How businesses can handle risks in the changing world of social media

Jonathan Theders, President, Clark-Theders Insurance Agency Inc.

Social media is changing the business landscape as quickly as a hot Tweet makes its way around the Internet.
However, businesses should be wary about how they and their employees use it, because regulations haven’t been able to keep pace.
“The legal system — as well as companies’ policies and procedures — have not kept up with the changing times,” says Jonathan Theders, president of Clark-Theders Insurance Agency Inc. “When it comes to social media, employers today don’t really know what to do.”
Smart Business spoke with Theders about what companies should know about the liability they could incur through the use of social media.
What kind of liability issues arise from using social media?
One of the issues can come in the area of HR. There are many established human resources rules and regulations in regard to discrimination: race, sex, ethnicity, religion. On a written application, you can make sure you don’t ask those questions.
However, companies are starting to engage job applicants by doing Internet searches, running a Google search on names, and checking out Facebook or LinkedIn pages. The danger in that is — whether intentionally or not — you can discover protected information.
Obviously, if there are photos on a person’s profile page, you could discover the person’s race, maybe their religion, or if they have a disability. From an HR standpoint, those things are very dangerous to know.
When using Google or social sites for background checks, there is no going back. If you find something out that you didn’t necessarily want to, it’s too late.
Also, it’s important to make sure that Google, Facebook and LinkedIn don’t replace a true background check. There are so many similar names out there, you could be pulling up false information about people and making decisions that are not based on fact.
Have there been any legal precedents for social media liability?
There is a bit of case law, but these issues are so new that it’s difficult to find good examples. On a Facebook page, you can use privacy settings to set your profile as open to the general public, or restrict it to ‘friends.’ If your settings are open to the public, it is generally accepted that everything shared is public information.
Sometimes a company has an employee who has access to a job applicant’s profile because of ‘friend’ status. If that person shares that protected information with his or her employer, without the direct approval of the applicant, it would likely be a violation of privacy laws. Your employee violated the job applicant’s privacy by allowing someone else — you — to view it.
To avoid problems like this, consider putting one person in charge of all the Internet applicant research. Make it a standardized procedure, so that one person is consistently doing it one way. Also, do it legally. No hacking into sites, no misrepresentation.
How can businesses avoid liability issues that can arise from publishing items on their websites?
The media are held to high standards when it comes to copyright infringement. Publishing companies have media liability or insurance that protects them, but most businesses aren’t in the publishing business. There is really a ‘new wave’ in which businesses are posting articles on their company’s website or social network page, but if you don’t have the right to attach that article, or if it was a protected document, it may cause problems.
If a business creates a Facebook profile, it would likely be considered under law to be protecting its brand. It would be part of commercial speech. So in trying to sell a product, it wouldn’t be protected under the same First Amendment rules. The main concern is that you are truthful in your advertising.
How can businesses that want to publish information protect themselves?
Make sure that there are concrete rules for postings. If employees are posting for the company or with regard to their LinkedIn profiles, make sure that you have rules in place. Be careful, because those posts could be considered mini-advertisements, so they have to be administered, controlled and approved by the company, because the liability can be really high.
Have one person monitor all postings for all social media. You must scrutinize what gets posted, especially if you are taking someone else’s information and uploading an article or linking to someone else’s page. Make sure that you have the legal right to do it or that you have permission from the owner.
Most companies have a general liability insurance policy. But in nearly every case, a general liability policy is not going to cover the types of claims that can be brought from improper use of social media.
Because it is so new and so fast paced, most employers don’t even understand it. The employees are far ahead on the use of it, and you have to have an open dialog about how the business will communicate using it.
What is appropriate employer/employee Facebook etiquette?
As a general rule, it is always better to keep a clear line between work and a personal life. You can ignore a request from a subordinate on Facebook. In particular, Facebook and MySpace are perceived as personal communication rather than a business function.
LinkedIn tends to have more of a professional function. Depending on what your company wants to do, it might be appropriate to connect with someone on LinkedIn, but it’s not appropriate for a boss to be a friend on Facebook.
Still, some of our employees are my friends on Facebook. If I were to find something out that I don’t like as an employer, what do I do about it? What is my legal right? All these issues pop up, but there is no definitive solution on what to do.

Jonathan Theders, CRA, is president of Clark-Theders Insurance Agency Inc. Reach him at (513) 779-2800 or [email protected].