Legal and Ethical Implications of Corporate
Social Networks
Gundars Kaupins & Susan Park
Published online: 2 June 2010
# Springer Science+Business Media, LLC 2010
Abstract Corporate social networking sites provide employees and employers with
considerable opportunity to share information and become friends. Unfortunately, American
and international laws do not directly address social networking site usage. The National
Labor Relations Act, civil rights laws, and various common law doctrines such as
employment at-will and defamation provide the pattern for future social networking laws.
Ethical considerations such as productivity, security, goodwill, privacy, accuracy, and
discipline fairness also affect future laws. Corporate policies on corporate social networking
should balance the employer’s and employee’s interests. Existing laws and ethical issues
associated with social networking should impact social networking policies related to
configuration, communication, discipline, and evaluation of policies. Corporate social
networking policies should be business-related, ensure user notification of monitoring,
maintain adequate records, and provide for reliable, consistent, and impersonal evaluation
of monitoring effectiveness.
Key words corporate social networking . laws . ethics . organizational policy
Social networking sites such as Facebook, My Space, and Twitter are making it possible for an
organization to share information among employees, advertise its products and services, and
relate to the customer in a new way on the Web. In February 2010, Facebook had 400 million
active users (Owyang 2010). Facebook jumped ahead of Google by claiming 7.07 percent
of U. S. traffic compared to Google’s 7.03 percent in March 2010 (Maximumpc.com 2010).
Facebook reaches 29.9% of global Internet users versus 22.4% for My Space. My Space
continues to be the most profitable social network, having about $1 billion in revenue
versus $300 million for Facebook (Ostrow 2009). Twitter, a site that allows users to post
only 140 characters at a time, has stabilized to roughly 20 million users (Gross 2010).
Employ Respons Rights J (2011) 23:83–99
DOI 10.1007/s10672-010-9149-8
G. Kaupins: S. Park (*)
Department of Management, Boise State University, 1910 University Dr., Boise, ID 83725, USA
e-mail: [email protected]
G. Kaupins
e-mail: [email protected]
Internationally, social networks have a high percentage of reach among Western
Europe’s Internet audience. There were 282.7 million Internet users in Europe as of
December 2008, 200 million of whom visited a social networking site. According to
ComScore, the market reach is highest in the United Kingdom, with 79.8 percent, followed
by Spain with 73.7 percent, Portugal with 72.9 percent, and Denmark with 69.7 percent
(ComScore 2009). Russia is the fourth largest social networking market in Europe, behind
the United Kingdom, Germany, and France (Fresh Networks Blog 2009).
Not surprisingly, social networking is becoming increasingly prevalent in the workplace. A
recent survey indicated that 46 percent of IT professionals believe online social networking
(OSN) is a valuable business tool, and of those, thirty-one percent indicated that it was crucial to
business. Moreover, 85 percent of those surveyed, even those who question the usefulness of
social networking, acknowledged that employees are using social networks at work (Perez
2009). Another survey indicates that between 25 to 30 percent of companies with 500 or
more employees have adopted some form of social networking (Leader-Chivee et al. 2008).
The benefits to employers of corporate social networking are many. According to
Leader-Chivee et al. (2008), “[c]orporate adoption of social networking, while new, is
already showing enormous benefits. By offering employees the tools and technology to
reach out and connect with one another, organizations can facilitate a collaborative
corporate culture, while benefiting from a wide range of improved efficiencies, in
everything from sourcing and recruiting, to on-boarding and learning programs, to
improved alumni, diversity, women’s and retiree communications. Many process improvements may be found through efficient social networking programs and organizational
connectivity.“ Moreover, OSN is becoming increasingly popular because of internal brand
building, finding, unlocking and engaging hidden employee intellectual capital, enhancing
employees’ motivation and satisfaction, and developing products and offerings faster
regardless of the organizational design (Communitelligence.com 2009). The software helps
businesses find people and information, understand relationships, create a common culture,
enhance friendships among customers, improve knowledge management, facilitate
recruiting and retention of younger workers who actively participate on social networks,
and keep former employees in the loop (CIO Insight 2009).
However, as is often the case when technology rapidly advances, the law pertaining to
OSN has adapted at a less rapid pace. In the workplace particularly, where common illegal
and unethical behavior, such as defamation and sexual harassment, is easily committed
online, and employees spend increasing amounts of time involved in social networking,
employers have found themselves scrambling to adapt policies which allow them and their
employees to take advantage of the business benefits of OSN while at the same time
working to stay within the law and ethical bounds.
Purpose
The unique contribution of this paper is that it provides specific guidance to employers who
wish to maintain OSN sites by addressing the various legal and ethical questions they may
have regarding an appropriate OSN policy. Other relevant articles, many of which are
referenced in this paper, focus on either the legal or the ethical implications of OSN, but
few combine these two important issues as this paper has done. Moreover, fewer still make
specific policy recommendations to employers. The primary focus of this paper is on
American law and ethics, but it also gives consideration to international law, particularly in
Europe and Russia. Given the fluid nature of social networking laws and ethics, we also
84 Employ Response Rights J (2011) 23:83–99
provide recommendations for future research on social networking. While the use of online
social networking from an employee’s perspective is relevant and of interest, this paper
focuses primarily on employer-maintained OSN sites from the employer’s perspective.
Legal Issues
In this section, we provide an overview of the numerous legal issues employers who
maintain OSN sites may face. This information, combined with the policy recommendations we make at the end of this paper, will help employers avoid costly legal problems by
crafting comprehensive social networking policies that are suitable to their workplace.
Where appropriate, we suggest possible directions in which the law may evolve but that is
not the primary focus of this paper. We desire to give employers guidance on the current
state of the law rather than attempt to influence how the law should change.
In general, the use of OSN sites, such as Face Book, My Space, and LinkedIn, by either
employees or employers has been subject to traditional employment law. While several
commentators have suggested that Internet use, including the use of OSN sites and blogs,
should be subject to new rules, this method of communication is such a recent phenomenon
that few, if any, new laws have yet to emerge (Byrnside 2008). Thus, while Congress and
state legislatures grapple with this and other new forms of communication technology,
courts continue to apply traditional common law and existing federal and state statutes to
employment issues relating to OSN sites.
Numerous legal issues might arise in the context of an employer-maintained OSN page.
