Immediate Vault Immediate Access

Avoiding Social Media’s Legal Pitfalls

Social media is now a standard communications tool for businesses, with many companies regularly using Facebook, Twitter and other social networks to engage with the public. More and more businesses are hiring social media specialists whose sole responsibility is to be the company’s “voice” on these platforms. But this activity comes with risk for both the organization and the individual. The potential for any posting to be retweeted, shared or even go viral underscores the need to be aware of the rising legal risks associated with your business’s social media accounts.

Potential Defamation Lawsuits

The first tip for anyone engaged in social media on behalf of their business or employer is obvious, but not always followed—think before you post. Even if the tweet or post contains an unintended error and is deleted immediately, postings can still be pulled and reposted or retweeted by others. Once something is out there on social media, however, you’ll need to deal with the consequences. Although the laws surrounding social media are still developing, it is possible for a business to be hit with an expensive defamation suit based on a single posting or comment.

Since most posts on social media pages are generally shorter than what a business normally has the space to say in a traditional publication, sales pitch or marketing brochure, the lack of context can present a greater risk of defaming someone or another business. Think about it like this: If a customer comments on a business’s Facebook page asking about one of their competitors, an employee might reply that the competitor provides “untrustworthy service” without much context or explanation to back up that claim. Just those two words have the potential to spiral into a defamation suit if the competitor feels the comment was untrue and harmed their reputation. Since most online statements are brief, it would be more difficult in court for the person posting the comment to prove that he or she is entitled to the same legal defenses available to a traditional publication, even if the post was true or was an opinion rather than a statement. To minimize defamation lawsuit potential, every comment, posting, tweet or retweet should be completely factual and have a positive tone. It is not always possible to check every post before it is published, but anything potentially controversial should be read by another pair of eyes before clicking ”submit.”

Personal versus Professional

Another still-developing area of social media regulation is the distinction between personal and professional profiles or accounts. Businesses are legally accountable for anything tweeted, blogged, or posted on the company’s social media accounts. But this is where it gets complicated; it is possible for a company to also be held responsible for what an employee posts on their personal accounts, especially if it’s not clear to the reader whether they are speaking on behalf of the company or only for themselves. Here’s an example: An employee who works in the food industry posts a photo to his Twitter account of himself handling food in an unsanitary way. Even though the employee may have meant it as a private joke for his followers, any customer who sees the photo could sue that business for lack of training and unsanitary conditions.

To proactively prevent this type of situation, it is important for employers to have a social media policy outlined in their employee handbook. Depending on the business and applicable law, it may also be beneficial to establish upfront that employees’ public social media accounts may be monitored. It is also worth considering a handbook policy stating that any work-related posts on an employee’s private social media accounts are not allowed, and the violation of this policy could result in termination. Some organizations require employees who have personal Twitter or Facebook accounts to post a disclaimer in their “about me” section saying something along the lines of, “I work for X Company, but all posts reflect my personal views only.” This can potentially protect both the employee and employer should a lawsuit arise, but it is not a failsafe.

The rise of social media is bringing significant benefits to businesses, but they also need to be aware of potential legal pitfalls. As the laws regulating social media continue to develop, smart business owners and managers should be prepared to implement appropriate safeguards and policies to ensure that their business can sustain a 140 character mishap, should one occur.

To protect themselves from any potential lawsuits, companies should have adequate insurance coverage in place to address social media activities. Since most commercial general liability policies do not cover online content, it’s important to truly understand what activities your policy covers.

 

Online Exclusive: How to Protect Yourself on Social Media

Add Friend on Social Media

In the October issue of Risk Management, social media and eDiscovery expert Adam Cohen chatted with me about the biggest corporate risks in sites like Facebook and Twitter, and outlined some best practices for developing and enforcing a social media policy. But behind every account sits one major risk that’s hard to control: a person.

Not all of Cohen’s advice could make the magazine, so here are some of his extra tips for how to mitigate the risks of personal social media – both to protect your company and to protect yourself.

What should employees know about their personal social media accounts?

