by an employee from a senior colleague in the course of his employment. Similarly, breaches of equality or discrimination law, copyright infringement, and instances of breach of contract online by staff can all cause serious headaches for an employer.

But what of freedom of expression and an employee’s right to a private life and social interaction? While such rights are enshrined in the Human Rights Act 1998, and clearly must be borne in mind by employers endeavouring to manage risks emerging from the social media phenomenon, they must be viewed against the balancing right of the employer to protect their business and its reputation.

Policy approach

How might an employer try and address some of these issues resultant from the ever evolving target that is the internet? One means of approach is to set out clear parameters of what is deemed to be unacceptable online conduct by employees in a policy document, the content of which must then be intimated to each staff member.

Disciplinary sanctions for persistent breaches, or single breaches which are regarded as particularly serious such as breaches of confidentiality, should be clearly established. Many employers will have existing policies in place regarding use of the internet by staff, either in separate policy documents or incorporated within standard contracts of employment which likely predate the surge in social media, and it is suggested that, for some, it may be simpler to create a short policy specifically covering social media usage rather than try and incorporate the desired objectives within their existing IT policy or other documentation.

Cover the angles

A significant benefit in creating a separate policy is the ability for employers to gently direct staff at the time of its introduction to consider the nature of their posts on such sites, and remind them not to assume that the fact that they have chosen privacy settings within these will necessarily mean that content will not reach a wider domain with attendant consequences. Many of the media tales regarding inappropriate postings on such sites have stemmed from postings which were intended by their originator to remain private but which then entered a broader arena by virtue of the action of “friends”.

Hazards lurk not only in written text by employees but also in the posting of unauthorised photographs of themselves and colleagues, and uploads to video-sharing sites such as YouTube, and any policy document ought to specifically address these and state that express consent should be obtained from fellow employees before an individual uploads content to a site. The media have been quick to seize on social networking sites as a treasure trove of often inappropriate images, and consideration should again be given to a robust means of control.

The policy should extend to cover posts and messages made by employees “out of hours”, and expressly set out the types of media where the policy guidelines are applicable, e.g. blogs, tweets or wikis. It ought to direct staff to refrain from identifying themselves as working for the firm in their online lives, and in instances where an individual has their own blog, to state expressly that any views expressed in the content are those of the blogger as an individual. Additionally, the policy ought to remind employees not to make any posts which would be in breach of data protection legislation.

Given the human rights considerations and without wishing to appear too draconian, some employers might choose to take a “light touch” approach to the wording of the policy or in wording the introduction to the bones of the guidelines, being expressly respectful of employees’ right to a private life while establishing clear boundaries regarding what they construe as unacceptable behaviour.

Question of judgment

It is a paradox, given that many legal firms have chosen to embrace the indirect marketing opportunities afforded by social media sites by establishing their own Facebook pages and Twitter accounts to promote the particular culture of their business, that consideration should need to be given by them as how best to regulate staff use of such media. Yet, given that the social media revolution has in many ways prompted a revisitation of what is meant by “private”, the introduction and regular review of a social media policy is commended as a means of setting clear boundaries to be observed, and more broadly to encourage all to exercise their best judgment before they post.