Big brother is watching you

The use of technology in the workplace has become more widespread and so has the potential for misuse and abuse. Recent publicity concerning the use of social networking sites such as Facebook and employees' posting "blogs", has highlighted the issues facing employers as to the use of the internet by their employees. This edition of Employment Highlights looks at the issues facing employers in relation to internet and e-mail use and what steps employers should take to protect their business, but also to ensure good industrial relations.

Face up to Facebook

The Trades Union Congress (TUC) recently warned employers that they need to face up to the age of Facebook (29 August 2007). Millions of employees in the UK are already registered with Facebook or other similar social networking tools such as Myspace, Bebo and Friendster. Individuals conduct part of their private lives online. The difficulty arises when the line between private lives and work lives becomes blurred. The issue of online networking sites raises the following questions for employers:-

  • Should an employer ban the use of such networking sites at work?
  • What should employers do if employees identify their employer on the site?
  • Can an employer be vicariously liable for the comments of an employee?
  • To what extent can an employer monitor both the use and content of such sites?
  • Can employers use social networking sites to carry out checks on potential employees?

Banning social networking sites

The use of social networking sites can cause difficulties both with the demands which it places on IT infrastructure, potentially weakening security systems, but also the potential for "cyber-slacking". A recent survey has suggested that more than two-thirds of London companies have banned or restricted the use of Facebook because employees were spending too much time on the site. Although there is nothing to prevent employers forbidding staff from using social networking sites, a total ban may be an over-reaction. Attempts to clamp down on the use of sites can lead to an erosion of goodwill and suggestions of "big brother" tactics. Employees believe that they spend longer in the office than before and therefore, feel that it is increasingly important for them to have the social tool and link to the outside world. Employees can also argue that they use such sites for business networking. Indeed a City law firm recently had to concede to demands to reinstate access to Facebook after its employees argued that they used it for business networking.

Firms should consider whether a blanket ban is appropriate for their business. In the financial services industry, the security risks of employees accessing Facebook mean that introducing internet filters to prevent staff from accessing sites will be appropriate.

Rather than a blanket ban, the TUC advises that organisations should allow personal internet access use during certain times, such as lunch time. They may be able to ban access at a technical level at other times during the working day. If employers decide to impose such a ban, then they should clarify in a policy exactly what internet use is permitted and the time restrictions on any such use.

Can employees identify their employers on their social networking sites?

Facebook allows users to name their employer and create a network of fellow employees. Some employers may encourage such groups, for example, for graduates who have been appointed but have not yet started in the company. This encourages circulation of information and advice before they start employment. However, it may be more appropriate for employers to encourage such networking through its own website rather than through other social networks.

The difficulty with employees identifying their employers is that if they publish offensive or unsuitable material on the site, the employer's reputation may be damaged. Employees may not even consider that they are identifying their employer but may inadvertently do so by registering using the work e-mail address.

Many of these issues have arisen in relation to blogging. Web blogs or online journals, are becoming very popular. Many businesses have their own corporate blogs and actively encourage their employees to contribute. However, employees may also have their own personal blogs. The use of personal blogs can result not only in employees wasting time at work but also in employees making derogatory comments about their employer or disclosing confidential information. Employees have been dismissed for making derogatory comments about their employers such as an employee at Waterstones who was dismissed for describing his employers in unfavourable terms. However, the resulting publicity of such dismissals usually causes more damage to the company's reputation than the blogs themselves. Blogs may also criticise colleagues online which could result in discrimination and constructive dismissal claims by the "wronged" employee. Employees may also inadvertently disclose confidential information, trade secrets or colleagues' data covered by the Data Protection Act 1998 (see below).

The way to deal with such issues is to have a clear policy specifically relating to blogging as part of a wider internet and e-mail policy. Such a policy can set out the guidelines as to whether an employee may be permitted to name his employer in any such blog or social network website and to restrict use of work e-mail addresses.

Can an employer be vicariously liable for the actions of an employee?

Another difficulty which arises if an employer is identified is in relation to vicarious liability. An employer can be held vicariously liable for some of its employees' actions committed in the course of their employment. The term "in the course of employment" extends beyond acts which the employee is in fact instructed or authorised to perform. An employer may be able to show that any discriminatory or defamatory comments made on a private social network, were not made in the course of his employment. However, this may be more difficult where the views are expressed through a company blog. An employer may have a defence where it can show that it took such steps, as were reasonably practicable, to prevent the employee from making the statements concerned. Any internet policy should, therefore, make it clear that the employee is not to use certain sites or to view, use or circulate any offensive, obscene or discriminatory material.

