+1 (845) 317-8489 [email protected]

Legal and Ethical Implications of CorporateSocial Networks

Gundars Kaupins & Susan Park

Published online: 2 June 2010# Springer Science+Business Media, LLC 2010

Abstract Corporate social networking sites provide employees and employers withconsiderable opportunity to share information and become friends. Unfortunately, Americanand international laws do not directly address social networking site usage. The NationalLabor Relations Act, civil rights laws, and various common law doctrines such asemployment at-will and defamation provide the pattern for future social networking laws.Ethical considerations such as productivity, security, goodwill, privacy, accuracy, anddiscipline fairness also affect future laws. Corporate policies on corporate social networkingshould balance the employer’s and employee’s interests. Existing laws and ethical issuesassociated with social networking should impact social networking policies related toconfiguration, communication, discipline, and evaluation of policies. Corporate socialnetworking policies should be business-related, ensure user notification of monitoring,maintain adequate records, and provide for reliable, consistent, and impersonal evaluationof monitoring effectiveness.

Key words corporate social networking . laws . ethics . organizational policy

Social networking sites such as Facebook, MySpace, and Twitter are making it possible for anorganization to share information among employees, advertise its products and services, andrelate to the customer in a new way on the Web. In February 2010, Facebook had 400 millionactive users (Owyang 2010). Facebook jumped ahead of Google by claiming 7.07 percentof U. S. traffic compared to Google’s 7.03 percent in March 2010 (Maximumpc.com 2010).Facebook reaches 29.9% of global Internet users versus 22.4% for MySpace. MySpacecontinues to be the most profitable social network, having about $1 billion in revenueversus $300 million for Facebook (Ostrow 2009). Twitter, a site that allows users to postonly 140 characters at a time, has stabilized to roughly 20 million users (Gross 2010).

Employ Respons Rights J (2011) 23:83–99DOI 10.1007/s10672-010-9149-8

G. Kaupins : S. Park (*)Department of Management, Boise State University, 1910 University Dr., Boise, ID 83725, USAe-mail: [email protected]

G. Kaupinse-mail: [email protected]

Internationally, social networks have a high percentage of reach among WesternEurope’s Internet audience. There were 282.7 million Internet users in Europe as ofDecember 2008, 200 million of whom visited a social networking site. According toComScore, the market reach is highest in the United Kingdom, with 79.8 percent, followedby Spain with 73.7 percent, Portugal with 72.9 percent, and Denmark with 69.7 percent(ComScore 2009). Russia is the fourth largest social networking market in Europe, behindthe United Kingdom, Germany, and France (FreshNetworks Blog 2009).

Not surprisingly, social networking is becoming increasingly prevalent in the workplace. Arecent survey indicated that 46 percent of IT professionals believe online social networking(OSN) is a valuable business tool, and of those, thirty-one percent indicated that it was crucial tobusiness. Moreover, 85 percent of those surveyed, even those who question the usefulness ofsocial networking, acknowledged that employees are using social networks at work (Perez2009). Another survey indicates that between 25 to 30 percent of companies with 500 ormore employees have adopted some form of social networking (Leader-Chivee et al. 2008).

The benefits to employers of corporate social networking are many. According toLeader-Chivee et al. (2008), “[c]orporate adoption of social networking, while new, isalready showing enormous benefits. By offering employees the tools and technology toreach out and connect with one another, organizations can facilitate a collaborativecorporate culture, while benefiting from a wide range of improved efficiencies, ineverything from sourcing and recruiting, to on-boarding and learning programs, toimproved alumni, diversity, women’s and retiree communications. Many process improve-ments may be found through efficient social networking programs and organizationalconnectivity.“ Moreover, OSN is becoming increasingly popular because of internal brandbuilding, finding, unlocking and engaging hidden employee intellectual capital, enhancingemployees’ motivation and satisfaction, and developing products and offerings fasterregardless of the organizational design (Communitelligence.com 2009). The software helpsbusinesses find people and information, understand relationships, create a common culture,enhance friendships among customers, improve knowledge management, facilitaterecruiting and retention of younger workers who actively participate on social networks,and keep former employees in the loop (CIO Insight 2009).

However, as is often the case when technology rapidly advances, the law pertaining toOSN has adapted at a less rapid pace. In the workplace particularly, where common illegaland unethical behavior, such as defamation and sexual harassment, is easily committedonline, and employees spend increasing amounts of time involved in social networking,employers have found themselves scrambling to adapt policies which allow them and theiremployees to take advantage of the business benefits of OSN while at the same timeworking to stay within the law and ethical bounds.


The unique contribution of this paper is that it provides specific guidance to employers whowish to maintain OSN sites by addressing the various legal and ethical questions they mayhave regarding an appropriate OSN policy. Other relevant articles, many of which arereferenced in this paper, focus on either the legal or the ethical implications of OSN, butfew combine these two important issues as this paper has done. Moreover, fewer still makespecific policy recommendations to employers. The primary focus of this paper is onAmerican law and ethics, but it also gives consideration to international law, particularly inEurope and Russia. Given the fluid nature of social networking laws and ethics, we also

84 Employ Respons Rights J (2011) 23:83–99

provide recommendations for future research on social networking. While the use of onlinesocial networking from an employee’s perspective is relevant and of interest, this paperfocuses primarily on employer-maintained OSN sites from the employer’s perspective.

Legal Issues

In this section, we provide an overview of the numerous legal issues employers whomaintain OSN sites may face. This information, combined with the policy recommenda-tions we make at the end of this paper, will help employers avoid costly legal problems bycrafting comprehensive social networking policies that are suitable to their workplace.Where appropriate, we suggest possible directions in which the law may evolve but that isnot the primary focus of this paper. We desire to give employers guidance on the currentstate of the law rather than attempt to influence how the law should change.

In general, the use of OSN sites, such as FaceBook, MySpace, and LinkedIn, by eitheremployees or employers has been subject to traditional employment law. While severalcommentators have suggested that Internet use, including the use of OSN sites and blogs,should be subject to new rules, this method of communication is such a recent phenomenonthat few, if any, new laws have yet to emerge (Byrnside 2008). Thus, while Congress andstate legislatures grapple with this and other new forms of communication technology,courts continue to apply traditional common law and existing federal and state statutes toemployment issues relating to OSN sites.

