Post with caution
Some of the risks arising from the upsurge in the use of social media, both in and out of the workplace
Social media is one of the most revolutionary communication platforms of our time, with more than 211 million users in Europe alone.1 The phenomenon has pervaded everyday life for many people. Businesses have seized this marketing opportunity, developing social media strategies which commonly include maintaining a Facebook page or Twitter feed and monitoring blog conversations.
Increasingly, many businesses, across all sectors, are moving to convert their own internet presence to “Web 2.0” (as social media internet is known), to allow users to interact and collaborate with each other as creators of user-generated content. However, while they clearly understand the benefits of maintaining a presence on social media sites and enhancing their own websites to provide the best online experience for clients, not all businesses have fully realised the consequences of these initiatives and the risks they have opened themselves up to in cyberspace. The rate of growth and change has been quicker than some businesses anticipated, and many now find themselves in the role of online publisher, without having established the checks and procedures which a traditional media company would have in place to manage the content they generate.
Data released by Sweet & Maxwell2 revealed that the number of online defamation lawsuits in England & Wales more than doubled in the course of a year. Analysts believe this rise in “cyber libel” is directly related to the rise in online social networking. Breach of copyright is also leading to significant claims, and there is well-publicised litigation in the press regarding the use of unlicensed content on social media sites.
Even if your practice does not have a dedicated social media presence, there remain a number of risks of which practices need to be aware. Emails, blog postings, Twitter feeds or Facebook entries by partners or employees (“staff”) outside of the work environment can still have potentially detrimental implications for the practice. Practices can lose clients or find themselves on the wrong side of legal action for comments made by an employee of that practice which reflect badly on the client. So what can practices do to minimise exposure?
Risk management pointers
Ensure that relevant policies are up to date and refer to use of social media
The practice’s policies (for example, the disciplinary policy, and internet and email policy) need to set out clearly what staff can and can’t do in terms of their use of social media – both in the workplace and at home. They should also make it clear what the consequences of breaching those rules and guidelines will be. It may also be worth checking that the confidentiality clauses in your employment contracts are effective in a social media age.
Make sure that those responsible for the firm’s social media posts are adequately trained
If you are tweeting or have a Facebook page, who is responsible for its content? Have they received the same level of training as other individuals responsible for your firm’s external communications?
The informal nature of these sites can lead to an informal approach to messages posted. However, they are subject to the same defamation and intellectual property rights laws as any other broadcast content. Staff must have a good understanding of the law in these areas.
Have a robust moderation procedure in place for the firm’s website
If you are allowing user-generated content on your site, you need to consider whether you will apply pre- or post-moderation to the content. If you moderate the content before allowing it on to your site, you can be perceived as assuming editorial responsibility, which is potentially more onerous in the event of a claim against you. You need a clear takedown policy in the event of complaints, which should ideally include immediate removal of contentious content.
Apply appropriate filter systems
What procedures are in place to check a user’s age? Are there copyright disclaimers for users to agree to, prior to uploading content? If you are operating a post-moderation site, do you have appropriate filters for key words?
Consider your geographical footprint
While you may consider yourself domiciled in one territory and target your communications at that location, the internet does not respect international boundaries. Your comments can be seen far beyond the borders of the country for which the broadcast was intended. This can lead to international exposures which have not been considered.
Risk management pointers for staff
Everyone who uses social media needs to remain alert to the potential risks that its use brings. As with email (see the article on email risks, Journal, August 2010, 42), its immediacy is also its danger. Whether in a personal capacity or in your professional capacity, ensure that you are not in breach of your practice’s policies. Comments on a blog, Twitter or Facebook can all too easily get into the “wrong” hands. Before posting, take a moment to think whether a comment could relate to a client, or be divulging confidential information. The rule of thumb has to be “If in doubt, don’t”.
Social media risks
- Breach of right of privacy
- Breach of confidence
- Intellectual property infringement
- Contextual error or omission
- Data protection infringement
Lisa Hansford-Smith (firstname.lastname@example.org), Sarah Neild (email@example.com) and Calum MacLean (firstname.lastname@example.org) work in the FinPro (Financial and Professional) National Practice at Marsh, global leader in insurance broking and risk management. Lisa and Sarah specialise in advising clients on cyber liability risks. Calum is a non-practising solicitor, formerly in private practice, providing risk management training to the legal profession in Scotland.
The information contained herein is based on sources we believe reliable and should be understood to be general risk management and insurance information only. The information is not intended to be taken as advice with respect to any individual situation and cannot be relied upon as such.
Marsh Ltd in the United Kingdom is authorised and regulated by the Financial Services Authority for insurance mediation activities only.
1 Data from The European Network and Information Security Agency (ENISA). www.enisa.europa.eu/act/ar/deliverables/2010/onlineasithappens/at_download/fullReport
2 Data from The Guardian. www.guardian.co.uk/ media/2011/ aug/26/defamation-cases- twitter-blogs
Inappropriate use of social media can lead to clients’ confidential data being made public. The latest e-learning module from Marsh, providing 0.5 units of certificated CPD, raises awareness of a range of Information Security Risks and how best to mitigate these risks. Log on to Marsh’s website (www.marsh.co.uk/lawsociety) to access this, and a wide range of other online training resources.