Facebook is in the limelight again after the recent security alert involving Sir John Sawers, the next head of MI6. Sir John’s wife disclosed personal information about him and his family on the social networking site, Facebook, including details of their London flat and holiday snaps of Sir John, thus compromising security. Whether or not photos of Sir John in his Speedos is “a state secret”, this latest headline has renewed calls for employers to crack down on employee usage of such sites.  

Employers who allow employees access to social networking sites such as Facebook and Twitter, without appropriate controls, may find themselves in hot water.  

With over 175 million users, Facebook is the world’s largest social networking site. The site is viewed by many employers as a “silent time killer” impacting on staff productivity which, in the current economic climate, can be damaging.  

The site has also led to many employers having to take disciplinary action against employees; and, even worse, employers themselves may be held vicariously liable for the misuse of the site by their employees.  

Credit Suisse, Lloyds TSB and the Metropolitan Police are among the increasing number of employers actively blocking their employees from accessing the sites from their desks. It is, of course, an employer’s right to decide how their own IT equipment can and can’t be used, but, in some cases, an overall ban may be an overreaction.  

Kimberley Swann, a 16-year-old administration worker learned the hard way when she was dismissed by her employer, after only three weeks employment, for describing them as “boring” on her Facebook page. The TUC’s general secretary, Brendan Barber, made calls for "Employers and employees [to] sit down together, through unions or other consultations, and work out a reasonable policy on what is expected of staff in their conduct online."

The Legals  

As many employers move to ban the use of Facebook in the workplace, its use can be beneficial if carefully controlled. Access during breaks could be a valued benefit for employees, and may also help them develop useful IT skills and assist in business development. Many, especially younger employees, see online social networking as the norm. Embracing and controlling it with clear and widely publicised internet and conduct policies could not only avoid potential problems but in fact improve the employer-employee relationship.  

Employers should also be aware of the potential risks of using sites like Facebook to vet potential employees. Equal opportunities in recruitment should be taken seriously. Since not all candidates will have an online profile, the use of such sites as a tool for recruitment could disadvantage certain candidates. Further, the use of the site in this manner may expose employers to claims of discrimination - for example, on the grounds of race or sexuality - if this information is not provided on the application form but is obtained from searching their online profile.  

Facebook has recently had to close down a forum when members of the group began posting offensive photographs of disabled people on the site. Employers should be mindful of such activities as an employment tribunal could draw an adverse inference about the prevailing attitudes of an employer’s workplace if there is evidence of discriminatory attitudes amongst its employees.  


  • Review your internet policy. Ensure you have a coherent internet policy in place which covers employee use of social networking sites both in and out of the office. Make it clear when such sites can and can’t be used, for example, employers often limit use to employees lunch hours.  
  • Consider introducing a conduct policy, making it clear to employees what is expected of them in their private lives, both offline and online. This will hopefully avoid any unpleasant surprises when an employee finds out their employer does not approve of something they said or did.  
  • Make it clear to your employees that improper use of the internet, even outside the workplace, can have disciplinary consequences - especially if it tarnishes the employer’s reputation.  
  • Provide employees with training on IT and identity theft to minimise security risks to themselves and their employer on social networking. Facebook, for example, has privacy settings which employees should be made aware of.  
  • If necessary, consider blocking access to the site, allowing for exceptions to be made where it could genuinely be used as a business tool.  
  • Monitor internet use carefully (within the bounds of your internet policy and data protection laws) and take a practical and consistent approach to usage. It is a good idea to state clearly in your policy that private conversations could be intercepted in the same way as other business communications.
  • Employers should be aware that they could be held vicariously liable for such breaches