​The use of Facebook, Twitter, and MySpace in the workplace is escalating, and employers should know the risks that come with it.

Consider this hypothetical: An administrator in charge of hiring at her skilled nursing facility needs to find one new staff member and has five resumes, all of which appear adequate. What’s the first thing she does? That’s right, she Googles them.

She scans through links to their high school class reunions, perhaps some noteworthy events that made the local papers, maybe even something they have written. Finally, she comes to a juicy link—a Facebook page. Aha! Now here’s the good stuff.

But thinking before clicking is the best advice in this situation. Why? The legalities surrounding the ability to view an applicant’s Facebook page are not clear cut. Yes, employers are entitled to look at an applicant’s Facebook page, provided they meet certain requirements. And yes, employers are entitled to use what they find there, provided they do not use it in an inappropriate way.

Avoid The Pitfalls

So how does one avoid the pitfalls of a potential lawsuit and still get to check out what the applicant has been
First, the person in search of the information must access the page herself. Hiring a third party to do it, perhaps in conjunction with a criminal or credit background check, could be considered an act under the jurisdiction of the Fair Credit Reporting Act, which has notice and disclosure requirements that could render such an act illegal.
Second, don’t be sneaky. Many applicants will have their Facebook or MySpace blocked. If it’s blocked, it’s blocked. Some of the more creative types may try to think of ways to access this information. Creating an alias account or trying to guess the passwords are “no nos.” The information needs to be publicly available.
Using any sort of subterfuge to access an applicant’s information puts an employer at risk of a privacy lawsuit.
The other way to generate a Facebook lawsuit is to use information the wrong way. This angle is a little stickier. The first thing to remember is that employers cannot discriminate against someone. This is as true in cyberspace as it is in person, which means that using any information discovered in a discriminatory manner cannot be used.
Translation: Using Facebook to screen out applicants based on discriminatory criteria such as race, gender, religion, or disability is completely illegal. If caught doing it, employers will be sued.
Enter the Genetic Information Nondiscrimination Act, or GINA. It has a cute name, but it’s a real problem for any employer that wants to check an applicant’s social media site. Under GINA, an employer is not permitted to acquire genetic information about employees or potential employees.
Notice it says “acquire,” not “use.” There are exceptions to this law, but because it is relatively new, the courts have not given employers much guidance on where the lines are. The way the law is written now, if an employer checking an applicant’s Facebook page discovers that the applicant participated in a multiple sclerosis fund raiser on behalf of her father, that employer has just violated GINA.
The employer has acquired genetic information, which triggers the violation even if it’s not used for any purpose. This is one area of the law to monitor as it develops.

Protect Employee Rights

One hopes, by now, most employers know about the importance of social media policies (see Provider’s cover story, March 2010). With this in mind, it’s important to remember that employees have rights, the government has laws, and a policy can’t infringe on either.
The National Labor Relations Act (NLRA) gives employees the right to engage in what’s called “concerted activity.” Generally, it protects employees’ rights to talk openly with one another and their employer about the terms and conditions of their employment. These protections apply regardless of whether the employees are unionized or not.
The risk as an employer is that its policy may be overly broad and infringe on employees’ NLRA rights. There are a number of things that employers can and should restrict in their social media policies:
  • Confidential or proprietary information of the company and its clients, patients, and vendors;  
  • Embargoed information such as launch dates of new upcoming services or products, release dates, and pending reorganizations;
  • A company’s intellectual property, such as new ideas and innovations; 
  • Explicit sexual references;
  • References to illegal drug use;
  • Use of obscenity or profanity; and
  • Disparagement or harassment of anyone on the grounds of race, religion, gender, sexual orientation, disability, or national origin.
There is one more thing that many employers would probably like to have, but must be careful about including in social media policies: restricting employees from disparaging the company or competitors’ products, services, executive leadership, employees, strategies, and business products.
Disparaging comments can be very damaging to a company, but restricting them does come close to infringing on employee rights to comment on their employment conditions under the NLRA. There is some legal authority out there suggesting such restrictions are permissible, but it’s still a risky proposition.

Watch Those Testimonials

The National Labor Relations Board (NLRB), the entity charged with enforcing the NLRA, recently underwent a seismic shift in its makeup, and many observers expect it to take a much harder line against employers allegedly in violation of the act.
As much as employers may want to include this in their social media policy, the prudent course of action for now is not to. If the law changes or even gets clarified, having this restriction could put an employer at the wrong end of an Unfair Labor Practice Charge before the NLRB.  Better to wait until the issue has been settled.

FTC Weighs In

The NLRA is not the only federal regulation creating new risks for employers and social media. The Federal Trade Commission (FTC) has promulgated a rule that requires people providing endorsements or testimonials about a company’s products to disclose any material connections they may have to the company that produces the product or service. Huh?
In non-legalese, this means that if a company develops a brand new widget, its employees cannot go around anonymously posting on blogs and social media sites this new widget is the best ever. The key word in that sentence is anonymously. Employees are certainly free to provide endorsements or testimonials about the widget, but FTC guidelines require that they identify themselves as employees of the company.
The rationale behind this is that consumers are entitled to consider this material interest in assigning credibility to the testimonial.

Devise Social Media Policies

There’s a lot more to say about the risks of social media, but all articles must come to an end. A good parting thought to keep in mind is that while social media policies are a necessity, they are not a panacea. They must be drafted well and enforced appropriately. Whether using social media to learn more about potential new employees or attempting to implement a social media policy to protect the company, the path is fraught with risks and liability.
The Internet owes its vibrancy in large part to the veil of anonymity people feel when they use it. As law and technology start to catch up, employers can no longer simply assume that what happens on the Web, stays on the Web. They need to create meaningful policies, follow them, and stay vigilant.
John Cruickshank is an attorney at Alaniz and Schraeder, a national labor and employment firm based in Houston. He is an experienced trial attorney and a former assistant district attorney for Fort Bend County, Texas. Cruickshank can be contacted at (281) 833-2200 or jcruickshank@alaniz-schraeder.com.