Social Media and IT issues to consider in Employment Contracts and Staff Handbooks
If an employer wishes to exercise any proprietary ownership over an employees social media contacts collected via networks such as LinkedIn or followers accrued on Twitter, this should be made quite clear as an express term in the contract of employment. This should also be brought to the attention of the employee at the commencement of the employment period that they will be expected to hand over details of the contacts that they have made during the course of their employment to their employer at the conclusion of their employment.
If appropriate, the employer should set up any social media account, such as a Twitter account, and hand over the log in and password information to the employee. For added security, the employer can request that the employee update a central login and password register should there be any changes to the security of the account. In any event, good practice dictates that social media account passwords should be changed every three months and immediately in the event of any suspicious activity, hacking or phising attacks.
Consequently the employer retains control of the corporate social media account and hence control over any contacts or followers acquired by the employee during the course of their employment. By retaining log – in and password information the onus is also removed from the employee providing this information at the conclusion of the employment and instead the employee has a ongoing duty to inform the employer of any log – in or password changes for the duration of the employment instead.
A clear workplace social media policy should also be used if the employer is wanting their employees to actively engage on social media for the benefit of the business. A clear policy should be in place, ideally in the employee handbook. Again this should be brought to the attention of all employees at the commencement of their employment. If specific sites such as LinkedIn and Twitter are encouraged to be used for business purposes, this should be quite explicit, as should any prohibition on more personal sites such as Facebook.
Any rules or guidance on how accounts should be updated and what content should be used should also be in the handbook. If employees are to update sites with articles and news from certain sources, this should be made clear to them at the outset so that corporate social media accounts are not updated with content that could be deemed to be unsuitable by the employer. It may be necessary to prohibit employees from updating corporate social media feeds from their own devices such as smart phones and tablets if there is a risk that the device may be left unsecured and could be updated by another individual.
Employers should also consider whether they should have policies in place to govern the growing trend of “Bring your Own Device” (BYOD) whereby employees work on their own tablets and smart phones, sending and receiving email and opening documents that could all be confidential to the business or to clients. Unless steps are taken to ensure that email encryption and security is in place to ensure the integrity of the devices, it may be necessary to prohibit employees from accessing work emails and documents from equipment that has not been provided for this purpose by the employer.