An Employer’s Introduction: Basic Risk Management And Social Media

In recent weeks, Internet giant Yahoo! received embarrassing publicity when an internal memo was published on social media. In other news, the Associated Press lost control of its Twitter account, which had a dramatic, albeit temporary, effect on the New York Stock Exchange. These events demonstrate the reach and danger of social media and why some businesses have adopted social media policies that go too far and violate state and/or federal law. This article will address several legal issues that businesses should consider when implementing social media policies as proactive risk management tools.

An effective social media policy should discourage the use of personal social media accounts while at work unless employees have an operational need to utilize social media platforms as part of their job description. If personal use of social media is permitted in some form at work, it should be limited to occasions where permission is secured from superiors. Employees should be cautioned that there is no reasonable expectation of privacy in the information submitted to social networking sites regardless of the privacy setting selected.[1] The social media policy should explain that employee use of company tools (phones, computers, telephones, etc.) may be monitored. Employers should emphasize that employees have no expectation of privacy while using company tools, even if the employees are logging in to personal accounts.

An effective social media policy should clarify who owns the social media accounts and related online contacts, such as Twitter “followers” or Facebook “friends.” Companies that employ social media tools need to define ownership of the accounts from the outset.

The importance of clearly defined account ownership agreements was made evident in the 2011 case of PhoneDog v. Kravitz.[2] PhoneDog, a mobile telecommunications technology company, terminated its employment contract with Noah Kravitz, an employee who utilized a Twitter account as part of his job. The Twitter username, or “handle,” that Mr. Kravitz used included the PhoneDog name, but after his employment was terminated, he simply changed the handle associated with the account and attempted to take the account and its 17,000 followers.

A dispute arose as to who owned the Twitter followers. PhoneDog did not have a policy addressing ownership of the social media accounts, much less the followers or friends associated with such accounts. The case highlighted the issue of whether the followers of a business-related Twitter account belong to the business. A prudent organization can avoid a PhoneDog-type dispute by clearly detailing the organization’s ownership of all social media accounts, usernames, followers, friends, etc. in a social media policy.

The National Labor Relations Board (“NLRB”), which is tasked with administrative enforcement of the National Labor Relations Act (“NLRA”), has taken a special interest in regulating social media policies and related employment interactions. Section 7 of the NLRA clearly gives employees the ability to engage in concerted activities “for the purpose of collective bargaining or other mutual aid or protection” (emphasis supplied). The “or other mutual aid or protection” language is of paramount importance because that language demonstrates that the concerted activities protections are not limited to labor union members. The concerted activities of all employees are protected.

The NLRB Office of the General Counsel has been particularly active in reviewing social media violations in recent years. Three important guidance memoranda have been published since 2011.[3] The memoranda demonstrate the NLRB’s zealous protection of employees’ concerted activities in the context of social media.

The NLRB guidance defines a concerted activity as “when an employee acts ‘with or on the authority of other employees, and not solely by and on behalf of the employee himself.’”[4] The NLRB struck down social media policy provisions that prohibit disclosure of “non-public” information or matters concerning individual privacy rights; that discourage “friending” co-workers; that require that grievances be addressed through internal procedures rather than online; that prohibit sending unsolicited communications to other employees; that restrict public discussions of personal opinions regarding work; that require that employees check with legal or human resources departments prior to posting online or communicating with the media; and that prohibit employees from taking part in government inquiries. These prohibitions and limitations were discussed at length in the NLRB General Counsel’s memoranda, which are an invaluable resource for employers.[5]

The NLRB guidance demonstrates that employees who engage in actual communications with co-workers with specific criticisms of the policies, wages, actions, etc. of their employer are engaged in concerted activities. Some social media posts are not protected under the NLRA even if they are describing work-related issues. An employee’s social media activities are likely unprotected if they reflect only individual views and not collective, work-related concerns.

Protected, concerted activities have been described as those activities that “relate to the terms and conditions of … employment or seek to involve other employees in issues related to employment.”[6] The activities must, generally, satisfy both elements before they are deemed protected. The NLRB is quite inclusive when determining if activities are protected. Non-specific complaints that are only loosely related to work and represent individual viewpoints alone are most likely to be deemed unprotected.

The most effective social media policies will be carefully tailored to meet the needs of the particular organization. All social media policies should have common-sense prohibitions against harassment, physical threats, interfering with the others’ work or engaging in illegal activities. The policy should require express, written permission before an employee speaks on behalf of the company, posts company-owned images, videos, or other materials, or links company websites to other social media activities. The policy should prohibit mentioning co-workers, clients, customers, stakeholders, and managers by name without consent. It should also instruct employees to make clear that their social media interactions do not reflect the opinions, views, or beliefs of the organization.

It is important to note that many organizations have been frustrated in their attempts to manage social media risks because many provisions, quite similar to those outlined above, have been struck down because they were overbroad. Overbroad provisions concern the NLRB because they have the effect of discouraging employees from exercising their rights under the NLRA. When drafting or reviewing a social media policy, it is imperative to use limitations to narrow the scope of provisions and demonstrate that the prohibited actions are not intended to infringe upon employees’ rights under the NLRA.

Other equally important state and federal legislation, such as the Stored Communication Act, Sarbanes-Oxley concerns and the Electronic Communications Act, affect this rapidly changing area of the law.

This topic, among others, will be discussed at the I-3 Insurance Summit, sponsored by the Federation of Defense & Corporate Counsel, in New York City from October 2-4, 2013. To register for the conference or learn more about the FDCC, visit www.thefederation.org.