In the October issue of Risk Management, social media and eDiscovery expert Adam Cohen chatted with me about the biggest corporate risks in sites like Facebook and Twitter, and outlined some best practices for developing and enforcing a social media policy. But behind every account sits one major risk that’s hard to control: a person.
Not all of Cohen’s advice could make the magazine, so here are some of his extra tips for how to mitigate the risks of personal social media – both to protect your company and to protect yourself.
What should employees know about their personal social media accounts?
All employees need to recognize one thing: they shouldn’t have any expectation of privacy in information that they post on social media. Even if they think they’re limiting information to a select group of friends, this stuff can all be disclosed in litigation and there are many cases where courts have required so-called non-public social media information to be disclosed. It’s fairly routine at this point.
Many employers – certainly all the major companies – have specific social media policies that give very particular and clear direction to employees on what they can and can’t do when it comes to company information on social media. That extends beyond just corporate social media and includes anything they’re doing on social media that could impact the company. And many employers are going to take the position that they have the right to monitor employees’ social media.
How can employees protect themselves?
One of the key things employees need to do to protect themselves is only disclose information they would be comfortable disclosing to the entire world and they should not to go anywhere near business information. Being safe on this front may include publishing a disclaimer that an individual is not representing the views of the company. What else can they do? Follow the employer’s social media policy to the letter and, any time they have a question about whether one of their social media posts may be affected by the policy, they should ask. Most policies will provide a resource for questions, whether it’s a general counsel or a compliance officer or immediate supervisor.
Those are probably the main things: not having an expectation of privacy on social media and treating everything you post like it’s private, and following the policy to the letter and getting clarity and permission on anything that you think could be a violation of the policy.
As we’ve used social media more, do you think employees are using social media any more wisely?
I think it’s still too early to say that there are any improvements there. Litigation that involves social media as a factor in one form or another is just exploding. There is no information that would suggest in any way that employees have increasing awareness of this and are taking that into account when they go on social media.
What is the first thing you look for when trying to evaluate a social media account for potential liability or wrongdoing by an employee?
The first thing I would look for is the nexus between the social media and business information. Personal social media may be a concern from the perspective of the employee being seen as representing the company, even if it’s just sullying the reputation of the company – and that’s especially true the higher-ranking the employee is – but the first thing to look for is whether the employee discussing matters within the scope of their employment. And that’s difficult to monitor – the social media world is a big world, especially for a company with a lot of employees.
So then general personal misuse is relatively benign to you?
The other stuff is not benign at all. An employee who behaves in an inappropriate way on social media or is violating intellectual property rights, copyright or trademark of some other company – or, say, badmouthing a competitor – well, that’s not benign. If they’re engaged in criminal activity on social media or they’re defaming someone, that’s certainly not benign because they work for a company and that can impact the image of the company or lead to serious repercussions. That only gets more serious if you’re a prominent or higher-ranking executive. Is it benign? No, but you can’t control that.
Although, I should note, the National Labor Relations Board has said that employees have to be permitted to discuss their working conditions with other employees and that the employer can’t really control that, and if the social media policy purports to prohibit that discussion, the policy is not valid.
What is the most useful evidence in building a case against an employee?
Well, it depends on the kind of case, but social media has now been used as evidence in hundreds of cases. The most devastating use of it so far has probably been in the personal injury arena. Plaintiffs have made claims of disability and emotional distress and the defendant has been able to obtain discovery or has retrieved public social media that completely contradicts those claims – for example, a video of the complainant surfing. There are a lot of cases like that and that’s just an example of really devastating use of social media.
Who do you friend at work?
Well, you don’t friend subordinates – that’s a no-no. You can get yourself into all kinds of trouble there with people making claims about what kind of a relationship you have with them. You don’t friend people at work whom you don’t know – just as you don’t in your personal life. You shouldn’t assume that, just because this person works with you, they’re the kind of person with whom you want to be associated. You also don’t want to friend somebody who you don’t want to have access to your social media. If you have privacy concerns, you want to maintain the upper limits of your reasonable expectation of privacy, so don’t friend people you’re afraid might use that access against you in an invasion of privacy.