Although most employees in the U.S. are employed at-will, an employee’s interaction with
the employer’s OSN page might involve legally protected activity, such as whistle-blowing
or labor organizing or other concerted activity, or it might reveal information about the
employee’s membership in a legally protected class. Moreover, an employee who engages
in online harassment or posts defamatory or private information on the employer’s OSN
page may subject the employer to vicarious liability. An employee also may disclose
information to the public that the law requires the employer to keep confidential, such as
certain personnel data, or otherwise invade others’ privacy by posting personal information.
An employee may even post content of a criminal nature which could subject the employer
to potential criminal liability. To protect against such liability, employers should update
their current policies regarding Internet use to include clear and comprehensive directives to
employees regarding their interaction with the employer’s OSN site. Employers should also
vigilantly monitor their sites to be sure their Internet policy is being respected.
Legal issues become even more complex when considering the fact that OSN users
circle the globe. Those who interact with an employer’s OSN site are not necessarily
limited to the borders of the United States. Employers may encourage global access to their
OSN site as a marketing and communication tool. As such, awareness of international law
is also recommended.
The Employment At-Will Doctrine and Exceptions
Employment issues are usually governed by the employment-at-will doctrine, which means
generally that employees can be terminated or quit for any reason or no reason at all (Grub man
2008). Thus, in general, an employee who inappropriately interacts with the employer’s
OSN site, either at work or during off-hours, may legally be terminated. However, various
common law and statutory exceptions to employment at-will may be applicable to legal
Employ Response Rights J (2011) 23:83–99 85
issues that arise regarding an employer-maintained OSN site, although the likelihood that
such an action will justify an actionable claim against the employer is far from clear.
The Implied Covenant of Good Faith and Fair Dealing In those relatively few states that
recognize this exception to employment at-will, employers may be liable to an employee
for acting in “bad faith” regarding the terms and conditions of employment (Lichtenstein
and Darrow 2006; Sprague 2007). Generally, an employer acts in bad faith and breaches the
implied covenant of good faith and fair dealing when it promises an employee a particular
benefit, such as sick leave or retirement benefits, and then terminates or demotes the
employee for taking advantage of that promised benefit (Grub man 2008; Gutman 2003).
This means that an employer who implements a company policy regarding OSN should
apply the policy consistently to all employees, and avoid using an employee’s previously
acceptable social networking activity as grounds for discipline or as a pretext to avoid
paying the employee promised benefits (Grub man 2008; Sprague 2007).
Implied or Express Contract Numerous courts have held that if the employer creates either
an express or implied contract with the employee, the employment relationship is not at will (Gely and Bierman 2006). Thus, an employer who has contractually agreed to
terminate an employee only for just cause may be liable if the employee is fired for posting
an item on the employer’s OSN site that is not sufficiently inappropriate to the employer’s
interests and/or is unrelated to the employee’s work.
Public Policy Exception The public policy exception to employment at-will is broad
enough to cover many different scenarios. Generally, it means that an employee is
wrongfully discharged if terminated in a way that would violate the state’s official public
policy (Grub man 2008; see also Gutman 2003). For example, an employee who is fired for
reporting to jury duty may have been wrongfully discharged because the state’s public
policy requires all citizens to perform this statutory duty. The public policy exception is also
generally applicable when an employee exercises a constitutional right or refuses to break
the law for the employer (Grub man 2008; Lichtenstein and Darrow 2006). Additionally, it
encompasses state and federal statutes which provide protection from employer retaliation
against an employee who “blows the whistle” on the employer’s illegal behavior (Kirkland
2006; Clineburg and Hall 2005). Some federal statutes include Section 704 of Title VII of
the 1964 Civil Rights Act (1964), Sarbanes-Oxley Act (2002), Family and Medical Leave
Act (1993), Occupational Safety and Health Act (1970) and the Fair Labor Standards Act
(1949). Employers who encourage employees to participate on the employer’s OSN page
may also be inviting employees to discuss their work activities and relationship with the
employer. Quite possibly, this could involve an employee who mentions the employer’s
unethical or potentially illegal activity in a comment on the employer’s OSN site. This
exception could protect an employee who posts such comments or other information
regarding legally protected activity on the employer’s OSN page. Employers with a firm
understanding of these legal requirements and who vigilantly monitor their OSN sites are
likely to avoid subsequent liability for violation of public policy.
Labor Relations
Section 7 of the National Labor Relations Act (NLRA) (1947) gives to all covered
employees, in part, the right to engage in “concerted activities for the purpose of collective
bargaining or other mutual aid or protection.” Employees might engage in such concerted
86 Employ Response Rights J (2011) 23:83–99
activity in a variety of ways, including via the Internet. An employer may be obligated to
allow such protected activity, even on its OSN site, as the following case illustrates.
In Knop v. Hawaiian Airlines (2001), the 9th Circuit Court of Appeals held that an
online bulletin board maintained by a company pilot to discuss and criticize the employer’s
negotiation with the union was protected concerted activity under the Railway Labor Act
(RLA). The Knop Court relied upon NLRA precedent to reach its decision, as is typical
for courts in RLA cases, which indicates that the Knop holding would likely extend to
employees covered generally by the NLRA (Grub man 2008; Strege-Flora 2005). The
Knop holding suggests that an employer policy which prohibits employees from accessing
the employer’s OSN page to discuss work-related policies may violate Section 7 if it is
overly-broad regarding confidentiality, wage-secrecy, or solicitation, or is found to be
discriminatory (i.e. the policy prohibits union activity on the employer’s Facebook page but
allows for other, non-business related activity) (King 2003, Strege-Flora 2005). The NLRA
also protects employees who engage in non-union related concerted activity, but it does not
extend to an employee’s individual action taken on his or her own behalf, nor does it allow
an employee to disparage the employer, engage in insubordination, or post confidential
information on the employer’s site (King 2003; Sprague 2007).
Discrimination Statutes and Employer Liability for Sexual Harassment
Federal or state statutory law may be applicable in instances in which an employer is
alleged to have discriminated against an employee for revealing some type of protected
status via the Internet. For instance, suppose a corporate employer allows employees to use
the company Facebook page to post announcements of a personal nature, so a supervisor
uses Facebook to extend an invitation to his co-workers and employees he supervises to
attend services at his church. If other employees complain about the post, the employer may
find itself torn between competing obligations.