All employees need to recognize one thing: they shouldn’t have any expectation of privacy in information that they post on social media. Even if they think they’re limiting information to a select group of friends, this stuff can all be disclosed in litigation and there are many cases where courts have required so-called non-public social media information to be disclosed. It’s fairly routine at this point.

Many employers – certainly all the major companies – have specific social media policies that give very particular and clear direction to employees on what they can and can’t do when it comes to company information on social media. That extends beyond just corporate social media and includes anything they’re doing on social media that could impact the company. And many employers are going to take the position that they have the right to monitor employees’ social media.

How can employees protect themselves?

One of the key things employees need to do to protect themselves is only disclose information they would be comfortable disclosing to the entire world and they should not to go anywhere near business information. Being safe on this front may include publishing a disclaimer that an individual is not representing the views of the company. What else can they do? Follow the employer’s social media policy to the letter and, any time they have a question about whether one of their social media posts may be affected by the policy, they should ask. Most policies will provide a resource for questions, whether it’s a general counsel or a compliance officer or immediate supervisor.

Those are probably the main things: not having an expectation of privacy on social media and treating everything you post like it’s private, and following the policy to the letter and getting clarity and permission on anything that you think could be a violation of the policy.

As we’ve used social media more, do you think employees are using social media any more wisely?

I think it’s still too early to say that there are any improvements there. Litigation that involves social media as a factor in one form or another is just exploding. There is no information that would suggest in any way that employees have increasing awareness of this and are taking that into account when they go on social media.

What is the first thing you look for when trying to evaluate a social media account for potential liability or wrongdoing by an employee?

The first thing I would look for is the nexus between the social media and business information. Personal social media may be a concern from the perspective of the employee being seen as representing the company, even if it’s just sullying the reputation of the company – and that’s especially true the higher-ranking the employee is – but the first thing to look for is whether the employee discussing matters within the scope of their employment. And that’s difficult to monitor – the social media world is a big world, especially for a company with a lot of employees.

So then general personal misuse is relatively benign to you?

The other stuff is not benign at all. An employee who behaves in an inappropriate way on social media or is violating intellectual property rights, copyright or trademark of some other company – or, say, badmouthing a competitor – well, that’s not benign. If they’re engaged in criminal activity on social media or they’re defaming someone, that’s certainly not benign because they work for a company and that can impact the image of the company or lead to serious repercussions. That only gets more serious if you’re a prominent or higher-ranking executive. Is it benign? No, but you can’t control that.

Although, I should note, the National Labor Relations Board has said that employees have to be permitted to discuss their working conditions with other employees and that the employer can’t really control that, and if the social media policy purports to prohibit that discussion, the policy is not valid.

What is the most useful evidence in building a case against an employee?

Well, it depends on the kind of case, but social media has now been used as evidence in hundreds of cases. The most devastating use of it so far has probably been in the personal injury arena. Plaintiffs have made claims of disability and emotional distress and the defendant has been able to obtain discovery or has retrieved public social media that completely contradicts those claims – for example, a video of the complainant surfing. There are a lot of cases like that and that’s just an example of really devastating use of social media.

Who do you friend at work?

Well, you don’t friend subordinates – that’s a no-no. You can get yourself into all kinds of trouble there with people making claims about what kind of a relationship you have with them. You don’t friend people at work whom you don’t know – just as you don’t in your personal life. You shouldn’t assume that, just because this person works with you, they’re the kind of person with whom you want to be associated. You also don’t want to friend somebody who you don’t want to have access to your social media. If you have privacy concerns, you want to maintain the upper limits of your reasonable expectation of privacy, so don’t friend people you’re afraid might use that access against you in an invasion of privacy.

Twitter’s Data Mining Profits Show Lesser-Known Social Media Risk

Data Mining

In an interview for this month’s issue of Risk Management magazine, lawyer and social media specialist Adam Cohen cautioned businesses that the risks of social networking sites extend beyond explosive posting faux pas.

“In most cases, corporations don’t realize that what they put on these social media services is all subject to the privacy policies and terms and conditions of the services,” said the eDiscovery expert and author of Social Media: Legal Risk and Corporate Policy. “Those provide a shocking amount of access by the social media services where they may take your data.”

