A Few Tips for Drafting Social Networking Policies

February 28, 2010

Social networking and blogging sites, such as Facebook and Twitter, continue to grow in popularity. The number of participants is staggering. Facebook alone recently reported that it now has more than 400 million active users.

Given the rise in use of social networking sites, employers should consider implementing  a policy governing employee use of such sites. A well-drafted social networking policy is essential because an employer’s existing policies, such as those governing confidentiality or the use of the employer’s computer systems, may not be broad enough to protect against employee misuse of these sites. This post covers some of the issues to consider in drafting an effective social networking policy, and also discusses the practicalities of investigating alleged violations of such a policy.
 

One of the first things to consider in drafting a social networking policy is whether to allow employees to access the sites through the use of the employer’s technology, such as computer and email systems or handheld devices, and whether access will be permitted during work time. The answer to these questions may depend upon the nature of the employer’s business and whether there are business-related reasons for employees to use the sites.

A social networking policy should also prohibit inappropriate postings on, or the inappropriate use of the sites, and should advise employees what is considered inappropriate. Defining the line between appropriate and inappropriate, however, may be the most difficult challenge, particularly for those employers employing a relatively young workforce. Examples of inappropriate postings include comments and complaints that are disparaging to the employer, or the disclosure of an employer’s proprietary or confidential information or of any information that is protected by law. Employers should also consider whether to forbid employees from posting any information about the employer, or if certain information would be permissible with the employer’s prior approval. Employees should generally not be allowed to speak on behalf of their employer, unless specifically authorized to do so. See our January 27, 2010 post.

In defining what constitutes impermissible conduct under the policy, employers must use caution to avoid infringing on employees’ rights under Section 7 of the National Labor Relations Act. The policy cannot be drafted in a way that employees would reasonably construe as prohibiting discussion of wages, hours, and working conditions. A policy which prohibits and specifically describes a broad range of inappropriate communication is less likely to run afoul of the National Labor Relations Act.

Because enforcing a social networking policy can be difficult, the policy should require employees to report known violations to the human resources office or a member of management. As with other key policies, employees should be told that it is their “responsibility” to help the employer ensure compliance with the policy. The potential consequences of a violation of the policy should also be described. This can be as simple as a warning that an employee may be subject to discipline, up to and including discharge.

Once developed, the policy should be distributed to all employees, who should be required to acknowledge in writing that they have received it. The policy should be redistributed to employees periodically.

A social networking policy is most effective when developed in conjunction with a policy governing employee use of technology belonging to the employer. A policy of this kind should be designed to lower employees’ expectations of privacy when using the employer’s technology by including language stating that the employer reserves the right to access, intercept and monitor all information accessed, sent, or received through the employer’s systems. Employers should also obtain the express consent of employees both to monitor communications and to access stored communications. This is best accomplished by requiring employees to sign written consent forms. Alternatively, an employer can establish that employees have consented to the monitoring and accessing of communications by requiring them to click on a pop-up screen acknowledging consent to the employer’s policies before access is granted to the employer’s computer systems.

Even with a well-drafted social networking policy in place, investigating potential violations, such as an allegation that an employee has posted something inappropriate on a site, can be challenging. It may be difficult to verify that the alleged misconduct occurred because the information may be posted on a secured site not accessible to the public or it may be deleted before the investigation has been completed. If the posting was prepared or accessed using technology belonging to the employer, an employee’s consent to access that information could be obtained through the type of technology use policy discussed above.

If the employer’s technology was not used, it may be impossible to view the posting without the employee’s consent. In that scenario, an employer may have no recourse other than to simply question the employee about the posting, and to speak to any co-workers who may have seen it. Employers should hesitate before asking employees for their personal log-in information. Aliases or similar surreptitious means to access a secured site should not be used, and an employer should take steps to protect an employee’s privacy in the investigation.

If an investigation concludes that an employee has violated the social networking policy, appropriate discipline should be considered, but an employer should use caution when meting out discipline. Public employers should also be aware that the First Amendment may protect an employee who speaks on what is considered to be a matter of public concern.