1
DS 061112
Contents
1. What is Social Media?
 Employee guidelines for using Social Media
 Management guidelines for using Social Me...
What do you think “Social Media” is?
Company Policy states:
“Social Media is defined as any mechanism or system that
allow...
Examples of popular social media sites
5
Twitter Facebook LinkedIn
Myspace Reddit Yammer
Friends
Reunited
Google + Bebo
Other Social Media outlets
Most websites include some form of Social Media, even if the site itself exists for other
reaso...
Employee Guidelines for using
Social Media
Discuss:
What type of issues have you dealt with in this area? Or are familiar
...
Employee Guidelines for using
Social Media
Golden Rule:
Don’t post any information that could be damaging to our (and pote...
Employee Guidelines/Use of Social Media
 Continued……
 Anything that can be construed as controversial
 Pointing out con...
Employee Guidelines Toolbox Talk
To help you all ensure your employees adhere to the
Employee Guidelines for Social Media,...
Management Guidelines to Social Media
 Personal Social Media Use at Work:
 Employees can use the internet for personal u...
Preece v Wetherspoon: the Verdict
Ms Preece:
 Was dismissed on the grounds of gross misconduct:
 Her actions were deemed...
Preece v Wetherspoon: Learning Points
Key learning points of Preece v Wetherspoon case:
• It highlights the importance of ...
Social Media and Employee Misconduct
As Social Media can be used at any time inside or outside of
work, the human
rights o...
Potential Negative Impacts in the
Workplace
While there are many advantages to social networking in the workplace, ( build...
Social Media Case Law:
Flexman v BG Group
The Current Situation:
The dispute over Mr Flexman’s profile led to his resignat...
Relevant Policies & Procedures
The following policies all relate to Social Media use in the workplace.
A “Social Media Pac...
Acceptable Use Policy
Acceptable Use Policy documents are handed out during induction of new starters. These
documents mus...
Acceptable Use Policy – Management Responsibilities
All Managers are responsible for ensuring employees, contractors and t...
The Data Protection Act
The Data Protection Act (DPA) 1998 defines UK law on the processing of data
related to a person wh...
The Data Protection Act
Types of Data under the Data Protection Act
 Personal data is any information which can identify ...
Data Protection: 8 Principles
The key principles for personal data are that they will be:-
1. Processed fairly and lawfull...
Data Protection: Elearning
 New Elearning module available, to be completed by latest 21st December
 To ensure all staff...
Subject Access Request
 Individuals are have the right of access to their personal data within reason by
submitting a sub...
Subject Access Request
Which of the following would be personal data that may need to be used to
comply with a subject acc...
Withholding data from
Subject Access Requests
Withholding Data
Reasons to withhold data are as follows:-
 Legal correspon...
What is a Breach of Data Protection?
Which of the following could potentially constitute a breach of data protection:-
 A...
Top Ten Tips for Complying with Data Protection
 Check who is in the email trail when forwarding/replying to all
 Use an...
Data Protection Enforcement & Penalties
 Assessments made by the Information Commissioner
 Enforcement notice
 Court or...
Scenarios
 A member of your team has reported that one of their colleagues seems to always be
on Facebook during work, an...
Scenarios
 On Monday morning a staff member approaches you over something they have seen on
facebook over the weekend. Tw...
Summary 1: Social Media
You should now be able to answer the following:
 What is Social Media?
 Provide some examples of...
Summary 2: Data Protection
You should now be able to answer the following:
 Who are Data Subjects, Controllers and Proces...
Actions for You!
All policies relating to this presentation have been sent via email this morning. You
need to ensure you ...
Thank you for your time
QUESTIONS
?
Appendices: Policies and
Procedures
Managers: Click attachments to open and print the relevant policies.
 IT Acceptable U...
