Social networking sites such as Facebook, MySpace and Bebo have grown enormously in popularity over the last couple of years, particularly with younger workers. Employers have come to realise that these sites can pose risks and problems in the workplace and action may need to be taken to gain some control over content and of use during work hours.
So what are the risks?
• Recruitment processes are a major area of concern. Many companies are now reported to be checking social networking sites for information on potential candidates. If you reject a candidate based on their Facebook profile this may lead to claims of discrimination. Only a minority of candidates will have a public profile available on a social networking site. Using such information could therefore give an unfair advantage or disadvantage to certain candidates.
• Another risk relates to data protection. If you vet a candidate using a social networking site the practice could be deemed incompatible with the basic principle of data protection law, in that data should only be used for the purpose for which it was intended.
• Another data protection risk relates to existing employees. If an employer stores any copies of personal information from a social networking website without the individual’s consent this could count as unlawful processing of data.
• Employers have concerns about productivity and the amount of time individuals spend on these sites. Research commissioned by Clearswift in 2007 found that more than 25% of British office workers aged 18-29 were spending 3 or more hours per week on social networking sites.
• Employers also have concerns over employee actions which could result in breaches of commercial confidentiality, potential damage to a company’s reputation and slander of colleagues and clients. In the same research by Clearswift 40% of the young workers surveyed admitting to discussing work-related issues on social networking sites.
• A firm of stockbrokers has just been fined for weak data security controls. In its penalty notice the FSA said that the firm had failed to manage the risk of staff using Instant Messaging and web-based email, and thus failed to “mitigate the risk of customers’ personal data being transmitted outside the Firm”.
What should an employer be doing to minimise the risks?
• An employer needs to decide upfront if it feels there is an advantage in employees being able to access social networking sites whilst at work. A media company may wish free access for its employers, whilst an accountancy firm may consider it of little value. Some high-profile companies such as Lloyds TSB, Credit Suisse and British Gas have instigated blanket bans on social networking sites. The city law firm Allen and Overy introduced a blanket ban, only to overturn its decision after complaints from employees.
• IT departments need to work with their HR colleagues to assess the in-house situation and understand if any technical problems are arising as a result of social networking sites. This could include security breaches, virus attacks, system capacity etc. IT also needs to advise on potential remedies. Is it possible to close down access to social networking sites on work computers, or to restrict it to certain times of day? Can the IT department analyse employees’ access to sites and flag up any issues with misuse or overuse? This type of assessment should be carried out before a strategy is drawn up and any amendments to policy considered.
• Once an assessment has been carried out, the Company should consider revising its IT policy to include use of social networking sites and make employees aware of the consequences of anything inappropriate they post on such sites. This may require an amendment to the Disciplinary Procedure to include examples of unacceptable behaviour and conduct as far as such sites are concerned.
• It is important that recruiters are trained in equal opportunities and that decisions on recruitment are objective, fair to all and well documented. It may be worth making a company decision that only certain HR representatives may access social networking sites as part of the recruitment process and that they have a strict and robust set of guidelines to follow in their decision making processes.
• Is the Company regulated by the FSA or any other professional body? Does this registration mean that use of social networking sites by employees requires an additional level of scrutiny? If yes, then employers should ensure that data control systems are robust and secure, and that employees are given clear guidelines on acceptable behaviour.
• Training and communication is the key to improved security and raising awareness. Employers should work with staff to highlight the pitfalls of posting personal and company-related information on social networking sites. Employees also need to be aware if their employer is going to monitor use of such sites during work hours. Individuals may not be aware of the dangers. What they consider to be a personal opinion or innocent remark could have a detrimental effect on their employer or a co-worker and render them liable to disciplinary action.
Can we help you?
Harbour HR can help you review your current policies and procedures, and update them as necessary with regard to social networking sites. We would be happy to discuss the issues as they may affect your Company and work with you and your IT department to arrive at practical and appropriate solutions.
For more information please contact our HR team.
