Saturday, August 20, 2011

8 Reasons Social Media Policies Backfire from the HR Examiner

Heather Bussing is an attorney who writes a lot, teaches advanced legal writing to law students and is the Editorial Advisory Board editor at HR Examiner.

Heather Bussing is a California attorney who has represented employers, unions and employees in every aspect of employment and labor law including contract negotiations, discrimination and wage hour issues. While the courtroom is a place she’s very familiar with, her preferred approach to employment law is to prevent problems.  Full bio

8 Reasons Social Media Policies Backfire

by Heather Bussing

Lawyers and HR live and breathe risk management. One of their favorite tools is the employment policy.  But, before you issue the latest and greatest social media edicts, understand this fundamental principal—the more you control it, the more you will be legally responsible for everything that happens.

Here are my top 8 reasons why social media policies backfire.

1.            Most Social Media Accounts Belong to the Employee.

If it is an account in the employee’s name, whether they use if for work or personal or both—it’s theirs and they get to say what they want.  Trust them, and stay out of it.

Just because employees drive their cars to work and park them on company property, the employer doesn’t get to tell them what kind of car to own, how to drive, or whether to remove those tacky Hawaiian seat covers.

If it is a blog or company page that belongs to the employer, the company is going to be liable for everything in it anyway.

2.            It’s Bad For Your Brand

The effectiveness of social media is that it is more spontaneous and authentic—more real.  If you dictate what can be said or require all posts to be approved, you lose that edge, as well as all the fun.  The more people who have a say in what is and isn’t said, the less personal and interesting the posts will be.

You will also lose any sense of timing, which is essential on fast-moving streams like Twitter

3.            If You Control It, It’s Yours.

If you have a comprehensive social media policy that dictates what can and cannot be discussed, you will have to pay someone to monitor what is being said, demand that inappropriate posts come down and discipline when the edicts are violated.  How much time, money and energy is this really worth?

Under agency law, if you are directing the conduct of employees in social media, the company will be liable for everything that is said.  To the extent something said is defamatory, violates a nondisclosure agreement or just pisses someone off, a comprehensive social media policy is the best way to get the company named in the lawsuit.

If you are not controlling it, then the company generally will not be liable for things said and done in employees’ personal accounts.  This is because the employees are not acting in the course of their employment and the employer is not controlling or implicitly approving the actions of its employees.  And if there is no deep pocket to sue, the chance of a lawsuit getting filed at all is greatly diminished.

Some employers require employees to post some version of “my opinions are my own and not my employer’s.” For example, see some of these disclaimers on Twitter

But a disclaimer on the employee’s account won’t necessarily protect a company from liability—to the contrary it just looks like the company is trying to control what gets said.  (See Dell’s Social Media Policy: You are responsible for everything you say, but we can discipline you for it.)

While a disclaimer alone does not create liability, the fact that someone is saying “my employer made me say it is not responsible for my posts,” can trigger someone to look further to see whether the employer is also directing the content of the employee’s social media posts, especially if the employer also reserves the right to discipline employees for the content of those posts.

The disclaimer move is also bad for your brand. Why would a company want to look paranoid and untrusting of the people that are representing it in social media?  It’s also bad for recruiting—it signals to potential new employees that the company is run by Legal instead of people with common sense who actually understand social media.

4.            Dictating What Employees Cannot Say Can Violate the NLRA

The National Labor Relations Act protects employees from retaliation by an employer for discussing wages, hours or working conditions.  These NLRA protections apply whether or not your company has a union, because they relate to “organizing” or pre-union actions.

The bottom line is that a social media policy cannot prohibit an employee from saying bad things about what it is like to work at your company.  Protected expressions include being critical of the bosses, the customers or the stupid signs in the kitchen.  If you have and try to enforce a social media policy that dictates what people say, you could end up with fines and a lawsuit from the National Labor Relations Board.

5.            Enforcing the Policy Can Violate Whistleblower or Anti-retaliation Protections

If employees are saying things in social media that relate to a protected status, and an employer disciplines them, the employer risks liability for retaliation under discrimination laws.  Protected information includes anything that relates to the employee’s race, religion, marital status, national origin, gender, pregnancy, age, disability, birthplace, citizenship, military service, ancestry, relatives, health of relatives, medical condition, finances, and sometimes, sexual orientation.  This potentially includes everything.  Even someone’s taste in music and whether they have tattoos can be shown to relate predominately to a particular race, gender or age.

