Social networks... legal problems?

Staff should always be aware of who could be reading their blogs, tweets and Facebook wall

Society has changed. “Friends” are not what they were 10 years ago. Even the word “contacts” has a different connotation than it did five years ago. The meanings have changed thanks to social networking and our ability to connect, and interact, with networks of people whom we may or may not know to a greater or lesser degree.

Unusually, the workplace did not pioneer this social phenomenon but it has followed individuals’ experiences in their personal lives. But, in 2010, social networking sites are firmly ensconced as a part of working life. Just 10 years ago, people would use their Hotmail accounts to contact friends. Since September 2006, when Facebook really came into its own, lunchtime in many workplaces began to see breaks taken up with virtual meetings with friends or acquaintances – and sometimes even strangers – rather than a coffee and a sandwich with a “real” friend or colleague in the local café.

Nowadays however, as part of business life, it is common for many firms to manage their networking using virtual social networks such as LinkedIn or Plaxo and many even use the ostensibly less business-oriented Facebook for the same purpose.

This social technology has also taken interaction with customers and clients to a new level with sites and functionality such as Twitter. Not only that, the ability to promote brands and identity through social networks has compacted the global village into an immeasurably long, single global high street.

But, as in most areas of opportunity, there are risks – commercial and legal.

The Joneses phenomenon
There is often business pressure to keep up with the Joneses: that is, to have the latest, the greatest, the fastest, the best. Use of social networks is no exception. Over the past year there has been a massive growth in the number of businesses that use sites such as Facebook and Twitter to promote their goods and services – or even their brand name in isolation from what they actually do as a business.

It is not only social pressure but business need. Many businesses generate more revenue or identity by doing this. But because the technology is evolving so fast, in practice it is the gadget-loving individuals within those organisations who take it upon themselves to explore and use this new technology.

Such individuals often have no formal IT, marketing or risk management training and do little more than play around. As a result, a business often has groups, web pages or blogs set up which are privately owned by those individuals, who usually have not formally notified anyone in the business about what they are doing. This has ramifications.

Accuracy and risk
Too often, as time marches on, a group, page or blog is not updated, has inaccurate information on it or passes out of the management or control of the page owner. Even if the group/page/blog is kept up to date, such items on Facebook or Twitter may not fit in with a company’s media strategy or brand approach.

All too frequently, no one in the business has a clue as to where the content originated, who created it or who maintains it. All these issues could land the business with legal responsibility for it or with vicarious legal liability for what is said.

And that is without the problem of the disgruntled or even ex-employee who decides that the group/page/blog, which appears to the world to be an organ of the business, will now serve his ends to bash the business.

Confidentiality
Many enthusiastic employees post blogs about their work or about the business, falsely thinking they are secure in the knowledge that only members of that business would be interested in reading it.

However, much information that is shared is confidential. This is commercially very worrying. It may also be a breach of confidentiality obligations owed by the business, or a breach of statutory duties such as data protection obligations. The business may be liable for such disclosures. Even something as innocuous as a change of a job title to “manager: project cure for baldness” can give insight into sensitive business information.

Security
Social networks allow people to share information outside and within applications. But as any user of computers will know, applications are vulnerable – and social networks have a well-deserved reputation for being full of security holes.

The holes are usually of three types. First, there is often a problem with the networking site itself. Second, many applications contain functionality which ostensibly helps the user but in reality allows data leakage, often by opening up that data to people the user is unaware have access to it. Third, many applications exist which are nothing more than malware, or at least contain it. If businesses do not risk manage these issues, they risk exposing themselves to massive security holes which can lead to legal liability. Security is a business’ own responsibility.