Social media & data protection policy v1.0 141112
Social media & data protection policy v1.0 141112
Social media & data protection policy v1.0 141112
Social media & data protection policy v1.0 141112
Social media & data protection policy v1.0 141112
Social media & data protection policy v1.0 141112
Social media & data protection policy v1.0 141112
Upcoming SlideShare
Loading in …5
×

Social media & data protection policy v1.0 141112

280 views

Published on

Presentation presented to employees in a previous role. Unfortunately corporate identity has had to be removed, however content is still relevant to policies and legislation

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
280
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • 1 - Title
  •  2 – Contents – read through, expand where necessary
  • 3 – Title slide
  • 4 – What do you think Social Media is?Get them to try and define before clicking to reveal.
  • 5 – mini quiz
  •  6 – Other forms of Social Media - Give examples for each row 6 still – Other examples of Social Media: picasa, flickr, meetup.com, skype, Slashdot, stumbleupon, wiki, reddit, blogger, 4square, soundcloud, Spotify,
  • Note responses on Flipchart 7 – Discussion – What type of issues have you dealt with in this area? **Use flipchart for responses**Facebook – ringing sick, being on it when sick, arguments out of work? Disaster recovery day, photo’s of drinks on Facebook***Click for “Can you think of any other types of responses that could cause a problem?Receiving inappropriate messages? Email going around about us being sold off?
  •     8 – Employee Guidelines**Don’t post any information that could be damaging to our (and potentially your) reputation. Anything that constitutes bullying, harassment or discrimination Anything that is confidential in natureAnything that would breach Data Protection lawsAnything that breaches copyright lawsAnything that could damage working relationships with other employees/clients
  •  9 – Employee Guidelines continuedAnything that can be construed as controversialAnything that is dishonest, untrue or misleadingAnything with company logos or trademarks (unless authorised)Using your company email address for non work related activitiesAnything anonymously that breaches this policy
  •   10 - TOOLBOX TALK - send out now -   
  •  11 – Management Guidelines to Social Media Personal Social Media Use at work – can use in breaks/before and after workPersonal Social Media Use in private life – Must respect their right to a private liftHave a duty to protect reputationDisciplinary options are available.
  •  12 – Preece v Wetherspoon (handout) Read through handout, get some idea’s.
  •  13 – Preece V Wetherspoon – the verdict – read off screen
  •  14 – Preece V Wetherspoon Learning Points – Read through and expand if necessary 
  •      15 – Title – Using Social Media in the Workplace  We have to give certain considerations We have to be aware of potential Impacts
  • Read off slide
  • Read off slide
  • handout
  • Read off slide
  •  22 - List of policies, re-iterate packs have been sent out
  • Read out
  • Read out
  • Read out
  • Read out
  • Read out
  • VALID AS OF NOVEMBER 2012 – MAYBE NOT RELEVANT IN FUTURE
  • 30 – DPA – Subject Access RequestIf a request is made at the NOC (on click)
  • 31 – DPA – SAR 2 – scenario’s – which involve personal data?Yes, personal dataIf all team members details included, no, if just her stats, yesNo, she is not the recipient of the email.Yes, personal data
  • 32 – DPA – SAR – Witholding Data – (without prejudice – consequence free conversations)
  • 33 – DPA – Breaching DPA? – for discussion, all answers are “possibly”
  • 34 – DPA – top ten tips
  • 35 – DPA enforcement – maximum fine amount??? £500 000 – on click
  • 36 – scenario’s 1 – Updating facebook with Selfridges shopping list2 – Colleague described as “an incompetent waster” What would you do? - briedf discussion
  • 37 – scenario’s 1 – Colleague calling another something discriminatory 2 – Employee finds documents relating to staff performance. What would you do? Brief discussion
  • Valid as of November 2012
  • Appendices – relevant policies, up to date as of November 2012. Will not be kept up to date in future.