On one hand, the employer may be obligated to allow the post to remain to fulfill its
responsibility to reasonably accommodate the employee’s religious beliefs or practices as
required by Title VII of the 1964 Civil Rights Act. Moreover, Title VII may provide
protection to employees who post comments, photos, etc. on an employer’s OSN site that
reveal information about any of the employees’ protected characteristics—race, color,
religion, gender, and national origin (Grub man 2008). Several other federal statutes, such as
the Americans with Disabilities Act (1990) and the Age Discrimination in Employment Act
(1967), as well as many state statutes, also protect employees from discrimination in the
terms and conditions of employment because of a protected trait, belief, or activity. This
obligation also encompasses the duty to avoid excluding employees from work-related
activities based upon a protected characteristic.
On the other hand, the employer also has an obligation to prohibit online harassment of
employees who participate on the corporate OSN site. While the hypothetical post inviting
co-workers to a religious meeting may not rise to the level of harassment, employers should
be aware of the possibility that online social networks may be used as a vehicle for
religious, sexual or other harassment, potentially subjecting an employer to liability under
Title VII or other anti-discrimination statutes.
In Blakey v. Continental Airlines (2000), the New Jersey Supreme Court considered
whether comments made by employees on an employer-maintained online bulletin board
could result in the employer’s liability for workplace sexual harassment. Applying Title VII,
the court held that a work-related Website “could undoubtedly be so closely related to
employment as to become an extension of the workplace.” In fact, the court held this to be
Employ Response Rights J (2011) 23:83–99 87
true even if others outside of the workplace had access to and the ability to post comments on
the site. Finding that Continental was aware of the harassment occurring on its bulletin board
but did nothing to remove the comments or reprimand the pilots who posted them, the court
awarded the plaintiff $1.7 million in damages.
Although limited to only Continental Airlines crew, the online bulletin board in Blakey
is quite similar to an employer-maintained OSN. Both are accessible outside of the
workplace and allow users to post comments. Both create, as the Blakey court described, a
“virtual community” through which employees communicate and “build relationships.”
Accordingly, it is quite possible that an employer may incur liability for inappropriate
harassing posts and comments made on the employer’s official OSN page if the employer is
aware of the posts and fails to remove them promptly (Higgins 2002; Lichtenstein and
Darrow 2006). Thus, a workplace policy regarding OSN use should clearly and specifically
prohibit any inappropriate posts and comments, and employers should actively monitor
their OSN sites to be sure corporate policy is followed.
Vicarious Liability Issues
In general, under the theory of respondent superior, employers will be vicariously liable for
torts employees commit while acting within the course and scope of employment
(Greenbaum and Zoller 2006). Employers who maintain an official company OSN site
could, without proper monitoring and an adequate policy in place, assume such liability for
posts made on its site in several ways. Posts made on the site might be defamatory, invade
an employee’s or other person’s privacy, or, if outrageous enough, inflict emotional distress.
They could even suggest criminal behavior, for which the employer might be liable in
certain circumstances.
Defamation Employers should take precautions to avoid incurring liability for defamatory
posts employees or others might make on the employer’s official OSN site. Certainly an
employer who posts defamatory material on its own site would likely be liable for the
consequences (Lex 2007). However, given the increasing use of OSN, employers are likely
to question whether they may incur liability for comments employees or “friends” post on
the employer’s OSN site. For instance, assume an employee posts the following false
statement on the employer’s site: “Jane didn’t show up for work today because she had too
many margaritas last night with her crew.” If this statement meets the general criteria for
defamation (an untrue, damaging statement made to at least one other party), an employer
may find itself vicariously liable to Jane, given that the employer “maintains” the site and
has control over who may access it.
In the context of defamatory statements employees make on an employer’s blog, many
authorities assume an employer’s general liability under the theory of respondent superior
if the employee makes the statements while acting within the course and scope of
employment (Grub man 2008; Gutman 2003). This raises an interesting question about
whether an employee posting comments on an employer’s OSN page is indeed acting
within the course and scope of employment. Employer-maintained OSN pages are similar
to workplace blogs, so arguably the answer is yes. In both instances, the employer has
control over who has access to the site and the ability to post comments or other
information. Most OSN sites also provide users with the ability to remove comments others
post on their pages. As Gutman points out, “[t]ort liability could extend to the employer
who does not exercise proper control or whose neglect made the activity possible.” The
threat of such lawsuits clearly could increase the business costs of using social networks in
88 Employ Response Rights J (2011) 23:83–99
the corporate setting, again exemplifying the need to generate policies to prevent social
network abuse.
On the other hand, Lex (2007) has suggested that many posts made on a company OSN
page may not be defamatory because of the casual atmosphere of OSN. According to Lex,
“[c]considering that My Space is primarily a site for socializing and not the place to go for
hard-hitting news or research, many potentially defamatory statements may escape liability
simply because My Space viewers will not necessarily take what they read as fact.”
However, Lex also suggests that “[o]n the other hand, the same casual atmosphere may lead
users to believe that they can say anything they want without facing legal consequences.
Despite the informal context of My Space, any communication that meets the elements of
defamation potentially faces legal liability. Given that there are over one hundred million
users, even a few cases could represent a significant problem looming over the legal
landscape.” Particularly in instances in which an OSN page is officially maintained by the
employer, it may be reasonable for a reader to conclude that any content found on the page
is at least acceptable to the employer.
A related issue concerns the liability of those who “republish” defamatory statements.
Generally, a new party who repeats a defamatory statement is also liable for defamation, as
if he or she were the original publisher of the false statement (Lex 2007). However, this law
may not apply to an employer’s liability for defamatory posts an employee or “friend”
makes on the employer’s OSN site. In 2000, Congress amended the Communications
Decency Act of 1996 by adding the “Good Samaritan” provision to provide immunity for
providers and users of an “interactive computer service” from liability for the posting of
certain information, including potentially defamatory content (Lex 2007). Specifically, this
provision provides that “[n]o provider or user of an interactive computer service shall be
treated as the publisher or speaker of any information provided by another information
content provider.” While it appears that Congress may not have intended the Good
Samaritan provision to apply to individual OSN users, Lex suggests that both the language
of the Act itself and subsequent court interpretations could lead to such immunity. Whether
a company is liable for an employer or friend’s defamatory post on the company’s OSN
page will likely depend upon how actively involved the company is in the republication of
the material. Thus, while employers might be immune from liability for defamatory
statements made on an official OSN page, the best approach for an employer is to approve
of “friends” with care and carefully monitor all comments and other activity on the OSN
site.
