Cyber liability and social media policies

By Jeff Jones
Special to the UCBJ

Social media is everywhere in the 21st Century, including the workplace, and there are pros and cons to its use in that setting. Popular social media platforms such as Twitter, Facebook, Instagram, and Snapchat are widely used by employees and employers today. How can this technology be useful to employers? On the contrary, how can it be harmful? What is it that employers should know and do to protect themselves?

Some of the benefits that social media can bring to employers are marketing profitability, ease of recruiting/hiring, and betterment of employee relations. Over 70% of job seekers are looking online. In addition, over 75% of millennials found jobs through social media. Social media also gives the employer a wealth of accessible information to make recruiting/hiring decisions. Inc. Magazine published on Jan. 9, 2020, that 54% of employers declined to hire someone because of information found on social media, and the same article reported that 44% of employers had found information on social media that influenced in favor of hiring.  

 Some negative aspects of social media in the workplace are that employees can use it as a platform for criticism and complaints about management and/or the company, as well as to post inappropriate comments, and harass others. The use of social media in the workplace can also expose the company to data breaches. 

When deciding whether to use social media in connection with hiring, there are several key factors that employers should consider. Hiring managers should designate one person within HR or risk management to conduct these social media searches, and then share the relevant information with the hiring manager/team. Additionally, searches do not need to be done for all hires but should be consistent across the board – the same search process should be used with all candidates. It may be worthwhile to consider a non-decision maker to filter out prohibited information, and if information is found that results in not hiring a candidate, the employer should retain that information. 

Employee’s usage of social media and the vocalization of employee opinions can often cause headaches to employers. Employees have opinions, and like to share them, and many of these opinions/issues are divisive in the polarized society we live in today. When employers receive information about employee social media activity that does, or may, impact the workplace, they should follow an analytical process. Some employee comments may be legally protected, so employers need to be methodical and consistent in addressing every such problematic communication. Privacy laws, such as the Tennessee Employee Online Privacy Act (2014), and other legislation, such as the National Labor Relations Act (“NLRA”), can dictate the scope of monitoring and addressing certain social media communications.  

Electronic communications devices that are provided by, or paid for by, the employer, grant the employer a wide latitude of access to monitoring and policing cyber communications. Employers also have the right to restrict or block access to certain sites. They can also investigate specific information about unauthorized transfers of employer/company information. However, employers under the Tennessee Employee Online Privacy Act are prohibited from certain activities or actions, such as requiring disclosure of passwords to personal employee internet accounts, requiring an employee to add the employer to a personal account, or forcing access to a personal internet account in the employer’s presence. 

The scope of employee protection does not extend indefinitely, however. Employee social media commentary may be protected under various workplace laws such as the ADA, ADEA, Title VII, FMLA, OSHA, and NLRA, but there is no expectation of privacy in using the employer’s equipment or accounts at any time, regardless of whether the employee is at home or using the device after hours. 

If employee commentary is deemed protected, then the employer must be very cautious about taking any adverse action based on those protected comments. Sometimes the best option is to do nothing; other times, a friendly conversation can be effective. If it is determined that a conversation is in order, it needs to be done by the right person, and in a private, low-key manner and setting. It is not something that should be publicized. If it is determined that a conversation is not enough, and the employer wishes to discharge or discipline the employee, this is allowed, unless the comments are protected. This determination is not always simple or clear. For example, if the employee has made blatantly racist, sexist, or violent/violence-advocating remarks, employers can reasonably conclude the communication is not protected. When it is not that clear, get the facts, talk to the employee, and make a reasoned decision, preferably with input from legal counsel. 

The National Labor Relations Act (“NLRA”) protects concerted activity for mutual aid and protection regarding wages, hours, and working conditions. This applies to almost all workplaces. The determination of whether social media commentary is protected under NLRA is not always obvious. 

This is exemplified in Knauz BMW. In that case, there was an event to introduce a new model for a vehicle. The dealership served only hot dogs and water for refreshments, and customers complained. As a result, a salesman complained on Facebook that he could not make sales because the customers were upset. Another salesman responded, agreeing that the dealership’s actions hurt his ability to make commissions. The first salesman also posted a picture of a Land Rover in a pond, along with a humorous comment. The same group that owned the BMW dealership owned the Land Rover dealership, did not see the humor, and discharged the salesman. The salesman filed an NLRB charge. The NLRB found the comments to be protected, but the picture and joke were not. The employee could have been fired for the picture and joke alone; therefore, the charge was dismissed. 

Discrimination and harassment, or other violations of policy that occur online, can expose the employer to the same liability as if it had occurred in person. The rules for these are the same; the only difference is the way it is communicated. Employers should monitor and be aware of what is being posted on company-sponsored social media by employees, or even third parties. Effective, written social media policies are an important way to limit employer liability. 

Social media policies should be crafted with caution. An employment policy is unlawful if employees would reasonably understand it as prohibiting NLRA-protected activities. Problems arise when employers are overly vague, overly broad, do not provide examples, or do not provide business justification explanations. When forming social media policies, employers need to determine what amount of non-work-related social media use is appropriate for the position, such as usage during breaks only, safety considerations, or a total prohibition of such on employer-owned equipment. Again, if an employee is using an employer’s equipment or computer network, there is no reasonable expectation of privacy from employer monitoring. Employers should draft clear written policies that state there is no expectation of privacy, what is prohibited, and provide examples. Employers should include prohibitions against harassment, illegal activities, violence, and discrimination. The policy should include clear consequences for violation and reiterate the prohibition on disclosing confidential information. Employers should document clear communication of policies and obtain written acknowledgement of understanding from employees. 

In summary, employers should have a well-written policy governing the use of social media in the workplace; they should communicate and train employees and managers on the policy; and they should use careful, analytical, and uniform policies in implementation, use, and discipline resulting from social media in the workplace. 

Jeffrey G. Jones is a regional managing member for Wimberly Lawson Wright Daves & Jones PLLC. He can be reached at jjones@wimberlylawson.com.

This site uses Akismet to reduce spam. Learn how your comment data is processed.