Can an employer monitor employees' content on e-mail, internet sites or blogs?

The Data Protection Act 1998 (DPA) forms part of the regulatory framework which controls the monitoring of the use of internet and e-mail in the workplace. There are also a number of regulations dealing with workplace surveillance and relevant provisions under the Human Rights Act 1998. The DPA sets out data protection principles which apply to the processing of all personal data. In general terms an employer is entitled to monitor communications (such as telephone, e-mail and internet) if it can be shown that this is relevant to the business.

The Information Commissioner has published codes of practice relating to various aspects of employment practices. Part 3 of the Code of Practice deals with monitoring at work. Monitoring is permissible as long as the employer has identified the purpose behind the monitoring; identified the adverse impact of the practice in place; considered alternatives; taken into account the obligations which arise from monitoring and judged when it is justified. This means that an employer should tell staff in advance what will be monitored. Covert monitoring is not permitted except in extreme circumstances such as investigating criminal activity.

Employers therefore need to balance the monitoring of such networks with the employee's right to have a personal life. The employer should make it clear what it is considered acceptable for an employee to include in any blog or social networking site and also if they monitor the site. The consequences of the employer discovering that the employee has failed to comply with any rules in relation to such sites should also be clear. Advice from the TUC states that not enough employers are being explicit about what they expect from staff in terms of personal conduct when using social networking sites. Any internet policy should set out the standards that are required.

Refusal to appoint employees after checking their Facebook profile

Although employers may find employees' use of Facebook causes difficulty in relation to their reputation and potential for "cyber-slacking", some employers are also finding that this has become a useful means of carrying out pre-employment checks on employees. Many individuals will put both private and personal information which they would not want an employer to know on an internet site where it can be read by anyone. The question is whether an employer should use the site to check the profiles of job applicants. Some HR professionals have felt that checking an employee's Facebook profile is not appropriate. However, individuals can decide what personal information to post on a website. Accordingly, employers are entitled to search against any individual. Facebook has now indicated that it will make the personal profiles of its members available to online search engines. Previously only members or invited friends could see information. In view of this candidates would be well advised to set privacy settings limiting information that is available to potential employers.

The TUC have suggested that cyber-vetting could raise issues of discrimination. This may arise as only a minority of potential recruits will have public profiles on social networks and using such information could give an unfair advantage or disadvantage to certain candidates. Using these sites themselves as a recruitment tool, could give rise to a claim of age discrimination because of the disadvantage to older recruits.

In addition, if an employer based a decision on a poor and untrue 'net rep' (internet reputation) then an employee may be able to bring a claim. Employers should verify any information they find and also take up proper references to ensure suitability for any role.

What should employers do?

Clearly, employers should have in place an internet and e-mail policy which should extend to both the use of social networking sites and to blogging. A well-drafted policy should in any event cover these issues but an employer should check that the policy includes the following:-

  • If employees are to be allowed personal use of the internet, the policy should make it clear the extent of any such use and any restrictions on time. If should be clear that such use should be restricted to lunch or before or after work and not take place at any time which would interfere with the performance of the individual's duties.
  • If employees refer to their employers in personal blogs or social network sites, they should be made aware of any potential consequences, for example, where this could lead to damage to the employer's reputation. A policy should also specify that a work e-mail address should not be used when registering on such sites.
  • It should be clear that any offensive, defamatory, discriminatory or other comments on any social network or blog will result in disciplinary action which may lead to dismissal. In addition employees should be aware that the disclosure of any confidential information about the employer, staff or customers will be forbidden and again could lead to disciplinary action.
  • Employers should make it clear to employees the nature, extent and reasons for their monitoring of the internet.

The internet is a useful tool for most employers, but in embracing the use of the internet employers have to be aware of the potential for misuse and the dangers that accompany it. While a blanket ban may be appropriate in certain cases, employers may have to accept that employees will use the internet for personal purposes, highlighting the necessity to make the rules for such use, and the consequences of misuse, clear.

This publication is written as a general guide only. It is not intended to contain definitive legal advice which should be sought as appropriate in relation to a particular matter. Extracts may be copied provided their source is acknowledged.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.