Numerous legal issues might arise in the context of an employer-maintained OSN page.Although most employees in the U.S. are employed at-will, an employee’s interaction withthe employer’s OSN page might involve legally protected activity, such as whistle-blowingor labor organizing or other concerted activity, or it might reveal information about theemployee’s membership in a legally protected class. Moreover, an employee who engagesin online harassment or posts defamatory or private information on the employer’s OSNpage may subject the employer to vicarious liability. An employee also may discloseinformation to the public that the law requires the employer to keep confidential, such ascertain personnel data, or otherwise invade others’ privacy by posting personal information.An employee may even post content of a criminal nature which could subject the employerto potential criminal liability. To protect against such liability, employers should updatetheir current policies regarding Internet use to include clear and comprehensive directives toemployees regarding their interaction with the employer’s OSN site. Employers should alsovigilantly monitor their sites to be sure their Internet policy is being respected.

Legal issues become even more complex when considering the fact that OSN userscircle the globe. Those who interact with an employer’s OSN site are not necessarilylimited to the borders of the United States. Employers may encourage global access to theirOSN site as a marketing and communication tool. As such, awareness of international lawis also recommended.

The Employment At-Will Doctrine and Exceptions

Employment issues are usually governed by the employment-at-will doctrine, which meansgenerally that employees can be terminated or quit for any reason or no reason at all (Grubman2008). Thus, in general, an employee who inappropriately interacts with the employer’sOSN site, either at work or during off-hours, may legally be terminated. However, variouscommon law and statutory exceptions to employment at-will may be applicable to legal

Employ Respons Rights J (2011) 23:83–99 85

issues that arise regarding an employer-maintained OSN site, although the likelihood thatsuch an action will justify an actionable claim against the employer is far from clear.

The Implied Covenant of Good Faith and Fair Dealing In those relatively few states thatrecognize this exception to employment at-will, employers may be liable to an employeefor acting in “bad faith” regarding the terms and conditions of employment (Lichtensteinand Darrow 2006; Sprague 2007). Generally, an employer acts in bad faith and breaches theimplied covenant of good faith and fair dealing when it promises an employee a particularbenefit, such as sick leave or retirement benefits, and then terminates or demotes theemployee for taking advantage of that promised benefit (Grubman 2008; Gutman 2003).This means that an employer who implements a company policy regarding OSN shouldapply the policy consistently to all employees, and avoid using an employee’s previouslyacceptable social networking activity as grounds for discipline or as a pretext to avoidpaying the employee promised benefits (Grubman 2008; Sprague 2007).

Implied or Express Contract Numerous courts have held that if the employer creates eitheran express or implied contract with the employee, the employment relationship is not at-will (Gely and Bierman 2006). Thus, an employer who has contractually agreed toterminate an employee only for just cause may be liable if the employee is fired for postingan item on the employer’s OSN site that is not sufficiently inappropriate to the employer’sinterests and/or is unrelated to the employee’s work.

Public Policy Exception The public policy exception to employment at-will is broadenough to cover many different scenarios. Generally, it means that an employee iswrongfully discharged if terminated in a way that would violate the state’s official publicpolicy (Grubman 2008; see also Gutman 2003). For example, an employee who is fired forreporting to jury duty may have been wrongfully discharged because the state’s publicpolicy requires all citizens to perform this statutory duty. The public policy exception is alsogenerally applicable when an employee exercises a constitutional right or refuses to breakthe law for the employer (Grubman 2008; Lichtenstein and Darrow 2006). Additionally, itencompasses state and federal statutes which provide protection from employer retaliationagainst an employee who “blows the whistle” on the employer’s illegal behavior (Kirkland2006; Clineburg and Hall 2005). Some federal statutes include Section 704 of Title VII ofthe 1964 Civil Rights Act (1964), Sarbanes-Oxley Act (2002), Family and Medical LeaveAct (1993), Occupational Safety and Health Act (1970) and the Fair Labor Standards Act(1949). Employers who encourage employees to participate on the employer’s OSN pagemay also be inviting employees to discuss their work activities and relationship with theemployer. Quite possibly, this could involve an employee who mentions the employer’sunethical or potentially illegal activity in a comment on the employer’s OSN site. Thisexception could protect an employee who posts such comments or other informationregarding legally protected activity on the employer’s OSN page. Employers with a firmunderstanding of these legal requirements and who vigilantly monitor their OSN sites arelikely to avoid subsequent liability for violation of public policy.

Labor Relations

Section 7 of the National Labor Relations Act (NLRA) (1947) gives to all coveredemployees, in part, the right to engage in “concerted activities for the purpose of collectivebargaining or other mutual aid or protection.” Employees might engage in such concerted

86 Employ Respons Rights J (2011) 23:83–99

activity in a variety of ways, including via the Internet. An employer may be obligated toallow such protected activity, even on its OSN site, as the following case illustrates.

In Konop v. Hawaiian Airlines (2001), the 9th Circuit Court of Appeals held that anonline bulletin board maintained by a company pilot to discuss and criticize the employer’snegotiation with the union was protected concerted activity under the Railway Labor Act(RLA). The Konop Court relied upon NLRA precedent to reach its decision, as is typicalfor courts in RLA cases, which indicates that the Konop holding would likely extend toemployees covered generally by the NLRA (Grubman 2008; Strege-Flora 2005). TheKonop holding suggests that an employer policy which prohibits employees from accessingthe employer’s OSN page to discuss work-related policies may violate Section 7 if it isoverly-broad regarding confidentiality, wage-secrecy, or solicitation, or is found to bediscriminatory (i.e. the policy prohibits union activity on the employer’s Facebook page butallows for other, non-business related activity) (King 2003, Strege-Flora 2005). The NLRAalso protects employees who engage in non-union related concerted activity, but it does notextend to an employee’s individual action taken on his or her own behalf, nor does it allowan employee to disparage the employer, engage in insubordination, or post confidentialinformation on the employer’s site (King 2003; Sprague 2007).

Discrimination Statutes and Employer Liability for Sexual Harassment

Federal or state statutory law may be applicable in instances in which an employer isalleged to have discriminated against an employee for revealing some type of protectedstatus via the Internet. For instance, suppose a corporate employer allows employees to usethe company Facebook page to post announcements of a personal nature, so a supervisoruses Facebook to extend an invitation to his co-workers and employees he supervises toattend services at his church. If other employees complain about the post, the employer mayfind itself torn between competing obligations.