  • Social media & data protection policy v1.0 141112

    1. 1. 1 DS 061112
    2. 2. Contents 1. What is Social Media?  Employee guidelines for using Social Media  Management guidelines for using Social Media 2. Case Study: Preece v Wetherspoon 3. Using Social Media in the Workplace  Social Media Case Law 4. Relevant Policies and Procedures  Acceptable Use Policy 5. Data Protection Act  Subject Access Requests  Breaches, enforcements, penalties 6. Scenario’s 7. Summary 2
    3. 3. What do you think “Social Media” is? Company Policy states: “Social Media is defined as any mechanism or system that allows individuals the ability to express or share personal views or comments with the Public” Wikipedia states: “Social Media employ web and mobile-based technologies to support interactive dialogue … using social software which mediates human communication” A Generic Understanding: Anywhere (usually online) a person can share an opinion that can then be viewed by others in the future. 4
    4. 4. Examples of popular social media sites 5 Twitter Facebook LinkedIn Myspace Reddit Yammer Friends Reunited Google + Bebo
    5. 5. Other Social Media outlets Most websites include some form of Social Media, even if the site itself exists for other reasons. Some examples are: Comments – Online newspapers, BBC news site etc. Blog posts/comments– Online opinions Reviews – Leaving feedback on products/services Forum posts – Chatting in online groups Photo Sharing sites Apps – Public chats Recognise any other logo’s? 6
    6. 6. Employee Guidelines for using Social Media Discuss: What type of issues have you dealt with in this area? Or are familiar with? Can you think of any other issues that could cause a problem? 7
    7. 7. Employee Guidelines for using Social Media Golden Rule: Don’t post any information that could be damaging to our (and potentially your) reputation.  Anything that constitutes bullying, harassment or discrimination  Posting negative opinions of others online, spreading rumours, e.g. , relating to race, gender, religion etc.  Anything that is confidential in nature  Leaking information about the company, e.g. Contracts wins/losses etc.  Anything that would breach Data Protection laws  Any leaks of employee’s or client’s personal or sensitive data , e.g. Employee or Client contact details  Anything that breaches copyright laws  Any publication of copyrighted materials into the public domain, e.g. Taking information from one company to a rival company for competitive advantage  Anything that could damage working relationships with other employees/clients  Sharing any sensitive information without relevant consent e.g. Client performance data 8
    8. 8. Employee Guidelines/Use of Social Media  Continued……  Anything that can be construed as controversial  Pointing out conflicts of interest publicly, courting the media  Anything that is dishonest, untrue or misleading  Lying about job conditions, company performance  Anything with company logos or trademarks (unless authorised)  Using logos to lend authority to a web identity, or to joke about or degrade the company image  Using your company email address for non work related activities  Running personal business, excessive personal emails  Anything anonymously that breaches this policy  Attempting to hide your identity while committing any of the above breaches of policy 9 The Employees Guide to Social Media has been distributed in your Social Media pack this morning
    9. 9. Employee Guidelines Toolbox Talk To help you all ensure your employees adhere to the Employee Guidelines for Social Media, a Toolbox Talk has been prepared for Team Managers to distribute You will need to go through the presentation with all your staff and record completion. The presentation goes through:  What is Social Media?  Why have a Social Media policy?  Employee Guidelines for using Social Media  This will be distributed now and must be completed by 30/11/12. Email noctraining@ourcompany.com when these are complete so they can be included in the month end report 10
    10. 10. Management Guidelines to Social Media  Personal Social Media Use at Work:  Employees can use the internet for personal use, including restricted use of social networking sites before/after work or during breaks.  Personal Social Media Use in Private Life:  The company should respect their employees right to a private life and understand that social media networking sites are now part of everyday life  However, the company have a duty to ensure that employees are protecting their and our reputation when using social media.  Any breach of the company policies could amount to gross misconduct.  Any misuse of social media will be fully investigated and could lead to disciplinary action.  We reserve the right to monitor internet and email use (Acceptable Use Policy). 11 The Managers Guide to Social Media has been distributed in your Social Media pack this morning
