Social networking has been creating a legal storm – a storm that has been brewing for some time, but which is now starting to gather momentum. Social media has become an entrenched part of our personal and professional networking, but it brings with it risks created by the misuse of those platforms and risks attached to the ownership of those platforms. As the traditional constructs of employment law struggle to fit the square peg of social networking into the round hole constructs of statutory and common law, and as the line between what is "in the course of employment" becomes increasingly blurred, so the uncertainty increases for employers who are forced to navigate an increasingly grey area of accountability, responsibility and liability. This article intends to identify some of the issues arising and proposes means by which to mitigate those risks.
Data Protection and Recruitment
Potential employees leave a virtual trail on social networking sites that are littered with personal data. By trawling social media sites and collecting information about an individual, an employer is processing its personal data. Organisations must therefore inform potential employees about the searches and checks they intend to undertake (and give them an opportunity to correct any inaccurate data) and to ensure that any searches undertaken are proportionate and only undertaken at the latest stage in the recruitment process.
It goes without saying that allowing employees to use social networking sites on work systems is one of the biggest productivity wasters for employers. However, social networking, when used correctly, can be a powerful business tool. Employers must therefore strike a balance between facilitating social media for professional purposes whilst strictly monitoring other usage.
Reputation, Personal Injury and Harassment
The risks of reputational damage, defamation or malicious falsehood from posts or tweets made on social networking sites are significant. The ease by which such postings can bring an employer into disrepute, or destroy a client relationship, makes social networking one of the most dangerous tools possessed by an employee. Employees must understand the risks associated with using social media, and employers must ensure that employees actually know what is expected of them and the consequences of misusing social media.
Misuse of social networking sites have created a very real risk of claims ranging from harassment and discrimination to personal injury and employment-related stress claims. Social networking platforms can be utilised as a tool of harassment, victimisation and bullying – giving employees a virtual forum, accessible from the comfort and security of their own home (outside of working hours) to engage in conduct that may have the impact of humiliating, intimidating, discriminating against or offending their colleagues. As social media transcends the boundaries between an individual's work and personal life, social networking sites have permanently blurred the line between work and play as employers are finding themselves more and more accountable for the actions of their employees.
Contracts and Policies - Protecting your Business from the start
Because an employer is ultimately responsible for the acts of its employees during "the course of employment", thanks to the global virtual playground, what constitutes "in the course of employment" is becoming increasingly wider than conduct occurring in the workplace during business hours. Having a social media and networking policy that is regularly communicated to employees and consistently applied will go a long way to mitigating not only an employer's liability, but to justifying disciplinary action if an employee steps out of line.
Data ownership and protecting networks post-employment – LinkedIn
The purpose of LinkedIn is to facilitate networking and develop connections and, according to its User Agreement, to "connect the world's professionals….promote economic opportunity…by enabling our members and millions of other professionals to meet, exchange ideas, learn and find opportunities or employees, and make decisions in a network of trusted relationships".
Employers have been slow to identify and manage the risks not only to their business relationships, but to their business contacts, by the explosion of social networking. Many employees have long-established accounts with contacts and connections from both their personal and previous professional life. During their employment, they make new contacts and forge new connections. However, what rights does an employer have to those contacts and connections?
It is not uncommon for employees to post confidential information on sites like LinkedIn. For example, confidential client or matter details are often described on an individual's CV and posted online as part of LinkedIn's job search function. Perhaps an employee adds as a "highlight" the details of a deal, or client feedback they have received. The ease with which individuals intentionally or inadvertently distribute confidential and highly sensitive business information with the click of a button should raise alarm bells for employers. Employers should ensure that their employees are regularly reminded of their obligations of confidentiality and that such obligations extend to any posts or tweets made on social networking sites.
The Database Rights (Bailiwick of Guernsey) Ordinance 2005 provides for the first right of ownership to be given to the creator of any database. As the creator of the database, this would be LinkedIn. However, under LinkedIn's terms and conditions, it is made clear that "as between you and others, your account belongs to you" and that "as between you and LinkedIn, you own the content and information that you submit or post …" Ownership of the rights to the content and information is transferred contractually to the account-holder – in our case, the employee.
What constitutes "in the course of employment" becomes particularly relevant here because an employer can only assert ownership over data created during the course of an employee's employment for the purposes of that employment. Predictably, context is always relevant - for example, the position of a retail assistant who uses LinkedIn to connect with their friends will be very different to the position of a senior partner in a law firm who uses LinkedIn to promote their practice and develop global networks. And what of an employee who joins an employer with an established LinkedIn network and brings for the benefit of the employer, their relationships with those connections? Prudent employees will ensure that they negotiate the retention of the ownership rights over those connections they had prior to commencing employment. Prudent employers will ensure that they include a contractual term in the contract that makes it explicit that any database which the employee uses in the course of their employment, or in which they add data or create connections during the course of their employment, becomes the sole property of the employer.
Post-Employment – Deletion of Connections
One of the greatest risks to employers after an employee leaves their organisation is the influence of that individual over its clients. Sites like LinkedIn are an all too convenient way for a former employee to solicit or canvas contacts and connections that, had they been created and stored on their employer's internal database, they would not have thought to use (or rather, be able to use) post-employment. LinkedIn, however, is not an employer-owned database and without appropriate contractual clauses in place, it is very difficult for an employer to dictate what happens to those contacts and connections post-employment.
Issues of a right to private life, the right to privacy and the right to develop personal contacts must be balanced with the rights of an employer to protect their legitimate business interests. Employers must therefore be proactive and ensure that their employment contracts contain appropriate post-employment conditions regarding the deletion (and non-restoration) of connections on social networking sites. It is likely that such clauses may be considered a form of post-employment restraint and therefore it is important that an employer is clear in its policies what it expects of its employees using social media and for what purposes – the more control an employer purports to have over its employee's use of business related social media sites, the more likely it will be able to rely on post-employment conditions as protection of legitimate business interests.
Post-Employment – Restrictions
The deletion of connections may not be enough because such connections can be easily re-established. As the very purpose of sites like LinkedIn is to connect and network professionals around the world, it is little wonder that the line of what constitutes solicitation and canvassing is now blurred and solicitation clauses may be seen as providing limited protection for employers. But what actually constitutes solicitation in the world of social media? What if an employee updates their LinkedIn profile to reflect their new employment at another organisation? Would that constitute solicitation or canvassing on the basis that the individual is informing all their contacts of their new role? We would suggest, consistent with the long established principle in Trego v Hunt  AC 7 that solicitation (or canvassing) must include a specific and direct appeal, an active component and positive intention to appropriate a connection's business. Merely updating a LinkedIn profile will not constitute solicitation (or canvassing).
It may be argued that the explosion of social networking and the difficulty in policing non- solicitation clauses has created an additional basis on which an employer can justify non- competition post-employment restraints – as the only way that an employer can legitimately protect its business interests. Time will tell whether this argument would probably not constitute solicitation.
The rise of social networking has changed the way we do business and has connected people throughout the world in ways that could not have been imagined twenty years ago. However, it has also introduced risks that, as yet, the law has not addressed. Employers are finding themselves with less control over an employee's conduct and, whilst properly drafted and effectively communicated policies are fundamental in limiting an employer's liability and creating contractual rights, they cannot mitigate all the risks associated with social media. Until the law develops enough to counter those risks, employers should make sure that they have a full suite of safety equipment set up before they jump on the social media bandwagon.