A disciplined approach to Facebook, Twitter and other social media helps companies benefit from these networks while minimizing the chances of costly information leaks.
Networking is pass. Instead we "link," "connect" and "friend" one another through virtual interactive digital hubs called social networks. In less than 10 years, "millennials" -- anyone born after 1977 -- have revolutionized the way we communicate with each other, embracing mobile technology and social media websites such as Facebook and Twitter. Facebook alone has over 500 million active users, each of whom has an average of 130 friends, is connected to 80 community pages, groups and events, and creates 90 pieces of content each month. Yet with all of these new opportunities to connect with others also come significant privacy concerns and issues for manufacturers and other employers.
From an employee management perspective, use of social media is fraught with peril. There are steps manufacturers can take, however, to reduce their risks.
Implement Policies Addressing Use of Technology Resources, including Social Media
To manage their technology assets, manufacturers should develop and implement policies regulating the use of their technology resources, including restricting personal use of company computers by employees during the work day. The policies should also include restricting the use of mobile phones by employees, regardless of whether they are personal or company-owned. Most mobile phones today come fully equipped with cameras that have amazing capabilities. These phones should not be permitted in any area where confidential information may be disclosed, whether it be the shop floor or the less obvious meeting room with discussion points noted on a white board.
Employers should also prohibit inappropriate uses of their technology resources, such as defamation, harassment, jokes and inappropriate email; cautioning against disclosure of proprietary information; and making statements attributable to the company. If policies regulating use of technology generally are already in place, they should be expanded to include restrictions against using company assets to access and post on social networking sites, as well as visiting such sites during business hours. Policies should emphasize that all data stored on or accessible through company computers is not private, but rather is owned, monitored and retrievable by the company.
Even personal posts to social networking sites may be subject to discovery and may not be private. That said, employers should exercise caution before taking action against employees for negative, work-related postings made outside of the work day. In a recently settled, high profile case, the National Labor Relations Board concluded that an employee was engaged in lawful "concerted activity" when she posted negative comments about her supervisor on her Facebook page, and therefore her discharge and the company's overly restrictive blogging and internet posting policy were unlawful. Employers should therefore not assume that an employee's disparaging comments may be the basis of adverse employment decisions and should consult with legal counsel before taking action.
Policies are only effective if employees are aware of and understand them. Information security should be "baked" into a company's core values. Employees may not know what is and is not confidential to the company or what might put the company at risk. For example, simply linking to customers through digital networking sites such as LinkedIn may result in unwitting disclosure of the company's proprietary customer list. Tweeting about an injury or other event that occurred on the shop floor could very well affect the company's ability to defend itself if it resulted in a claim. Effective training helps employees understand the issues, their roles and responsibilities, and ensures the requisite buy-in.
Also consider the example of an employee who e-mailed his supervisor that he needed to attend to a family emergency. The emergency' turned out to be a Halloween party, during which he posted a photo of himself on his Facebook page in a fairy costume. His boss distributed the photo around the office along with an e-mail thanking him for the notice, hoping everything was ok and adding "nice wand." The employee was legitimately fired for lying.
But what if the employee in the foregoing example had been a prospective employee? Employers are prohibited from asking questions on applications and during the interview process that might identify an applicant as a member of a protected class (e.g., gender, age, race, sexual orientation). The fact that such information is passively gleaned from the Internet does not shield a manager who decides not to extend an offer. Indeed, unless it can substantiate other valid reasons for not making an offer, the company could be defending an accusation of discrimination based on sexual orientation. Moreover, if the background check release form signed by the applicant does not include a right to search the applicant's social networking sites or blogs, the search might be considered an invasion of privacy-especially if the information was obtained by friending' the applicant. The post could be a potential trap for employers who use the Internet to conduct customary pre-employment investigations. Making managers generally, and human resources personnel in particular, aware of these and other issues through training could prevent future liability.
Monitor to Protect Confidential Information
Companies must vigilantly guard against disclosure of confidential information. Social networking industry sites facilitate employee discussions related to aspects of their industry, shared concerns, etc. However, care must be taken in permitting such use, and monitoring is recommended. Employees should be cautioned against commenting on confidential aspects of products, services or customers. Even seemingly innocuous posts may prove damaging, as evidenced by the Microsoft employee who posted photographs of pallets of new Apple computers on the Microsoft loading dock to his weblog with the caption "It looks like somebody over in Microsoft land is getting some new toys." In addition to causing Microsoft great embarrassment, the posts disclosed proprietary activity. Microsoft fired the employee, claiming he was a security risk.
These examples are not new, but they vividly demonstrate the importance of discretion, common sense and the need to apply the same fundamental communications principles in the social media environment as would be applied in any traditional setting. Manufacturers should counsel employees that social media content or posts may one day be used as evidence against the company. Therefore, employees should be advised to think before speaking,' carefully consider not only what, but how something is said, and if its meaning may be misconstrued in a different context, and to take as much time composing e-mails, tweets or other social networking posts as one would a formal letter. As with everything on the Internet, social media messages are forever.
Martha Lessman Katz is a principal with the law firmMiles & Stockbridge P.C. who specializes in privacy, licensing and technology transactions, e-commerce and issues relating to the internet.