Social Media and the Workplace – Why and How Employers Should Limit the Use of Social Media in the Workplace
Sometimes, it is ok to be “antisocial.”
Social media has revolutionized the way people communicate and stay in contact with one another. But in the workplace, trying to “friend” an employee or sharing a photo with sensitive information in the background can create legal liabilities that employers may not have thought about before.
It is difficult to bridge the gap between encouraging a good work/life balance and promoting a positive work culture, with the potential liability of employees accidentally posting sensitive or confidential information. But the most effective way for organizations to protect themselves from the digital risks of social media in the workplace is to develop an “antisocial” policy that clearly outlines acceptable online use.
It is important to note that an employer has the legal right to limit an employee’s access to and use of social media while on the clock or from work-issued devices, but not while on break or off duty.
Here are some common risk factors and internal policy suggestions for companies to consider when crafting a social media policy:
“What’s That In the Background?” - Workplace Posts Can Lead to Data Leakage
Employees sharing photos of the workplace online may seem like an innocent enough pastime, but placing such photos on social media for the world to see may lead to an inadvertent data breach.
One of the most common risks associated with social media in the workplace comes from the inadvertent disclosure of confidential information through snapping pictures. For example, a friendly photo posted online of hospital employees celebrating a co-worker’s birthday party at work may unintentionally display a medical chart in the background, revealing a patient’s medical condition to the world and subjecting the hospital to an unexpected HIPAA violation.
A carefully crafted workplace social media policy should prohibit such workplace photo sharing on employee social media accounts. Further, making sure employees are fully educated about the potential risks of social media to the organization, fellow employees, and their clients or customers is a crucial part of any defensive effort by employers.
Location, Location, Location… It Can Reveal More Than You Intend
Whether “checking in” or sharing running routes and times logged via GPS smart watches, social media allows users to upload and share their location data – where they are, when, for how long, and their common travel patterns – with the world at large. Such location sharing can be particularly problematic for employers, particularly for those involved in sensitive industries – for instance, defense, national security, and critical infrastructure.
If an organization’s employees share their location information on social media, such posts make it easier for bad actors to determine where those employees work and can compromise workplace security. Even something as seemingly harmless as logging a running route and uploading it to social media via a fitness app can allow bad actors to track an employee’s routine movements.
An effective social media policy should deter employees from sharing their location information when they are in or around the workplace or traveling on official business to help protect employee safety and workplace security.
An employer typically wants to limit what the employee says about their work, the workplace, and about co-workers without discouraging positive comments about workplace culture. One way to tackle this is by developing contract terms and internal policies that cover how employees can discuss their work and the workplace on social media.
Internal policies serve as guides for acceptable employee behavior in the workplace, and can be used as a benchmark in disciplinary actions. Such policies can be used in tandem with enforceable employment contracts to limit employees’ ability to use social media while on the clock.
A collaborative contract might require employees to distinguish between personal and work-related online posts, as well as specifically state within a post that online views expressed are theirs and not those of the company.
Controversial or provocative online comments by employees can do more than damage a company’s reputation if they become widespread. They can damage the personal reputation and daily life of the employee, and negatively affect the workforce’s morale and sense of mission. Consequently, an organization should implement specific zero tolerance policies for certain language and activities on social media, including cyber-bullying and/or obscene or intimidating language.
An employer can use cease and desist letters to take down posts that violate its contractual terms and to prohibit specific disclosures (e.g. trade secrets). However, a fine line exists between prohibited disclosures and an individual’s First Amendment rights to voice his or her opinions, which is why social media policies and collaborative contracts need to be carefully designed with the help of counsel experienced in privacy and employment law.
Lewis Brisbois’ dedicated Data Privacy & Cybersecurity team can help your organization effectively combat the risks of data leakage via social media. Learn more about our team here.