So basically, you can’t control how employees talk about the company and you can’t control how they talk about themselves without risking liability for something. 

But wait. There’s more.

6.            Monitoring Employees Can Violate Computer Hacking Laws

Let’s say you just want to make sure that employees are not violating the company’s confidentiality policy.  You’re just protecting against disclosure of trade secrets.  So you are periodically checking the company Facebook page and doing twitter stream searches.  Okay, that’s probably fine.

But many employers assert the right to get on their employees’ computers and monitor use, history and websites viewed at work.  See this article on Microsoft’s Business site advocating snooping and obtaining evidence secretly.   If an employee has saved social media passwords on the network, it is often possible to sign-in and view accounts the employees believe are personal.

Using employee passwords to sign-in to their social media accounts can violate state and federal computer hacking laws and constitute identity theft.  All 50 states have laws that prohibit someone from unauthorized access to another person’s computer and online accounts, especially if the intent is to change or modify access or content.   This would include deleting an inappropriate post.

A California court recently found a guy guilty of hacking and identity theft when he accidentally obtained a girl’s email address and password, then used the email to change the person’s Facebook password, then logged onto Facebook and starting making obscene posts.

While courts will generally allow an employer to monitor to see if employees are working or contacting the competition with the recipe for the secret sauce, it is doubtful that it would be legal to get employee passwords and log into their personal accounts without their knowledge and permission.

The usual legal answer to this is to create a policy that notifies employees that you reserve the right to spy on them and make them sign it, giving their consent.  While you’re at it, monitor their bathroom breaks and issue dress codes and cubicle flags.  Or you can decide not to be a complete jerk.  (See 2 above.)

7.            Monitoring Employees’ Personal Accounts Can Give You Access to Stuff You Don’t Want to Know.

Suppose the social media enforcer logs onto Facebook and learns that an employee’s spouse has cancer.  This means potentially higher insurance premiums, more absences by the employee and the cost of hiring temps to cover.  This gets back to management who becomes concerned.  As the employee becomes stressed and distracted by her husband’s illness, the performance memos start flowing until the employee is either fired or quits from the hassle.

When the jury learns that the employer knew about the spouse’s cancer from monitoring the employee’s Facebook page, they will add several zeros to the amount they award the employee in the discrimination and privacy lawsuit.  And I don’t care whether the employee and the company enforcer were “friends” or not.  Being nosy and having access to employees’ personal lives is not a “best social media practice.”  It’s stupid.

8.            Disciplining Employees for their Social Media posts Can Violate Privacy Rights.

Some states have general rights of privacy and others have more specific laws that protect employees from discipline for their off-duty, off-site conduct.  So reserving the right to discipline employees for their conduct in their social media accounts can violate the employees’ rights of privacy.

There is often an exception for conduct that directly affects the employer—but it has to be more than people might find out that the employee works for the employer.  The conduct itself has to involve the employer’s name and reputation—for example, the employee posts a photo on Facebook having sex in the conference room under the company name and logo.

What to Do:

The best social media policy ever was written was by Jay Shepherd, one of the most sensible attorneys around.  The policy is:  “Be professional.”

If you are concerned about trade secrets and confidentiality, then teach your employees what is secret and what isn’t, so that they understand and don’t screw up.  Train employees to “be professional.” Letting them know what defamation is and what would violate a nondisclosure agreement.  But don’t direct their specific conduct.

If you are concerned about employees being inappropriate, believe me, you’ll know as soon as someone is, because it will be all over the company faster than “free beer in the conference room.”  Figure out the best way to deal with it and handle it on an individual basis, using your good sense and judgment.

And if that doesn’t work then termination for “being a complete idiot,” has always been a legitimate, nondiscriminatory business reason.

Bottom Line: Social media policies do not prevent problems or fix them.  They generally only create them.

So set the example, “Be professional.”

Posted via email from hrstrategist@Net-Speed

No comments: