Article:  How to Create Effective Social Media Policies

We originally published this article in 2014, excerpting it from a March 13, 2014 presentation made by Scott L. Vernick, Esq. at the Business Insurance Risk Summit. It was recently cited in the December 2017 issue of Security Management magazine.

How Popular is Social Media? By the numbers…Social media policies

  • #1: Social media is the most used activity on the web.
  • 2 hours: The average time spent on social media per day.
  • 3 out of every 4 adults use some form of social media.
  • 55-64 year-olds make up the fastest growing users of Twitter.
  • 65% of time spent on social media happens on mobile devices.
  • 72 of the 75 industries represented in the Fortune 500 use Facebook & Twitter.
  • 20 billion minutes are spent on Facebook every single day.

BUT, only 40% of companies have a formal social media policy.

Sources: Business Insider, Marketing Charts, Pew Research, FastCompany, Mashable, Forbes, TechCrunch, SHRM

Sampling of Popular Social Media Brands

  • Multiply
  • Instagram
  • Flickr
  • YouTube
  • SnapChat
  • Tumblr
  • Vine
  • Facebook
  • Twitter
  • LinkedIn
  • Pinterest
  • Myspace
  • Google Plus +
  • DeviantArt
  • VK
  • LiveJournal
  • Tagged
  • Orkut
  • CafeMom
  • Ning
  • Meetup
  • myLife
  • Classmates

Social Media –The Good News

  • Used correctly, social media can advance online commerce, build business relationships and facilitate internal collaboration.
  • Mobile commerce (sales transacted through mobile devices) yields $85 billion in sales worldwide.
  • Approximately 87% of all Fortune 100 companies use at least one social networking site.
  • According to Forbes.com, 78% of consumers say that the posts made by companies on social media influence their purchases.
  • Using social media boosts website traffic:
    • 185% lift in web traffic after achieving 1,000 Facebook likes.
    • Businesses with 51 to 100 Twitter followers generate 106% more traffic than those with 25 or fewer followers.

Sources: Internet Retailer, mediabistro, Business 2 Community

Social Media –The Bad News

  • Accessibility to social media may lead to workplace misconduct:
    • Violations of privacy laws, including the Computer Fraud and Abuse Act, the Electronic Communications Protection Act, the Stored Communications Act and similar state laws.
    • Disclosure of trade secrets, misappropriation of confidential and proprietary information, and misuse of intellectual property.
    • Title VII exposure (for comments based upon race, gender, age, sexual orientation and similar subjects).
    • Defamation, harassment and violence.
    • Pornography/obscenity.
    • Violations of labor laws.
    • Unauthorized and deceptive endorsements.
    • Employee gripe sessions which damage morale.
    • Slacking (excessive use of social media).
    • Violations of other workplace policies.

Potential Issues

  • Using social media in hiring and pre-employment screening.
  • Employer liability for harassing, false and/or defamatory posts by employees.
  • Monitoring employees’ social media activities.
  • Accessing employees’ public profiles.
  • Accessing employees’ restricted/password-protected profiles.
  • Restrictions imposed by the National Labor Relations Act.
  • Drafting effective social media policies.
  • Drafting effective “bring your own device” policies.

Using Social Media in Hiring and Pre-employment Screening

  • More than a third of all companies use social media to screen potential candidates.
  • In 2013, 43% of all hiring managers who have used social media to screen potential candidates have found something that has caused them not to hire a candidate. This is an increase of 9% from 2012.
  • Top 3 Disqualifiers: (i) provocative or inappropriate photos; (ii) information about applicant drinking or drug use; and, (iii) bad mouthing previous employers.
  • Remarkable how many employees are not accurate about their credentials. According to the Society for Human Resource Management, 53% of résumés contain discrepancies.

Sources: Forbes, CareerBuilder

Why should you care?

