Employers are learning from past examples of internet misuse and misbehaviour by tightening acceptable-use policies and setting standards for emails and professional social networking. There will always be difficulties applying company rules to employees' personal lives and online behaviour. The growth of the bring-your-own-device (BYOD) adds another layer of complexity to the ongoing privacy debate. How far can, or should, an employer seek to control errant employees?
Individuals and their employers may be sued for discrimination (for example, on the grounds of sex, race, or age) or harassment, as a result of inappropriate or illegal content posted online.
To address any such claims, it is fundamental that employees are aware of (and trained on) the policies and understand the possible consequences of breaching them, which will include discipline and possible dismissal in serious cases. This proved necessary in the unreported case of Gosden v Lifeline Project Limited last year, in which an employment tribunal dismissed an employee's claim of unfair dismissal. He was found forwarding an offensive email, to a work colleague, from his home computer, in his own time. His actions were found to be in breach of his employer's equal opportunities policy, regardless of the fact that this was personal email use.
Social media and BYOD policies should also be closely tied to company policies on equal opportunities. Preventing bullying and harassment also means covering situations where employees engage in inappropriate conduct away from work, involving colleagues, or third party contacts of the business.
Bullying and harassment online, or 'cyber bullying', takes many forms and in serious cases the police may be involved. Criminal proceedings brought against individuals for harassment, can, with media interest, damage a company's reputation and customer goodwill further.
As reported by The Telegraph, a recent conviction on 14 June 2012 highlights serious legal issues for employers tackling bullying and harassment online. In this case, a software engineer was jailed for the sexual harassment of work colleagues using email and Facebook messaging, falsely claiming that she was having affairs with them. Her actions caused considerable stress and humiliation for both male colleagues and their families, as well as commercial damage to her employers. While this is an extreme example, it underlines the risks for employers; if bullying or harassment is reported, or visible, action should be taken immediately to protect staff and deal with the perpetrator through the usual company procedures.
It seems that indirect contact over the internet affords a sense of bravado, allowing tormentors to go further in their abuse than they might otherwise do face to face. They will, however, leave a trail; any emails sent, comments posted, or messages left can be traced back to them as part of an investigation and may well be used as evidence in a disciplinary process. Although helpful in bringing individuals to account, as proof of their misdeeds, information has often already been seen by others and passed on, escalating the breach and bringing it to the attention of customers and other third parties. In effect, information recorded online may never be fully removed and leaves an indelible stain on a company's reputation.
In addressing the possibility of breaches occurring through the use of social media, personal email and BYODs, by setting policies in advance, companies should be able to maintain a level of control over employees' behaviour and deal with any issues. Under the Data Protection Act 1998, it will be necessary to consider the level of intrusion and justify any employee monitoring as part of any investigation. Where the company's standards are clear and there is a legitimate business or legal reason to gather and rely on online evidence, this may be reasonable, proportionate and ultimately necessary.
ACAS provides helpful guidance on the issues and the need to adopt a clear written policy, to, for example:
Protect against liability for the actions of employees;
Provide clear guidance to employees on what they can say or do online;
Comply with the law on discrimination, data protection and employee wellbeing;
Set standards for discipline and employee monitoring.
Andrea Ward is a senior associate at global law firm, McGuireWoods