Social media is a powerful tool to link businesses with potential customers. Mastering the initial business aspects of growing a social media presence is only the first step; it is equally critical to recognize and address the significant legal risks that go along with it. If you are a business executive, HR professional, or in-house counsel, the odds are that your inbox is cluttered with emails about the latest social media issue. This article cuts through the chaos and covers the top areas of legal risk that you need to understand and control.
1. Protect against disclosure of trade secrets and confidential information.
In recent years, the spread of social media has posed even greater challenges to the confidentiality of corporate information. Knowingly or not, employees now have the opportunity to disclose confidential information on social media websites, in blogs and even anonymous comments. California courts have long held that widespread, anonymous disclosure of company information over the Internet may destroy its status as a trade secret. To keep valuable company information confidential, and avoid losing intellectual property rights, (1) clearly identify and mark company confidential information, (2) provide clear guidance to employees regarding maintaining confidentiality, especially in social media and (3) restrict disclosure of such information to a need-to-know basis.
2. Train supervisors on the many HR issues raised by social media.
Social media raises a host of human resources issues when “Myspace” clashes with “my work space.” Employers commonly scour the Internet for a more candid glimpse of job applicants and social media now provides instant answers to those “donʼt ask” questions (marital status, religion, etc.). If you would not ask it in an interview, do not base an employment decision on the same information gleaned from a Facebook page. More importantly, implement a thorough hiring and screening process to help later prove that hiring decisions were not based on illegal criteria. Harassment, discrimination, retaliation and privacy claims are also impacted by employeesʼ access to personal details about coworkers in social media: “Can I, should I, ʻfriendʼ my boss?” “What if I was ʻtaggedʼ in a photo from the office party?” While it may be a tempting solution to monitor all employeesʼ social media content, as of 2013 a new law, California Labor Code § 980, prohibits employers from asking employees for access to social media passwords, with limited exceptions. Instead, instruct supervisors that conduct in cyberspace can be the basis for employment claims. As courts are increasingly turning to the Internet for evidence of discriminatory intent, train employees not to post information that could contribute to a hostile work environment.
3. Ensure compliance with securities laws.
Social media poses particular risks for publicly-traded companies. The line between private and public life has blurred, particularly for executives privy to earnings data and forecasts. Shareholders increasingly demand up-to-the-minute information, and potential investors “follow” corporate thought leaders through a variety of outlets. In 2008, the SEC published guidance about when disclosure of information on a company website might be deemed “public” under Regulation Fair Disclosure (“Reg FD”). Last year, the SEC issued its first Wells Notice to Netflix for potential violations based on a Facebook post by its CEO. The SEC has also investigated Whole Foods and threatened to block its purchase of competitor Wild Oats after its CEO was caught using a pseudonym to make critical statements online to lower Wild Oatsʼ stock price. Even the FBI has used social media to investigate possible insider trading and securities fraud. All publicly-traded companies must understand and communicate clear rules regarding what is and is not appropriate, legally, to post about the companyʼs business. Do not let an errant “tweet” turn into a full-blown SEC investigation.
4. Interact with competitors appropriately.
Develop a strong company policy against making comments in social media about competitors to avoid legal claims, including disparagement, defamation and interference with business. Respect the intellectual property of others. Sidestep legal disputes by avoiding use of competitorʼs names (e.g. “betterthanacme.com”). In addition, guard against the risk of an antitrust investigation or claim by instructing employees not to share information via association-sponsored social networking that could be construed as a violation of antitrust laws. Employees should understand that encouraging anticompetitive practices is illegal whether via social media or any other format.
5. Protect trademarks and patents.
Social media communications are often informal, and response times quick. Nevertheless, always use full and consistent company trademarks and trade names. Continuous and consistent company use is vital to retaining legal protection of the trademarks. Protect against impersonation and “cybersquatting” by others by promptly issuing cease-and-desist demands, and pursue legal action if needed under the Anticybersquatting Consumer Protection Act and other channels.
6. Comply with truth and accuracy laws in advertising, endorsements and contests.
A host of federal and state laws require truth in advertising. When posting about the features of a product, be certain that your comments are not misleading. The Federal Trade Commission has issued new rules specific to the disclosure of endorsements in social media, such as when a blogger is paid to post about a product. Employees who truly love your companyʼs product should disclose their relationship whenever posting a favorable review. Also, be aware that numerous state laws and regulations govern online contests, lotteries, prizes, reward practices and sweepstakes. Consult legal counsel before providing any incentives online.
7. Use legal privacy and data collection practices.
Certain laws, such as HIPAA, govern the collection of personal information. Privacy considerations also apply to social networking sites. For example, websites that collect information from children under the age of 13, such as on a “fan” page, are required to comply with the federal Childrenʼs Online Privacy Protection Act. If personal data collection is anticipated, post a privacy notice describing data collection and use practices. In addition, the federal CAN-SPAM Act and state laws establish requirements for commercial messages sent via email. Thoroughly vet your companyʼs online interactions with legal counsel for compliance with data collection and privacy rules.
8. Ensure that your company, not your employees, own social media accounts.
Be clear with your employees that social media and blogging accounts that they register, author or contribute to for company business – and any accounts or pages that contain the company name, product names or trademarks – are company property. The best practice is to register the account in the companyʼs name, and use the company name in the handle. Do not give a single employee exclusive knowledge of all credentials, and ensure that policies and new hire agreements clarify that accounts and log-in credentials belong to the company. Conduct exit interviews and ensure that accounts are transitioned and passwords changed when an employee leaves.
9. Understand that social media can be requested in discovery and used as evidence.
Social media is permanent. Even if it is “deleted,” written over, or password-protected, content may be retrieved through search engines, archives, web-crawlers, dated print-outs, forensic retrieval, or an ISP or services provider/host. Even anonymous blog postings may be traceable through IP addresses.
Social media may also be used in court as evidence. Companies are increasingly dealing with specific requests for social media in electronic discovery, and many broad legal requests will encompass online content. Ensure good custodial practices by updating your electronic document retention policies to encompass company social media. Without clear guidance, employers run the risk that their default procedure will write over Internet data, potentially subjecting them to legal sanctions for destroying relevant evidence.
When put on notice of a potential legal claim, you should immediately issue a “litigation hold order,” instructing pertinent employees to preserve evidence (including relevant personal devices, non-company emails or social media accounts). Fulbrightʼs 2013 Annual Litigation Trends Survey Report shows an increasing number of U.S. companies have had to preserve or collect data from an employeeʼs personal social media account (20 percent), or mobile device (41 percent), in connection with a dispute or investigation.
10. Proactive companies must create a social media policy for employees.
To help mitigate risk and avoid PR disasters, it is critical to develop a clear social media policy that sets boundaries while balancing employee rights, including the right to criticize the company or complain about working conditions. Your policy can and should encourage professionalism and civility, prevent employees from wasting work time, prohibit harassment and discrimination, protect confidential information and trade secrets, and avoid unauthorized statements on behalf of the company. On the other hand, your policy should not prohibit employees from making disparaging comments, posting photographs, or discussing wages or working conditions. Over the past year, the NLRB has aggressively attacked social media policies that could chill concerted activity. Although the NLRBʼs authority may now be in question (a court recently found President Obamaʼs recess appointments to the NLRB to be “constitutionally invalid”), it is important to harmonize your social media policy with your employeesʼ protected rights. A good company policy should be simple, yet complete, establishing clear boundaries and proactively addressing issues of confidentiality, responsibility for social media comments, and other legal issues.Download Original Published Article