  • By using social media, employers might learn information that is unlawful to consider in making an employment decision, including:
    • Race, religion, national origin, age, reproductive status, marital status, disability and sexual orientation.
  • An inconsistent use of social media and lack of uniformity in research techniques can open employers up to challenges to their hiring practices.

Recommendations

  • Create internal procedures for making employment decisions based on online research and social media to avoid or minimize potential liability.
  • Follow these internal procedures and be consistent about what information is gathered from social media sites.
  • Keep records of information from social media sites reviewed and used in any employment decision. Note that “selective checks” (e.g., using social media data for some applicants but not others) pose a risk of liability.
  • Use someone not involved in the hiring process (i.e., an outside vendor) to conduct the review and filter out any “protected class” information (e.g., race, religion, national origin, age, reproductive status, marital status, disability and sexual orientation) while providing only lawful information for consideration in hiring.

The use of social media in pre-employment screens may have Fair Credit Reporting Act (FCRA) implications:

  • For outside vendors, providing social media data to employers may give rise to liability under the FCRA. See United States v. Spokeo Inc., No. CV12-05001, (C.D. Cal., 2012) (social media data that is sold to employers and used for pre-employment screening purposes may fall within the definition of “consumer report” and trigger FCRA obligations).
  • Employers should consider requiring indemnification from any third-party provider of social media information as a shield against potential liability under FCRA, privacy and discrimination laws, and copyright statutes.
  • Employers are not “consumer reporting agencies” requiring authorization from a potential employee. But, it is a good practice to disclose when social media will be searched and get signed FCRA authorization forms from candidates.
  • After getting signed FCRA authorization forms, employers may conduct background checks as part of the hiring process.

Employers should not:

  • Attempt to bypass a person’s privacy settings in collecting social media information about a candidate (e.g., creating a fake account to gain access to a candidate’s private social media profile).
  • Conduct background checks using social media sites for any reason, unless and until you receive a signed release from the candidate.
  • Make employment decisions based upon a candidate’s “off duty” but otherwise lawful conduct (such as tobacco or alcohol use), which employers are generally prohibited from considering.
  • Assume that others in your company (i.e., managers) are not using social media data to screen candidates for employment even if your company has no official policy on it. Their actions may implicate FCRA and create additional grounds for liability.

Employer Liability For Harassing, False, and/or Defamatory Posts By Employees

  • If an employee posts allegedly harassing, false and/or defamatory information about another employee on a social media site, is the employer liable for that content?
    • Possibly. Factors that will be considered:
  • Was the company aware of the postings? Should it have been aware?
  • Is the activity part of a pattern of harassment in the workplace?
  • Does the company derive any benefit from the social media activity?
    • Solution: Make clear in your social media policy that it applies to social media activity related in any way to the company’s business, employees, customers, or competitors.

Monitoring Employees’ Social Media Activities

•Is an employer obligated to monitor its employees’ off-duty social media activity?

–Probably not . . .

•In Maypark, et al. v. Securitas Security Services, et al., 775 N.W.2d 270 (Wis. Ct. App. 2009), the Court held that employers “have no duty to supervise employees’ private conduct or to persistently scan the worldwide web to ferret out potential employee misconduct.”

–BUT, an employer cannot ignore harassment at the workplace, including harassment in social media, and other illegal conduct.

•In Blakey v. Continental Airlines, Inc., 751 A.2d 538 (N.J. 2000), the Court held that, if the employer had notice that its employees were harassing other employees on social media sites, then “the employer would have a duty to remedy that harassment.”

•In Doe v. XYC Corporation, 887 A.2d 1156 (N.J. Super. Ct. 2005), the Court held that “an employer who is on notice that one of its employees is using a workplace computer to access pornography, possibly child pornography, has a duty to investigate the employee’s activities and to take prompt and effective action to stop the unauthorized activity, lest it result in harm to innocent third-parties.”

Recommendations Regarding Monitoring Employees’ Off-Duty Conduct

–Employers should monitor its employees’ off-duty conduct whenever there is a legitimate business reason for the monitoring because . . .

