Rough Guide to: Social Media and the Law
Virgin Atlantic was forced to take action this month when staff reportedly criticised safety standards and passengers’ class status on social network, Facebook. As more businesses look to engage social networking, what are the potential dangers they should look out for? New Media Knowledge spoke to a lawyer to find out more.
Social media can present a legal minefield. With staff potentially posting unedited and unsanctioned comment on blogs, microblogs and social network sites control over company messaging and data protection is arguably tougher than ever.
NMK spoke to Paul Massey, a solicitor with law firm K&L Gates LLP, for his advice on the law in the Web 2.0 world.
Blogs, microblogs and social networks offer companies opportunities to reach new audiences and markets, but what do you think are the main potential legal threats that firms should guard against when embracing the technologies?
This is a difficult question to answer as embracing social media could mean so many different things. It is also important to balance the legal risks against the many great opportunities provided by these online tools.
The potential legal threats will differ depending on the market and the online activities in question. For example, a company operating a global social network for 7-12 year olds faces different challenges to a blue-chip company deciding whether to allow Facebook and YouTube through its corporate firewall.
A general rule of thumb and one often quoted by legal professionals and government is ‘what is illegal offline is illegal online’. However, the international nature of the Internet and the myriad of developing legal frameworks and social attitudes can make it difficult to fully grasp the legal risks. An appropriate legal strategy may therefore be to focus upon the legal threats of core markets and to adopt the strictest standards.
Companies may be vicariously liable for the actions of staff using the Internet if it is reasonable to assume employees are acting with their employer’s authority or if actions can be linked to the employer. Firms should therefore guard against such liability, including copyright infringement; security and data breaches; defamation; and other illegal or unlawful activities such as obscenity and harassment committed by staff.
How savvy are firms and their employees of defamation laws?
The intricacies of defamation laws are frequently misunderstood, beginning with the important question of what actually constitutes a defamatory statement. However, the common misconception that the Internet is an anonymous space where statements will not have real world repercussions is gradually diminishing. This is partly due to recent court decisions in which service providers and website owners have been ordered to disclose the identity of anonymous posters of defamatory statements.
The High Court recently awarded £22,000 to a man subject to defamatory postings on a fake Facebook page. The judge dismissed the excuse that the defendant’s home computer, to which the activity had been traced, was used by guests to post the defamatory statements. In another case which we acted on, a court ordered the disclosure of the identity of football fans who posted comments on an online forum. These decisions demonstrate UK courts’ willingness to protect the reputation of those subject to defamatory statements, outweighing any rights of authors to anonymity or freedom of expression.
We recently saw Virgin Atlantic forced to act over comments made by some of its staff on social networks, what control can a company really have against this kind of activity?
Companies can take control measures both to prevent such activity occurring in the first place and also to minimise the impact of an incident.
Employment contracts may require compliance with a communications policy restricting certain public comment by employees. A blogging and social networking policy outlining the dos and don'ts of online activities for staff can be an effective means of preventing negative comment in the first place and may cover online activities on company time or at home.
Where blogging and social networking policies are not in place or where employees simply ignore or forget them, companies need to act quickly to limit any damage to their brand. As the Virgin Atlantic example demonstrates, an affected company may take action to remove the offending content from the Internet. The quickest approach is often to require the responsible employee to remove the content. Where this is not effective, it may be possible to require the website hosting the content to remove it. The company will need to send a take down notice to the website operator setting out details of the content’s unlawful nature. This may present problems if it is questionable whether the content is unlawful in the first place. Employers also need to be aware that the law may protect workers who ‘blow the whistle’ on employers they reasonably believe are committing a criminal offence; breaching a legal obligation; damaging the environment; or where there is danger to the health or safety of individuals.
