Social media platforms, like LinkedIn, Twitter and Facebook, are increasingly prevalent in the working world, not only in a traditionally personal context but to connect businesses having marketing, recruitment and other commercial objectives.
From an employment perspective, an employee’s personal freedom to engage in social media is more and more intertwined with legal responsibilities within the employment relationship. Employers, therefore, need to properly protect their company’s interests in light of the risks.
Legal position
There is no specific Hong Kong legislation governing the use of social media in the workplace. Employment duties are generally covered under the Employment Ordinance and protection of personal data under the Personal Data Privacy Ordinance. At the same time, the implied duty of mutual trust and confidence between employer and employee is established under the common law.
The employer’s control of the workplace is checked by various guidelines issued by the Privacy Commissioner on Data Privacy, Hong Kong such as the Privacy Guidelines on Monitoring and Personal Data Privacy at Work, which regulate the employer’s ability to monitor, inter alia, its employees’ emails and internet usage.
Existing policies
Before considering social media policies, it is important for the employer to have existing policies in place (and enforced) within the organisation. These are generally policies on (1) Equal Opportunities – such as dealing with discrimantory conduct and how that will impact on the employee’s ability to carry out their role and the trust and confidence in that employee; and (2) Bullying and Harassment – if employees make comments to fellow employees or customers, which conduct is related to the workplace, the employer may be held to be vicariously liable for the employee’s conduct (unless the employer has done all it can to prevent such behvaious).
Whilst the two policies traditionally focus on protecting the organisation from within, it is the employee’s potential breach of these policies to the external world at large (by social media) that requies the next level of protection.
Why a social media policy?
It is common for many organisations (that do not require social media as part of their business) to impose blanket bans on accessing social media sites through the company’s IT systems during the working day. Normally, set out in the employee’s handbook, such measures are to protect not only its proprietary information but also the organisation’s reputation from employee’s activities on social media.
However, increasingly businesses resort to social media. Also, with employees all carrying personal smartphones, the risk to the employer of security and reputational breaches are real even in spite of strong internal restrictions. That employees are now tending to also work from home, where the misconduct originates (from the workplace or not) does not matter.
The following are social media breaches by employees which are of most concern:
- Making personal comments on social media that are directly linked to the employer or holding the views out to be that of the employer;
- Making discriminatory or derogatory comments about others such as racial, ethnic, sexual, religious, and physical disability slurs which are purported to be views shared by the employer company; and
- Disclosing information that are financial, operational and legal in nature, as well as any information that pertains to clients and customers.
Social media policy
Below are some practical tips in formulating a social media policy and monitoring an employee’s use or access of social media in the workplace.
(1) Employers must stress to employees that the misuse of social media cannot be tolerated, with appropriate language inserted as to what are the consequences of such misuse (disciplinary action or termination). For example, it can be set out that serious cases of misuse, amounting to a serious breach of the implied duty of mutual trust and confidence, may justify immediate summary dismissal.
(2) In addition, a social media policy should:
- cover the use of social media by employees at any time and regardless of whether the employer’s IT system is used to access the social media;
- restrict when an employer can be referenced on social media sites;
- remind employees not to make derogatory comments about the employer, colleagues or clients on social media sites (which targets the question of vicarious liability of the employer);
- include an instruction that personal views expressed should not be attributed to the employer;
(3) It is important that existing policies in place (see above) be cross-referenced.
(4) Once formulated, the social media policy must be:
- incorporated into the employee’s handbook as well as made widely available; and
- regularly reviewed and updated (given the speed in techonological changes).
Conclusion
It is clear that organisations are already in the process of materialising their internal policies on social media. Employers need to be one step ahead of the game – courts are finding employers vicariously liable for their employees’ conduct with greater regularity. As always, clarity of drafting is imperative since employees need to have no doubt as to what acts are restricted or prohibited and what actions will be taken if the same is breached. These are invariably the responsibility of the employer.
————————
Sanjay A. Sakhrani
Barrister-at-Law
Employment Law Update 