•Helps prevent discrimination and harassment.

•Helps prevent disclosure of confidential information.

•Helps prevent defamation and disparagement.

•Could be a good way to keep up on what your employees are thinking and saying.

•Helps to protect the goodwill of the company.

•Prevents liability for criminal conduct (i.e., cyber-stalking, cyber-bullying).

Accessing Employees’ Public Profiles

•Can an employer access an unrestricted (public) profile?

Moreno v. Hanford Sentinel, Inc., Cal.App.4th (2009)

•A college student, Cynthia Moreno, posted an “Ode to Coalinga” on her social media account, which contained some extremely unflattering and negative commentary about the town and those who lived there.

•The local paper got a hold of, and published, the “Ode.” Moreno and her family then received death threats and eventually left town. They later sued for disclosure of what they viewed as “private facts” (the Ode).

•The case was dismissed because Moreno’s posting made “ . . . her article available to any person with a computer and thus opened it to the public eye” and “her potential audience was vast . . . .”

–Answer: Likely, yes. That which has been placed in the public domain is not off limits for an employer to review.

Accessing Employees’ Restricted/Password-Protected Profiles

•Can an employer access a restricted profile?

–The short answer is NO.

Pietrylo v. Hillstone Restaurant Group, CIV.06-5754(FSH), 2009 WL 3128420 (D.N.J. Sept. 25, 2009)

•Employees of a restaurant created a group MySpace page “ . . . to vent about any BS while at work without any outside eyes spying in on us . . . . ”

•A manager learned of the site and requested an employee’s log-in ID and password to the site, which he ultimately received. The employees were then fired for damaging morale and for violating the restaurant’s “core values.”

•The Court concluded that the employer coerced the employee into giving her private log-in ID and password information.

–There are currently 26 states that have enacted or proposed legislation that restrict employer access to an
employee’s restricted profile.

Restrictions Imposed By The National Labor Relations Act

•Does the National Labor Relations Act (NLRA) have implications for social media?

–Background on the NLRA:

•The NLRA applies to both union and non-union companies.

•Under Section 7 of the NLRA, employers cannot impede an employee’s right to engage in “protected activity” (e.g., discussion of wages, complaints about working conditions/safety, or conduct that can be reasonably construed by employees as a restriction on these activities). These rights are referred to as Section 7 rights.

•The NLRA is enforced by the National Labor Relations Board (NLRB).

–Are social media posts “protected activity” under the NLRA?

•Statements made by employees in social media can, arguably, be entitled to protection under Section 7 as “protected activity” if the employee is using social media to discuss wages, benefits, or work conditions.

Overbroad social media polices violate the NLRA

•In Karl Knauz Motors Inc., 358 NLRB No. 164 (2012), the NLRB held that a car dealership’s “courtesy” rule in its employee handbook violated the NLRA because: (i) the policy prohibited disrespectful or profane language harmful to the business; (ii) the policy was overbroad because employees would reasonably believe that it prohibited statements of protest or criticism of the employer; and, (iii) the policy interfered with employee rights under the NLRA.

–Examples of overbroad social media policies:

•“The company prohibits disparaging, discriminatory or defamatory comments when discussing the company, the employee’s superiors, or co-workers.”

•“Without prior consent, employee may not participate in social media that disparages, misrepresents or negatively impacts employer.”

•“Behavior considered unacceptable, may result in disciplinary action, including but not limited to, carrying of tales, gossip and discussion regarding company business or employees . . . .”

•Employers cannot discharge an employee for social media posts that trigger Section 7 rights.

–In Hispanics United of Buffalo Inc., 359 NLRB No. 37 (2012), the NLRB held that the employer’s termination of five employees for posting negative remarks about their jobs on Facebook violated the NLRA because: (i) the employees’ posts were about productivity in the workplace (i.e., whether certain employees were working harder than others); and, (ii) the “employees have a protected right to discuss matters affecting their employment amongst themselves.”

