Social media has changed the interactions between people and businesses. Even if your company does not participate in social media, your employees undoubtedly use it on their own time, creating potential liabilities. For companies that do engage in social media, various risks should be considered—from who owns a Twitter™ handle and followers (company or employee) to privacy breaches, to what happens when an employee bad-mouths a superior on Facebook.
The law is still developing, so companies should proactively protect themselves. One option is additional insurance coverage. There are various types of cyber risk policies available, and some include social media liabilities.
National Labor Relations Board Considerations
The National Labor Relations Board (NLRB) has guidance on employer social media policies. In reviewing various cases that were brought before it, the NLRB made it clear that it considers overly broad policies pertaining to employee social media use to be in violation of the National Labor Relations Act (NLRA) and, therefore, unlawful.
The NLRB is chiefly concerned with policies that overreach employer authority and impinge on an employee’s right to free speech and the right to organize. The NLRB holds that a social media policy is unlawful if it is ambiguous enough to lead employees to reasonably interpret that they are prohibited from participating in protected concerted activity.
The best way to avoid instituting an unlawful social media policy is to make sure it doesn’t contain overly broad terms. Terms that are not specific enough could be misinterpreted by employees as more restrictive than they are intended to be.
The NLRB considers a social media policy to be overbroad if:
- Employees could construe the language of a rule to restrict activities protected by the NLRA, such as free speech or the right to organize;
- A rule was created in response to union activity; or
- A rule has been applied in a way that restricts protected activities.
Though the NLRB’s guidelines have yet to be tested in a court of law, employers should attempt to adhere to them when creating a social media policy. The best way to protect your company is to have a comprehensive policy specifically addressing all relevant social media concerns for employees and providing clear examples of unfit behavior.
Drafting a Social Media Policy
When you start thinking about your social media policy, don’t think of it as a punitive document that outlines a framework for disciplining various infractions. Instead, think of it as a set of guidelines to help employees understand the issues and risks, and stay out of trouble—thereby keeping the company out of trouble. Consider including the following components in your policy:
- Employee bill of rights. This is a good way to start, so that employees feel that their personal rights are valued by the company.
- Emphasize that all employees have the right to use social media for self-expression on their own time.
- Include a right to digital privacy—that the company will not bypass the security or privacy settings of a social site to see employee content that is not publicly available.
- Explain what online harassment and bullying is, and that it is not considered acceptable by the company.
- Internal usage guidelines. This clearly defines use rights during work hours.
- Specify whether social media is allowed during work hours and whether employees can access it using company equipment. A compromise could be reached to allow employees to use social media during lunch and break times.
- If personal use is not allowed during work hours, specify what constitutes acceptable use for business purposes only.
- Include security rules and protocols for downloading files, videos, third-party software, etc.
- External usage guidelines. This can be a complicated issue, as is any issue regarding employee conduct outside of work hours. The law is still developing, but there have already been several high-profile lawsuits about whether a company can punish an employee for what is posted online. Because this area is especially problematic, be sure to have legal counsel review any language you select to implement an external usage policy for social media. Below are a few guidelines to consider:
- The line can easily blur for employees that use social media accounts for personal use and their company roles. Tell employees to use their best judgment and exercise personal responsibility as an ambassador of your organization, as there is a chance a colleague, manager or client may see information they post online. Offer specific examples of what should be considered inappropriate so that employees are unable to misinterpret this rule as restricting their rights under the NLRA.
- Include a clause that forbids employees from impersonating your organization, making statements on behalf of your organization without authorization or making statements that can be construed as establishing your organization’s official position or policy on any particular issue.
- Social media confidentiality and nondisclosure guidelines.
- Revealing any trade secret, confidential or client information online should be prohibited, even in a “private” forum or message, as the security of the site could be compromised.