On one hand, the employer may be obligated to allow the post to remain to fulfill itsresponsibility to reasonably accommodate the employee’s religious beliefs or practices asrequired by Title VII of the 1964 Civil Rights Act. Moreover, Title VII may provideprotection to employees who post comments, photos, etc. on an employer’s OSN site thatreveal information about any of the employees’ protected characteristics—race, color,religion, gender, and national origin (Grubman 2008). Several other federal statutes, such asthe Americans with Disabilities Act (1990) and the Age Discrimination in Employment Act(1967), as well as many state statutes, also protect employees from discrimination in theterms and conditions of employment because of a protected trait, belief, or activity. Thisobligation also encompasses the duty to avoid excluding employees from work-relatedactivities based upon a protected characteristic.

On the other hand, the employer also has an obligation to prohibit online harassment ofemployees who participate on the corporate OSN site. While the hypothetical post invitingco-workers to a religious meeting may not rise to the level of harassment, employers shouldbe aware of the possibility that online social networks may be used as a vehicle forreligious, sexual or other harassment, potentially subjecting an employer to liability underTitle VII or other anti-discrimination statutes.

In Blakey v. Continental Airlines (2000), the New Jersey Supreme Court consideredwhether comments made by employees on an employer-maintained online bulletin boardcould result in the employer’s liability for workplace sexual harassment. Applying Title VII,the court held that a work-related Website “could undoubtedly be so closely related toemployment as to become an extension of the workplace.” In fact, the court held this to be

Employ Respons Rights J (2011) 23:83–99 87

true even if others outside of the workplace had access to and the ability to post comments onthe site. Finding that Continental was aware of the harassment occurring on its bulletin boardbut did nothing to remove the comments or reprimand the pilots who posted them, the courtawarded the plaintiff $1.7 million in damages.

Although limited to only Continental Airlines crew, the online bulletin board in Blakeyis quite similar to an employer-maintained OSN. Both are accessible outside of theworkplace and allow users to post comments. Both create, as the Blakey court described, a“virtual community” through which employees communicate and “build relationships.”Accordingly, it is quite possible that an employer may incur liability for inappropriateharassing posts and comments made on the employer’s official OSN page if the employer isaware of the posts and fails to remove them promptly (Higgins 2002; Lichtenstein andDarrow 2006). Thus, a workplace policy regarding OSN use should clearly and specificallyprohibit any inappropriate posts and comments, and employers should actively monitortheir OSN sites to be sure corporate policy is followed.

Vicarious Liability Issues

In general, under the theory of respondeat superior, employers will be vicariously liable fortorts employees commit while acting within the course and scope of employment(Greenbaum and Zoller 2006). Employers who maintain an official company OSN sitecould, without proper monitoring and an adequate policy in place, assume such liability forposts made on its site in several ways. Posts made on the site might be defamatory, invadean employee’s or other person’s privacy, or, if outrageous enough, inflict emotional distress.They could even suggest criminal behavior, for which the employer might be liable incertain circumstances.

Defamation Employers should take precautions to avoid incurring liability for defamatoryposts employees or others might make on the employer’s official OSN site. Certainly anemployer who posts defamatory material on its own site would likely be liable for theconsequences (Lex 2007). However, given the increasing use of OSN, employers are likelyto question whether they may incur liability for comments employees or “friends” post onthe employer’s OSN site. For instance, assume an employee posts the following falsestatement on the employer’s site: “Jane didn’t show up for work today because she had toomany margaritas last night with her crew.” If this statement meets the general criteria fordefamation (an untrue, damaging statement made to at least one other party), an employermay find itself vicariously liable to Jane, given that the employer “maintains” the site andhas control over who may access it.

In the context of defamatory statements employees make on an employer’s blog, manyauthorities assume an employer’s general liability under the theory of respondeat superiorif the employee makes the statements while acting within the course and scope ofemployment (Grubman 2008; Gutman 2003). This raises an interesting question aboutwhether an employee posting comments on an employer’s OSN page is indeed actingwithin the course and scope of employment. Employer-maintained OSN pages are similarto workplace blogs, so arguably the answer is yes. In both instances, the employer hascontrol over who has access to the site and the ability to post comments or otherinformation. Most OSN sites also provide users with the ability to remove comments otherspost on their pages. As Gutman points out, “[t]ort liability could extend to the employerwho does not exercise proper control or whose neglect made the activity possible.” Thethreat of such lawsuits clearly could increase the business costs of using social networks in

88 Employ Respons Rights J (2011) 23:83–99

the corporate setting, again exemplifying the need to generate policies to prevent socialnetwork abuse.

On the other hand, Lex (2007) has suggested that many posts made on a company OSNpage may not be defamatory because of the casual atmosphere of OSN. According to Lex,“[c]onsidering that MySpace is primarily a site for socializing and not the place to go forhard-hitting news or research, many potentially defamatory statements may escape liabilitysimply because MySpace viewers will not necessarily take what they read as fact.”However, Lex also suggests that “[o]n the other hand, the same casual atmosphere may leadusers to believe that they can say anything they want without facing legal consequences.Despite the informal context of MySpace, any communication that meets the elements ofdefamation potentially faces legal liability. Given that there are over one hundred millionusers, even a few cases could represent a significant problem looming over the legallandscape.” Particularly in instances in which an OSN page is officially maintained by theemployer, it may be reasonable for a reader to conclude that any content found on the pageis at least acceptable to the employer.

A related issue concerns the liability of those who “republish” defamatory statements.Generally, a new party who repeats a defamatory statement is also liable for defamation, asif he or she were the original publisher of the false statement (Lex 2007). However, this lawmay not apply to an employer’s liability for defamatory posts an employee or “friend”makes on the employer’s OSN site. In 2000, Congress amended the CommunicationsDecency Act of 1996 by adding the “Good Samaritan” provision to provide immunity forproviders and users of an “interactive computer service” from liability for the posting ofcertain information, including potentially defamatory content (Lex 2007). Specifically, thisprovision provides that “[n]o provider or user of an interactive computer service shall betreated as the publisher or speaker of any information provided by another informationcontent provider.” While it appears that Congress may not have intended the GoodSamaritan provision to apply to individual OSN users, Lex suggests that both the languageof the Act itself and subsequent court interpretations could lead to such immunity. Whethera company is liable for an employer or friend’s defamatory post on the company’s OSNpage will likely depend upon how actively involved the company is in the republication ofthe material. Thus, while employers might be immune from liability for defamatorystatements made on an official OSN page, the best approach for an employer is to approveof “friends” with care and carefully monitor all comments and other activity on the OSNsite.