Virgin Atlantic succeeded in removing the offending Facebook group. However, the staff comments continued to be discussed via blogs and comments on news websites. To its credit, Virgin Atlantic responded through its own Facebook page and so demonstrated how it valued the importance of engaging in online conversation with customers. However, the official response that ‘Virgin Atlantic does not tolerate any criticism of its … industry-leading safety standards’ provoked further online criticism. No doubt inadvertently, the statement provoked many who subscribe to the openness and critical debate encouraged by social media.
The incident demonstrates that, ideally, public statements need to stand up to the analysis of the social web and highlights the importance of ensuring employees use social media appropriately while providing company feedback via effective internal channels.
Have you seen cases of company employees disclosing potential influential information online prior to Stock Exchange announcements? Again, is this an area which companies need to crack down on?
This is one of many potential means by which an employee could misuse company information. For example, we have advised upon breach of confidence disputes involving an employee selling valuable proprietary information to competitors.
It would be surprising if employees or shareholders committing an offence of insider dealing communicated price sensitive information to large groups of people via the Internet. They would be more likely to communicate in private and may leave email trails for regulators to pick up.
It is conceivable that employees may act without thought or even maliciously in a manner detrimental to their employer by disclosing confidential information online. This behaviour should be prohibited and clearly communicated to employees.
What are the key things for companies to bear in mind before engaging in social media themselves or regarding employees’ personal web space, such as Facebook or Twitter?
Companies are often nervous about the greater transparency and perceived legal and commercial risks of social media. Blanket bans on the use of social media at work may not be effective and one well-known law firm was forced to unblock Facebook following staff complaints. Companies are likely to discover that if staff training, tools and policies capture the conversational nature of social media, risks can be replaced by competitive advantage.
Earlier this year, the Trades Union Congress published the briefing note Facing Up To Facebook. This suggests employers negotiate social networking policies with staff representatives. This approach empowers employees and respects their personal life while highlighting their responsibilities. Such a consultation is not obligatory in the UK as it is in other countries such as Germany and France. However, alongside enhanced employee relations, it may provide insight into how social media can add value to a company.
For larger companies, network and organisational analytics can identify employees acting as connectors within an organisation's information flow. These may be the most appropriate people to lead social media initiatives alongside appropriate managers. For smaller companies, the importance of social media means management must be involved. For those not familiar with the landscape, simply asking staff if they use Twitter may be the best way to identify those interested in contributing to policy and training.
The current buzz word of social media is open. By asking how open an organisation's operations are now and how open they should be in the future, leaders will be well placed to formulate an appropriate social media strategy. A recent report by the think tank Demos may also provide guidance. The report, describes fault lines which social networking tools can open as traditional hierarchies and corporate value are tested by new models of innovation and network ownership. Engaging with social media and opening tools to staff therefore needs to be balanced with capturing value for the company. This value can take different forms, for example, intellectual property rights or network connections. A recent court ruling requiring an employee to disclose his LinkedIn profile and associated contacts to his previous employer illustrates the potential fissures created by social media.
Finally, what sort of training and policies should companies put in place and who should be leading it, especially at small firms without a legal department?
Training and policies will depend upon the industry sector and corporate culture. A charity may wish its volunteers to blog about the charity while guarding against statements suggesting an affiliation with a political party. Law firms may prohibit staff from any online discussion of clients without prior approval of authorised management. Meanwhile, a priority of a recruitment consultancy is likely to be securing the online contacts of its consultants.
Internet policies need to cover the use of interactive social websites as well as use of email and access to non-interactive websites. In terms of generally applicable training and policy employees should be aware that they are personally responsible for their online posts and disclosure of confidential or sensitive information about employers should be prohibited. By identifying certain activities as gross misconduct, employers can attempt to reduce exposure to claims of unfair dismissal in the rare event that an employee's online behaviour requires serious disciplinary action. Employees also need to be made aware that their online communications while using the employer’s IT system may be monitored by the company to ensure compliance with the policy. Such monitoring is subject to data protection laws and employers also need to be aware of employees’ privacy rights in relation to personal emails. A clear escalation procedure and chain of responsibility can also ensure incidents are well handled by trained staff.