In a world where the use of social media has become part of all walks of life, employers must be switched on to the implications in the workplace.
Twitter alone has hit 50 million 'tweets' per day and Facebook has in excess of 750 million active users globally. Social media may be new, but it is here to stay and is increasingly adopted as a business and marketing tool. It is therefore vital that employers are equipped with an awareness of the associated risks along with a strategy for managing them.
In this article we explore the key issues for your organisation and provide our top tips for dealing with social media throughout the key stages of an employment relationship - from recruitment to termination, and beyond.
Recruitment
Employers are now incorporating social media into their recruitment process. We are seeing the creation of corporate Facebook pages that are accessible to applicants, employers researching candidates' online profiles or even actively seeking referrals using social media. In many cases employers are simply carrying out the same activities using a new medium, albeit in a more innovative way. There are also examples of candidates, particularly in the creative industries, using social media to approach prospective employers in a whole new dimension. The consequence is that new risks of exposure to legal claims have also been created.
Quality control is fairly easy to monitor and manage in a normal recruitment process. If you have employees 'tweeting' or 'linking in' with potential candidates every day it is much less so. It is essential that the ground rules are clearly set out in advance, including who has authority to publish on your organisation's behalf, so you have some kind of control over what is going out in the business's name. Therefore a clear and comprehensive policy of which employees are aware is crucial.
As with any recruitment process, it goes without saying that care must be taken not to unfairly filter candidates in a way which could lead to allegations of discrimination. However, as increasing numbers of candidates have an online presence, it is inevitable that profiles will be viewed before the interview stage, which can reveal information, including protected characteristics, not evident from an application form. Clearly, this may be of some concern to candidates with lax security settings and a lot of embarrassing photos, but employers need to ensure that interviewers are conscious of the risk of discrimination.
Finally, reviewing online profiles may also amount to processing data under the Data Protection Act 1998 if that information is relied on in the recruitment process. Yet it is unlikely that many interviewers who google a candidate before an interview have the Information Commissioner's Employment Practices Code in mind when they do so.
During employment
There are now approximately 30 million Facebook users in the UK alone. Given that number, it is inevitable that employees will be spending time accessing social media of some kind. Increased use of smartphones means that they may be doing so even if they are not using their work computer. This raises a number of issues for employers, including how to limit and monitor usage, and ensuring that interactions between employees are appropriate.
Access at work
Most employers will already have IT or communications policies, but it is imperative that these deal with employees' use of social media and, to some extent, their behaviour when using them.
Restrictions on usage may include a complete ban, a reasonable-use limit or limiting access to out-of-hours. Just as personal use of the telephone or photocopier while at work is abused by some, most employees tend to adopt sensible working practices. But not all do, and setting out the ground rules will avoid misunderstandings.
There have been a number of surveys on the amount of working time lost to social media and the cost to businesses: the consistent message is that a significant amount of time is lost in this way. Though social media is being embraced by companies in recruitment as well as in winning and maintaining business, they must also not overlook how their employees use it at work.
Bullying and harassment
Employees will also now be interacting with one another in a wide variety of ways which may be effectively invisible to their employer, for example tweeting one another or posting messages on each others' Facebook wall. In most cases, this is no more problematic than employees going to the pub together after work. However, not all employees will enjoy the morning after if the communications are inappropriate.
Online bullying has made headlines in relation to schoolchildren, but the potential is also clearly also there in the workplace. To avoid liability for online bullying or harassment of their employees, employers must take reasonable steps to prevent it. Employees must be made aware that any conduct towards a colleague which would be unacceptable face to face is equally unacceptable in electronic form and will result in disciplinary proceedings.
Anti-bullying and harassment policies will need to be adapted to take this on board to ensure that employees are aware that bullying or conduct capable of being bullying is still workplace misconduct, even where committed through personal social media and out-of-office hours.
Defamatory comments on social media sites
Where an employee makes a defamatory comment on a social media website, an employer can be vicariously liable if the employee was acting in the course of their employment, even if the actual posting itself has not been approved by the employer.
To manage this risk, any policy should contain unequivocal usage parameters. To avoid liability where, in principle, employees are allowed to make comments on social media sites, the employer would need to show that the posts or tweets in question were being made in an unauthorised manner and in such a way that the employee was clearly on 'a frolic of their own'. Employers may wish to require employees to have separate accounts for work and personal matters to minimise the possible blurring of boundaries between business and private life.