    11. 11. Preece v Wetherspoon: the Verdict Ms Preece:  Was dismissed on the grounds of gross misconduct:  Her actions were deemed to have been inappropriate, in breach of company policy, and identified Wetherspoon’s specifically  She appealed this decision however was unsuccessful and her dismissal was upheld.  She then brought a claim to the Employment Tribunal for unfair dismissal. Her claim was dismissed . Reasons:  Despite her comments being posted with private settings, they were still in the public domain.  Even if she had posted the comments at home not within work, the Tribunal believed that Wetherspoon’s would have still have had the right to act in the same way.  Her right to freedom of expression could be restricted if the comments posted could damage reputation, i.e. her employers. 13
    12. 12. Preece v Wetherspoon: Learning Points Key learning points of Preece v Wetherspoon case: • It highlights the importance of having a Social Media policy • Formalises acceptable and unacceptable behaviours in a changing environment • Defining key terms such as blogging and provide examples • Ensuring clarity for both parties to ensure understanding • Clarify the sanctions if the policy is breached • Again, ensuring clarity for both parties • Have a clear and concise disciplinary policy listing examples of gross misconduct (MORE ON THAT TOMORROW/NEXT WEEK) • Ensuring employees are made aware of unacceptable behaviours and any potential disciplinary sanction • Any breaches of policies should be dealt with fairly and consistently so an employer is in a strong position to defend any potential claims. • Having a policy in place ensures the company can treat staff fairly and consistently, and ensures staff in all corners of the country are able to apply the policy equally 14
    13. 13. Social Media and Employee Misconduct As Social Media can be used at any time inside or outside of work, the human rights of your employees must be considered: European Convention on Human Rights (ECHR) Article 8 provides a right to respect for private and family life. Article 9 provides a right to freedom of thought, conscience and religion. These articles must be taken into account to ensure we cannot irresponsibly intrude into our employee’s private lives, or tell them what they are/are not allowed to think/believe.; However this must not compromise existing legislation and company policies. 16
    14. 14. Potential Negative Impacts in the Workplace While there are many advantages to social networking in the workplace, ( building a wider contacts network, opening communication channels), there are also potentially negative impacts, such as:  Drop in productivity with excessive use of social media  Reputational damage by personal views being construed as Company opinions  Operational damage by leakage of confidential information Recent improper use has led to this policy being drawn up along with the guidelines. 17
    15. 15. Social Media Case Law: Flexman v BG Group The Current Situation: The dispute over Mr Flexman’s profile led to his resignation following a breakdown in his relationship with senior executives.  In October 2012, the tribunal found BG Group’s delay in dealing with the case, and the failure to address a grievance complaint brought by Mr Flexman, meant he was fully entitled to quit in June 2011 and claim constructive dismissal.  It found the firm guilty of a “serious breach” of contract.  A second hearing will take place in November to determine Mr Flexman's compensation.  A BG Group spokesman said: “We are aware of this initial ruling and are studying the reasoning in detail as well as examining all options open to us in line with the legal process.” 19
    16. 16. Relevant Policies & Procedures The following policies all relate to Social Media use in the workplace. A “Social Media Pack” containing these policies has been emailed to all Managers this morning:  IT Acceptable Use Policy  Disciplinary Procedures  Social Media Policy  Managers Guide to Social Media  Employee Guide to Social Media 22
    17. 17. Acceptable Use Policy Acceptable Use Policy documents are handed out during induction of new starters. These documents must then be signed on an annual basis and submitted to the Site Security Liaison Officer.  The company expects that its computer facilities to be used in a professional manner. E-mail and internet is provided at its own expense and for business purposes only  Any personal use by company employees, temporary staff, sub-contractors, contractors or third parties must not interfere with the normal business activities of the company and should not involve solicitation, personal profit and must not potentially embarrass the company.  Material that could be considered offensive must not be accessed, viewed, downloaded, uploaded, copied, stored, printed or transmitted using company computer systems.  When using these technologies, employees are representing the company. Corporate email and internet activities can be traced back to an individual within a company, and both the company and the individual will be held responsible for defamatory or illegal content. 23
