Much has been written lately about social media applications such as Facebook, Twitter, and LinkedIn and their intersection with the business world. Wikipedia defines social media as “online content created by people using highly accessible and scalable publishing technologies.”1 Another term, Web 2.0, is used to describe the similar concept of the Internet’s evolution from a static environment focused on the one-way provision or receipt of information (Web 1.0), to an interactive community where users can communicate, share, post, blog, and create content in real time.

According to statistics published on Facebook’s Press Room,2 there are more than 250 million active users of Facebook worldwide and more than 120 million users log onto the site at least once each day. Although Facebook initially appealed to the young, now the fastest-growing demographic is those at least 35 years old and the majority (more than two-thirds) of Facebook users are out of college. Most top brands have Facebook group and/or fan pages — those of Pringles, Coca-Cola, Starbucks, and Adidas, among others, have been recognized by some commentators as most effective.3 Many other entities, and a large percentage of their employees, have embraced Web 2.0 and social media and are discovering the business and legal issues that arise from such use.

The legal issues created by the growing exploitation of social media are to some extent overlapping with the issues created by past uses of the Internet — Web sites, email, domain names — but are also unique or applied in original ways. Social media hastens issues that were present in earlier Web uses (such as email and static Web sites). Where an ill-advised email might have been forwarded from one person to another and to groups, and eventually picked up on a Web site or by a news outlet, now such an email could be sent as a Twitter Tweet to thousands instantly or posted to a blog for all to read. Companies seeking to avail themselves of the benefits of social media should do so only after carefully considering their goals, developing a clear strategy, and having addressed the numerous legal issues involved.

In this advisory we outline, from the perspective of an entity, company, or organization governed by U.S. law, the considerations that arise when social media is used by three different groups — the entity itself, the employees of that entity, and third parties in reference to the entity. We discuss the benefits of social media, as well as issues and risks, from each of these three angles. How your company should respond to or address these issues depends on many factors, not all of which are legal, and is beyond the scope of this advisory. Nor are we addressing uses by individuals separate from their relationship with the entity (such as the risk of identity theft increased by disclosure of personal information through social media, which is then used to make phishing appear legitimate). Rather, we provide a framework to enable your company to think through its use of social media and how it wishes to address and respond to use of social media by its employees and by third parties unrelated to it.

  1. Exploitation of Social Media by Entities

For each of the following goals that entities seek to achieve by using social media, there are identifiable risks and issues:

Bolstering customer connection A product company’s Facebook profile can allow customers to connect with the company in a more direct manner than with a Web site, and to connect using an extension of a social media platform that the customers are already using. Entities can increase their customers’ sense of brand connection and create transparency, or at least a perception of transparency, by answering their questions on a public site, by enabling customers to comment via social media applications, and by communicating in real time via blogging to make the provider/customer connection stronger.

  • Understand defamation and copyright laws, particularly if third parties are to be allowed to comment on a company site. Several defamation via Twitter suits have been brought recently, one related to postings implying involvement in a suspicious death4 and another concerning moldy apartments.5
  • Put in place policies to remove offensive content without jeopardizing protections available under the Digital Millennium Copyright Act’s safe harbor provisions6 and the Communications Decency Act.7

Replacing press releases with social media updates Public disclosures, which in the past might have been reviewed by a company’s legal department before being disclosed as a press release, now are made with little time for review.

  • Apply to social media disclosures with regulatory implications (such as forwardlooking financial statements or communications with competitive ramifications) the same level of care and consideration used before the proliferation of social media.
  • Understand the terms of use for any social media applications used, particularly with respect to privacy and ownership.8

Communicating consumer news quickly Companies can update their customers and followers quickly, as a replacement or addition to email announcements, on events such as sales. Such communications can be free advertising if others pass the content along.

  • Consider whether such updates are desirable to the recipients, weighing downsides, costs, and legal restrictions, such as the Telecommunications Privacy Act, the CAN-SPAM Act, and the Children’s Online Privacy Protection Act.9

Keeping tabs on competitors Companies also can investigate, follow, and monitor their clients and competitors.

