Most business owners realize they can incur liability for their employees’ actions. Historically, this was local in scope – a drunk employee might have caused an accident, or perhaps they defamed someone in a letter. While unfortunate and potentially costly, those situations were relatively self-contained.
The growth of social media globalizes the problem.
Social media is a classic two-edged sword. Many companies use social media platforms to expand their business. Facebook, Twitter, Snapchat, YouTube, LinkedIn, and online blogs are just a few examples. Marketing is fine and necessary, but recognize the risks of social media use by employees.
The hazards arising from an employee’s use of social media include many of the same issues that existed pre-internet. The difference is that information today spreads faster and to more people than ever before. Some of the risks employers now face include: 1) damages to the employer or organization’s brand and goodwill; 2) loss of employee productivity due to time spent on social networking sites; 3) discrimination and other forms of harassment through social networking sites; 4) disclosure of confidential or trade secret information; and 5) disclosure of sensitive client information. Just one ill-advised Twitter post could literally cost a company billions of dollars in lost brand value.
Insurance is one line of defense, but it is only one shield against risks. It can also be difficult or expensive to obtain. Organizations usually enhance their defenses with other mechanisms.
The most important of these tools is a written social media policy, or even better, an all-encompassing technology use policy. Communicating and managing expectations through the use of a policy helps prevent potential risks and also manages breaches.
Social media is dynamic and fast moving, so loss prevention policies should be flexible to avoid constant review and revision. Some organizations may specifically ban or strictly limit any use of social media sites by their employees while they are at work. For others, this may not be possible, especially when social media is intentionally used to promote the business.
A social media policy should at a minimum require or specify the following: 1) responsibility rests with the employee for any online activity using the company’s address or company resources; 2) employees must be responsible for and ensure postings are accurate, and must immediately correct any inaccurate comments; 3) an employee’s computer at work is not their own private computer and the company may monitor its use to the fullest extent permitted by law; 4) harassing, discriminatory or defamatory comments, postings or other activity by employees are prohibited; 5) employees may only use copyrighted materials where authorized; 6) customer names cannot be used in outside communications by the employee without written permission from the customer; 7) organization trade secrets and proprietary information must remain confidential; 8) all devices, whether located permanently in the workplace or mobile, such as smartphones or laptops, must have secure passwords or other security measures to prevent unwanted dissemination of company or client information.
A written policy serves multiple purposes. It is a guideline for personnel to follow, of course. It also provides evidence that the company has practiced due diligence in preventing problems. This latter goal means that the policy must not be created and then ignored. Rules that are developed but never followed may be worse than no rules at all, at least where legal liability is concerned.
The suggestions above are general guidelines, but an employer should consult their lawyer prior to the development and implementation of a specific social media policy. This will allow the program to be tailored to the business. At the same time, employers may wish to include a social media component within a broader technology management policy.