Managing social media channels on behalf of an organisation means balancing the interests and reputation of the business and individuals alike.
As there is no specific social media law, existing laws must be applied in the social media context. This is further complicated by the global nature of social media – which inevitably crosses legal jurisdictions.
Whilst having a robust social media policy in place is important, its scope and application may not be as black and white as first appears.
Protecting confidential information on social media
Control of confidential business information must be maintained by employees interacting via social media (both on their personal accounts, and when posting on behalf of a business). It is critical for people to understand which data belongs to the organisation, and which is in the public domain. The importance of this is illustrated in the case of a UK based, human resources executive who included company attrition figures on his personal LinkedIn profile. Disciplinary action was taken against Mr. Flexman by his employer who accused him of posting confidential information online.
Similarly, an ex-employee of Hays Specialist Recruitment was ordered to disclose business contacts uploaded to LinkedIn, because they constituted confidential information belonging to the organisation.
It is remarkably easy for employees to be unwittingly caught out. For example, when setting up social media profiles, many encourage the user to import contacts from other systems (such as email address lists):
Imagine the ethical issues in the scenario where a medical professional imports a contact list containing patients’ email addresses (who, unknown to the professional, are then invited to follow or friend them online.)
"All of this technology emerged fast, and employees at all levels of the organization might lack the skills and knowledge needed to leverage social media channels. The resulting digital skills gap can only be addressed through social media education." Hootsuite.
Retaining control over how business contacts and other online information, controlled directly by employees, must be planned for:
If an individual is a LinkedIn Company Page administrator, and their personal account is compromised, the unauthorised party automatically has access to the Company Page(s) they manage. Ensuring administrator’s personal account passwords are ‘strong’ and changed frequently will go some way towards mitigating this risk. Social media accounts have also been intentionally compromised by employees looking to establish rival firms.
Organisations need to be clear about the process for transferring contacts and business related conversations stored within social media accounts administered by employees. For example, there have been a number of instances where employees have taken a Twitter following with them when changing employer.
Social media profiles belonging to an organisation must also be protected as a valuable asset. Profiles with a large following may have a commercial value, and/or be part of brand valuation exercises.
Complying with the terms and conditions of social media platform is of paramount importance in protecting such assets. At the heart of Facebook’s governance, for example, is its real name policy (which goes as far as to prohibit practises such as the use of nicknames as middle names and the use of unusual capitalisation):
“We require people to provide the name they use in real life; that way, you always know who you're connecting with. This helps keep our community safe.” Facebook.
Failure to comply with the real name policy by an administrator (within their personal profile) could result in its removal - along with any company Facebook Pages managed by that administrator.
Well documented examples of Company Pages being closed down for violation of Facebook’s terms and conditions include:
As well as protecting their own assets, organisations must demonstrate respect for the intellectual property of others. For example, Twitter suspended the account of Bleacher Report in December 2014 on the grounds that it was displaying unauthorised video clips of football matches belonging to the UK Premier League.
Twitter clearly outlines its stance on trade-marked brands and infringement of copyright or intellectual property in its trademark policy.
Protecting online reputation
Adherence to well established regulations governing traditional marketing and communications must be applied within the social media context.
For example, laws governing the sharing of personal information, or sending unsolicited communications must be considered. Tools such as Facebook graph search have make it remarkably easy for organisations to send targeted, but unsolicited promotional messages.
Financial Conduct Authority (FCA) guidance outlines how such techniques must be controlled within industry they regulate. However, the guidance highlights some important issue relevant to a number of industries. The first is in relation to the re-publishing of social media posts which may result in the exposure of promotional materials to unintended recipients:
“Firms should ensure that their original communication would remain fair, clear and not misleading, even if it ends up in front of a non-intended recipient (through others re-tweeting on Twitter or sharing on Facebook). One way of managing this risk is the use of software that enables advertisers to target particular groups very precisely.” FCA.
Think of exposure to promotion of alcohol, tobacco, or gambling related products to those under the legal age; via re-tweets, shares, and online reviews.
Secondly, the FCA guidance outlines the need for “adequate system [to be] in place to sign off digital media communications. This sign-off should be by a person of appropriate competence and seniority within the organisation”. It is sensible for organisations to keep their own records of communications published via social media, and record authority to publish. Further, organisations using third party agencies to create and post content on their behalf should satisfy themselves as to the knowledge and processes of their chosen partner.
A four-eyes review and sign-off process for social media posts may have saved face for US Airways who attached a pornographic image in its response to a complainants tweet – which was seen by hundreds of thousands of its followers.
Balancing the rights of the organisation and the individual
There are no shortage of examples of employees falling foul of social media policies, guidelines, and general etiquette:
A manager at JD Weatherspoons claim for unfair dismissal, after she was fired for posting comments about the pub chain’s customers on her personal Facebook wall, was unsuccessful. Although the defendants comments were only visible to her Facebook friends, the number of them (646) was an important consideration in the case as it was thought to large enough to constitute bring the organisation into ‘public’ disrepute.
However, protecting the interests of business must be balanced with the rights of the individual to express their own opinions and have their own online voice - as highlighted in the case of Smith v Trafford Housing Trust (2012).
Mr Smith posted a link to a BBC News article about gay marriage on his personal Facebook wall and commented “an equality too far”. This was visible to his 201 friends, and friends of friends – some of whom had responded to his comment. On his Facebook profile, Mr. Smith had identified himself as an employee of Trafford Housing Trust, who started disciplinary action against him for alleged gross misconduct (being in breach of their code of conduct and equal opportunities policy).
The decision went in favour of Mr. Smith on the grounds that (among other factors) his post could not be considered work-related because it was not specifically targeted at his work [Facebook] contacts. The Court also stressed that the views expressed reflected those widely held by other members of society, which were frequently reflected in mainstream media.
Individuals have the right to post information about their personal interests and beliefs online, and employers must be cautious about using this for purposes for which they were not intended. For example, personal social media profiles will often contain information about an individual’s ethnicity, religion, age, marital status and sexual orientation – which, in the UK, is protected under the Equality Act.
According to UK employment and HR specialists ACAS, “digging up sensitive 'protected' information that is not usually sought during the application process could leave employers open to discrimination claims. Rejected applicants could maintain that the real reason they didn't get the job was because of knowledge of the protected characteristic...
...On the other side of the discrimination coin, research suggests that vetting through social media may also encourage 'recruitment bias' according to age, gender or ethnicity. Some recruiters said they drew inferences about candidates from Facebook profile pictures”.
Protecting social media managers
Employees often take on responsibility for administering company social media accounts without having the pitfalls, risks, and legal implications of doing so explained to them.
The personal liability of individuals’ who publish on behalf of an organisation, should be clearly explained to them (including any re-posts or re-tweets of content originated by others) - the Crown Prosecution Service has made clear that such publications could constitute an offence. Where necessary, personal liability insurance should be in place to cover employees acting as administrators (the emotional and reputational costs of a court case being brought against an individual will of course, not be covered by this insurance).
About the author