Has your employee social media policy kept pace with business practice?

When did you last review or update the policy on social media use for your employees? Does it reflect the way that social media is being used on a day-to-day basis in your organisation?

Deploying social media is now deeply embedded in many employees’ job descriptions, whether for the purposes of promotion and marketing, recruitment or communicating with customers and suppliers.

‘Use of social media is no longer confined to the marketing team, and employers need to manage the risks that come with wider access to such a powerful tool,’ according to Kat Moody in the employment team with Richard Reed. ‘Employees’ use of social media creates a wide range of potential liabilities for any business, from making your business vulnerable to losing important contacts through to problems accessing your own accounts when employees leave.’

Although it appears to be an informal means of communication, extracts from social media accounts regularly appear as evidence in courts and tribunals these days. Employers whose staff engage in any social media activity on behalf of their business should give employees clear guidance on expectations. You may need to be clear about which individuals can use social media on behalf of the company and which need to get prior authority before posting anything.

Kat highlights a few of the risks to consider in deciding whether you need to review any contractual terms, policies, templates, and training.

Who owns the work account?

The legal ownership of each social media account will be determined by the terms of the provider. For example, LinkedIn’s terms state that the account holder owns the account.

It is not uncommon for employees to set up work accounts on behalf of an employer using their own login credentials, but your policies need to ensure that ownership remains with the organisation and passwords are shared or transferred as part of an exit process.

Who owns contacts gathered via social media?

The courts have found that the contacts gathered by an employee on a work account during employment belong to the employer.

It has long been established that departing employees cannot take a database of their employer’s contacts with them to use to compete against them. This principle was applied in the social media age in Whitmar Publications v Gamage [2013]. A former employee was ordered by the High Court to give her previous employer the login details of four LinkedIn groups that she had managed for the employer. The former employee had used the groups to promote a new business that she and two other former colleagues were setting up. This case provides some comfort for employers, but case law in this area is only in its infancy.

Using personal accounts

The situation becomes less clear when employees use their personal accounts for work purposes, for example where the employee already has a number of relevant contacts and they use the same account for work and personal purposes. Employers should set clear boundaries for the employee’s use of personal social media accounts for work purposes. To avoid blurring of lines and risking losing business contacts, you could decide that this is not permitted. This needs to be made clear to employees in a policy, as discussed later, and could also be included in employment contracts.

If you do allow the use of personal accounts, your policy should state that any business connections made while working for you belong to the company. The policy should make arrangements for providing that information when they leave and require them to delete the information from their account, without copying. This may be difficult to enforce, particularly if it is hard to determine which contacts were made through work-related activities and which in their personal capacity or through a previous employer.

What to address in your policy

We recommend having a social media policy, which is implemented through training at induction and with regular updates.

The policy needs to be reviewed regularly and should tie in with other relevant policies, such as:

• data protection;
• confidentiality;
• equality, diversity, and inclusion; and
• IT and electronic communications.

This should address issues you expect to see in any social media or communications policy, for example not to make any discriminatory posts, and should also give guidance on the use of social media for company purposes.

There are many risks to a business through employees’ online activities, which the policy can address as relevant to your business. Although not exhaustive, here are some of the issues to consider:

• Employees need to be respectful and professional at all times online. Aside from reputational damage, an online spat with a competitor or making degrading comments about a previous supplier could risk claims of defamation or even malicious falsehood.
• Employees may need to be informed about not engaging in false advertising or unethical marketing practices such as posting fake reviews.
• In their eagerness to share good news involving a third party, such as a potential new deal, investor, business associate or customer, employees need to be careful to ensure that they do not breach confidentiality, data protection law, the terms of any non-disclosure agreement relating to negotiations or endanger legal privilege. Employees also need to protect the confidentiality of the employer’s sensitive business information, such as relating to the performance of the business.
• Employees should take time to read the small print on the social media sites to ensure that they comply with the terms of use.
• When reproducing text or copying a similar trade mark or brand, employees need to be aware that if they do so without the consent of the owner, they could infringe intellectual property rights.
• If comparing other businesses to advertise your services or products, employees need to ensure that they comply with the rules on comparative advertising. 
• Employees should use the company social media account and use a work email address to open up accounts such as LinkedIn. The employee should share the access details with a colleague so that they are not the sole gatekeeper to such a powerful asset. Make clear that the account belongs to the employer and that the connections made through that account are part of a database of information belonging to the employer.
• If the employee is allowed to use their personal account, you should set out any conditions for this – such as requiring them to make it clear when they are posting on behalf of the company and when they are posting in their personal capacity.
• A crucial practical step that will help protect your business is to ensure that the up-to-date login details are shared with the employer – especially on departure.
• Depending on the business, employees could also be required to add contacts made through social media to a database held by the employer.

Contractual provisions

In addition to having a well-drafted policy, relevant contractual provisions need to be fit for purpose and bespoke to your business, rather than using outdated, generic clauses.

Clauses that may be in need of a refresh include confidentiality and data protection. If there is a risk that the employee could use the contacts after their employment has ended to compete or lure away customers, a restrictive covenant limiting what they can do for a specific time could give you further protection. This can include specific requirements in relation to social media accounts.

Contractual rights allowing you to restrict employees’ work activities during notice periods – garden leave clauses – can serve a similar aim to a restrictive covenant.

How we can help

We can help with ensuring your policies and contracts, as well as your ways of working, protect your business as its use of social media evolves.

For further information, please contact Kat on 0191 567 0465 or email: [email protected]