Social Media: Legal Risks and Practical Remedies

March 25, 2010

Whether your employees are blogging reviews on Google, posting endorsement videos on YouTube, getting your company on wiki sites, or branding your company on social networking sites like Facebook, Twitter, and LinkedIn, social media is clearly the wave of the future. Online media and marketing tools provide a variety of benefits to organizations including collecting industry-based knowledge, widespread sales and branding capabilities, and accessing boundless platforms to publicize a company’s name and reputation. However, these benefits come with their fair share of legal risks. A comprehensive social media policy that guides employees on the company’s expectations of their online behavior, especially when that conduct occurs in the name of the organization, is the best protection to the inappropriate cyberspace conduct. Most often, companies are faced with situations where its employees engage in activities on social media sites that reflect negatively on the organization. This can occur pre-hire, post-hire, and even after termination. For example, during the application/interview phase, many organizations use social networking sites to investigate the applicant’s background. As a result, information that is not job-related (i.e., political affiliations, disabilities, social relationships, etc.) is leaking into the hiring process and fueling discrimination lawsuits. During employment, employees are posting confidential information on the web, harassing and discriminating against each other, and posting improper reviews, endorsements and defamation against competitors, getting companies into trouble. After employment ends, companies are facing the task of severing employee “connections” to customers on the company’s Facebook and LinkedIn pages, and stopping negative comments and bad publicity generated by terminated employees. In each of these situations, a comprehensive social media policy could have addressed the issue directly, before it became a problem and protected the organization from liability. A company will generally be responsible for the actions of management level employees acting within the scope of their employment. Under various state and federal laws, however, a company can protect itself from the liability created by rogue managers with a good program of both policy implementation and training. In the context of social media, a good policy will communicate expectations to the employees and will address the following:
  1. The Proper Use of Business-Related Social Media: The policy should address how and when the company wants its employees to use social media to support, market and brand the organization. The policy should also inform employees whether they can affiliate themselves with the company on social networking sites (i.e., Facebook, Twitter, and LinkedIn). If your organization does allow employees to have a profile online associated with the company, the policy should contain guidelines regarding the permissible contents of that profile.
  2. Confidentiality: The policy should inform employees what is considered confidential at the company (i.e., client names, projects, price lists, vendors, competitors, etc.) and be told that posting confidential materials on social media sites is a disciplinary/terminable offense. While the company may be held responsible for the actions of its employees where client/competitor confidentiality is breached, a good policy will, at the very least, demonstrate that the company took precautions to prevent such breaches from occurring. This can help limit a company’s liability.
  3. Respect for Copyright, Fair Use and Financial Disclosure Laws: The policy should inform employees that it is improper to use social media to publish protected materials and intellectual property of another company or person.
  4. Transparency/Disclaimers: The policy should instruct employees to always identify themselves and be honest in their posts about who they are and what they do. When an employee publishes content to a blog or website outside of your company, but it touches or concerns work in any way, she must state that, “the postings being offered are her own and do not represent the company’s opinions, positions or strategies.” In this way, the company is insulating itself from the rogue opinions of employees that could potentially expose the company to liability.
  5. Language: The policy should restrict the language that employees use on social networking sites and specify that the company will not tolerate profanity, inappropriate speech, or badmouthing of other employees. The company should also communicate its expectation that employees should always be loyal to the company when communicating online.
  6. Content Approval: The policy should require that anything posted on the company’s website or on “fan” pages by employees should first be approved by a certain department or executive (i.e., Company President, CMO, Public Relations Director, etc.).
  7. Disciplinary process: The policy should indicate that violations of the above principles could lead to discipline and/or termination. The policy should also explain what is meant by discipline [i.e., verbal warning, written warning, suspension, termination]. **In New Jersey, if you have any policies that you distribute to employees, you must also have an “at-will” employment disclaimer stating that the policy does not create a contract of employment and that employee may be terminated at any time, for any reason.
Clearly, companies do not want to lock themselves out of the benefits of social media by forbidding employees from using the internet to the company’s advantage. However, be smart. By implementing and distributing a policy containing the aforementioned provisions, your company can take the actions necessary to protect itself from liability in the future. For additional information, please contact Dena B. Calo.