Privacy Workplace privacy violation claims may generally take one of three forms:intrusion upon solitude or seclusion, public disclosure of private facts, or publicly placingan individual in a false light (Gabel and Mansfield 2003). Of the three, public disclosure ofprivate facts is the likeliest cause of action that may arise when a post on the employer’sOSN divulges private information. The essence of such a claim of invasion of privacy iswhether the employee has a reasonable expectation of privacy regarding the information(Brandenburg 2008). With regard to other forms of online communication, such ascomputer Internet access and work email systems, courts have almost uniformly held thatemployees do not have a reasonable expectation of privacy in these areas (Milligan 2009),yet those cases generally concern employees who act affirmatively to transmit their ownprivate information.

Certainly an employer who knowingly posts private information about an employee onits public FaceBook or MySpace page could subject itself to direct liability for invading theemployee’s privacy. Whether such holdings would extend to posts others make on a

Employ Respons Rights J (2011) 23:83–99 89

corporately maintained OSN site is as yet unresolved. However, in light of Blakey, it isquite possible that an employer’s liability could extend to situations in which a friend oremployee posts the offending information, perhaps even confidential information, on theemployer’s site. It seems reasonable to assume that if the employer’s OSN is sufficientlywork-related, and the employer knows of the offending post and fails to remove it within areasonable amount of time, the employer may be vicariously liable for any resultingdamage caused by the privacy invasion.

Intentional Infliction of Emotional Distress Causes of action based upon intentionalinfliction of emotional distress require proof of intentional, outrageous behavior (Gabel andMansfield 2003; Sprague 2007). In this situation, such a claim would require the employeeclaimant to show that the employer’s conduct in either posting a comment directly orallowing another user’s post to remain public on the employer’s OSN was outrageous andthat it caused the employee severe emotional distress.

Criminal Liability Consider the following scenarios. An employee posts a link topornographic material on the employer’s OSN site. A recently-fired, disgruntled employeeposts a death threat against his supervisor on the employer’s OSN site. In addition to thepotential civil liability discussed in the previous sections, these particular situations mayexpose an employer to criminal liability as well. Generally, an employer may be liable evenfor the criminal acts of its employees if the criminal act in question originates “in activitiesso closely associated with the employment relationship as to fall within its scope” (AmJur2d 2009). Moreover, if the employer’s property or resources are used in the commission ofthe crime, the employer could be subject to criminal action (Gutman 2003).

Select International Legal Issues

Online social networking is also growing at a rapid pace internationally, especially inEurope, which has far more social network users than in most Asian countries. (ComScore2009; Wardman 2009). European Union directives and Internet safety are two of the leadinginternational legal issues found in a literature review of the relevant international journalarticles relating to social networking. As in the United States, both the EU directives andthe international literature on Internet safety make clear that the right to privacy is a majorconcern. American employers who intend to rely upon social networking to help expandtheir reach into international markets should be aware of the implications of applicableinternational law. Because social networking is increasing most rapidly outside of theUnited States in Europe and Russia (ComScore 2009; FreshNetworks Blog 2009), thissection will focus on international law in those areas.

European Union Directives European Union directives lay down certain end results thatmust be achieved in every Member State. Countries must adapt their laws to meet thesegoals, but are free to specify the details. Directives may affect one or more European Unionmembers. Each directive specifies deadlines for directive adoption and accounts fordiffering national situations (European Commission 2010). Directive 95/46/EC is intendedto protect individuals regarding processing personal data and the free movement of the data.The directive affirms the right of privacy and the need for data controllers to protect data(Eur-lex 1995). Data controllers can be organizations such as Facebook, MySpace, and anyother corporation. Before uploading data, data controllers must inform people about whatpersonal data is available to others in their network site profile (Meller 2009).

90 Employ Respons Rights J (2011) 23:83–99

Internet Safety in Western Europe The European Commission supports self-regulationsystems that enable flexible and workable safety solutions among major social networksand users. The INSAFE Network seeks to raise public awareness and run help lines througha network of safe Internet centers in 26 European countries. Though it mostly applies toparents, teachers, and children, much of its concepts can be applied to corporations andtheir employees. The European Social Networking task force established a set of guidelinesfor social networks by youngsters (European Commission 2009).

Internet Safety in Russia In spite of its market size, Russian social websites offer morechallenging security issues. For example, Odnoklassniki.r offers $5 monthly fees to become“invisible” to see other user profiles and $4 monthly fees to delete ratings of your photosmade by other users (Quintura 2008). In response to social networking sites which haveshown the deployment of Russian navy fleets, a newly enacted law may require Facebookand MySpace to provide information about users doing business in Russia who theRussians deem to be a threat to Russian security. This may have a negative impact on thesecurity of company data (IntelFusion 2009).

In summary, the legal issues an employer might face as it tries to navigate this newworld of OSN can be complex. Since no new legal principles have yet emerged to provideguidance, traditional law is applicable, although how it may yet apply remains uncertain.Additionally, employers should also be aware of the various ethical issues that accompanyworkplace OSN. While there is some intersection between the law and ethics, thedifferences are many, as is discussed below.

Ethical Issues

Legal principles and ethical principles are often closely aligned, but they have differentobjectives. Laws involve a system of rules that stabilize social institutions. Their function isto decide when to bring social sanction on individual citizens and their specific acts. Ethicsinvolve why and how one ought to act. They are more concerned than laws in promotingsocial ideals. Ethical principles also may be viewed as the standard of conduct thatindividuals have constructed for themselves (Candilis 2002).

Ethical concerns provide another important way to analyze appropriate use of socialnetworking sites. Relying on the law to resolve an ethical dilemma will fail to take intoaccount many of the obligations and duties that our society expects of its members (Sims2003). This is especially true in light of the relative uncertainty of the law as it applies toOSN. Employers will find that they must rely upon ethical guidelines as well as legalrequirements when drafting company policy regarding the company’s OSN site.

Though many social networking issues such as security, privacy, and accuracy aredirectly linked with the fair collection of information, we go beyond fair collection ofinformation issues by also focusing on rejection, exclusion, and international concerns.

