Blake Lapthorn's In-House Lawyer and Decision Makers' forum
Social Media and Confidentiality
Nicola Diggle and Mike Wilson
17 September 2013
Social Media for Businesses
Opportunities, Risks and Strategies
Associate, Commercial Litigation and Dispute Resolution
The Social Media Revolution
A revolution in the way business and customers
One way communications such as press releases are
becoming “old hat”
Speed of development of use of social media
outstrips corporate risk management capability
Online chatter memorised in disclosable form
Commercial opportunities and risks with using social
media for businesses
Risks to Commercial Organisations
Damage to reputation
Actions for defamation
Contravene advertising regulations
Vicarious liability for acts of employees e.g.
discrimination and harassment
Breach of confidence
Infringement or compromise of IP rights
Breach of Data Protection Act
Employee issues and claims
Jeopardise legal privilege between Company and IHL
Breach market abuse rules
Defamation and Malicious Falsehood
Statement is defamatory if it lowers the claimant in
the estimation of a right thinking member of society, it
identifies the claimant and is published to a third
Various defences are available
Defamation Act 2013 not yet in force
Malicious Falsehood involves a published false
statement which was published maliciously and
Advertising Standards Authority Code
Consumer Protection from Unfair Trading
Business Protection from Misleading Marketing
Underlying act complained of must be unlawful
The act must be so closely connected with his
employment that it would be fair and just to hold the
employer vicariously liable.
Breach of Confidence (1)
To protect personal confidences, trade secrets,
literary confidences and state secrets
Requires information which is confidential (not in
The information must have been imparted in
circumstances which impose an obligation of
Many duties of confidence also contractual, e.g.,
employment contracts and NDA’s
Duties can also be implied
Duties often survive termination of relationship
Breach of Confidence (2)
Breach of confidence involves the unauthorised use
or disclosure of confidential information
Court remedies are injunctions, damages or account
of profits and delivery-up or destruction
Damages for breach of privacy have a different
Using Social Media in Disputes and
Service of Court documents using Facebook and
Disclosable documents available online?
“Norwich Pharmacal “ Orders
Keep abreast of what your business is doing and
promoting on social media to ensure compliance and
to minimise risk whilst also maximising opportunities
Golden rules for corporate use of social media
To moderate or not to moderate?
Workplace strategies and policies
Dangerous Tweeting – What lurks beneath?
Use of hashtags
Social Media and Confidentiality
Problems of misuse or abuse for employers
Mike Wilson, Partner, Employment Team
Part of the fabric of our daily personal and working
Blurring the lines
Facebook; LinkedIn; Twitter; YouTube; Google+;
Flickr; Bebo; Myspace; Blogs; Emails……..
Twitter – 65 million “tweets” a day by 200 million
LinkedIn – more than 100 million users; 2 new
members signing up every second
Positives and pitfalls for employers
Recruitment, Business Development, Networking,
Protection of confidential information – who owns it?
Distinguishing between work and non-work related
Protecting the business’ reputation
Managing employees’ use of social media
Intellectual Property, Contract and Employment Law
Who owns the information?
Database created by an employee in the course of
employment? Who is the owner?
Must be a substantial investment in obtaining, verifying or
presenting the contents of the database.
Looking at LinkedIn;
– did the employee “prepare” the LinkedIn database outside
employment for personal reasons or “in the course of
– contacts that pre-date employment or which are personal to
– the fact that the database consists of personal and non-
personal contacts does not necessarily mean that the
employer is unable to protect it: PennWell Publishing v
Profile information such as name, educational
background / qualifications – not confidential
Client lists – confidential
– use for non-business purposes is not permitted during
employment, importance of employer protection
– Hays v Ions (2008)
– Information is publicly available (Google)
– Privacy settings (contacts)
Managing Employees Using Social Media
Should there be access to social media during
“In the course of employment”.
Discrimination and Harassment.
Medium for conduct which would otherwise be dealt
with under Disciplinary Procedure.
Comments posted can amount to gross misconduct;
– Nature of what has been posted
– All other relevant circumstances
Teggert v TeleTECH UK Ltd (2011)
Bringing The Employer Into Disrepute
Protection of reputation.
Gross misconduct – even if ostensibly disseminated
to personal friends / contacts only.
Social media as evidence.
Breach of duty of fidelity.
Crisp v Apple (2011).
Issues on Recruitment and Termination
– Vetting candidates
– Data protection considerations
– do these prevent the employee from having contact via
– Express provisions in settlement agreements regarding
contact through LinkedIn
Contract of Employment
Policies – needed given the uncertainties in the law
As a minimum a social media policy should;
– set clear parameters of what is and what is not acceptable
use for LinkedIn, etc
– highlight business critical nature of the LinkedIn database
and the fact that contacts built up during work time using
work equipment belong to the employer
– require employees to use the tightest privacy settings
– clearly state that infringement of the policy could result in
– make it clear that the employer will monitor usage to ensure
compliance with the policy
Policies – some ideas for you
Restricting / prohibiting employees from connecting with other
recruiters and / or providing endorsements or recommendations
Requiring notification to the employer each time a connection is made
with a business contact
Regular review meetings to look at and discuss employee’s LinkedIn
database / other social media
Business communities only to be set up with the express approval of
A comprehensive policy provides a perfect opportunity for the employer
to make it clear that:
– LinkedIn database is exclusively for the benefit of the employer
– any contacts made via or on LinkedIn will belong to the employer
– the employer retains supervisory rights to ensure the business
brand is protected
Application of existing legal principles to this evolving
phenomena is uncertain
Employers must develop clear policies and
employees must be trained in responsible usage
Dave works for CallCo Ltd, a call centre based in Hampshire.
Dave has attended an induction day during which the employer
encouraged Dave to use Social Media to enhance his contacts.
Dave has a LinkedIn account from his previous employer that he
thinks he will continue using as he already has a lot of personal
contacts on there.
Dave updates his LinkedIn account so that it clearly states he is
now an employee of CallCo.
On 12th September Dave has a really bad day at work, goes
home and posts on Facebook “I hate CallCo, such a
disorganised company, wish I didn’t have to put up with this”.
Dave does not have the tightest privacy settings on his account.
Steve, the HR Manager of CallCo sees the post and wants to
speak to Dave about it, he is concerned that clients have also
seen the post.
Case Study 2
Dave leaves CallCo in order to set up a competing business.
Unfortunately Dave has no Restrictive Covenants in his Contract
of Employment. Dave has a group set up on his LinkedIn
account which was used for CallCo business. As soon as Dave
leaves he uses this group as a source of email addresses for a
press release announcing his new competing business and
inviting everyone to attend an informal event.
CallCo have asked Dave for the username, password and
access details for the group but Dave has refused to disclose
these details, arguing they are personal to him.
Tel: 01865 258006
and Dispute Resolution