Privacy Workplace privacy violation claims may generally take one of three forms:
intrusion upon solitude or seclusion, public disclosure of private facts, or publicly placing
an individual in a false light (Gabel and Mansfield 2003). Of the three, public disclosure of
private facts is the likeliest cause of action that may arise when a post on the employer’s
OSN divulges private information. The essence of such a claim of invasion of privacy is
whether the employee has a reasonable expectation of privacy regarding the information
(Brandenburg 2008). With regard to other forms of online communication, such as
computer Internet access and work email systems, courts have almost uniformly held that
employees do not have a reasonable expectation of privacy in these areas (Milligan 2009),
yet those cases generally concern employees who act affirmatively to transmit their own
private information.
Certainly an employer who knowingly posts private information about an employee on
its public FaceBook or MySpace page could subject itself to direct liability for invading the
employee’s privacy. Whether such holdings would extend to posts others make on a
Employ Respons Rights J (2011) 23:83–99 89
corporately maintained OSN site is as yet unresolved. However, in light of Blakey, it is
quite possible that an employer’s liability could extend to situations in which a friend or
employee posts the offending information, perhaps even confidential information, on the
employer’s site. It seems reasonable to assume that if the employer’s OSN is sufficiently
work-related, and the employer knows of the offending post and fails to remove it within a
reasonable amount of time, the employer may be vicariously liable for any resulting
damage caused by the privacy invasion.
Intentional Infliction of Emotional Distress Causes of action based upon intentional
infliction of emotional distress require proof of intentional, outrageous behavior (Gabel and
Mansfield 2003; Sprague 2007). In this situation, such a claim would require the employee
claimant to show that the employer’s conduct in either posting a comment directly or
allowing another user’s post to remain public on the employer’s OSN was outrageous and
that it caused the employee severe emotional distress.
Criminal Liability Consider the following scenarios. An employee posts a link to
pornographic material on the employer’s OSN site. A recently-fired, disgruntled employee
posts a death threat against his supervisor on the employer’s OSN site. In addition to the
potential civil liability discussed in the previous sections, these particular situations may
expose an employer to criminal liability as well. Generally, an employer may be liable even
for the criminal acts of its employees if the criminal act in question originates “in activities
so closely associated with the employment relationship as to fall within its scope” (AmJur
2d 2009). Moreover, if the employer’s property or resources are used in the commission of
the crime, the employer could be subject to criminal action (Gutman 2003).
Select International Legal Issues
Online social networking is also growing at a rapid pace internationally, especially in
Europe, which has far more social network users than in most Asian countries. (ComScore
2009; Wardman 2009). European Union directives and Internet safety are two of the leading
international legal issues found in a literature review of the relevant international journal
articles relating to social networking. As in the United States, both the EU directives and
the international literature on Internet safety make clear that the right to privacy is a major
concern. American employers who intend to rely upon social networking to help expand
their reach into international markets should be aware of the implications of applicable
international law. Because social networking is increasing most rapidly outside of the
United States in Europe and Russia (ComScore 2009; FreshNetworks Blog 2009), this
section will focus on international law in those areas.
European Union Directives European Union directives lay down certain end results that
must be achieved in every Member State. Countries must adapt their laws to meet these
goals, but are free to specify the details. Directives may affect one or more European Union
members. Each directive specifies deadlines for directive adoption and accounts for
differing national situations (European Commission 2010). Directive 95/46/EC is intended
to protect individuals regarding processing personal data and the free movement of the data.
The directive affirms the right of privacy and the need for data controllers to protect data
(Eur-lex 1995). Data controllers can be organizations such as Facebook, MySpace, and any
other corporation. Before uploading data, data controllers must inform people about what
personal data is available to others in their network site profile (Meller 2009).
90 Employ Respons Rights J (2011) 23:83–99
Internet Safety in Western Europe The European Commission supports self-regulation
systems that enable flexible and workable safety solutions among major social networks
and users. The INSAFE Network seeks to raise public awareness and run help lines through
a network of safe Internet centers in 26 European countries. Though it mostly applies to
parents, teachers, and children, much of its concepts can be applied to corporations and
their employees. The European Social Networking task force established a set of guidelines
for social networks by youngsters (European Commission 2009).
Internet Safety in Russia In spite of its market size, Russian social websites offer more
challenging security issues. For example, Odnoklassniki.r offers $5 monthly fees to become
“invisible” to see other user profiles and $4 monthly fees to delete ratings of your photos
made by other users (Quintura 2008). In response to social networking sites which have
shown the deployment of Russian navy fleets, a newly enacted law may require Facebook
and MySpace to provide information about users doing business in Russia who the
Russians deem to be a threat to Russian security. This may have a negative impact on the
security of company data (IntelFusion 2009).
In summary, the legal issues an employer might face as it tries to navigate this new
world of OSN can be complex. Since no new legal principles have yet emerged to provide
guidance, traditional law is applicable, although how it may yet apply remains uncertain.
Additionally, employers should also be aware of the various ethical issues that accompany
workplace OSN. While there is some intersection between the law and ethics, the
differences are many, as is discussed below.
Ethical Issues
Legal principles and ethical principles are often closely aligned, but they have different
objectives. Laws involve a system of rules that stabilize social institutions. Their function is
to decide when to bring social sanction on individual citizens and their specific acts. Ethics
involve why and how one ought to act. They are more concerned than laws in promoting
social ideals. Ethical principles also may be viewed as the standard of conduct that
individuals have constructed for themselves (Candilis 2002).
Ethical concerns provide another important way to analyze appropriate use of social
networking sites. Relying on the law to resolve an ethical dilemma will fail to take into
account many of the obligations and duties that our society expects of its members (Sims
2003). This is especially true in light of the relative uncertainty of the law as it applies to
OSN. Employers will find that they must rely upon ethical guidelines as well as legal
requirements when drafting company policy regarding the company’s OSN site.
