Employee Privacy Part 3 Social Media

This is the third of a 3 part series on employee privacy.

The first post on monitoring explained that employers could monitor employees’ use of computers and phones if the employer owns the systems and hardware and the use is for work or during work time.

The second post on what’s personal explained that all employees have common law privacy rights in information about their personal lives, health, finances, sex lives, off-duty activity and personal email and phone accounts.

Social media is where an employee’s work life and personal life often collide.  In figuring out how to handle employee use of social media and privacy, here are the things to think about.

Who owns the Account and Content?

If the account is in the employee’s name, then it’s the employee’s personal account.  This is because employees have intellectual property rights to their names and likenesses, they signed up for the account, and they agreed to the End User License Agreement (EULA) that usually states the user owns the content.

But if the account is in the employer’s name, and the content is generated as part of the employee’s job, then the account belongs to the employer.  This is because the employee signed up for the account as an agent of the employer, and the content is owned by the employer under the work-for-hire doctrine.

Here’s more on who owns the contacts and content, and on copyright in social media accounts.

Is the Account Password Protected and What are the Privacy Settings?

Password and privacy settings relate to whether the information is public or private, and what the employee’s reasonable expectations of privacy are.

For example, my (and all) tweets on Twitter are public. I generally make my posts on Google+ public.  If not, it’s because I’m sending the information to a particular audience, not because it is private. My articles on HR Examiner are public.  I have no expectation of privacy in any of those posts.

But my Facebook account is private. My security settings are to “friends only.”  And I am generally not “friends” with people I only have business relationships with.

I do have passwords on each of those accounts and I am the only one who gets to post to my twitter, G+ and Facebook accounts.  If someone else got into those accounts and either posted something, or changed or deleted something I had posted, it would violate both my privacy and computer hacking laws.  There may also be identity theft issues.

Does the Post Relate to Work or Personal Life?

Employees have common law privacy rights in their off-duty conduct.  They also have privacy rights to medical and financial information, and the intimate details of their family and personal lives.

Employees don’t have privacy rights in information that is public, things they disclose publically, and information that would be personal, but the employer has the legal right to ask (like background checks for positions that require security clearance).

Employees do have rights to bitch about the employer on social media—either because it is their private account or because it is protected, concerted activity that is protected by the National Labor Relations Act.  More about protected concerted activity and the recent NLRB report here.

What is the Employer’s Interest in Employees’ Social Media Accounts?

Employers potentially have legitimate interests in an employee’s use of her personal social media accounts:

  • to protect the employer’s trade secrets and confidential data about the employer and other employees;
  • to avoid liability for defamation;
  • and maybe to avoid damage to its own reputation and brand.

Trade Secrets: The right to protect confidential data and trade secrets is legitimate and well established.  Disciplining or firing an employee for disclosing trade secrets in any context would be upheld by the courts.

Defamation: Avoiding risk of liability for defamation is trickier.  Generally, the employer will not be responsible for statements by the employee unless it was in the course of her responsibilities for the employer; it was reasonable for the audience to believe the statement was made on behalf of the employer; or the employer controls what employees can say and cannot say on social media.

Under agency law, if you control it, you are responsible for it.  So issuing a policy that gives the employer the right to control what employees say in their personal social media posts, actually creates risk of liability rather than prevents it.  In other words, if employers want to manage risk, they will stay out of their employees’ social media accounts.

More on defamation and behaving badly online here.  And here are some other reasons your social media policy could backfire.

Reputation/Brand: Not looking bad in public is the issue employers often worry about most.  But this usually isn’t a legal issue–unless the employer is getting in trouble with the NLRB, employee privacy, or creating risk of liability by trying to control what employees say and don’t say in their personal social media accounts.

Your company’s reputation really depends on its marketing, what it’s like to work there, and how it does business.  Not whether employees are griping about it on Twitter.

If you’re managing your employees social media use to control your brand—you are probably just undermining both your employment brand and how your employees perform at the real work the company does.