The proliferation of social networking and the ever increasing use by employees of social media both inside and outside the workplace, have created legal challenges and risks for employers in addition to their inherent benefits. Although many employers have embraced social media as a business tool to facilitate research, marketing and communication, the unrestricted use by employees of social media can expose the employer to liability for the online behavior of its employees around the clock. In the absence of effective internal controls and established policies regarding employee social media participation, companies may find themselves subject to claims of harassment, discrimination, defamation, invasion of privacy and possible government enforcement action, as well as the loss of confidential information and trade secrets. As a result, employers must take steps to protect against the legal hazards associated with employee internet communication, specifically, the review and adoption of comprehensive communication polices and codes of conduct.
What is Social Media and Why is it Different?
Social media generally refers to web based platforms designed for online collaboration and interaction. These include blogs, social networking websites, virtual worlds and user-generated video and audio sites. Social media provides a forum for the interactive sharing of information over the internet. More simply, social media is any service that uses the internet to enable or facilitate conversation among numbers of people. Although email sits precariously on the edge of social media, with its more limited reach and greater expectation of privacy, (reasonable or not) company policies, as discussed later, should also encompass email usage.
Some of the most recognizable social media websites are Facebook, MySpace, LinkedIn, Twitter and YouTube. Because these sites have become a mainstay of personal and professional communication and networking, their use by employees is prevalent on a 24/7 basis.
What are the Risks?
Just as in any other forum, an employee’s online conduct can create significant legal and business risks for employers. Loss of confidential information, claims of harassment, defamation and invasion of privacy, and the creation of potentially damaging evidence in employment suits are just some of the many outgrowths of employee social media participation.
Loss of confidential information is probably the greatest fear among employers when it comes to employee social networking. The loss of confidential information or trade secrets, protectable third party information or medical information, either purposefully or through inadvertent disclosure in social media, could expose the employer to suits for HIPAA violations, suits from other companies for disclosure of their secrets, and result in the irretrievable loss of vital business information. Although this risk increased in some measure with the advent of the widespread use of emails, the dissemination through social media is far faster and reaches a far greater audience. Because social media tends to blur personal and professional lines of behavior, people often give less thought to their postings, and disclose more information than they would in an email or in writing, compounding the risks to employers.
Claims of discrimination arising out of an employee’s social media usage are also among the most significant and potentially costly risks to an employer arising out of employee use of social media. Employers are exposed to such claims even before an applicant is hired and even after they leave.
For instance, many recruiting and hiring managers use social media to screen job applicants or perform background checks. They often obtain personal information about a candidate online that they could not learn through more traditional means. Although anti-discrimination laws prohibit direct inquiry into an applicant’s age, religion, national origin, sexual orientation and disability, among other characteristics, an employer may inadvertently learn this information through social media sites. If the applicant is not hired, the employer faces a discrimination claim that the decision was illegally based on a protected characteristic known to or improperly discovered by the employer. These same issues are implicated when an employer takes action against an employee for his or her online activities. If an employer uses social media to screen some, but not all, employees, the employer could likewise face discrimination charges based on its disparate treatment of employees.
This risk may continue long after an employee leaves the company. Often, a former employer will ‘recommend’ a person on LinkedIn after she has left a company’s employment. Such a recommendation may weaken a firm’s defense in a wrongful discharge claim.
Employers are also at risk for harassment claims arising out of employee social media usage. Although the law does not require employers to monitor the online postings of their employees to prevent the harassment of other employees, if the offending posting appears on a site provided or controlled by the company, the company has a legal duty to investigate and remove harassment on the site.
In addition to private civil actions, employers are subject to potential government enforcement action for employee online conduct. Under recently updated consumer protection guidelines with regard to endorsements and testimonials issued by the Federal Trade Commission (FTC), employers may be liable if their employees use social media to comment on their employer’s products or services in violation of the guidelines, even where the employer has not authorized or ratified the employee’s remarks. The FTC has brought enforcement actions against employers who fail to establish or maintain appropriate internal procedures to protect consumers.
Privacy and Privilege Dangers
Employers also face legal problems in attempting to monitor an employee’s online presence. Unregulated monitoring may give rise to a variety of privacy related claims. In Pietrylo v. Hillstone Restaurant Group, a jury found that an employer violated the federal Stored Communications Act and the parallel New Jersey act, which make it an offense to intentionally access stored communications without authorization or in excess of the authorization provided. In that case, a restaurant manager requested an employee’s password to a private MySpace chat room, accessed it and reviewed the content. The court affirmed the jury’s verdict, concluding that it could reasonably infer that the employee’s purported “authorization” (the provision of her password to a manager) was coerced or provided under pressure and that the manager’s review of the site was intentional.
In Stengart v. Loving Care Agency Inc., decided on March 31, 2010, the New Jersey Supreme Court held that the attorney-client privilege applied to e-mails that an employee sent to her attorney from the company’s laptop through her private email account notwithstanding a company policy disclaiming any right of privacy in the use of the company’s media systems. The Court found that the policy was ambiguous, and did not clearly allow the employer to access otherwise protected communications.
What should Employers Consider?
Whether or not a business has policies regarding all forms of communication and conduct including social media usage, those policies should be reviewed based on a company’s identification of its risks. Once that risk analysis is completed, internet, email and social media usage policies that establish standards of conduct should be disseminated to employees and reinforced through education over time. "Other policies that correlate with communication issues, such as confidentiality, anti-harassment and recommendation policies should also be updated by your attorneys to account for social media use and communicated and bolstered by employee training."
