Managing the Risk of Employee Blogging
4.3.06The advent of the weblog, or “blog,” is only the latest advancement in online technology to make the risk manager’s job more difficult. Most people use blogs to post daily content, such as news and commentary, to a website. Many people use their blogs to air their opinions, and inevitably, some of these involve posting negative, harassing, hostile, false or confidential information and opinions about one’s employers and co-workers. This has created a new set of risks for corporate employers who might not be aware of how personal blogging could affect them, much less know what to do about it.
Inflammatory and inappropriate bloggers can endanger their employers’ interests in any industry. Examples include a Delta Airlines flight attendant posting lewd photographs of herself in uniform, a U.S. Senate staffer detailing her sexual exploits with government officials, and the self-titled “Phantom Professor” of Southern Methodist University, who used thinly veiled pseudonyms to demean and belittle students and colleagues.
But while blogging gets most of the press lately (in part because it is still a new technology that has not yet peaked), any kind of public communication online can pose a corporate risk. Consider, for example, the recent case of the Automobile Club of Southern California that fired over 25 workers for posting messages about their work life on the bulletin board system myspace.com. The company chose to terminate these employees because the content of the website was damaging, ranging from harassment of coworkers on the basis of sexual orientation and weight to a conspiracy to slow down the Automobile Club’s tow truck and roadside assistance operations.
When your organization hears of an inappropriate posting, the first step is to try to determine whether the content of the message is true. Try to obtain copies of the material in question, and then determine whether the statements are legally protected or instead warrant remedial counseling, discipline or discharge of the employee(s) responsible.
Federal laws limit access to electronic information in various ways but also provide some guidance as to when access is permitted. Certainly, you are entitled to review a website that is open to the public. If the site is instead password-protected, however, your situation will be a little more complicated, but you are not without options. Someone with access might give you a copy of the materials or a password to the site. (The latter option is not without risk but has been upheld by one federal court of appeals.) If your company owns the computer the blogger is using, you may be able to review the communications in your company’s server.
Where an anonymous source posts libelous or otherwise harmful materials attacking your company, a “John Doe” lawsuit can be used to smoke out the wrongdoer. In the event that you cannot get lawful access but you suspect who the source is, you can confront that employee and ask whether he or she made the improper posting. You should only do this, however, where the employee has no protected right to post the material.
Whether you are a public or private employer will determine how you must consider whether the postings are legally protected. The National Labor Relations Act (NLRA) entitles employees (whether or not they belong to unions) to engage in “concerted activity” relating to their wages, hours and working conditions. Their right to speak about such matters extends to forms of speech that would be offensive to most employers. For example, an employer may not simply ban all negative conversations about supervisors if it pertains to “concerted activity.”
In addition, the NLRA prohibits retaliation against employees for exercising their NLRA rights. Where employees use a blog to discuss “concerted activity,” an employer that monitors and comments on such communications may also be engaging in unlawful surveillance. Not all work-related speech is protected by the NLRA, however. For example, statements disloyal to the employer, reckless or malicious lies, threatening or harassing statements, or disclosure of confidential information would likely be unprotected.
The First Amendment to the U.S. Constitution entitles public employees to voice their concerns about matters of public interest. Public employers may, however, regulate employee communications about more personal matters. Where a public sector employee raises both public and private interests, the public employer must show that any right to speak of public concerns is offset by other considerations, such as undermining a legitimate goal of the agency or institution, creating disharmony among colleagues or impairing discipline. Some courts find such communications unprotected even where only a potential for disruptiveness has been shown.
Subjects that are likely to be protected include corruption, wastefulness or inefficiency for public employees; specific subjects for particular public employees, such as educational standards, reductions of faculty, student enrollment or grade inflation for public schoolteachers.
Subjects not likely to be protected include bickering with superiors and individual gripes for all public employees; fact-specific
examples for particular jobs, such as individual classroom assignments, responses to parents’ complaints or poor teaching evaluations for schoolteachers.
Steps for reducing the risks of harm from Internet abuses cover a wide variety of risk management procedures, but they all should include some common first steps.
Early notice. Put employees on notice that certain forms of off-duty misconduct, including Internet misconduct, will subject them to discipline, up to and including discharge.
Enforcement. Expect your supervisors to help enforce your rules consistently, including by notifying you immediately of possible violations.
Make haste. When you receive a report of a possible violation, investigate it promptly.
Cover your bases. Considering the number of federal and state laws that restrict employers’ freedom of action in this sensitive area, you should consult your labor attorney before disciplining an employee for inappropriate Internet postings.
Some employers are facing the broad range of legal risks from employee blogs by accepting the risks and focusing on the potential rewards. Sun Microsystems, a computer server technology and software firm based in Santa Clara, California has decided to make blogging an important part of its business model. The business community is paying close attention to the Sun Microsystems model; the company’s profits have increased, and it has gone from a minor player to an industry leader. Sun’s management credits their blogging policy and “participation age” culture for its growth, improved customer communications and ability to attract new employees.
Sun not only allows blogging on company time while using company computers, it encourages it. The idea is to acquaint customers and competitors with Sun’s product line and engineering philosophies, while getting feedback through interchange. Sun recognizes the Pandora’s box that unmonitored blogging can open, so it provides employees with guidelines in its Policy on Public Discourse. This policy advises employees to limit discussions to industry conversation, to generate interesting and relevant discussion, and not to divulge company secrets.
Sun encourages workers to go to management for judgment help before posting something questionable, even though management approval is never required. Sun also cautions against making financial disclosures and forecasts that could run afoul of securities laws as well as sounding off on topics the blogger might not be an expert on. Employees are urged to consider the consequences of what they might say (constructive criticism always makes a better impression than mere ranting), to maintain a high quality in formatting, spelling and grammar, and to include a disclaimer on their blog page saying that they work for the company but are not speaking officially.
While Sun claims that much of its growth and financial stability is attributable to freedom of communication through company-supported employee blogs, not all employers will consider the encouragement of blogging on company time to make sense. Any employer deciding to encourage blogging—especially on company computers and during work time—will not only have to deal with a potential loss of productivity but also with increased risks of harassment claims from employees offended by blogged comments from others. Employers who encourage blogging on company computers during work time will also likely be held to a higher standard than those faced with reports of offensive blogging from employees’ home computers after work hours. The principal reason for this is that the employer can lawfully review all information on company computers while rights of access to off-site postings is far from clear.
When approaching employees’ postings of offensive materials on external websites, consider not only the potential harm to your company from such postings but also the potential harm to your relationships with employees from being perceived as intruding too far into their private, out-of-work communications. Since it is impossible in any event to monitor all Internet communications by your employees, the logical approach is to investigate only where you have received a report that an employee has posted material that crosses the line of professional or other permissible behavior. You will likely have a duty to investigate anyway, since employers have a legal duty to protect their employees against health and safety risks and against harassment.
Beyond that, if you receive a report of offensive materials being posted that are not legally protected, you should then discuss appropriate responses with your legal counsel. Meanwhile, putting employees on clear notice of your intentions and consistently enforcing your policies should reduce the number of Internet abuses that might require you to take responsive action.
This article has been reprinted with permission from Risk Management Magazine. It originally appeared in the April 2006 issue.