Though many social networking issues such as security, privacy, and accuracy are
directly linked with the fair collection of information, we go beyond fair collection of
information issues by also focusing on rejection, exclusion, and international concerns.
Fair Collection of Information
Inappropriate Networking “Social networking is often frowned on by employers because
content employees publish may be unprofessional and inappropriate to publish in the
corporate public domain” (Leader-Chivee et al. 2008). Consider, for instance, a supervisor
who types personal and private notes on the corporate social networking site, or reads such
notes posted by employees. This type of overlap between personal life and professional life
Employ Respons Rights J (2011) 23:83–99 91
could create potential sexual harassment problems and provide too much information to the
boss (Greenbaum 2008; Schultz 2008). Moreover, social networking among employees
within corporate social networking sites can lead to considerable waste of time when
employees are chatting with their friends or fellow employees on non-business related
topics. Kirkpatrick (2008) cited a study that found that corporate social networks can be a
waste of money and time. About thirty five percent of corporate social network activity has less
than 100 users. Less than 25 percent have more than 1000 users, though over half of those
companies have spent over a million dollars on the sites. Corporate networking sites can be
overpriced, include fancy but relatively useless features, and may be managed by inexperienced
monitors who are unable to assess the quality of information coming from the sites.
A monitor might be unable to distinguish between what is personal and work-related, or
may disseminate information about an employee who has done something personally
inappropriate. Even if it is work-related, a monitor could inappropriately accuse an
employee of wrongdoing without doing a proper investigation. A monitor might investigate
a non-random sample of employees who post on the employer’s OSN site specifically to try
to hurt one individual or a group, or monitor at inconsistent times. Thus, to control
inappropriate networking, monitoring content on a corporate social network site might take
considerable time and resources (CIO Insight 2009).
Security Employees might share secret aspects of their company on a corporate network
page, such as passwords, new products, and new services. Social networkers may
intentionally or unintentionally reveal organization secrets such as corporate finances,
marketing intentions, business strategies, or new products and services. Warnock (2007)
cited a study of 300 IT decision makers that indicated 10 percent of organizations
investigated the unauthorized disclosure of financial information through blogs or message
boards. Confidentiality violations can reveal organizational secrets to the whole world.
Company secrets can leave the company open to hacking (Kaupins and Minch 2006).
Privacy In addition to the legal privacy concerns discussed above, the privacy of each
employee may be breached in many unethical ways on an OSN site. Inappropriate pictures
of binge drinking or illegal drug use can be posted. Nasty comments about ex-boy or
girlfriends can lead to jealousy and insults. Constant posting of comments on people’s walls
can irritate them and block other people’s comments. Insensitive topics can be discussed,
including religion, politics, and racism/sexism (Urban Dictionary 2008). Moreover,
employee privacy may be reduced when the terms of the social network site can be
changed at any time. Phrases such as “We reserve the right, at our sole discretion, to
change, modify, add, or delete portions of the terms of use at any time without further
notice” can drastically affect the organization’s privacy policies.
Accuracy A manager may not know if information on a corporate social networking site is
accurate. An employee can post false financial information on a social networking site for a
few minutes and then erase it after damage has been done. In addition to subjecting the
employer to potential legal liability for defamatory statements, such posts may also damage
the employer in other ways. Determining whether that employee posted such damaging
information can be difficult to prove if the information has been erased. People might
intentionally post false information on such sites as a prank (Ethics Scoreboard 2009).
Factual information can be taken out of context because only short snippets are seen on the
screen at once. Other communications can be hidden by the “click here for more posts”
button (Schultz 2008).
92 Employ Respons Rights J (2011) 23:83–99
Other Ethical Issues
Rejection Most OSN sites allow users to reject requests to become “friends” on the site.
“Staff members that decline friend invitations from volunteers or even other staff members
via corporate OSN platforms may end up hurting the feelings of those they work with.
Encourage staff and volunteers to respect that some people may want to keep their OSN
activities separate from their work or volunteering relationships” (Coyote Communications
2008). The employer should also clearly outline the purposes of the OSN communications
and the profile of the type of friends it seeks. Rejections should occur because only select
members are invited or the person does not fit the profile to communicate effectively.
Exclusion Employers should take special care to avoid excluding employees for illegal or
unethical reasons, even unintentionally. “Many OSN platforms are blocked from being used
by employees at various businesses and government organizations. Many of these platforms
are also not accessible for people using assistive technologies, for people with certain
disabilities, or for those using older software and hardware. This means an organization
should not switch any of its outreach activities, such as blogging, instant messaging or
photo sharing, entirely over to OSN platforms, as many people are prevented from
accessing such. In other words, your OSN outreach activities should not replace your other
online outreach activities, as they will exclude many people.” (Coyote Communications
2008). If OSN communications directly affect any employment decisions such as hiring,
selection, compensation, training, and security, the communications would probably be
subject to civil rights laws. The need for equal access to such communications is therefore
enhanced with the threat of discrimination law suits.
International Ethical Issues To add further complexity to this topic, it must be
acknowledged that many cultures of the world have significantly different ethical values
and may use social networks for different purposes than in the U.S. For example, Chapman
and Lahav (2008) report that Americans tend to reveal very personal information such as
pictures, emotions, and sexual preferences. In France, users tend to share non-sensitive
information such as general interests. South Koreans tend to share photos with friends.
Chinese tend to focus more on interest groups and playing on-line games. Again, employers
who expand into international markets by communicating through OSN should carefully
monitor all activity on their OSN sites to ensure that material posted there is appropriate for
the international audience the employer hopes to reach.
Policy Recommendations for Organizations
The legal and ethical issues discussed above can have major implications on corporate
social networking policies for organizations. The employer’s business interests must be
balanced with an employee’s privacy interests. Employers who do business internationally
must learn the legal requirements in those countries in which they do business, as well as
become familiar with the ethical expectations of that particular culture.
Legal monitoring policies tend to be associated with several dimensions—how
monitoring is configured, how monitoring is communicated, how discipline is applied,
and how the impact of monitoring is evaluated. Each dimension can range from no activity
to significant action. These four dimensions are modeled off the location monitoring work
of Kaupins and Minch (2006). Figure 1 provides a summary of policy recommendations
Employ Respons Rights J (2011) 23:83–99 93
based on these four dimensions. Figure 2 provides several sample networking policies.
