Here's What's Missing from Your Company's Social Media Policy

(...assuming your company actually has a social media policy in the first place.)

There is no social media 'one-size-fits-all' policy. Each policy should be tailor-made to the company that will be using it... - Janice Mock, partner at Nossaman LLP

For a legal perspective, we asked attorneys writing on JD Supra to tell us what, in their experience, they most often found to be missing from workplace social media policies. We knew that a roundtable of responses would make for interesting reading. Here's what we heard back:

Positive Examples of Things Your Employees Can Do

From Cynthia Larose, Chair of Mintz Levin's Privacy & Security practice: "Most social media policies are exactly that – policies. They are drafted with the 'thou shalt not' in mind and typically fail to include anything (or very little) with respect to the 'thou shall.' If your company is thinking about controlling how employees interact with social media, consider including in your policies suggestions as to how employees should interact with social media to connect with co-workers and the public. Clearly communicate the company’s expectations and offer examples of scenarios that are acceptable and include an approved description of the company’s brand. Make it clear that individuals who link online identities with the company and disclose their employment also incorporate the approved language into their online profiles. A policy that includes the positive can help to build advocates for the brand. Trust your employees to drive responsibly if you give them the rules of the road."

Carefully-crafted examples can illustrate the scope of prohibited behavior and prevent overbroad prohibitions that violate federal law...

Kate Grado of Harrang Long Gary Rudnick P.C agrees, and offers a great mantra for infusing your policy with meaningful examples: "What is most often missing is illustrative examples. Under federal law, employees have a legal right to discuss the 'terms and conditions' of their employment. This nebulous phrase protects a broad spectrum of conversations, potentially including an employee's complaints about wages, working hours, supervisors, and other aspects of an employee's daily work life—even if aired to the public through their favorite social media site. A social media policy violates federal law if a reasonable employee could interpret the policy to prohibit conversations about the terms and conditions of their employment. When crafting a social media policy, adopt this mantra: Don’t just state—illustrate. Carefully-crafted examples can illustrate the scope of prohibited behavior and prevent overbroad prohibitions that violate federal law."

Related to this notion of clear, positive illustrations is of course...

Specificity

...rather than banning any disclosure of a company’s confidential information – the employer must be specific about exactly what cannot be disclosed (such as trade secrets, customer information, business strategies and product development).

From Janice Mock, partner in Nossaman LLP's San Francisco office: "The one thing most social media policies lack is specificity. It’s such a new area of law that most employers don’t know what is enough, and what isn’t. Employers should avoid sweeping, overbroad 'bans' on everything. Be specific about what won’t be tolerated. For example, rather than banning any disclosure of a company’s confidential information – the employer must be specific about exactly what cannot be disclosed (such as trade secrets, customer information, business strategies and product development). Just banning 'confidential information' isn’t good enough. General bans on 'disparaging remarks' are likewise troublesome. Employees have the right to complain about their bosses, and banning them from posting such complaints isn’t allowed. However, you can restrict remarks that violate the company’s harassment policies, or postings of plagiarized or copyrighted material.  You can, and should, restrict an employee from posting unauthorized 'promos' that purport to represent the company without pre-approval. In short, there is no social media 'one-size-fits-all' policy. Each policy should be tailor-made to the company that will be using it."

Careful Attention to the Requirements of the NLRA

From Kenneth A. Jenero, partner at Holland & Knight LLP: "Yes, the National Labor Relations Act (NLRA) does apply to union and non-union employees alike. And employers are learning this all too frequently when their social media policies and related employment decisions are challenged through the filing of unfair labor practice charges. The nature and extent of the NLRA's impact on social media policies has been the subject of a series of significant NLRB decisions and General Counsel Reports and Advice Memoranda over the past two years. Employers would be well-served to conform their social media policies to the NLRB's legal guidance to the fullest extent possible. Discharging employees pursuant to the terms of unlawful social media policies will subject employers to liability under the NLRA, including reinstating the employee with full back pay and benefits.

The goal for employers is to ... eliminate provisions in their social media policies that the NLRB has determined to be unlawfully overbroad because of their chilling effect on employees' NLRA-protected rights...

In addition, merely maintaining an unlawful social media policy (even without enforcing it) would constitute an unfair labor practice and provides grounds for setting aside a pro-employer vote in an NLRB-conducted union election. Among the policy provisions that require particular attention are those prohibiting use of social media to disseminate confidential information, to make defamatory or derogatory comments about the company, supervisors, managers or co-workers, or to make offensive, demeaning, abusive or inappropriate remarks, or requiring prior approval from management for social media posts and communications. The goal for employers is to (1) eliminate provisions in their social media policies that the NLRB has determined to be unlawfully overbroad because of their chilling effect on employees' NLRA-protected rights, and (2) define or give illustrative examples of terms that the NLRB has identified as problematic in order to clarify that the provisions do not apply to NLRB-protected activities."

John F. Delaney, New York partner at Morrison & Foerster and editor of the firm's Socially Aware blog, reiterates the need to address NLRB/NLRA requirements and adds:

Attention to Geo-Location Issues

...there are instances where an employee’s physical location (for example, at the offices of an acquisition target) may itself constitute confidential information.

From Delaney: "If a social media policy hasn’t been updated over the past two years, the policy is likely to be out of compliance with the guidance that has been issued by the National Labor Relations Board over that period. If the policy has been recently updated to address NLRB concerns, one issue that will often not be addressed in a social media policy, and that ideally should be addressed, is the need for company personnel to exercise care in using the geo-location features of social media platforms – there are instances where an employee’s physical location (for example, at the offices of an acquisition target) may itself constitute confidential information."

And while considering technology, don't forget to include in your policy:

A Focus on BYOD

From Michele Lange at Kroll Ontrack: "The biggest problem with most corporate social media policies is that they fail to consider the Bring Your Own Device (BYOD) phenomena currently transforming corporate culture in America. Most attorneys are still thinking of social media and smartphones as distinct concepts, which couldn’t be further from the truth—Today’s phones are first and foremost hubs for social connectivity (although the last I checked most of these devices make phone calls too). From a business perspective, it’s easy to avoid the problem by looking in the short term—if the employees want to buy the iPhone X, Y or Z, and use it at work too, why not let them? It means more cost savings for us, and a happier workforce, right? Well, attorneys are starting to realize that this inaction may be associated with massive legal risk—it creates room for courts to find that the employer organization may have requisite control, and a corresponding duty to preserve seemingly non-business related information on these mixed devices. Coat on a veneer of confusing and underdeveloped employee privacy and data protection laws – along with looming ediscovery changes to the Federal Rules of Civil Procedure – and you have a glimpse of what the fight is going to be about in 2014 and beyond!"

Finally, a reminder that what's often missing from social media policies might actually be a matter of approach:

Integration With Other Company Policies

From Ingrid Fredeen, Vice President of NAVEX Global's Ethical Leadership Group: "Employers are still managing social media issues in a silo and not threading the risks presented by social media use into all relevant policies and procedures. For example, organizations may have a social media policy that talks about harassing conduct, but they don't talk about social media use in their harassment policy. Likewise, IP policies and insider trading policies often times don't effectively address how social media use can create reputation, legal, and competitive advantage risks. Policies should help employees understand how their current environment comes to bear on ethics and compliance in their organization and this can best be achieved by ensuring that social media is part of all relevant company policies."

Additional perspectives on the ever-interesting topic of social media in the workplace available here>>