Establishing an Effective Company Policy on Employees’ e-Communications
A. General Principles.
1. Comprehensiveness: to avoid employee confusion, the policy should apply to any form of electronic communication by the employee having a nexus with the workplace including email, instant messages, web postings, blogs (both personal and company sanctioned), newsgroups, message boards, social networking sites, virtual worlds, and any other form of electronic communication or interaction.
2. Avoid undue restriction: a blanket prohibition on personal electronic communications by employees may appear to be the simplest policy; however, such a prohibition may be unrealistic. Companies should seek to balance the necessity of restrictions on employee communication with the ability of employees to engage in dialogue outside the workplace.
3. Consider the risk posed by the employee: lower-level employees may possess far less critical information and their communications are far less likely to result in legal and non-legal liability for the company. Higher-level employees, executives and professionals who have access to sensitive information, and deal with clients or the public, present correspondingly higher risks to the company. As responsibility and access increase, so too should restrictions on independent outside communication by the employee. A company may wish to monitor senior level employees’ communications more closely or require prior approval by a designated officer. But, the company must have basic conduct standards that apply to all employees.
4. Incorporate general policies: most companies have a variety of general policies regarding employee conduct. These policies should be incorporated by reference into the company’s electronic communications policy and when necessary, explicitly mentioned in relevant provisions of the electronic communications policy.
5. Clarity: many companies assume that employees know what is and is not an appropriate communication. Likewise, many employees will assume that what they say and do outside of work is none of the company’s business. To avoid this problem, the policy should delineate its scope and boundaries. The policy should also be clear about what communications it prohibits.
6. Transparency: the policy should make clear what monitoring by the company will occur. This can help avoid employee impressions that they are being “spied on”. Likewise, employee knowledge of company monitoring often operates as a defense to charges that the company has violated employee privacy.
7. Know the limitations: the company’s policy should not overreach. In many states, the law limits a company’s right to discipline employees for certain types of personal electronic communication, most notably: information regarding the employee’s membership in a protected class, union activity, political activity, and whistle blowing. Moreover, the company should not create a policy that is impracticable because it risks sending the message to employees that the policy will not actually be enforced.
8. Education: companies should make reasonable efforts to inform employees of the policy. Although it operates in part as legal protection to the company, the ultimate goal is to produce a policy that employees can understand and follow. In addition, not all employees will understand why particular communications are prohibited (i.e. SEC regulations regarding release of material nonpublic information). If employees understand the risks of certain communications, they may be more likely to refrain from making those communications.
9. Consultation: despite (or perhaps due to) the complexity and comprehensiveness of any policy, situations will inevitably arise that defy easy determination under the terms of the policy. To avoid problems of misinterpretation, companies should encourage employees to use existing resources (management or HR staff) for clarification and interpretation of the policy.
B. Specific Provisions Relating to Blogging and Similar Electronic Communications.
1. The identity of the employee and association with the company: there are two schools of thought on this subject. Some policies demand that the employee not identify the employee’s affiliation with the company. Conversely, many policies require that the employee identify himself or herself and disclose his or her affiliation with the company. At the very least, experience suggests that the employee should disclose his or her affiliation if he or she is posting communications about matters at work in which the employee is directly involved or for which he or she has responsibility.
2. Press inquiries: because the employee speaks only for himself and not for the company, if a member of the press makes an inquiry into information electronically communicated by an employee, the policy should require the employee to refer to or consult with management or the company’s public relations department before making any statements that could be interpreted as statements by the company.
3. Offensive content: virtually all policies prohibit the employee from using obscenity, threats, insults, harassment, or other offensive remarks when referring to the company, fellow employees, competitors, partners, or clients. Most policies also suggest that communications dealing with the company, even in part, should avoid controversial or inflammatory subjects like politics and religion. This is one area where common sense is often explicitly referenced as the guidepost; if a comment is inappropriate for the workplace generally, it has no place in the employee’s electronic communications as well. When appropriate, companies may also wish to prohibit employee participation in activities that may reflect negatively on the company such as posing for sexually suggestive, sexist or racist pictures, especially while wearing a company uniform.