Solutions are based on recommendations from employee handbook experts, ethics code
developers, legal researchers, international organizations, and government directives and
laws. In cases such as “monitoring individuals,” several choices are provided to
organizations.
“Configuration” is the operational shell around OSNs. It refers to who shall be
monitored, by what means are people monitored, and when and where monitoring take will
place. “Communication” refers to communication of the OSN policies with employees.
Employees should be informed of the timing, means, location, and security associated with
policy communication.
“Discipline” focuses on major facets of discipline such as progressive discipline,
corrective discipline, and the hot stove rule. Progressive discipline deals with providing
Suggestions for Social Network Monitoring Policies
Configuration Issues:
1. Authentication Systems: Passwords/keys/cards (Owyang 2009)
2. Monitoring Individuals: Management, IT director (Bureau of National Affairs 2009)
3. Equipment Used: Network of corporate computers (Bersin 2007)
4. Individuals Monitored: On an equal basis across all individuals for business purposes only
(American Civil Liberties Union 2008; Nolan 2004); Use covert monitoring only when there is
evidence that a crime has been committed (Goodwin 2003)
5. Time of Monitoring: On company time (AllBusiness 2001)
6. Approval of OSN Participants: Approve of “friends” with care (Lex 2007)
7. Behavior Allowed: Be clear about the purposes of the social networking communication such as
recording useful contacts (Warnock 2007)
8. Behavior Not Allowed: Confidential corporate matters, harassment, defamatory statements
(Warnock 2007; Urban Dictionary 2008)
9. Policies Coordinated: Integrate all electronic communications policies (Warnock 2007)
Communication Issues:
1. Means By Which Warnings Are Announced: Employee handbooks, letters of understanding, emails (Boehl 2000), social networking
2. Timing of Warnings: A reasonable time before monitoring begins (Organization for Economic
Cooperation and Development 2000)
3. Individuals Warned: All those involved (Kaupins & Minch 2006)
Discipline Issues:
1. Individuals Administering Discipline: Supervisor (Bureau of National Affairs 2009)
2. Types of Discipline: Progressive/corrective discipline (Bureau of National Affairs 2009)
3. Appeals: Give employees the right to dispute electronic monitoring data (American Civil
Liberties Union 2008)
4. Retaliation: Provide a non-retaliation policy (Coyote Communications 2008)
Evaluation Issues:
1. Individuals Monitoring Monitors: Top management or data collection experts (Organization for
Economic Cooperation and Development 2000)
2. Methods of Monitoring Monitors: Analyze the impact of monitoring (Goodwin 2003); Develop a
comprehensive records retention policy (Nolan 2004)
3. Frequency of Monitor Monitoring: Periodical but negotiated evaluation of policies in general are
recommended (Dessler 2009)
4. Isolation: Check if any group or groups are isolated from the rest of the organization due to lack
of access to the social network (Coyote Communications 2008)
5. Evaluation Topics: Monitor reaction of employees and managers to the policy, what management
has learned about employee behavior, how employee and management behavior has changed, how
policies affect the bottom line and other organizational measures (Kirkpatrick & Kirkpatrick
2006)
Fig. 1 Suggestions for social network monitoring policies.
94 Employ Respons Rights J (2011) 23:83–99
employees increased discipline for greater infractions. Companies may start with an oral
warning, then proceed with a written warning if the inappropriate behavior continues.
Further discipline could be a suspension and discharge. Corrective discipline involves
providing the employee with appropriate counseling to help correct inappropriate behavior
on a social networking site. The counseling could be followed with appropriate monitoring
of future networking behavior. The hot stove rule states that all discipline should be with a
warning, impersonal, consistent, and immediate. Of course, all discipline should be
appropriate for the business and the specific incident(s) involved.
Concerning “evaluation,” all monitoring policies should be evaluated for their reliability,
validity, and adverse impact on employees. Data about social networking activities should
be produced. All monitoring policies should periodically be reviewed and revised.
Employers who choose to follow these recommendations should establish clear
corporate social networking policies that can be published in their corporate employee
Sample Corporate Social Network Policy
Employees shall use the corporate social network for business purposes only. Business purposes may
include productivity, safety, and security issues related to the mission and objectives of the company. Sample
productivity issues include generation of new ideas and getting opinions of products and services. Sample
safety and security issues include generation of ideas of how to enhance safety and security and monitor
possible breaches.
Employees shall not use personal social networking sites on company time. They shall not create
personal blogs, disclose confidential information, include defamatory or racially and sexually offensive
materials, disparage the company or its competitors, or use the company logo.
Any violation of the policy could lead to discipline following the company’s discipline policy.
Sample Social Network Monitoring Policies1
Sample Policy
The company reserves the right to monitor the social networking activities of employees for business
purposes only. Business purposes may include productivity, safety, and security issues related to the mission
and objectives of the company.
Employees will be notified by their supervisor (or human resources, top management) that their social
networking activities will be monitored.
Supervisors (or human resources, top management) are responsible for the storage and dissemination
of social networking data. Employees have a right to dispute social networking data and discipline related to
that data by contacting their supervisor (or human resources, top management) and following the standard
discipline appeal procedures of the company.
Sample Monitoring Evaluation Policy
Top management will periodically review its social networking policies and procedures as needed to
respond to internal company strengths and weaknesses and external threats and opportunities. The review
process includes monitoring the reaction of employees and managers to the policy, what management has
learned about employee’s behavior, how employee and management behaviors have changed, and how
policies affect the bottom line and other organizational measures.
_________________________
1
As an alternative to the policies shown, social network monitoring may be subject to negotiation between
employees and employers. All social network monitoring could be banned unless managers and employees
mutually agree to specific monitoring. Top management and employee representatives could periodically
review its social networking policies and procedures as needed.
Fig. 2 Sample corporate social network policies.
Employ Respons Rights J (2011) 23:83–99 95
handbooks, disseminated on the Intranet and Internet, or distributed via letter or e-mail to
employees. Employees should acknowledge that they have read the social network
monitoring policy by signing an acknowledgment form. Unfortunately, employees tend not
to read employee handbooks and letters even though they sign acknowledgment forms.
Management may have to remind employees with additional e-mails of the policies and be
familiar with the policies themselves in case of policy disputes (Dessler 2009).