  • Ensure that your company’s use of information gleaned through use of social media complies with its antitrust policy.

Addressing public relations issues Companies also can respond to potential public relations issues (some arising from social media themselves) by blogging or sending out Twitter Tweets.10

  • Use social media to respond to customer complaints and to correct misinformation about your product or company.

Recruiting employees Employers can use social media tools to interact with prospective employees using a medium with which the employees are familiar and comfortable. Social media also enables companies to investigate prospective employees, such as by expanding background checks (to include review of the posts the individual has made to YouTube and public areas of an individual’s Facebook page). According to a recent study by Harris Interactive conducted for CareerBuilder.com,11 about half of U.S. employers are using the Internet to verify resume details and responses to interview questions, determine whether an employee fits with the culture of an organization, and flush out inappropriate behavior. Human resource departments must consider whether and how they will exploit social media in hiring decisions. Multiple legal hazards exist for employers adopting preemployment Internet screening, such as EEOC Guidance on Pre-Employment Screening, Federal and State anti-discrimination laws, invasion of privacy, state laws prohibitions on credit and criminal checks, and state “lifestyle discrimination” laws.

  • Understand that information that would be inappropriate to make hiring decisions had it been obtained by other means is still inappropriate if gleaned from Internet searches.

Monitoring behavior of employees Employers desiring to keep tabs on employees should clarify in their computer usage policies that privacy is not guaranteed even if password protected and that the employer retains the right to monitor use.

  • Bear in mind that certain activities may be deemed protected as whistleblowing, political opinion, or free speech12; discharging employees based on these activities can be considered in violation of public policy.

Improving internal communications Entities also are making internal use of social media, such by using aggregation or collaboration tools to allow employees to communicate more efficiently with one another than email exchanges allow and to create collaborative documents with multiple contributors who may not be working from the same location. Such collaboration tools have been found to be most effective when they are incorporated into one’s daily workflow, as merely an extension of existing applications, rather than a stand-alone tool that must be accessed separately.13

  • Understand privacy and security protections (and any legal restrictions) on any applications your company uses, particularly if you use the applications for a purpose different than that intended by the application provider.
  1. Use of Social Media by Employees (on behalf of or separate and apart from the employer)

Entities who have not yet adopted a social media policy need to realize that many of their employees are already using social media, possibly at work, and in ways that intersect with their professional life. Some companies have tried to rein in social media use. Others have accepted the inevitability of social media in the workplace and are guiding the interactions with carefully developed policies. Some entities will go further, encouraging certain employees to become Web 2.0 representatives of the company. It should always be clear to employees when they may identify themselves as representatives of the company. When participation is at the behest of the company, the employee must understand and learn to distinguish between communications that are the employee’s own and those that are official communications from the company. The employee then must clarify that distinction in public communications.

Certain social media activities of employees create risks that may be unforeseen by the employee, particularly if the employee wrongly perceives his behavior as private or wholly separate from his work identity:

Discussing the company or company products References to an employee’s company or company products should always be accurate and the speaker’s role in the company be transparent and disclosed. The same rule applies to references to competitors.

  • If the comments could be perceived as those of the company, consider limiting such discussions to certain well-trained employees, and teaching other employees why such public discussions put the company at risk.
  • Multiple employees discussing the same product inconsistently can create confusion.
  • Official comments are a new source of evidence in litigation.

Disclosing confidential information inadvertently Confidential information of a company can be mistakenly, or intentionally, disclosed quickly, such as by multiple employees of a company noting travel to a new location and inadvertently tipping off a planned acquisition.

  • Teach employees to recognize confidential information, including information whose disclosure might not have been troubling when disclosed via slower communication mechanisms.

Incorporating works of others Intellectual property issues such as fair use are often overlooked and misunderstood, as easy access to copyrighted works of others is wrongly interpreted as an implied license.