•There are limits to Section 7 rights.

–Employee’s profanity-based comments about the company and her supervisor on Facebook in which she allegedly told her supervisor to “back the freak off” constituted unprotected “boasting and griping.” See NLRB Advice Memo in Tasker Healthcare Group d/b/a Skinsmart Dermatology (May 8, 2012).

–Employers should consider the following questions in determining whether a social media policy violates the NLRA:

•Does the employer’s social media policy restrict discussions about collective bargaining, wages, corrective actions and discharge of coworkers, employer investigations, or working conditions?

–Any such restrictions may result in an NLRA violation.

•Does the policy prohibit communication with certain people or categories (e.g., other co-workers, union representatives and the media)?

–Does the policy prohibit conversations with anyone, including coworkers?

•If yes, then the policy is likely overbroad.

•The policy is also overbroad if it tends to chill employees’ rights to discuss work conditions with fellow co-workers.

–Was an employee using social media to engage in an individual gripe?

•If yes, the employer may regulate the conduct.

•But, if the “gripe” was a continuation of a previous group grievance, then regulating the conduct may violate the NLRA.

Drafting Effective Social Media Policies: Considerations to Keep in Mind

•Generally, what are the considerations to keep in mind when drafting a social media policy for the work environment?

–Outline a social media strategy that fits your business objectives, then craft a policy that fits these needs.

Recommendations

•Zappos.com (recruits employees through social media and allows social media on the job as long as the customer’s needs are met).

•Green Bay Packers (social media equals distractions; it is banned at work).

–Why have a policy?

•Social media issues are becoming more prevalent.

•Legislation about employer access to employee social media accounts has been introduced or is pending in at least 26 states in 2014. Many of these laws protect employee privacy with respect to their social media accounts.

•A clear policy setting forth the parameters of proper social media reduces the risk of liability.

Recommendations

–Determine the policy that best fits your company’s needs. No one policy is perfect:

•Determine what can be accessed and the limitations of use. Consider whether social media is: (i) allowed for approved use during work; (ii) not allowed during work (e.g., no social media while on the clock or while on company computers) but allowed for approved use outside of work; or, (iii) prohibited for all work-related use.

•If allowing personal use during work time, clearly set out the limitations.

–Define prohibited conduct and state that violations will result in disciplinary action.

•State that offensive, demeaning, defamatory, discriminatory, harassing, abusive, inappropriate, illegal remarks, or personal gripes are prohibited.

Do not prohibit protected activity under NLRA

•Employees have the right to post or carry on conversations on social media sites regarding wages and working conditions.

•The policy should be clear and specific so as not to trigger NLRA liability. Provide examples so as to further clarify the policy.

–Be consistent with existing policies.

–Reduce expectation of privacy.

•Clearly state that there is no expectation of privacy in use of social media or communications prepared on a company computer, even if deleted.

•Employees use of social media can and will be monitored (even personal use).

Create limitations on use of:

•Company name in posting or identity.

•Limit use and/or mention of competitors, employees or clients in postings.

•Prohibit posting of confidential, proprietary, and trade secret information.

•Employees can blog on their own time but remind them to comply with the terms of use for their sites and to refrain from exercising their personal opinions in a way that can be construed to be the company’s opinion.

Explain who owns certain material.

•Explain what materials belong to the company and what belongs to the employee. (e.g., posts on topics unrelated to the business typically belong to the employee).

•Prohibit unauthorized dissemination of company material.

On March 26, 2014, “Creating Effective BYOD (Bring Your Own Device) Policies” by Scott L. Vernick will be published.

Scott L. Vernick is a partner at Fox Rothschild LLP and a nationally ranked trial lawyer. He represents Fortune 500 companies in commercial litigation matters that focus on technology, intellectual property, health care, privacy and data security.