4. Avoiding personal attacks: electronic communications may be a constructive forum to explore differences of opinion. Even policies which allow for spirited debate about issues relating to the workplace, however, place some limits on the debate. For example, most policies also prohibit overwhelmingly negative attacks on the company, clients, or competitors. The employee should support her arguments and opinions with solid facts not wild conjecture or baseless accusations. Comments should emphasize the positive aspects of the approach suggested by the employee and should refrain from holding others up to ridicule or engaging in name-calling.
5. Disclaimers and liability: most policies require an employee discussing work related matters to make an express disclaimer that the employee is speaking only for herself and does not represent the views of the company. Further, most policies expressly identify the risks of defamation, fraud and other legal consequences that can arise as a result of blogging or similar electronic communications. The company usually disclaims any liability for the content or consequences of employees’ personal electronic communications.
6. Confidentiality: most employees are privy to some amount of confidential company information. Policies should expressly state that the employee’s right to speak publicly is limited by the employee’s duty of loyalty to the company and confidentiality to clients and partners. Unauthorized or improper release or use of company or client confidences, proprietary information, trade secrets, or other sensitive information should be prohibited. At a minimum, the company should require the employee to consult with management, HR, legal or PR department staff members before posting any communications that have the potential to compromise the confidentiality of information. Companies should especially impress the need for consultation before divulging material nonpublic information that may be subject to SEC or other regulation. Likewise, the company should make clear that public electronic communications are not the appropriate forum to air grievances about contentious interoffice conflicts.
7. Whistle-blowing: in some states, employee whistle-blowers receive protection for some or all of their communications. However, a public forum is not the best avenue for reporting misconduct and the company should encourage employees to use established means of reporting (internal, external, or governmental) rather than blogging or other public electronic communications.
8. Intellectual property rights: many policies require that employees respect the intellectual property rights of the company, clients, and competitors. As such, the employee should not use or release material that is trademarked, patented, copyrighted or that constitutes trade secrets unless given permission or in accordance with principles of fair use. Employees should be especially discouraged from using company logos or marks, and if permission is granted the company should refer to the above provisions on differentiating between the opinions and views of the employee commenter and the company.
9. Abiding by the law: policies usually include a provision requiring employees’ communications to conform to any and all pertinent legal requirements. A company’s policy should make clear that fraudulent, tortious, criminal, or otherwise illegal communications will not be tolerated and are grounds for discipline up to and including discharge.
10. Consequences: the policy should detail the possible consequences of violation including discipline, termination, and potential legal liability.
11. Consent to monitoring: as stated previously, the policy should make clear that the company reserves the right to monitor any public communications by the employee as well as any communications that take place via company-owned equipment and that the company’s right is limited only by applicable law.
C. Additional Resources.
The internet is replete with examples of company policies regarding employee blogging and other electronic communications. The following represent some of the policies and resources available.
1. John W. Boushka, Suggested Employee Blogging (Personal Weblog) and Personal Website Policy for Employers, last updated May 13, 2005, available at http://www.doaskdotell.com/personal/blogging.htm.
2. Anne Broache, Corporate Employee Blogs: Lawsuits Waiting to Happen?, CNET NEWS, March 26, 2008, available at http://news.cnet.com/8301-10784_3-9903070-7.html?tag =nefd.lede.
3. Cisco internet postings policy available at: http://blogs.cisco.com/news/comments/ciscos_internet_postings_policy/
4. Daniel A. Schwartz, The Blog I Didn’t Publish ‘“ Will Your Employees Do the Same?, CONNECTICUT Employment LAW BLOG, October 10, 2007, available at http://www.ctemploymentlawblog.com/2007/10/articles/the-blog-post-i-didnt-publish-will-your-employees-do-the-same/.
5. Sun Microsystems blogging policy available at:https://blogs.oracle.com/lskrocki/entry/sun_s_revised_blogging_policy
6. Yahoo! blogging policy available at:http://jeremy.zawodny.com/yahoo/yahoo-blog-guidelines.pdf