With 1.5 billion global monthly Facebook users, 300 million individuals accessing Instagram each month across the world and 19 million LinkedIn users in the UK alone; it is no surprise that 66% of marketers believe social media marketing is core to their business (Salesforce survey 2015).

Social media may be relevant to your business for a number of reasons for example, where blogging and social networking is carried out on your website; your employees are using social media sites to further to company’s business and if you instruct third parties to carry out promotional activities on your behalf.

If any of the above is relevant to your business we urge you to continue reading the precautions we have identified below by way of best practice.

Website terms of use and privacy policies

Terms of use for your website and any other applications you provide must be implemented. The terms should request users’ express consent by requesting, for example, that they click on an “I Agree” button. Provisions should also be included to prevent disclosure of your confidential information and the misuse of your intellectual property. Finally, a statement limiting liability for any content posted by third parties particularly in relation to defamation and harassment is a must.

An online privacy policy should be incorporated into your company’s website. The policy must identify how users’ data will be collected, used, disclosed and maintained, by doing so this will assist with your obligations of privacy and non-disclosure to third parties.

User generated content

If you allow users to post their own content on your website then you must take sufficient steps to minimise the company’s liability for such content, for example:

  • Removing or barring access to any inappropriate content as soon as you become aware of it;
  • Promote notice and take down policies and procedures;
  • Disclaim liability for that content;
  • Allow site operator to remove content as it sees fit; and
  • Obtain the rights from all third parties concerned to use posted content elsewhere, for example in promotional material.

Legal compliance

It is imperative that your posts and material on your website and social media platforms are legally compliant.  The damage to reputation a defamatory tweet could cause is substantial and as a result, you should be mindful of the following:

  • If content adversely affects an individual’s or organisation’s reputation it may be defamatory.  In deciding whether a post or a blog is defamatory, a judge will consider the following: whether it was first published in the last 12 months; whether it lowers the subject in the estimation of right thinking members of society; has it or is it likely to cause serious harm ; and whether it is the truth or honest opinion of the author;
  • The law on promotions and competitions in relation to both prices and prizes will apply irrespective of the platform which is used to promote; and
  • Posts or material should not misuse a third parties intellectual property; such infringement may occur where the user has copied work protected by copyrights or where the user has included a trade mark without the third parties prior authorisation.

Employee’s use of social media

Employees will generally fall into two categories, those whom post, blog and tweet on the company’s behalf and those who associate themselves with the company on their personal social media platforms. It is recommended that policies are put in place for both scenarios.

Of great concern is the potential for confidential information, whether business or customer related, to be leaked via a social media site. Therefore the company facebook page, twitter account or blog should be updated by an employee who has been entrusted to carry out such a task and has received full training as opposed to an unpaid intern who is left to their own devices (we all remember the HMV live twitter feed in 2013). Senior executives within the organisation should also be aware of all passwords, together with the workings of such sites, so that they can access the site to make any amendments or deletions if necessary. Such information should not be allocated to just one person.

The policy should detail exactly who has the authority post together with guidelines as to what is acceptable, together with examples. Training does need to be provided to those who post on the company’s behalf and the policy should be reviewed regularly to ensure that it complies with current legislation.

For those whom have no powers to post on the company’s behalf a policy should be in place detailing exactly what they can and cannot do on social media platforms. Whilst employees may think that what they upload in their own time on their own device is of no concern to their employer, the moment they associate themselves with the company (whether by identifying their place of work, ‘friending’ colleagues or clients) it becomes the company’s business.

The policy should make it clear whether social media can or cannot be used during work times; explain whether they are permitted to ‘friend’ colleagues, clients and suppliers and further, provide guidance regarding appropriate posts, particularly in relation to confidential information. Reference should also be made to behaviour which will not be tolerated, for example cyber bullying, harassment and defamation together with the training which is available in conducting yourself online.

Given the speed at which the law in this area is developing, these policies should be reviewed on a regular basis to ensure compliance.

For more information please contact our employment law specialist Donna Martin.