Customers might need to be made aware that the business’s social network is monitored
to protect their privacy. They might not want to be discovered being with an employee who
is a competitor, illicit lover, or any other person who can cause embarrassment.
Suggestions for Future Research
Corporate social networking research is still very young due to the newness of the industry.
Several future research avenues can be created.
More detailed case analyses can be made concerning any new developments in the use
of social network monitoring by companies and the use of corporate social networks.
Researchers may also study the impact of any new laws on social networking policies.
Empirical and survey research is needed to help analyze management and employee
attitudes toward the need for limits on social network monitoring and corporate social
networking. Legal liability might be a primary motivation to monitor employee social
networking. Survey research also can help analyze what type of organizations will be most
likely to use social networking and what social networking policies will tend to be the most
important and most commonly used in practice. Data should be collected concerning
corporate age group usage, purposes of social network sites within companies, and
discipline for inappropriate behavior.
Conclusion
Existing laws and ethical considerations affect social networking policy recommendations
related to configuration, communication, discipline, and evaluation issues. Business-related
monitoring should be clearly defined and disseminated to all employees through a wide
variety of communication methods. Employees should receive warnings for inappropriate
social networking activities. Consistent evaluations of monitoring effectiveness should
occur. Future research should analyze what type of social networking monitoring and
corporate social networks are involved in organizations.
References
Age Discrimination in Employment Act, 29 U.S.C. §§ 621 et seq (1967).
American Civil Liberties Union (2008, February 8). Online privacy statement. Retrieved August 7, 2009
from http://www.aclu.org/infor/18864res20050401.html.
Americans with Disabilities Act (1990). 42 U.S.C. §§ 12101 et seq.
AmJur 2d (2009). Employment relationship, 27, § 381.
Bersin, J. (2007, November 16). Social networking: Meet corporate America. Retrieved February 9, 2009
from http://joshbersin.com/2007/11/16/social-networking-meets-corporate-america/.
Blakey v. Continental Airlines, Inc. (N.J. 2000). 751 A.2d 538.
Boehle, S. (2000). They’re watching you: Workplace privacy is going, going.. Training, 37, 50–60.
96 Employ Respons Rights J (2011) 23:83–99
Brandenburg, C. (2008). The newest way to screen job applicants: a social networker’s nightmare. Federal
Communications Law Journal, 60, 597.
Bureau of National Affairs. (2009). BNA employment guide. Washington: Bureau of National Affairs.
Byrnside, I. (2008). Six clicks of separation: the legal ramifications of employers’ using social networking
sites to research applicants. Vanderbilt Journal of Entertainment and Technology Law, 10, 445.
Candilis, P. J. (2002). Distinguishing law and ethics: a challenge for the modern practitioner. Psychiatric
Times, 19(12). Retrieved September 8, 2005 from http://www.psychiatrictimes.com/display/article/
10168/48616?pageNumber=1.
Chapman, C. N., & Lahav, M. (2008). International ethnographic observation of social networking sites.
Retrieved March 10, 2010 from http://portal.acm.org/citation.cfm?id=1358628.1358818.
CIO Insight (2009). Five reasons to deploy a corporate social network. Retrieved February 9, 2009 from
http://www.cioinsight.com/c/a/past-news/5-Reasons-to-Deploy-a-Corporate-Social-Network/.
Clineburg, Jr., W. A., & Hall, P. N. (2005). Addressing blogging by employees. The National Law Journal.
Communications Decency Act (2000). 47 U.S.C. §§ 652 et seq.
Communitelligence.com (2009). Building employee branding and engagement with internal social networks.
Retrieved March 3, 2009 from http://www.communitelligence.com/content/ahpg.cfm?spgid=361&full=1.
ComScore (2009). ComScore: The growing appeal of social networks in Europe. Retrieved November 30,
2009 from http://www.nevillehobson.com/2009/02/17/comscore-the-growing-appeal-of-social-networksin-europe/.
Coyote Communications (2008, November 27). Nonprofit organizations and online social networking:
Advice and commentary. Retrieved August 7, 2009 from http://www.coyotecommunications.com/
outreach/osn.html.
Dessler, G. (2009). Fundamentals of human resource management. Upper Saddle River: Pearson.
Ethics Scoreboard (2009, March 4). Science and technology. Retrieved March 20, 2009 from http://www.
ethicsscoreboard.com/list/facebook.html.
Eur-lex (1995). Directive 95/46/EC of the European Parliament and of the Council. Retrieved November 30,
2009 from http://eur-lex.europa.eu/LEXURIServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HRML.
European Commission (2009). What is the EU doing? Raising awareness & empowering children. Retrieved
November 30, 2009 from http://ec.europa.eu/information_society/activities/social_networking/eu_
action/index_en.htm.
European Commission (2010). What are EU directives? Retrieved March 10, 2010 from http://ec.europa.eu/
community_law/introduction/what_directive_en.htm.
Fair Labor Standards Act (1949). 29 U.S.C. §§ 215 et seq.
Family and Medical Leave Act (1993). 29 U.S.C. §§ 2601 et seq.
FreshNetworks Blog (2009, March 2). Russia: The fourth largest social networking market in Europe.
Retrieved December 3, 2009 from http://blog.freshnetworks.com/2009/03/russia-the-fourth-largestsocial-networking-market-in-europe/.
Gabel, J. T. A., & Mansfield, N. R. (2003). The information revolution and its impact on the employment
relationship: an analysis of the cyberspace workplace. American Business Law Journal, 40, 301.
Gely, R., & Bierman, L. (2006). Workplace blogs and workers’ privacy. Louisiana Law Review, 66, 1079.
Goodwin, B. (2003). Tell staff about e-mail snooping or face court, new code warns. Computer Weekly, 38, 5.
Greenbaum, K. (2008, October 6). Ethics of Facebook friendship: Can it really be a conflict? Retrieved
March 20, 2009 from http://www.igreenbaum.com/20089/10/ethics-of-facebook-friendship-can-it-reallybe-a-conflict/.
Greenbaum, W., & Zoller, B. (2006, July/August). Court decisions impact workplace internet and e-mail
policies. HR Advisor.
Gross, D. (2010, January). Has Twitter peaked? Retrieved March 19, 2010 from http://www.cnn.com/2010/
TECH/01/26/has.twitter.peaked/index.html.
