Social media can be good for business, but dangerous when misused. Employers are learning to tighten acceptable use policies and set standards for emails and professional social networking but there will always be difficulties applying company rules to employees’ personal lives and online behaviour. The growth of bring-your-own-device (“BYOD”) adds another layer of complexity to the ongoing privacy debate. How far can, or should, an employer seek to control errant employees?

Individuals and their employers may be sued for discrimination (for example on the grounds of sex, race or age) or harassment as a result of inappropriate or illegal content posted online.

To reduce this risk, employees must be aware of (and trained on) the policies and understand the possible consequences of breaching them, (discipline and possible dismissal). For example, in the case of Gosden v Lifeline Project Limited last year, an Employment Tribunal dismissed an employee’s claim of unfair dismissal, following his forwarding of an offensive email, to a work colleague, from his home computer, in his own time. His actions were found to be in breach of his employer’s equal opportunities policy, regardless of the fact that this was personal email use.

Social media and BYOD policies should also be closely tied to equal opportunities and anti-bullying and harassment policies, to cover situations where employees engage in inappropriate conduct outside work.

Bullying and harassment online, or ‘cyber bullying’, takes many forms and in serious cases the police may be involved. Criminal proceedings may be brought against individuals for harassment, which, with media interest, can damage a company’s reputation and customer goodwill further.

In one recent case a software engineer was jailed for the sexual harassment of work colleagues using email and Facebook messaging, falsely claiming that she was having affairs with them. Whilst this is an extreme example, it underlines the risks for employers; if bullying or harassment is reported, or visible, action should be taken immediately to protect staff and deal with the perpetrator through the usual company procedures.

Contact over the internet seems to result in people going further in their abuse than they would do face to face. However, any emails sent, comments posted or messages left can be traced back to them as part of an investigation and may well be used as evidence in a disciplinary process. Unfortunately, information has often already been seen by others and passed on, escalating the breach and bringing it to the attention of customers and other third parties. Further, information recorded online may never be fully removed and can leave an indelible stain on a company’s reputation.

By setting policies in advance, companies should be able to maintain a level of control over employees’ online behaviour and deal with any issues. Under the Data Protection Act 1998, it will be necessary to consider the level of intrusion and justify any employee monitoring as part of an investigation. However, where the company’s standards are clear and there is a legitimate business or legal reason to gather and rely on online evidence, this is more likely to be justified as reasonable, proportionate and necessary.