Fair Collection of Information

Inappropriate Networking “Social networking is often frowned on by employers becausecontent employees publish may be unprofessional and inappropriate to publish in thecorporate public domain” (Leader-Chivee et al. 2008). Consider, for instance, a supervisorwho types personal and private notes on the corporate social networking site, or reads suchnotes posted by employees. This type of overlap between personal life and professional life

Employ Respons Rights J (2011) 23:83–99 91

could create potential sexual harassment problems and provide too much information to theboss (Greenbaum 2008; Schultz 2008). Moreover, social networking among employeeswithin corporate social networking sites can lead to considerable waste of time whenemployees are chatting with their friends or fellow employees on non-business relatedtopics. Kirkpatrick (2008) cited a study that found that corporate social networks can be awaste of money and time. About thirty five percent of corporate social network activity has lessthan 100 users. Less than 25 percent have more than 1000 users, though over half of thosecompanies have spent over a million dollars on the sites. Corporate networking sites can beoverpriced, include fancy but relatively useless features, andmay bemanaged by inexperiencedmonitors who are unable to assess the quality of information coming from the sites.

A monitor might be unable to distinguish between what is personal and work-related, ormay disseminate information about an employee who has done something personallyinappropriate. Even if it is work-related, a monitor could inappropriately accuse anemployee of wrongdoing without doing a proper investigation. A monitor might investigatea non-random sample of employees who post on the employer’s OSN site specifically to tryto hurt one individual or a group, or monitor at inconsistent times. Thus, to controlinappropriate networking, monitoring content on a corporate social network site might takeconsiderable time and resources (CIO Insight 2009).

Security Employees might share secret aspects of their company on a corporate networkpage, such as passwords, new products, and new services. Social networkers mayintentionally or unintentionally reveal organization secrets such as corporate finances,marketing intentions, business strategies, or new products and services. Warnock (2007)cited a study of 300 IT decision makers that indicated 10 percent of organizationsinvestigated the unauthorized disclosure of financial information through blogs or messageboards. Confidentiality violations can reveal organizational secrets to the whole world.Company secrets can leave the company open to hacking (Kaupins and Minch 2006).

Privacy In addition to the legal privacy concerns discussed above, the privacy of eachemployee may be breached in many unethical ways on an OSN site. Inappropriate picturesof binge drinking or illegal drug use can be posted. Nasty comments about ex-boy orgirlfriends can lead to jealousy and insults. Constant posting of comments on people’s wallscan irritate them and block other people’s comments. Insensitive topics can be discussed,including religion, politics, and racism/sexism (Urban Dictionary 2008). Moreover,employee privacy may be reduced when the terms of the social network site can bechanged at any time. Phrases such as “We reserve the right, at our sole discretion, tochange, modify, add, or delete portions of the terms of use at any time without furthernotice” can drastically affect the organization’s privacy policies.

Accuracy A manager may not know if information on a corporate social networking site isaccurate. An employee can post false financial information on a social networking site for afew minutes and then erase it after damage has been done. In addition to subjecting theemployer to potential legal liability for defamatory statements, such posts may also damagethe employer in other ways. Determining whether that employee posted such damaginginformation can be difficult to prove if the information has been erased. People mightintentionally post false information on such sites as a prank (Ethics Scoreboard 2009).Factual information can be taken out of context because only short snippets are seen on thescreen at once. Other communications can be hidden by the “click here for more posts”button (Schultz 2008).

92 Employ Respons Rights J (2011) 23:83–99

Other Ethical Issues

Rejection Most OSN sites allow users to reject requests to become “friends” on the site.“Staff members that decline friend invitations from volunteers or even other staff membersvia corporate OSN platforms may end up hurting the feelings of those they work with.Encourage staff and volunteers to respect that some people may want to keep their OSNactivities separate from their work or volunteering relationships” (Coyote Communications2008). The employer should also clearly outline the purposes of the OSN communicationsand the profile of the type of friends it seeks. Rejections should occur because only selectmembers are invited or the person does not fit the profile to communicate effectively.

Exclusion Employers should take special care to avoid excluding employees for illegal orunethical reasons, even unintentionally. “Many OSN platforms are blocked from being usedby employees at various businesses and government organizations. Many of these platformsare also not accessible for people using assistive technologies, for people with certaindisabilities, or for those using older software and hardware. This means an organizationshould not switch any of its outreach activities, such as blogging, instant messaging orphoto sharing, entirely over to OSN platforms, as many people are prevented fromaccessing such. In other words, your OSN outreach activities should not replace your otheronline outreach activities, as they will exclude many people.” (Coyote Communications2008). If OSN communications directly affect any employment decisions such as hiring,selection, compensation, training, and security, the communications would probably besubject to civil rights laws. The need for equal access to such communications is thereforeenhanced with the threat of discrimination law suits.

International Ethical Issues To add further complexity to this topic, it must beacknowledged that many cultures of the world have significantly different ethical valuesand may use social networks for different purposes than in the U.S. For example, Chapmanand Lahav (2008) report that Americans tend to reveal very personal information such aspictures, emotions, and sexual preferences. In France, users tend to share non-sensitiveinformation such as general interests. South Koreans tend to share photos with friends.Chinese tend to focus more on interest groups and playing on-line games. Again, employerswho expand into international markets by communicating through OSN should carefullymonitor all activity on their OSN sites to ensure that material posted there is appropriate forthe international audience the employer hopes to reach.

Policy Recommendations for Organizations

The legal and ethical issues discussed above can have major implications on corporatesocial networking policies for organizations. The employer’s business interests must bebalanced with an employee’s privacy interests. Employers who do business internationallymust learn the legal requirements in those countries in which they do business, as well asbecome familiar with the ethical expectations of that particular culture.

Legal monitoring policies tend to be associated with several dimensions—howmonitoring is configured, how monitoring is communicated, how discipline is applied,and how the impact of monitoring is evaluated. Each dimension can range from no activityto significant action. These four dimensions are modeled off the location monitoring workof Kaupins and Minch (2006). Figure 1 provides a summary of policy recommendations

Employ Respons Rights J (2011) 23:83–99 93

based on these four dimensions. Figure 2 provides several sample networking policies.Solutions are based on recommendations from employee handbook experts, ethics codedevelopers, legal researchers, international organizations, and government directives andlaws. In cases such as “monitoring individuals,” several choices are provided toorganizations.