Grubman, S. R. (2008). Think twice before you type: blogging your way to unemployment. Georgia Law
Review, 42, 615.
Gutman, P. S. (2003). Say what?: blogging and employment law in conflict. Columbia Journal of Law and
the Arts, 27, 145.
Higgins, M. A. (2002). Blakey v. Continental Airlines, Inc.: sexual harassment in the new millennium.
Women’s Rights Law Reporter, 23, 155.
IntelFusion (2009). DoD and IC employees on Facebook and MySpace. This new Russian law may impact
you. Retrieved December 3, 2009 from http://intelfusion.net/wordpress/?p=656.
Kaupins, G. E., & Minch, R. (2006). Legal and ethical implications of employee location monitoring.
International Journal of Technology and Human Interaction, 2, 16–35.
King, N. J. (2003). Labor law for managers of non-union employees in traditional and cyber workplaces.
American Business Law Journal, 40, 827.
Employ Respons Rights J (2011) 23:83–99 97
Kirkland, A. (2006). “You got fired? On your day off?!”: challenging termination of employees for personal
blogging practices. University of Missouri-Kansas City Law Review, 75, 545.
Kirkpatrick, M. (2008, July 17). Corporate social networks are a waste of money, study finds. Retrieved
February 9, 2009 from http://www.readwriteweb.com/archives/corporate_social_networks_are.php.
Kirkpatrick, D. L., & Kirkpatrick, J. D. (2006). Evaluating training programs: The four levels (3rd ed.). San
Francisco: Berrett-Koehler.
Konop v. Hawaiian Airlines, Inc., 302 F.3d 868 (9th Cir. 2001).
Leader-Chivee, L., Hamilton, B. L., & Cowan, E. (2008, Dec.). Networking the way to success: online social
networks for workplace and competitive advantage. Retrieved January 2, 2010 from http://www.
entrepreneur.com/tradejournals/article/print/200784523.html.
Lex, R. (2007). Can MySpace turn into my lawsuit?: the application of defamation law to online social
networks. Loyola of Los Angeles Entertainment Law Review, 28, 47.
Lichtenstein, S. D., & Darrow, J. J. (2006). Employment termination for employee blogging: number one
tech trend for 2005 and beyond, or a recipe for getting Dooced? UCLA Journal of Law & Technology,
2006, 4.
Maximumpc.com (2010). Facebook leapfrogs Google in popularity contest. Retrieved March 18, 2010 from
http://www.maximumpc.com/article/news/facebook_leapfrogs_google_popularity_contest.
Meller, P. (2009, June 23). Regulators: EU data protection laws apply to social networks. Retrieved
November 30, 2009 from http://www.networkworld.com/news/2009/062309-regulators-eu-data-protectionlaws.html.
Milligan, T. E. (2009). Virtual performance: employment issues in the electronic age. Colorado Lawyer, 38,
29.
National Labor Relations Act (1947). 29 U.S.C. §§ 151 et seq.
Nolan, D. R. (2004). Privacy and profitability in the technological workplace. Journal of Labor Research,
24, 207–232.
Occupational Safety and Health Act (1970). 29 U.S.C. §§ 651 et seq.
Organisation for Economic Cooperation and Development, (2000). OECD guidelines on the protection of
privacy and transborder flows of personal data. Paris: OECD Publication Service. Retrieved January 6,
2010 from http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html.
Ostrow, A. (2009, March 9). Social networking more popular than email. Retrieved April 10, 2009 from
http://mashable.com/2009/03/09/social-networking-more-popular-than-email/.
Owyang, J. (2009). What Facebook Connect means for corporate websites. Retrieved February 9, 2009 from
http://www.web-strategist.com/blog/2008/07/23/what-facebook-connect-means-for-corporations/.
Owyang, J. (2010). A collection of social network stats for 2010. Retrieved March 19, 2010 from http://www.
web-strategist.com/blog/2010/01/19/a-collection-of-social-network-stats-for-2010.
Perez, S. (2009, July 2). A growing acceptance of social networking in the workplace. Retrieved January 2,
2010 from http://www.readwriteweb.com/archives/a_growing_aceptance_of_social_networking_in_
the_w.php.
Porter, W. G., & Griffaton, M. C. (2003). Between the devil and the deep blue sea: monitoring the electronic
workplace. Defense Counsel Journal, 65–77.
Quintura (2008, October 31). Odnoklassniki.ru shows new ways to monetize social networks. Retrieved
December 3, 2009 from http://blog.quintura.com/2008/10/31/odnoklassnikiru-shows-new-ways-tomonetize-social-networks/.
Raphael, J. R. (2009). People search engines: They know your dark secrets…and tell anyone. Retrieved
March 30, 2009 from http://tech.msn.com/products/articlepcw.aspx?cp-documentid=18632762&
GT1=40000.
Sarbanes-Oxley Act (2002). 18 U.S.C. §§ 2510 et seq.
Schultz, J. (2008, November 25). Facebook creeping! The ethics involved with employers usage of
Facebook. Retrieved August 7, 2009 from http://www.jaytaylorschultz.com/PDFs/Research-FacebookCreeping.pdf.
Sims, R. R. (2003). Ethics and corporate social responsibility: Why giants fall. Westport: Praeger.
Sprague, R. (2007). Fired for blogging: are there legal protections for employees who blog? University of
Pennsylvania Journal of Labor and Employment Law, 9, 355.
Strege-Flora, C. (2005). Wait! Don’t fire that blogger! What limits does labor law impose on employer
regulation of employee blogs? Shidler Journal of Law, Commerce & Technology, 2, 11.
98 Employ Respons Rights J (2011) 23:83–99
Title VII of the 1964 Civil Rights Act (1964). 42 U.S.C. §§ 2000d et seq.
Urban Dictionary (2008, September 18). Facebook ethics. Retrieved August 7, 2009 from http://www.
urbandictionary.com/define.php?term-facebook%20Ethics.
Wardman, M. (2009, February 23). Social media penetration in European and Asian countries. The Wardman
Wire. Retrieved March 13, 2010 from http://www.mattwardman.com/blog/2009/02/23/social-mediapenetration-in-european-and-asian-countries/.
Warnock, O. (2007). Networking or not working? Contract Journal, 440, 31–32.
Employ Respons Rights J (2011) 23:83–99 99
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