As Twitter prepares for its much-anticipated IPO, the social media giant has released a torrent of information on its financial standing and practices. One of the most important tidbits for users concerns the site’s lesser-known side-business: data mining. In the first half of 2013, Twitter made $32 million by selling its data—namely, tweets—to other companies, a 53% increase from the year before.

So far this year, the company has raked in $47.5 million from selling user data to companies that analyze the social media posts for insights into news events and trends. Because of its real-time nature, Twitter is the primary contributor to data mining, though other social networks are frequently used in professional analysis.

This analysis is then sold to businesses for a slew of uses. “The types of ways that businesses are using Twitter data has gone deeper and deeper,” Chris Moody, the CEO of original Twitter data mining company Gnip, told Time. “We’re seeing it in supply chain and inventory management. It’s not just consumer brands that are engaging on Twitter.”The United Nations uses Twitter algorithms to pinpoint areas of social unrest. Burger chain Five Guys used “social intelligence technology” from New Brand Analytics to monitor quality in restaurants across the country and evaluate the appeal of a new fry size offering. Wall Street subscribers to one service, Dataminr, got a leg up on the S&P Index drop following the Navy Yard shooting. Five minutes before the news broke, users received an alert to take action after the company’s algorithms picked up on eyewitness reports and deduced from their timing, influence, and location that something urgent was taking place.

Clearly, there’s money to be made on both sides. According to the Wall Street Journal, the “social listening” business is booming, partially funded by millions of dollars in venture capital. Research firm IDC estimates that the entire “big data” market has grown seven times as quickly as the information technology sector as a whole, and may be valued at $16.9 billion in two years.

Data is mined for a variety of purposes – ones your company may even want to explore – but while there are benefits to the ends, the means translate into cyber exposures of which you may never know the details or depth. While the reputational risk of social media garners a lot of the attention – and rightfully so – there are increasingly tremendous exposures that lay in the forms just to sign up. With Twitter going public, there will only be further incentive to maximize revenue by selling user data, and more reason to approach corporate social media with caution.

Making Sense of Social Media Risk

Social media is everywhere. In only a few years, Facebook, for instance, went from being an exclusive network for college students to a dominant social platform with more than 600 million active users. Twitter went from being a cartoon sound effect to a communication network of choice for more than 200 million users. It has reached enough critical mass that the RIMS 2011 Twitter feed has been on display for the first time this year at the RIMS booth in Vancouver. Tweets with the #RIMS2011 hashtag have been coming fast and furious.

But while the rewards of increased customer access are well known, many risk managers are unsure of the threats that social media presents to their businesses. In a standing room-only session at RIMS 2011, entitled “The New World of Social Media: Business and Legal Risks,” Chad Jackson, director of risk management at FedEx, Rennie Mazzi, managing director at Marsh and attorneys Melissa Krasnow of Dorsey & Whitney and Tamara Russell of Barran Liebman, helped educate attendees about those risks.

According to Russell, social media risk is difficult to quantify because employment and labor law have yet to catch up to the reality of its application. One of the more interesting areas of concern that she brought up is the seemingly innocuous practice of Googling a prospective employee—a practice that is actually anything but innocuous since it could run afoul of discrimination laws. Employers could be liable because Googling an applicant is the equivalent of “asking” questions you wouldn’t (and shouldn’t) ask in an interview. Russell’s recommendation is to make sure what you are looking for is pertinent to that person’s employment. “Don’t go overboard and be prepared to backup why you searched,” she said.

Social media policies are one solution but in many cases existing communications policies may already cover some of these areas. Krasnow pointed out that it’s not enough to simply have a policy–you have to be able to implement and enforce it.

Jackson, an admitted social media neophyte, suggested that you don’t have to be an expert to take advantage of what social media has to offer. Risk managers need to come up with a philosophy that fits their business, establish consistent guidelines for the use of social media from both a company and employee standpoint and consider using risk management tools like online activity tracking software to help monitor social media outlets for information relevant to the organization.

Social media can seem like a chaotic mess, but it can’t be avoided. The key, as summed up by Mazzi, is finding a way within your company to “enable the chaos.”

For a more in-depth look at social media risk, check out the multi-part cover story in the October 2010 issue of Risk Management.