With pals like this, who needs enemies?

For those entrepreneurs who have struck it rich thanks to the Internet, Al Gore’s invention has been a wonderful thing. But a news story last week illustrated that the Internet also can cause a lot of headaches–even for the same people whose children and grandchildren may never have to work a day in their lives because of the worldwide wealth created by the worldwide web.

This story comes to us courtesy of the Internet payment processing giant, Paypal. According to Paypal, the company’s former director of strategy, Rakesh “Rocky” Agrawal, responded to anshutterstock_166165568 offer to take on a new role at the company last week by “choosing to turn a career-defining moment into career-destroying infamy.” Specifically, “Rocky” responded to the offer by inexplicably posting a series of angry, profane, and bizarrely nonsensical tweets on Twitter. Those tweets that were actually comprehensible included suggestions that Paypal executives perform physically impossible feats that best not be described here. Those tweets that were less decipherable included messages such as, and we quote, “jjjjj 999 I’mk nokkkkkiikkknokkkkkiikkkkkkjjnmo88iok99okkoolooolo.” Rocky has since claimed that his tweets were meant to be private (oh, THAT explains it) and has apologized, but Paypal isn’t buying what he is selling–probably even if he offers to accept payment via Paypal.

The Paypal situation provides yet another example of the havoc that employees can wreak on their employers through social media. Gone forever are the days when employees limited their sexual harassment, defamation, and just plain old stupid behavior to old-fashioned media such as memos, letters, emails, and the spoken word (remember that one?). These days, men and women who are intent on behaving badly have so many more ways to do so. “Older” employees (i.e., those over 30) still use Facebook and Twitter, while the millennials have long since moved on to things like Snapchat, Instagram, and other social media that the author, being decidedly well beyond millennial status, doesn’t even know about.

What can an employer do to minimize its risks arising from employees’ social media use?  For starters, adopt a written social media policy that makes the following points:

  • Communications that would violate the company harassment policy are equally prohibited if posted on the Internet.
  • Confidentiality policies, including policies regarding client or patient confidentiality, apply with equal force to Internet posts.
  • Employees should state that any controversial (e.g., political) views expressed in their posts are personal and not those of the company.
  • Employees should not post statements, photos, or videos that reflect poorly on their employer, unless the post is legally protected (see below).

In addition, employers should revise their existing harassment, misconduct, and confidentiality policies, among others, to make sure they cover online conduct.

Of course, employers also need to avoid violating their employees’ rights with regard to social media. While there is no right to “free speech” in connection with private employment, the National Labor Relations Act (NLRA) provides both union and nonunion employees with certain protections that can apply to their use of social media. Specifically, the NLRA provides employees with a right to “engage in concerted activity for the purpose of collective bargaining or for other mutual aid and protection.”  To be protected, the activity must be undertaken by two or more employees, or by one employee with the authority of others, and it must relate to terms and conditions of employment. The NLRA also makes it illegal for an employer to interfere with employees in their right to engage in such protected activity, and forbids rules, policies, or actions that “reasonably tend to chill employees in the exercise” of these rights.

In addition to the NLRA, other laws can come into play when employers affirmatively seek out information about employees via social media. The Stored Communications Act (SCA) prohibits unauthorized access of disclosures of stored communications, like emails or social media postings. The Computer Fraud and Abuse Act (CFAA) prohibits obtaining information via intentional unauthorized access to “protected computers” involved in interstate commerce. The Fair Credit Reporting Act (FCRA) may come into play when employers seek out certain background information about employees. And there’s always a basic claim for invasion of privacy.

So, what’s the lesson here? Like Paypal recently learned, your employees’ use of social media, even on their own time, in their own homes, on their own computers, can still create headaches for you as their employer. A good social media policy can help reduce the risks, but tread lightly, because your employee’s post–no matter how irritating–could be legally protected.