  • Train employees on intellectual property basics.

Complaining about one’s job Companies also must plan for how they will respond to misuses of social media by employees, to ill-conceived information disclosures (such as abuses of sick leave policies), and to inappropriate statements (such as comments about another employee).

  • Understand legal protections for individuals engaging in certain activities, such as whistleblowing, political opinion, or free speech.14
  • Rights of privacy and other confidentiality obligations (such as those imposed on attorneys and medical providers) also apply in cyberspace.

Criticizing the company post-employment Know how you will handle post-employment social media activities, such as whether individuals no longer employed will be removed from the Facebook network and what action you will take if the employee’s public comments disparage the company or disclose confidential information.

  • Consider possible causes of action for a tort, contract, or statutory violation:
    • Defamation
    • State law privacy torts
    • State law business torts
    • Disclosure of trade secrets
    • Violation of employment agreement

Companies must evaluate what types of use their employees are making and create reasonable and realistic policies to minimize risk. Banning use of social media, for instance, might not be realistic. However, placing limitations on references to the company, its products or services, its competitors, and its customers might be reasonable, particularly if the employees are using social media in a way that is connected to their professional life, such as accessing social media applications while at work or from company computers, by joining the company Facebook network or friending the official company group site, or by identifying themselves as an employee on LinkedIn. Acceptance and adoption of a social media policy can be improved if the employer educates its employees as to the risks — to the employer and the employee — inherent in social media use.

  1. References to the Entity by Third Parties

Third-party references to a company and misuses of a company’s intellectual property were prevalent before the social media explosion. Companies generally had come to understand basic intellectual property issues, such as whether references to a company on a Web site, domain name registrations, keyword purchases on search engines, or links to company sites constituted trademark infringement. In the Web 2.0 world, these issues have been translated from domain name napping to unauthorized username registration on Facebook. Companies must monitor uses of their name and brands to know what others are saying and to be in a position to take action if necessary.

Using a company’s name or trademarks Responding to unauthorized trademark uses on the Internet can be overwhelming. Moreover, not all social media outlets have developed, or enforce, their intellectual property protection policies. This week, a trademark owner brought suit against Twitter for direct and contributory trademark infringement for allowing the alleged infringer to register its trademark as its Twitter user name, claiming that the alleged infringer was using the user name to masquerade as the trademark owner.15 According to the complaint, Twitter had failed to reassign the user name when asked. (For undisclosed reasons, the day after filing, the trademark owner sought to dismiss Twitter without prejudice.)

  • Develop clear policies as to the type of uses to which your company will object and those uses that you will ignore (such as uses protected by the first amendment, nominative references, and parodies) so as to be better able to address uses of true concern.
  • Protect rights proactively. Just as your company likely registered domain name variants to forestall name-napping, register social media usernames whenever possible.
  • Understand the terms and conditions and intellectual property protection policy applicable to each social media outlet that your company or its customers or competitors is using, so as to be in a position to object when necessary.

Blogging about a particular product Online bloggers sometimes review products or comment on companies; some are compensated for their activities. Blogging and Tweeting and the offhand remarks that can sometimes be made in these seemingly free environments can give rise to claims of improper endorsement if the comments cannot be substantiated or if compensation is not disclosed.

  • The Federal Trade Commission is in the process of revising its advertising guidelines to address these issues. 16

To develop an effective social media strategy and policy, you must understand what you wish to gain from social media, how you wish to use it, whether you will involve employees actively in the company’s social media use, how you want to guide and address employees’ use that touches on but that is not authorized by the company, and how to respond to and shape third-party references to the company.

Because of the multiple areas of an organization touched by social media, the development of a comprehensive policy and strategy creates, and requires the involvement of, many stakeholders — public relations/communications, IT, customer service and relations, marketing, recruiting, human resources, and legal. Launching that strategy requires continued involvement of these stakeholders as well as those tasked with training employees on the guidelines. Those companies who exploit social media successfully will find that the rewards far outweigh the risks.