The recent termination of a top executive of a publicly traded company is another example of some of the perils of mixing personal and workplace social media. The chief financial officer for a women's clothing retailer, Francesca's Holdings, was dismissed for disseminating non-public corporate information to his Twitter followers. After a company board meeting he tweeted about the company's earnings. Using the handle "@theoldcfo," he wrote: "Board meeting. Good numbers=Happy Board." Subsequently, the company's stock jumped fifteen percent. Strictly enforcing its social media policy, the Houston-based company decided to fire its CFO for that tweet, in addition to a series of other posts he sent from his social media accounts since 2010.

This case sheds light on the legal consequences relating to the use of social media in the workplace. Employee Internet posts not only implicate the financial rules of the Securities and Exchange Commission, as was the case for Francesca's, but they can also create compliance issues under the regulations of other agencies, including:

  • Financial Industry Regulatory Authority (FINRA),
  • Federal Trade Commission (FTC),
  • Food and Drug Administration (FDA) and
  • National Labor Relations Board (NLRB), Office of the General Counsel.

Furthermore, rogue social media use can put company trade secrets and client confidences in jeopardy. This is why it is increasingly important for all companies, not just publicly traded companies, to have a social media policy. A good social media policy should address both employee behavior on company-affiliated media, as well as employee behavior that can be traced back and imputed to the company.

Below are some considerations for creating and implementing a social media policy:

  • Almost anything written on the web can be easily traced back to its author, and ultimately the place where he works. This is because online information is backed up repeatedly and often and posts in one forum are usually replicated in other forums through trackbacks, reposts or references. Therefore, social media policies should be applicable to all types of workers including employees, temporary or seasonal workers, independent contractors or anyone with access to a company computer.
  • Companies with employee-generated content on company-branded websites, blogs, wikis or other social networking sites should have formal procedures to review what its employees post on its behalf. When possible, it is best practice to treat all employees' posts on company-branded sites as if they were being published in more traditional media.
  • Nevertheless, a company cannot prevent an employee from using the company's name or trademark for non-commercial purposes on his or her own time to complain about wages, terms and conditions of employment, working conditions or other protected employee rights under Section 7 of the National Labor Relations Act (NLRA).
  • An employer should avoid using vague language in its social media policy, such as "appropriate," "inappropriate" or "professional." Terms should be defined either by using examples or by using language that carves out an exception for employee rights protected under the NLRA.
  • A company should be careful about asking an employee or prospective employee to provide usernames and passwords to personal social networking websites, without first weighing the business concerns of doing so. In addition to potentially facing serious public relations concerns for chosing to implement such a policy, there soon may be legal liability for requesting private social media passwords. Maryland enacted a law prohibiting employers from asking for social media passwords, which will take effect on October 1, 2012. Other states are also rapidly following suit, including Illinois, California, Minnesota, Michigan, Massachusetts, and Ohio. Furthermore, the federal government is also interested in this topic. Two U.S. Senators have asked the Department of Justice and the U.S. Equal Employment Opportunity Commission to look into the issue.