Some employers might decide it's essential to monitor the use of social media by employees and potential hires to manage certain risks. But that decision carries its own dangers.
There have been some high-profile reports about US businesses requiring job applicants to hand over Facebook logins so employers can collect candidate information from the social media site before making a recruitment decision.
This practice has caused a storm in the US, but it's not yet commonplace in Europe - and there are a number of reasons why UK employers might not want to follow suit.
1. Data protection law
According to UK data watchdog the Information Commissioner, the practice breaches the Data Protection Act provisions that prohibit organisations from holding excessive information about an individual.
2. Discrimination risk
It could also put an organisation at risk of discrimination allegations if the employer discovers and rejects the job applicant because of information about, for example, sexual orientation, religion, belief or age.
Constructive dismissal litigation could result where login details are handed over for recruitment vetting but the employer later accesses the Facebook account for other purposes.
Although requiring login details to gain access to a job applicant's Facebook account seems heavy-handed, there are a number of legal risks inherent in employee use and misuse of social media, which make it important for employers to know what their staff are up to online.
For example, an organisation's reputation or brand might be damaged by an employee posting derogatory comments or controversial opinions. Confidential information might be deliberately or inadvertently disclosed. An employer can be held liable for an employee's cyber-bullying. There can also be significant loss of productivity when employees spend excessive time at work on social media sites.
On the one hand, monitoring employees' use of social media is essential for a business to be able to control these risks. On the other, such monitoring can create its own risks if it is done in the wrong way or for the wrong reasons.
Any monitoring must not intrude into employees' private lives, breach their data security or interfere with the trust and confidence which lies at the heart of the employment relationship. A crucial issue is that employees must be aware of the methods and extent of the monitoring that their employer is carrying out.
In terms of monitoring social media profiles during the recruitment process, the Information Commissioner's guidance is that "vetting" should only be used where a recruitment decision imports significant risks to the employer, clients, customers or others and there is no alternative available.
Trawling social media sites to sift applicants is, in reality, a form of vetting and, to avoid comeback, employers should make sure they give clear guidance to managers about how social media can and cannot be used in recruitment.
Monitoring sites visited and time spent on social media in working hours will rarely be contentious, provided employees have been informed that their usage will be monitored and the reasons for doing so. Monitoring content, however, is more intrusive and will require tighter safeguards.
Employees' work-related use of social media can be monitored provided that data protection principles are complied with and, as part of this process, it will be important to consider if there are less intrusive alternatives.
The really tricky area is monitoring an employee's personal social media activity. The courts' attitude to this issue so far remains largely untested but what is clear is that the key to effective legal monitoring and control of social media usage is a well-drafted, and business specific, social media policy. This policy should include
- Rules on social media activity during working hours.
- Rules on use of personal social media accounts.
- The dos and don'ts of social media, including a reminder that social media activity is not necessarily private and the employer may discipline for inappropriate activity that breaches the policy whether work-related or personal, inside or outside the workplace and on personal or company IT equipment.
- An explanation that the organisation monitors social media use and how and for what purposes this monitoring is carried out.