Tips to Handle the Risks of Social Networks
It is time for companies to take their blinders off. Social networking is not going away. You can choose to embrace it now or wait until your company is the last one in. Either way, your company will use social networking at some point. Why wait?
If your answer is that there is legal risk, I would submit that this is a poor answer. Most activities carry legal risk and our job as lawyers is to help our clients manage those risks. Moreover, the risks that come from social networking are manageable. This article will help you accomplish this.
The “risk” issue reminds me of when Internet email was hitting corporate desktops in the 1990’s. Companies engaged in what today seem like nonsensical debates about whether employees needed email. Of course, they did. Similarly, they worried about legal risk in the face of unknown law. Sound familiar?
I remember writing a column in the 1990’s where I said that virtually every employee with a telephone on their desk would have email access within five years. That was one prediction I got right.
Now I have a new prediction. Within two years, virtually every company will be using social media like LinkedIn, Facebook, Google+, and Twitter to promote itself. Does your company really want to be last in?
Reining in Risk for the Enterprise
Most commentators would acknowledge that social networking for the enterprise is not without risks. In fact, it is like any other public forum and carries most of the same risks. Some of the issues that your company needs to consider include copyright infringement, trademark violations, litigation related issues, advertising and employment law, and privacy.
The starting point of any legal analysis of any issue involving the Internet is that the Internet is not the Wild West. Rather, it is a forum that is at least as regulated as any newspaper.
The problem is that like any new technology, new law trails the development of the technology. After all, nobody regulates technology that is yet to arrive.
And “new” is where we are with social media in that the law is still developing. Thus, as we had to do with the Internet generally in the 1990’s when “Internet Law” was still in its infancy, we must look to current law and use common sense to apply it by analogy to social networking. (The problem is the concept of “common sense” since “law” has been described as “common sense as modified by the legislature and courts.”)
Some of the analogies are easier than others. For example, it is certainly clear that your company cannot use material created by others in violation of general copyright law. The Digital Millennium Copyright Act (“DMCA”) is yet another Federal statute that is relevant to social networking. The DMCA could require that your company promptly take down material from a social networking site it controls whether an employee or third party posted the infringing content[1].
Likewise, your company’s social networking posts must be sensitive to trademark law. If your trademark analysis says that your company could not use “Coke’s®” logo in a company brochure, you could not use it on your company’s blog. This is the common sense part.
Another easy one is in the area of litigation. There can be no doubt that if your company has a litigation hold in place for whatever reason, this hold would also apply to all social media. Thus, your company may not erase a blog post that is relevant to litigation although common sense says that it would be wise to remove public access to a problematic post.
Another area of concern is advertising law. It is certainly “common sense” to assume that the Federal Trade Commission act, which bans unfair and deceptive trade practice[2] and the CAN-SPAM Act[3], which regulates “spam” are relevant to the world of social media.
Using copyright and trademark concerns, litigation holds, and advertising and employment law as mere examples, you can begin to see the importance of training your employees. It goes without saying that they are the actors for your company and that their lack of training and sensitivity to these issues is your nightmare waiting to happen.
You must dispel the myths about the “Wild West.” In an online environment where the entire world might see a social networking post, you certainly do not want employees posting things like, “Our only competitor is a thief” because lo and behold defamation law applies to social networking activities. (That is unless you really want to go down the truth is an absolute defense to libel path. I will go out on a limb here and guess that you do not.)
Employees’ Personal Social Networking
A whole other area of concern for your company is how your employees use social networking outside the office. After all, they have personal accounts on Facebook, LinkedIn, Twitter, Google+ and others. They may not understand that what they say on their personal Facebook account could haunt their employer and them.
If your company does not already have a social media policy in place, you are late at getting there. However, you can begin rectifying that today and you should. A great example of a personal blog policy is one Yahoo developed.[4]
Among the most important concepts in the Yahoo policy is that any employees who identify themselves as Yahoo employees “should notify their manager of the existence of their blog just to avoid any surprises.”[5] Knowledge is power and your company can mitigate the risk employees create online by merely knowing the post is there. You should encourage this notice.
While many companies may want their employees promoting their business in their personal LinkedIn and Facebook accounts, it is important to sensitize employees to the fact that when they speak on behalf of their employers on a personal social networking page, they are putting their employer at legal risk just as if they were posting on the employer’s “official” LinkedIn page. This may not be obvious to the average employee who may think that different rules apply on a personal social networking page. It is the same theme yet again. It is all about training.
Monitoring Employees’ Online Activities
Many companies have started to monitor their potential and current employees’ online activities. The fact is that people will post “remarkable” stuff online for all to see. Many companies will look at that “remarkable” stuff and choose to pass on a potential hire or consider terminating an employee over online posts.
It can be hard to feel sorry for someone who “friends” his boss on Facebook and posts, “My boss is an incompetent fool.” (“Oops. I forgot he was among my friends.”) Still, it is important for your company to have a written policy in place that clearly states that the company does and will continue to monitor social networking activities for posts the company reasonably deems inappropriate. Further, this policy should make it clear that termination is among the possible consequences for inappropriate activities.
A bit of caution is in order when monitoring personal activities online because some states including New York have laws that prohibit an employer from punishing an employee due to legal leisure time conduct[6]. Nonetheless, many think that it is a best practice to monitor employees’ online activities while being aware of the parameters for action set by statutes or otherwise.
Embrace but Understand
If your company has not yet jumped headfirst into using social networking to its advantage, it is time to do it. This should be about as obvious as the need for a corporate website should have been in 1996.
While it is true that the law can be murky with social networks, with some education, training and supervision, you could and should minimize those risks. Do not permit yourself to be a nay-saying lawyer fearful of new technologies. If that is you, hire an outsider to assist. Do whatever it takes. Just do it.
[1] 17 U.S.C. § 512.
[2] 15 U.S.C. § 45
[3] 15 U.S.C. Chapter 103.
[4] Yahoo! Personal Blog Guidelines: 1.0, available at http://jeremy.zawodny.com/yahoo/yahoo-blog-guidelines.pdf (last visited October 4, 2011).
[5] Id.
[6] N.Y Labor art. 7 § 201(d) (LAB).