“Configuration” is the operational shell around OSNs. It refers to who shall bemonitored, by what means are people monitored, and when and where monitoring take willplace. “Communication” refers to communication of the OSN policies with employees.Employees should be informed of the timing, means, location, and security associated withpolicy communication.

“Discipline” focuses on major facets of discipline such as progressive discipline,corrective discipline, and the hot stove rule. Progressive discipline deals with providing

Suggestions for Social Network Monitoring Policies

Configuration Issues: 1. Authentication Systems: Passwords/keys/cards (Owyang 2009) 2. Monitoring Individuals: Management, IT director (Bureau of National Affairs 2009) 3. Equipment Used: Network of corporate computers (Bersin 2007) 4. Individuals Monitored: On an equal basis across all individuals for business purposes only

(American Civil Liberties Union 2008; Nolan 2004); Use covert monitoring only when there is evidence that a crime has been committed (Goodwin 2003)

5. Time of Monitoring: On company time (AllBusiness 2001) 6. Approval of OSN Participants: Approve of “friends” with care (Lex 2007)7. Behavior Allowed: Be clear about the purposes of the social networking communication such as

recording useful contacts (Warnock 2007) 8. Behavior Not Allowed: Confidential corporate matters, harassment, defamatory statements

(Warnock 2007; Urban Dictionary 2008) 9. Policies Coordinated: Integrate all electronic communications policies (Warnock 2007)

Communication Issues: 1. Means By Which Warnings Are Announced: Employee handbooks, letters of understanding, e-

mails (Boehl 2000), social networking 2. Timing of Warnings: A reasonable time before monitoring begins (Organization for Economic

Cooperation and Development 2000) 3. Individuals Warned: All those involved (Kaupins & Minch 2006)

Discipline Issues: 1. Individuals Administering Discipline: Supervisor (Bureau of National Affairs 2009) 2. Types of Discipline: Progressive/corrective discipline (Bureau of National Affairs 2009) 3. Appeals: Give employees the right to dispute electronic monitoring data (American Civil

Liberties Union 2008) 4. Retaliation: Provide a non-retaliation policy (Coyote Communications 2008)

Evaluation Issues: 1. Individuals Monitoring Monitors: Top management or data collection experts (Organization for

Economic Cooperation and Development 2000) 2. Methods of Monitoring Monitors: Analyze the impact of monitoring (Goodwin 2003); Develop a

comprehensive records retention policy (Nolan 2004) 3. Frequency of Monitor Monitoring: Periodical but negotiated evaluation of policies in general are

recommended (Dessler 2009) 4. Isolation: Check if any group or groups are isolated from the rest of the organization due to lack

of access to the social network (Coyote Communications 2008) 5. Evaluation Topics: Monitor reaction of employees and managers to the policy, what management

has learned about employee behavior, how employee and management behavior has changed, howpolicies affect the bottom line and other organizational measures (Kirkpatrick & Kirkpatrick 2006)

Fig. 1 Suggestions for social network monitoring policies.

94 Employ Respons Rights J (2011) 23:83–99

employees increased discipline for greater infractions. Companies may start with an oralwarning, then proceed with a written warning if the inappropriate behavior continues.Further discipline could be a suspension and discharge. Corrective discipline involvesproviding the employee with appropriate counseling to help correct inappropriate behavioron a social networking site. The counseling could be followed with appropriate monitoringof future networking behavior. The hot stove rule states that all discipline should be with awarning, impersonal, consistent, and immediate. Of course, all discipline should beappropriate for the business and the specific incident(s) involved.

Concerning “evaluation,” all monitoring policies should be evaluated for their reliability,validity, and adverse impact on employees. Data about social networking activities shouldbe produced. All monitoring policies should periodically be reviewed and revised.

Employers who choose to follow these recommendations should establish clearcorporate social networking policies that can be published in their corporate employee

Sample Corporate Social Network Policy

Employees shall use the corporate social network for business purposes only. Business purposes mayinclude productivity, safety, and security issues related to the mission and objectives of the company. Sampleproductivity issues include generation of new ideas and getting opinions of products and services. Sample safety and security issues include generation of ideas of how to enhance safety and security and monitor possible breaches.

Employees shall not use personal social networking sites on company time. They shall not create personal blogs, disclose confidential information, include defamatory or racially and sexually offensive materials, disparage the company or its competitors, or use the company logo.

Any violation of the policy could lead to discipline following the company’s discipline policy.

Sample Social Network Monitoring Policies1

Sample Policy

The company reserves the right to monitor the social networking activities of employees for business purposes only. Business purposes may include productivity, safety, and security issues related to the mission and objectives of the company. Employees will be notified by their supervisor (or human resources, top management) that their socialnetworking activities will be monitored.

Supervisors (or human resources, top management) are responsible for the storage and dissemination of social networking data. Employees have a right to dispute social networking data and discipline related to that data by contacting their supervisor (or human resources, top management) and following the standard discipline appeal procedures of the company. Sample Monitoring Evaluation Policy Top management will periodically review its social networking policies and procedures as needed to respond to internal company strengths and weaknesses and external threats and opportunities. The review process includes monitoring the reaction of employees and managers to the policy, what management has learned about employee’s behavior, how employee and management behaviors have changed, and how policies affect the bottom line and other organizational measures. _________________________ 1As an alternative to the policies shown, social network monitoring may be subject to negotiation between employees and employers. All social network monitoring could be banned unless managers and employees mutually agree to specific monitoring. Top management and employee representatives could periodically review its social networking policies and procedures as needed.

Fig. 2 Sample corporate social network policies.

Employ Respons Rights J (2011) 23:83–99 95

handbooks, disseminated on the Intranet and Internet, or distributed via letter or e-mail toemployees. Employees should acknowledge that they have read the social networkmonitoring policy by signing an acknowledgment form. Unfortunately, employees tend notto read employee handbooks and letters even though they sign acknowledgment forms.Management may have to remind employees with additional e-mails of the policies and befamiliar with the policies themselves in case of policy disputes (Dessler 2009).

Customers might need to be made aware that the business’s social network is monitoredto protect their privacy. They might not want to be discovered being with an employee whois a competitor, illicit lover, or any other person who can cause embarrassment.

Suggestions for Future Research

Corporate social networking research is still very young due to the newness of the industry.Several future research avenues can be created.

More detailed case analyses can be made concerning any new developments in the useof social network monitoring by companies and the use of corporate social networks.Researchers may also study the impact of any new laws on social networking policies.

