This article from guest author, Marian Bloodworth, is part of a series of posts on digital HR & the human connection – an exploration of the issues & trends around online HR tools, social media channels, and the desire for a positive culture in the workplace.
Businesses are increasingly using social media platforms and HR technology at work – especially those organisations keen to see greater employee engagement through increased levels of connectivity. For employees used to managing their personal lives via social media and technology, it makes perfect sense.
Workplace communication tools such as Slack and HipChat replicate many of the features of the well-known social versions, giving employees and co-workers a range of ways in which to communicate, collaborate and interact. Increasingly, previously non-work networks like Facebook and Whatsapp are being used inside businesses too.
Social tools can be good for business
The increasing globalisation of business, and reliance on remote and flexible ways of working, mean that keeping employees meaningfully connected is critical to driving business success. As an added side benefit, the introduction of more effective communication methods often leads to a reduction in the use of internal email systems. This in turn can help businesses manage IT capacity and reduce the need for employees to monitor unnecessary email traffic.
What’s the risk?
As with any workplace communication system, there are however a number of legal risks which employers implementing these functions should take into account. In addition to existing email, phone and instant messaging systems, social media platforms provide employees with another forum to express personal views and discuss potentially sensitive and confidential business issues.
Key legal considerations
Employers will want to ensure that any system is used for business appropriate purposes only, and should bear in mind the importance of the following:
- The need to protect confidential data and information. Recent high profile hacking incidents involving customer data are a timely reminder that customer and company confidential information needs to be properly safeguarded. In addition, the FCA (Financial Conduct Authority) published a report at the end of last year reminding financial services businesses to do more internally to protect the flow of confidential and inside information. The advice applies equally well to other business sectors.
- Transmitting data safely and securely, particularly where businesses operate globally. The Schrems case on data protection and the issues around Safe Harbour and privacy shield principles have highlighted the need to ensure that data is properly protected, particularly when being sent outside the EU. The forthcoming General Data Protection Regulations will only heighten the focus on data protection.
- Avoiding discrimination and inappropriate or defamatory comments. A number of tribunal cases have highlighted the risks for employers where employees use social media to make inappropriate comments regarding the workplace. Such comments can pose a real risk for employers’ reputations – not least given the reach and speed of social media. Communications on social media platforms at work could all be disclosable in response to a data subject access request or in any tribunal or court litigation and so should be approached with as much care as any other written communication.
Maximising the benefits and minimising the legal risks
There are a number of steps that employers should take to ensure that the benefits of using these types of platforms are not eclipsed by the potential for legal risk:
- Be clear on the circumstances in which social media platforms should be used, and the business benefits of doing so. The message needs to be consistent across the business so that employees are not confused or left in doubt. Provide training on how to use all systems effectively.
- Have guidelines on the topics that can be discussed. This may include, for example, limiting or prohibiting discussion of confidential customer information or company confidential information – such as financial results and future projections, trade secrets and strategic plans.
- Consider appropriate safeguards where current business projects are discussed in detail. Project names or code words could be used to avoid referring to individual names or customers.
- Identify appropriate membership of the various groups and chat channels, and ensure that appropriate checks are in place, so that only those who should be involved have permission to join.
- Consider data protection issues where data is being transmitted on a global basis and how these can be mitigated.
- Remind employees of the need to ensure that posts and conversations are not discriminatory, offensive or defamatory. Employees should also be told not to exclude team members from groups inappropriately, since this could amount to workplace bullying.
- Update diversity and disciplinary guidelines and policies accordingly, to ensure that employees are aware of the consequences of inappropriate use of the relevant tools.
- Ensure that HR, compliance and risk functions are aware of the challenges (particularly in large organisations) that the new system could present, and that sufficient resources are in place to monitor effective and lawful use of the platforms.
A final note
The inexorable rise of technology at work, and the obvious advantages it brings, mean that we can expect to see communication and engagement tools becoming an integral part of the workplace toolkit going forward.
Those businesses that can harness the benefits of such systems whilst avoiding the potential risks should see their efforts rewarded.
A version of this article first appeared in IT Pro Portal in January 2016.
Marian Bloodworth is a partner in the Employment team at Kemp Little, the boutique technology law firm.
Kemp Little helps businesses and managers maximise the benefits of HR tech and social media tools, whilst at the same time protecting themselves against the legal risks that can arise through inappropriate use of such systems. Our training package, which we can bespoke for your business and staff, highlights the key legal and practical points to bear in mind when dealing with employee data, confidential information and group communications. For more details please contact Marian.