2009 saw explosive growth in the use of social media by organisations as they grappled to come to grips with new and cost effective ways of engaging their customers and dealing with the boom and bust era of the post global financial crisis – but have organisations fully considered the legal risks in social networking?
The evolution of social networking law
2009 saw a continual evolution of the law in relation to social networking in all jurisdictions. It's possible in certain circumstances, for website owners to have a duty of care to their users, individuals can now be served via their Facebook profile if they can't be located, and in the US, there is a continued debate over the online privacy. In Australia, individuals profile page can be used in evidence there has also been comment about organisations wanting to own their employees "tweets" and recommendations have been made to enact legislation to create a right to Privacy. The point of this is that the legal risks for organisations participating in social networking are evolving at the same pace as technology.
Legal risks in social networking for organisations
The following nomenclature is used for convenience:
- Confidential Information
- Trademark infringement
- Misleading and deceptive conduct
- Passing off
- Reputation risk
- Negligent misstatements on websites
- Occupation and organisation specific risks
This classification system whilst reasonably comprehensive attempts to classify new millennium risks that cannot be compartmentalised as many cross categories.
Confidential information – loss and disclosure
Business networking sites such as LinkedIn and Linkme enable people to build connections to other people that they do business with or are associated with in some way. It's possible for employees to upload their email address book into LinkedIn that contains the employer’s confidential information in the form of its customer database and invite customers to "connect".
The employee is then able to leave the organisation, change their status in their LinkedIn profile and notify all their connections (many of whom represent the confidential information of the organisation) of their new employer. Result, loss of confidential client information, potential loss of revenue and the added complication that the original information may loose the quality of confidentiality.
Breach of continuous disclosure obligations for listed public companies
If your staff are recommending people in LinkedIn, or tweeting, then it's possible for them to commit various minor breaches of an organisation's continuous disclosure obligations through inadvertent disclosure.
Endorsements on LinkedIn
Care should be taken by employees recommending people in LinkedIn with whom they work. For example, contacts can recommend people as "business partners" when in fact no announcement to the market has been made that this is the case. Situations like this are commonplace on social networking sites.
Tweeting your location and activities
By tweeting your location and what you are doing in any of the social networking sites, there is the risk that an informed user can make various inferences. For example, if you are a leading international beverage maker and an employee who works in the mergers and acquisitions department tweets that they are bored as they are spending two weeks in Bundaberg on a work assignment, then its reasonably clear what they are doing.
Most social networking sites have the ability to create fan pages, personalised URL's and groups for users. For example www.facebook/yourcompany. Have you protected yourself from someone taking your trademarked name with these urls? What would you do if someone had hijacked your brand name on a social networking site and started using it in a negative fashion?
Misleading and deceptive conduct
The line between mere puff and binding promises is yet to be tested formally online. Although there have been various cases of outright misleading and deceptive conduct. Do you know what your employees are saying (and promising people) online?
If you have a company blog it appears doubtful whether you will be exempt from the misleading and deceptive conduct provisions in the Trade Practices Act 1974 (Cth) (TPA) as it is unlikely that most Company bloggers fall under the definition of 'prescribed information providers' in section 65A(3). The question that is yet to be decided by Australia Courts is whether or not a blogger is in the business of providing information according to the definition in section 65(3).
Do your managers accept all friend requests from subordinates or do they pick and choose? The implications for a discrimination claim should be obvious. In the US it's been shown that lawyers cannot be friends of judges but they can be members of their fan pages.
Employer liability for employee acts of defamation
As a general principle, an employer is vicariously liable for the acts or omissions of their employees. For employees that are engaged by their employer to perform social networking tasks, it would be possible for the employer to be held liable for the defamatory acts of their employee (as well as various other acts).
The new and different permutations of minor (and some not so minor) breaches of traditional laws online will continue to evolve. The ones described above are samples of the legal issues that organisations should endeavour to protect themselves against.
Reputation risk – the nuclear submarine
Perhaps the most important risk in the hierarchy of risks associated with social media is the intangible loss of reputation that can be felt when things go wrong online – the viral video.
The Dominos disaster
Most followers of social media (indeed most people) would be aware of what has become a text book example of how not to handle a viral public relations problem.
A Domino's franchise in North Carolina was where two employees filmed and later posted a prank video to YouTube showing unhygienic food preparation practices. Within a few days due to the power of social media, there were more than a million views on YouTube, a viral spread of the subject on Twitter and five references on page one of a Google search for Domino's.
The problem compounded when Domino's took 48 hours to respond, and it took time to get the video down from YouTube, well after many had downloaded it and added to its proliferation.
The delay in responding formally let the online conversation build and the story continued to proliferate throughout social media channels with the added speculation about whether the video was authentic and which Domino's store it was filmed in.
Domino's did not issue a formal press release but instead opened a Twitter account to respond to questions, later posting an apology on YouTube in an attempt to stem the flow of bad press.
Addressing reputation risk in social media
There are several things that organisations can to do protect themselves against the conduct of their employees, contractors and third parties on social networking sites. These include:
- revising contracts of employees and contractors who participate in social networking sites as part of their job;
- considering other contracts that should include social media clauses;
- introducing a social networking policy to provide guidance to employees both during and after hours;
- conducting training in social media legal issues to increase awareness;
- having a real time social media reputation monitoring service; and
- having an overall social media strategy.
Having these sorts of systems in place assists to minimise the risk and address the issues posed by a Domino's style viral video.
Malcolm Burrows B.Bus.,MBA.,LL.B.,GDLP.,MQLS.
Associate, Rostron Carlyle
"The information contained in this article is general in nature and cannot be regarded as anything more than general comment. Readers of this article should not act on the basis of this comment without consulting one of Rostron Carlyle's legal practitioners who will consider their particular circumstances"