Empirical and survey research is needed to help analyze management and employeeattitudes toward the need for limits on social network monitoring and corporate socialnetworking. Legal liability might be a primary motivation to monitor employee socialnetworking. Survey research also can help analyze what type of organizations will be mostlikely to use social networking and what social networking policies will tend to be the mostimportant and most commonly used in practice. Data should be collected concerningcorporate age group usage, purposes of social network sites within companies, anddiscipline for inappropriate behavior.


Existing laws and ethical considerations affect social networking policy recommendationsrelated to configuration, communication, discipline, and evaluation issues. Business-relatedmonitoring should be clearly defined and disseminated to all employees through a widevariety of communication methods. Employees should receive warnings for inappropriatesocial networking activities. Consistent evaluations of monitoring effectiveness shouldoccur. Future research should analyze what type of social networking monitoring andcorporate social networks are involved in organizations.


Age Discrimination in Employment Act, 29 U.S.C. §§ 621 et seq (1967).American Civil Liberties Union (2008, February 8). Online privacy statement. Retrieved August 7, 2009

from http://www.aclu.org/infor/18864res20050401.html.Americans with Disabilities Act (1990). 42 U.S.C. §§ 12101 et seq.AmJur 2d (2009). Employment relationship, 27, § 381.Bersin, J. (2007, November 16). Social networking: Meet corporate America. Retrieved February 9, 2009

from http://joshbersin.com/2007/11/16/social-networking-meets-corporate-america/.Blakey v. Continental Airlines, Inc. (N.J. 2000). 751 A.2d 538.Boehle, S. (2000). They’re watching you: Workplace privacy is going, going.. Training, 37, 50–60.

96 Employ Respons Rights J (2011) 23:83–99

Brandenburg, C. (2008). The newest way to screen job applicants: a social networker’s nightmare. FederalCommunications Law Journal, 60, 597.

Bureau of National Affairs. (2009). BNA employment guide. Washington: Bureau of National Affairs.Byrnside, I. (2008). Six clicks of separation: the legal ramifications of employers’ using social networking

sites to research applicants. Vanderbilt Journal of Entertainment and Technology Law, 10, 445.Candilis, P. J. (2002). Distinguishing law and ethics: a challenge for the modern practitioner. Psychiatric

Times, 19(12). Retrieved September 8, 2005 from http://www.psychiatrictimes.com/display/article/10168/48616?pageNumber=1.

Chapman, C. N., & Lahav, M. (2008). International ethnographic observation of social networking sites.Retrieved March 10, 2010 from http://portal.acm.org/citation.cfm?id=1358628.1358818.

CIO Insight (2009). Five reasons to deploy a corporate social network. Retrieved February 9, 2009 fromhttp://www.cioinsight.com/c/a/past-news/5-Reasons-to-Deploy-a-Corporate-Social-Network/.

Clineburg, Jr., W. A., & Hall, P. N. (2005). Addressing blogging by employees. The National Law Journal.Communications Decency Act (2000). 47 U.S.C. §§ 652 et seq.Communitelligence.com (2009). Building employee branding and engagement with internal social networks.

Retrieved March 3, 2009 from http://www.communitelligence.com/content/ahpg.cfm?spgid=361&full=1.ComScore (2009). ComScore: The growing appeal of social networks in Europe. Retrieved November 30,

2009 from http://www.nevillehobson.com/2009/02/17/comscore-the-growing-appeal-of-social-networks-in-europe/.

Coyote Communications (2008, November 27). Nonprofit organizations and online social networking:Advice and commentary. Retrieved August 7, 2009 from http://www.coyotecommunications.com/outreach/osn.html.

Dessler, G. (2009). Fundamentals of human resource management. Upper Saddle River: Pearson.Ethics Scoreboard (2009, March 4). Science and technology. Retrieved March 20, 2009 from http://www.

ethicsscoreboard.com/list/facebook.html.Eur-lex (1995). Directive 95/46/EC of the European Parliament and of the Council. Retrieved November 30,

2009 from http://eur-lex.europa.eu/LEXURIServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HRML.European Commission (2009). What is the EU doing? Raising awareness & empowering children. Retrieved

November 30, 2009 from http://ec.europa.eu/information_society/activities/social_networking/eu_action/index_en.htm.

European Commission (2010). What are EU directives? Retrieved March 10, 2010 from http://ec.europa.eu/community_law/introduction/what_directive_en.htm.

Fair Labor Standards Act (1949). 29 U.S.C. §§ 215 et seq.Family and Medical Leave Act (1993). 29 U.S.C. §§ 2601 et seq.FreshNetworks Blog (2009, March 2). Russia: The fourth largest social networking market in Europe.

Retrieved December 3, 2009 from http://blog.freshnetworks.com/2009/03/russia-the-fourth-largest-social-networking-market-in-europe/.

Gabel, J. T. A., & Mansfield, N. R. (2003). The information revolution and its impact on the employmentrelationship: an analysis of the cyberspace workplace. American Business Law Journal, 40, 301.

Gely, R., & Bierman, L. (2006). Workplace blogs and workers’ privacy. Louisiana Law Review, 66, 1079.Goodwin, B. (2003). Tell staff about e-mail snooping or face court, new code warns. Computer Weekly, 38, 5.Greenbaum, K. (2008, October 6). Ethics of Facebook friendship: Can it really be a conflict? Retrieved

March 20, 2009 from http://www.igreenbaum.com/20089/10/ethics-of-facebook-friendship-can-it-really-be-a-conflict/.

Greenbaum, W., & Zoller, B. (2006, July/August). Court decisions impact workplace internet and e-mailpolicies. HR Advisor.

Gross, D. (2010, January). Has Twitter peaked? Retrieved March 19, 2010 from http://www.cnn.com/2010/TECH/01/26/has.twitter.peaked/index.html.

Grubman, S. R. (2008). Think twice before you type: blogging your way to unemployment. Georgia LawReview, 42, 615.

Gutman, P. S. (2003). Say what?: blogging and employment law in conflict. Columbia Journal of Law andthe Arts, 27, 145.

Higgins, M. A. (2002). Blakey v. Continental Airlines, Inc.: sexual harassment in the new millennium.Women’s Rights Law Reporter, 23, 155.