    18. 18. Acceptable Use Policy – Management Responsibilities All Managers are responsible for ensuring employees, contractors and third party users:  Are properly briefed on what is considered acceptable use prior to being granted access to sensitive information or information systems  Are provided with any relevant guidelines to show expectations of acceptable use  Are advised to fulfil the acceptable use policy  Continue to have appropriate skills and qualifications necessary to comply with the policy  Are provided with the maintenance cover and technical support for the computer and IT departments approved associated equipment  Are provided with the software required to enable the Employee to carry out HisHer duties  Are protected by ensuring compliance with license agreements for any software provided to carry out their duties  Policies must be signed at induction and submitted to the Site Security Liaison Officer. 24
    19. 19. The Data Protection Act The Data Protection Act (DPA) 1998 defines UK law on the processing of data related to a person who can be identified from that data. The DPA controls how personal data of a data subject is:  used by data controllers or  processed on their behalf by data processors. Data Subject: An individual who is the subject of personal data Data Controller: A person who determines the purposes for which, and the manner in which, data is processed (now and in the future) Data Processors: Any person who processes the data on behalf of a Data Controller 26
    20. 20. The Data Protection Act Types of Data under the Data Protection Act  Personal data is any information which can identify an individual. This includes any expressions of opinion about the individual.  Sensitive personal data includes the individuals' race, ethnic origin, sexuality, religion, health, trade union status, political beliefs or criminal record. There are 8 Principles to follow under the DPA when dealing with Personal (and Sensitive) Data 27
    21. 21. Data Protection: 8 Principles The key principles for personal data are that they will be:- 1. Processed fairly and lawfully 2. Processed for specified and lawful purposes 3. Accurate and up to date 4. Adequate, relevant and not excessive 5. Only held for as long as necessary for the purposes requested 6. Processed in accordance with the rights of data subjects, e.g. individuals have the right to have data about them removed 7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage 8. Not transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. 28
    22. 22. Data Protection: Elearning  New Elearning module available, to be completed by latest 21st December  To ensure all staff can adhere to our Data Protection policy.  This is Data Protection, AND Code of Conduct 2  Will chase both up as they are both mandatory for all employees. Details of how to locate and complete both the Data Protection and the Code of Conduct 2 elearning modules will be emailed out this afternoon/tomorrow morning with initial completion data (Data protection likely to be 0%), and updates will be sent out weekly, the same way as the first set of modules were chased. Supervised elearning sessions will also be arranged again, if required. 29
    23. 23. Subject Access Request  Individuals are have the right of access to their personal data within reason by submitting a subject access request.  Requests must be in writing and a fee may be required (normally £10) which must be paid up front.  We must respond within 40 days from the date that the request is received. If a request is made in the NOC: If anyone wants to raise a Subject Access Request, discuss their requirements with them, as often they will require specific information that can be filtered, e.g. across date ranges or relating to specific matters , rather than having to find and supply everything about the employee. Searching for data: Find emails and manual files across relevant date ranges using specific senders and recipients and the use of initials, employee numbers and nick names. 30
    24. 24. Subject Access Request Which of the following would be personal data that may need to be used to comply with a subject access request? The individual requesting the data (the data subject) is Jane Roe who has worked for the company for 3 years.  An email to Jane Roe regarding their internal application? Yes, this is personal data  An email to everyone in one team about their performance/sales figures including for the data subject Jane Roe? If all team members figures are included, then no. If the email just shows Jane Roe’s data, then yes  A reference provided to Jane Roe’s prospective new employer? No, as she is not the recipient of the email  Details of a recent grievance raised by Jane Roe whereby she has requested for all data relating to her employment? Yes, this is personal data 31
