Guest article: is social networking in the workplace a ticking bomb?
by Alistair Purdy, senior partner, Purdy FitzGerald Solicitors
As social networking and collaboration tools that started out in the home start to become more acceptable in the workplace it appears that the business environment as we know it is gradually changing. One thing is certain; a major change in business culture brings new risks. As social data is shared between increasing numbers of sites the question of ownership becomes almost impossible to track. Early signs indicate that employers and employees alike are convinced that they own their social data. Perhaps it is time to ask some pertinent questions. For example, does social networking at work carry hidden legal challenges for both individuals and companies with potential for conflict? Are advances in technology once again outpacing the legal system? And if so, to what extent may companies be sitting on a ticking legal time bomb?
The more business embraces social networking techniques to spread their messages and build their brands the more the dividing lines between personal and company data are becoming blurred. It is not unusual for a piece of information originating from one employee in one company to pass through various social networking sites becoming retouched as it does so. The legal position is at a very early stage of development.
To date legal cases involving disputes between employees and employers over who owns that data have tended to favour the employer. In an early case involved the UK arm of a US business to business media publishing group (PennWell Publishing v Ornstein) it was ruled that the employer owned the Outlook contacts of a former journalist employee even though this list contained both work and personal contacts some of which had been brought to the company by the employee. This blurring between work and personal data has since spread far and wide.
In another case (involving a former Hays employee) a recruitment consultant moved confidential contact information to his LinkedIn account. The court reported that the consultant had planned to set up his own company in direct competition using the contact database concerned. He had thought that once the contacts had been invited to connect to him and they had accepted on LinkedIn, their contact information ceased to be confidential because it had been seen by all his other contacts. This decision was one of the first to highlight the tension between businesses encouraging employees to use social networking websites for work but then claiming that the contacts and content remain confidential information at the end of their employment.
It is a sign of things to come. Sooner or later firms face the very real danger that employees or former employees will routinely contest data ownership issues in the courts.
An audit of 200 SMBs worldwide by the Internet filtering software company SpamTitan Technologies earlier this year revealed significant gaps in the measures firms are taking to protect themselves. Almost every company in the survey allowed Internet access and some social networking applications in the workplace. But while 76.4 percent said Web filtering, which helps companies define and manage policies for Web browsing at work, was important around half (49 per cent) of all respondents admitted not using one. At least 50 per cent of those without filtering said they were taking positive steps to secure themselves against the possibility of either attack or employee misunderstanding in respect of social networking applications. A further 16 per cent who had not yet done anything were intending to do something about it in the next 12 months. This still leaves a significant proportion doing nothing at all.
Developments taking place in the US and the EU could soon provide a greater legal imperative for companies adopt formal social media policies. One such initiative is 2015.eu which calls for a charter of individuals’ Internet rights and aims to entitle Internet users to demand their information is removed from company systems even if it was collected with their consent. Elsewhere the Federal Trade Commission (FTC) recently warned that even positive statements by employees in social media postings may constitute endorsements or testimonials and create liability for companies. With so much information being posted online and shared the boundaries will continue to become increasingly vague.
Companies need to introduce policies and procedures and deploy technology to help them manage every employee’s Internet usage at the individual level. We are in a new era and it is incumbent on every company to include a corporate social media policy alongside their social networking strategy. Without such clear social media policies many employees will be unaware of their rights and employers risk being drawn into costly legal wrangles with their employees over data ownership disputes.
It is important to take steps well in advance to protect yourself or company. Failure to do so will potentially leave firms with significant data ownership-related legal wrangles. To date legal cases involving disputes between employees and employers over who owns that data have tended to favour the employer, but as we have seen all that could be about to change. Companies need to get to a point where they have sufficient measures in place for managing employee behaviour at the individual level.