• Employee Online Social Networking: Advantages and Risks for Employers
  • September 13, 2010 | Author: Dennis J. Buffone
  • Law Firm: Thorp Reed & Armstrong, LLP - Pittsburgh Office
  • In the past decade, the public use of online social networking and video sharing websites and blogs has grown exponentially.  With the development and expansion of sites like Facebook, MySpace, YouTube, and Twitter, many employers are taking an increased interest in their employees’ use of these kinds of sites both during and after work hours.  Employees often post a great deal of personal information on these sites, and sometimes post less-than-flattering comments about their employers, particularly if something goes wrong during the workday.  Employee social networking can pose serious risks to employers, including damage to business or brand reputation, loss of confidential information, and defamation.   Despite the potential harm to employers from social networking by their employees, employers do not have free reign to monitor their employees’ online activity to an unlimited degree.  Before businesses begin to track their employees’ social networking activities, they should develop a comprehensive and well-organized plan for where, when, how, and to what extent they will monitor or investigate those activities.

    This communiqué will first summarize not only the risks inherent in employee use of social networking sites, but also the risks involved in employer monitoring of at-work and after-work employee networking.  The communiqué will then offer suggestions regarding how employers can effectively go about monitoring employees’ on-line activities and regarding how employers can lawfully use social networking information in making employment-related decisions.

    The Risks

    Damage to Business Reputation

    There are significant business risks that can arise from employee use of social networking sites.  Employee posts and messages potentially can cause serious damage to business reputation and brand image.  Individuals routinely post materials on social networking sites about their employers and about their employers’ executives, products, and services.  For example, in April 2009, two Domino’s Pizza employees filmed themselves doing tawdry things with pizza ingredients while preparing a delivery order, and posted the video on YouTube.  In less than a week, more than one million viewers had accessed the video.  Over the next several days, Domino’s stock value plummeted.  In response, Domino’s posted its own reply video on YouTube and set up its own Twitter account in an attempt to both salvage its image and address the employees’ actions.

    Release of Confidential Business Information

    Employee social networking also can result in the unauthorized disclosure of confidential or proprietary business information.  Employees who post the latest developments at their employers, such as business strategies, product development, or financial data, could put those employers at risk of compromising the confidentiality of highly-sensitive business information.  For example, in February 2010, a Royal Dutch Shell employee leaked, to a blogger who was critical of the company, highly-confidential personal information about thousands of Royal Dutch Shell employees who worked in dangerous parts of the world.  This leak exposed the company to significant social and media criticism.

    Off duty social networking also can give rise to violations of Security and Exchange Commission rules, if an employee violates the “quiet period” involved with an initial public offering by commenting or blogging about the offering.  Employees also can jeopardize their employers’ intellectual property rights if the employees divulge proprietary information about a product before the company files for or receives patent protection for the product.

    Risks of Monitoring During the Hiring Process

    Since employers “Google” their prospective employees before making hiring decisions,  employers may be tempted to investigate applicants’ social networking accounts before making hiring decisions to make sure that the applicants do not exhibit attitudes or behaviors that may cause them to be undesirable employees.  Employers, however, should be careful in conducting these types of investigations of prospective employees.  For one thing, in conducting a social networking search on a prospective employee, an employer may discover information concerning the prospective employee’s health or medical conditions.  The employer also may learn of the prospective employee’s religious affiliation or political activities.  If the employer decides not to hire the person after learning of those types of information, the employer will be vulnerable to claims for discriminatory refusal-to-hire.  And, more obviously, the information contained in social networking posts and blogs is not always accurate.  Employers should be wary of basing employment decisions on information that is found on sites that have no editorial or supervisory oversight (which most social networking sites do not have).

    Accessing Secured Networking Sites

    Many social networking sites are password-protected.  Employers that attempt to access these sites to investigate employee activity subject themselves to potential statutory and common law claims for invasion of privacy.

    The federal Stored Communications Act, 18 U.S.C. § 2701, protects certain types of stored electronic communications from unauthorized access by non-users.  Posts and messages on social networking sites can qualify for protection under the Stored Communications Act if the information is password-protected.  Courts have held that employers are subject to civil liability if they access a password-protected networking site of a particular employee by utilizing the password of another employee.

    Website hosts generally are reluctant to cooperate with employers that seek information on website users, including the employers’ own employees.  This is true even in the context of civil litigation.  Websites such as MySpace and Facebook, citing the protections set forth in the Stored Communications Act, divulge only basic user information in response to a civil subpoena unaccompanied by a court order or the user’s written consent.  Moreover, even if an employer maintains a well-written employee internet usage policy that clearly informs employees that they should have no expectation of privacy in their at-work internet activities, the employer can be subject to liability for invasion of privacy in a number of states.

    Recommendations for Employers

    In light of the legal risks associated with employer accessing of social networking sites, and in light of legal limitations on employer access to employee online activity, employers should take a thoughtful and cautious approach to determining when, how, and to what extent they will monitor employee activity.  Employers should be careful to make sure that their monitoring plan conforms both to their own internet and media policies and to the law.  Because internet and social media law continues to evolve, employers should also continually adapt their internet protocols to address new and changing problems.  Any company-wide policy should be developed and instituted by senior-level leadership who can make sure that the policy is consistently administered.

    In particular, employers should consider taking the following steps:

    • Make sure that you have in place a comprehensive internet and email policy that clearly delineates the permissible and impermissible uses of the company’s network.  Clearly articulate in the policy that employees should expect no privacy in their online activities while using company-owned computers or mobile devices.  Make sure that, if you determine that monitoring is necessary, you develop a regulated, only-as-necessary plan to prevent potential privacy claims by employees.

    • Consider blocking social networking sites from employees’ internet browsers.  Although this will not prevent employee networking during non-work hours, it will prevent any misuse of the company’s systems during working hours, as well as eliminate a potential diversion that adversely affects employee productivity.

    • Consider taking discovery of employee social networking sites in conjunction with the defense of employment-related lawsuits, including discrimination, wrongful termination, and wage payment actions.  There may be legal obstacles that impede access to employees’ sites, but the sites, if accessed, can prove to be rich sources of information that may be helpful in litigation.  If you cannot obtain a court order requiring the production of the password-protected messages or posts, or the employee’s consent to that production, do not attempt to obtain access via other users.

    • Consider developing your own online identities on appropriate and relevant networking websites.  This not only will allow greater authorized access to online activity, but also will allow to you utilize these websites for advertising and business development purposes.

    • Make sure that company-issued mobile devices and employee-owned devices that are linked to the company network are limited as necessary.  Mobile devices can blur the line between on-the-job and
      after-hours activity, so your internet policy should also clearly address the extent to which mobile devices will be monitored or limited.

    • If you have a large number of employees or have a high rate of employee turnover, you may want to consider purchasing special software that is now available to automatically monitor employee social networking information.  Many companies now market monitoring software (e.g., “Social Sentry” marketed by Teneros) that can be used to monitor employee activity (that is otherwise public) at a modest cost.