    25. 25. Withholding data from Subject Access Requests Withholding Data Reasons to withhold data are as follows:-  Legal correspondence for the purpose of seeking advice  Confidential management planning  Any “without prejudice” discussions and negotiations  Confidential references, if the data subject is not the recipient  Prevention and detection of crime  Relating to corporate finance Third Party Data If a data controller needs to disclose information relating to another individual who could be identified, they are not obliged to comply with the request unless:-  The other individual has consented  If it is reasonable to disclose without consent (details can be kept anonymous) 32
    26. 26. What is a Breach of Data Protection? Which of the following could potentially constitute a breach of data protection:-  A copy of an employee’s 121 performance review notes being left face up on a manager’s desk in the office?  Copies of work orders/Documents on the fax machine/Printer?  Salary details for senior management/directors being shared with company employees?  An email from a manager to his/her team summarising performance statistics?  An employee discussing a colleague’s recent disciplinary meeting details whilst on the telephone on the train?  Accessing company policies as an employee? 33
    27. 27. Top Ten Tips for Complying with Data Protection  Check who is in the email trail when forwarding/replying to all  Use an appropriate volume and tone whilst on the phone  Collect documents from the printer immediately after printing  Consider thin meeting room walls – who can hear next door?  Keep passwords secret and do not write them down  Password control – Use different letters, numbers and symbols  Keep laptops securely locked and store them out of sight when not in use  Report the loss of any IT equipment immediately  Consider the location of where you carry out work on your laptop, e.g. train  Lock your computer whenever you step away from your desk 34
    28. 28. Data Protection Enforcement & Penalties  Assessments made by the Information Commissioner  Enforcement notice  Court order to comply  Compensation – damage and distress  Right to prevent processing – if likely to cause substantial damage or distress  Right of rectify, block, erase or destroy  Monetary penalty notice The maximum fine is £500,000. 35
    29. 29. Scenarios  A member of your team has reported that one of their colleagues seems to always be on Facebook during work, and is updating her profile with pictures of shoes, clothes etc. that she is copying over from the Selfridges website. They’ve asked if something can be done as the contract is so busy. What would you do?  One of your colleagues in the business has seen an email chain whereby earlier in the email you have been described by a member of your team as an incompetent waster. How would you handle this? 36
    30. 30. Scenarios  On Monday morning a staff member approaches you over something they have seen on facebook over the weekend. Two colleagues have called him/her something which could be perceived as discriminatory. What action would you take?  A trade union rep has complained that one of their members who is an employee has found documentation by their manager relating to staff performance in their local cafe. How would you handle this? 37
    31. 31. Summary 1: Social Media You should now be able to answer the following:  What is Social Media?  Provide some examples of Social Media sites?  Why we have a Social Media policy?  And you have the policies and guidelines you and your team are expected to follow from now on. Question: What will you do differently now in relation to your own use of Social Media?
    32. 32. Summary 2: Data Protection You should now be able to answer the following:  Who are Data Subjects, Controllers and Processors?  What Personal Data and Sensitive Personal Data is?  Know the 8 principles for dealing with Personal/Sensitive Data?  Know how to action a Subject Access Request?  And you have a copy of the policy to allow you and your team to adhere to Data Protection policy Question: What will you do differently now in relation to your use of Data? I.e. ensuring it is Protected
    33. 33. Actions for You! All policies relating to this presentation have been sent via email this morning. You need to ensure you have an awareness of issues that may arise as a result of the introduction of these policies You need to hold a buzz session to distribute to Toolbox Talk to your staff detailing the Social Media policy and its effects. This has been written for you and emailed to you. This Toolbox Talk needs to be distributed to all operational staff by 30th November. You and your staff need to complete the new Data Protection and the new Code of Conduct 2 Elearning modules – chase emails will be sent out regularly as per Sustainability/Code of Conduct 1. Both these modules must be 100% complete by 21st December.
    34. 34. Thank you for your time QUESTIONS ?
    35. 35. Appendices: Policies and Procedures Managers: Click attachments to open and print the relevant policies.  IT Acceptable Use Policy  Disciplinary Procedures  Social Media Policy  Managers Guide to Social Media  Employee Guide to Social Media 42

    ×