Basic disclaimers stating that the employee's views are their own and not those of the company are unlikely to assist where the employee is still holding themselves out as an employee of a particular organisation and has been authorised to tweet or blog from work.
Again, clear guidance is necessary for staff through policy documents that incorporate the risks and working practices of new media.
Online databases
Clear policy guidance should also be given and agreed with staff in relation to the ownership of contact details collated during the course of an employee's employment. Prior to new media, this was a relatively easy area to police, as such contact details would be stored on the work PC/database, laptop and mobile phone. The details would be under the employer's control or surrendered on termination.
However, such data is now likely to also be stored in new media outside of the employer's control/ownership, such as on a remote website like LinkedIn or a cloud server such as Dropbox.
A clear policy and contractual agreement should be put in place governing both how such data can be collated and asserting the employer's ownership over the same to prevent disputes post-employment (see below).
Termination of employment
Social media misconduct and damage to an employer's reputation
Case law in this area is new and developing, but the current position is that employers can fairly dismiss employees for acts of misconduct through social media, although of course the individual facts of each case should always be taken into consideration. While there can be no doubt that this will apply to bullying and harassment via social media, the cases currently making the headlines have been concerned with damage to an employer's reputation. Most recently we have seen reports on the case of Mr Rowat, who was allegedly dismissed by Argos following his return from holiday for posting on Facebook that he was 'back to the shambles that is work'.
In Preece v JD Wetherspoons plc, a pub manager was dismissed for gross misconduct after posting offensive comments about abusive customers who came into the pub where she worked. Such comments had been posted during her working hours.
Ms Preece's dismissal was determined to be fair even though she thought she had activated privacy settings on her account and she had been subjected to some very abusive behaviour by the customers. The employment tribunal felt that the penalty was perhaps harsh, but not outside the band of reasonable responses in view of the damage to her employer's reputation. The tribunal could not substitute its own view of what the penalty should have been. That there was an express policy in place forbidding this kind of behaviour and measures were also in place to support employees who had been subject to abuse from customers was also taken into account. It was also determined that, regardless of Ms Preece's belief about privacy settings, the postings were in the public domain. It is unknown whether Ms Preece would still have been dismissed had the posts been made outside of working hours, but, in view of the reputational damage caused, it seems likely.
Another important case regarding the public nature of postings on social media sites in this area is Pay v Lancashire Probation Service [2004]. Mr Pay, a probation officer, was dismissed when it was discovered that he was involved in sadomasochistic activities that were advertised on the internet. It was determined that this activity was inappropriate given the nature of Mr Pay's duties working with sex offenders and also that the public knowledge of such activity would be incompatible with his role and damaging to the employer's reputation. Mr Pay brought a claim before the European Court of Human Rights (ECtHR) and argued infringement of Article 8, Right to Private Life, and Article 10, Freedom of Expression, but the ECtHR found against him given the very sensitive nature of Mr Pay's work with sex offenders and the public knowledge of his activities that they considered could impair his ability to carry out his duties effectively.
Data ownership
All companies want to protect their confidential information, but they will now need to establish what is theirs before considering how to protect it. Social media, in particular LinkedIn, poses new problems for employers, as does the ease with which information can now be disseminated, whether intentionally or not. It can be printed, emailed, stored on a USB stick or even potentially shared with millions of other users on social media sites.
The use of 'sleeper' entries in databases, password protection and other protective measures will remain useful in some contexts, but do not assist in the new era of social media.
An employee's connections in LinkedIn, for example, may amount to confidential information. However, the proliferation of contact details available on the internet means that it will become more and more difficult for employers to establish that a contact list is indeed confidential information and, if so, whether a contact has been taken illegitimately.
A contact list, whether in Outlook, LinkedIn or a CRM system, will, in most cases, amount to a database for the purpose of the Copyright and Rights in Database Regulations 1997 (the Database Regulations) and the Copyright, Designs and Patents Act 1988. The issue of ownership of that database can be a thorny one, as most people now collect an ever-expanding list of digital contacts, which they fully expect to be able to take with them from one job to the next. This is nothing new, but it is now a lot easier for even the less organised to keep their contacts up to date. However, if an employee makes a database in the course of their employment, then the default position under the Database Regulations is that the database belongs to the employer.
A key difficulty arises with the intermingling of personal and business contacts and this issue was considered in Pennwell Publishing (UK) Ltd v Ornstein [2007]. In this case, involving a journalist, it was held that a contact list held on an employer's computer system was the property of the employer. The list included the details of both personal and business contacts and it was notable that some of the contacts pre-dated Mr Ornstein's employment and some were sources rather than clients. This decision provides some comfort to employers, but the court did stress that it would have viewed a list of journalistic contacts (as opposed to contacts useful for setting up a competing business), held separately, quite differently and stressed the need for clear and well-communicated policies.