IntelFusion (2009). DoD and IC employees on Facebook and MySpace. This new Russian law may impactyou. Retrieved December 3, 2009 from http://intelfusion.net/wordpress/?p=656.

Kaupins, G. E., & Minch, R. (2006). Legal and ethical implications of employee location monitoring.International Journal of Technology and Human Interaction, 2, 16–35.

King, N. J. (2003). Labor law for managers of non-union employees in traditional and cyber workplaces.American Business Law Journal, 40, 827.

Employ Respons Rights J (2011) 23:83–99 97

Kirkland, A. (2006). “You got fired? On your day off?!”: challenging termination of employees for personalblogging practices. University of Missouri-Kansas City Law Review, 75, 545.

Kirkpatrick, M. (2008, July 17). Corporate social networks are a waste of money, study finds. RetrievedFebruary 9, 2009 from http://www.readwriteweb.com/archives/corporate_social_networks_are.php.

Kirkpatrick, D. L., & Kirkpatrick, J. D. (2006). Evaluating training programs: The four levels (3rd ed.). SanFrancisco: Berrett-Koehler.

Konop v. Hawaiian Airlines, Inc., 302 F.3d 868 (9th Cir. 2001).Leader-Chivee, L., Hamilton, B. L., & Cowan, E. (2008, Dec.). Networking the way to success: online social

networks for workplace and competitive advantage. Retrieved January 2, 2010 from http://www.entrepreneur.com/tradejournals/article/print/200784523.html.

Lex, R. (2007). Can MySpace turn into my lawsuit?: the application of defamation law to online socialnetworks. Loyola of Los Angeles Entertainment Law Review, 28, 47.

Lichtenstein, S. D., & Darrow, J. J. (2006). Employment termination for employee blogging: number onetech trend for 2005 and beyond, or a recipe for getting Dooced? UCLA Journal of Law & Technology,2006, 4.

Maximumpc.com (2010). Facebook leapfrogs Google in popularity contest. Retrieved March 18, 2010 fromhttp://www.maximumpc.com/article/news/facebook_leapfrogs_google_popularity_contest.

Meller, P. (2009, June 23). Regulators: EU data protection laws apply to social networks. RetrievedNovember 30, 2009 from http://www.networkworld.com/news/2009/062309-regulators-eu-data-protection-laws.html.

Milligan, T. E. (2009). Virtual performance: employment issues in the electronic age. Colorado Lawyer, 38,29.

National Labor Relations Act (1947). 29 U.S.C. §§ 151 et seq.Nolan, D. R. (2004). Privacy and profitability in the technological workplace. Journal of Labor Research,

24, 207–232.Occupational Safety and Health Act (1970). 29 U.S.C. §§ 651 et seq.Organisation for Economic Cooperation and Development, (2000). OECD guidelines on the protection of

privacy and transborder flows of personal data. Paris: OECD Publication Service. Retrieved January 6,2010 from http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html.

Ostrow, A. (2009, March 9). Social networking more popular than email. Retrieved April 10, 2009 fromhttp://mashable.com/2009/03/09/social-networking-more-popular-than-email/.

Owyang, J. (2009). What Facebook Connect means for corporate websites. Retrieved February 9, 2009 fromhttp://www.web-strategist.com/blog/2008/07/23/what-facebook-connect-means-for-corporations/.

Owyang, J. (2010). A collection of social network stats for 2010. Retrieved March 19, 2010 from http://www.web-strategist.com/blog/2010/01/19/a-collection-of-social-network-stats-for-2010.

Perez, S. (2009, July 2). A growing acceptance of social networking in the workplace. Retrieved January 2,2010 from http://www.readwriteweb.com/archives/a_growing_aceptance_of_social_networking_in_the_w.php.

Porter, W. G., & Griffaton, M. C. (2003). Between the devil and the deep blue sea: monitoring the electronicworkplace. Defense Counsel Journal, 65–77.

Quintura (2008, October 31). Odnoklassniki.ru shows new ways to monetize social networks. RetrievedDecember 3, 2009 from http://blog.quintura.com/2008/10/31/odnoklassnikiru-shows-new-ways-to-monetize-social-networks/.

Raphael, J. R. (2009). People search engines: They know your dark secrets…and tell anyone. RetrievedMarch 30, 2009 from http://tech.msn.com/products/articlepcw.aspx?cp-documentid=18632762&GT1=40000.

Sarbanes-Oxley Act (2002). 18 U.S.C. §§ 2510 et seq.Schultz, J. (2008, November 25). Facebook creeping! The ethics involved with employers usage of

Facebook. Retrieved August 7, 2009 from http://www.jaytaylorschultz.com/PDFs/Research-Facebook-Creeping.pdf.

Sims, R. R. (2003). Ethics and corporate social responsibility: Why giants fall. Westport: Praeger.Sprague, R. (2007). Fired for blogging: are there legal protections for employees who blog? University of

Pennsylvania Journal of Labor and Employment Law, 9, 355.Strege-Flora, C. (2005). Wait! Don’t fire that blogger! What limits does labor law impose on employer

regulation of employee blogs? Shidler Journal of Law, Commerce & Technology, 2, 11.

98 Employ Respons Rights J (2011) 23:83–99

Title VII of the 1964 Civil Rights Act (1964). 42 U.S.C. §§ 2000d et seq.Urban Dictionary (2008, September 18). Facebook ethics. Retrieved August 7, 2009 from http://www.

urbandictionary.com/define.php?term-facebook%20Ethics.Wardman, M. (2009, February 23). Social media penetration in European and Asian countries. The Wardman

Wire. Retrieved March 13, 2010 from http://www.mattwardman.com/blog/2009/02/23/social-media-penetration-in-european-and-asian-countries/.

Warnock, O. (2007). Networking or not working? Contract Journal, 440, 31–32.

Employ Respons Rights J (2011) 23:83–99 99

Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.

  • c.10672_2010_Article_9149.pdf
    • Legal and Ethical Implications of Corporate Social Networks
      • Abstract
      • Purpose
      • Legal Issues
        • The Employment At-Will Doctrine and Exceptions
        • Labor Relations
        • Discrimination Statutes and Employer Liability for Sexual Harassment
        • Vicarious Liability Issues
        • Select International Legal Issues
      • Ethical Issues
        • Fair Collection of Information
        • Other Ethical Issues
      • Policy Recommendations for Organizations
      • Suggestions for Future Research
      • Conclusion
      • References