The High Court also considered LinkedIn contacts in Hays Specialist Recruitment (Holdings) Ltd v Ions [2008], in which an employee transferred contacts from his work database to his LinkedIn account. The case was only looking at pre-action disclosure; however, it held that LinkedIn details should be produced as part of pre-action disclosure and that the allegation of breach of confidentiality could not be described as speculative.
There is no guarantee that an employee's connections on LinkedIn would be treated in the same way by the courts now as the practice of maintaining a network of contacts becomes increasingly widespread. In practice, it may well be that this is a tide that it is impossible to stem.
This article can only touch on some of the issues surrounding ownership of information and the difficulties posed by social media in this area but it does demonstrate how important express restrictive covenants will become in dealing with these difficulties.
Post-termination
Do traditional restrictive covenants go far enough? If not, how should they be adapted?
Restrictive covenants have to be drafted specifically to protect the legitimate business interest of the employer. If they are drafted too widely, they may go beyond what is reasonable and will not be enforceable. Employers need to be attuned to how social media can be used to assist competitors.
A prime example is where an employee updates their LinkedIn profile to show that they have a new job - does this amount to solicitation? This will depend on an assessment of what amounts to solicitation and ultimately how pro-active an employee has to be in order to solicit.
Authorities suggest that there is a difference between appealing generally for custom and directly appealing to previous customers of a firm. There would need to be evidence of a targeted approach and some form of intention to obtain business. However the line is narrow and it is, in practical terms, often very hard to prove solicitation. On the one hand, the very nature of social media sites such as LinkedIn are designed for making business contacts and so it could be argued that any updates are a form of targeted approach with an intention to do business. On the other hand it will be hard to demonstrate solicitation per se in the absence of anything other than a profile update with no specific words of invitation/direct contact.
To minimise risk of solicitation, and avoid expensive and time-consuming debates and potential litigation, employers should, where justified, also include non-dealing covenants in contracts of employment.
Solicitation circumstances (eg when profiles are updated) should also be expressly set out so that the employees are certain as to what will infringe their covenants although of course it remains to be seen whether these would be enforceable if challenged in the courts.
Employers may wish to take an even more radical approach and ask employees to surrender ownership or close down LinkedIn accounts or delete contacts from all social media sites and not reconnect with them for the prohibited period. However, this may be deemed too wide by courts if the contact with some clients is purely social.
It remains to be seen how such restrictions will be interpreted by the courts, but employers need to ensure that they are aware of these new forms of competition and that they have taken appropriate measures to deal with them as far as they are able.
Conclusion
The law in this area is changing constantly but still lagging somewhat behind the innovation in social media. For such reasons case law is still unclear on a number of key implications for the workplace.
While case law is established, our top tips for navigating the legal quagmire of social media are as follows:
- Implement and communicate a clear social media policy dealing with the creation of content in social media, access, ownership, manner of use, consequences of breach and what happens on termination.
- Consider whether IT and communications, anti-bullying and harassment, and disciplinary policies also need updating.
- Adapt restrictive covenants and confidentiality provisions to deal with abuse via social media following termination for new recruits and consider a review of existing staff contracts. This will require a notice and consultation process, but, in view of the risks inherent in new media, such changes are justified and would, subject to appropriate procedure, allow an employer to ultimately dismiss staff for not accepting the changes and immediately offering reengagement on the revised terms.
- Consider training for employees.
- Ensure that you have procedures in place on termination to recover all data and data storage devices.
- Take appropriate action to set an example - including disciplinary proceedings in the event of misconduct, the deletion of material and litigation where necessary.
By Nathan Donaldson, partner and head of London employment team, and Daniel Cotton, solicitor, DWF LLP.
E-mail: nathan.donaldson@dwf.co.uk; daniel.cotton@dwf.co.uk.
Hays Specialist Recruitment (Holdings) Ltd v Ions [2008] EWHC 745
Pay v Lancashire Probation Service [2004] ICR 187
Pennwell Publishing (UK) Ltd v Ornstein [2007] EWHC 1570
Preece v JD Wetherspoons plcET/2104806/10
DWF's writers can be reached via the DWF LinkedIn group 'In Touchº - Keeping In-House Lawyers Informed'.
