Managing the legal risks: Social Media in the workplace


Published on

Andrew Allison talks about the legality behind Social Media in the workplace and how to manage the legal risks.

Published in: Business, Economy & Finance
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Managing the legal risks: Social Media in the workplace

  1. 1. Managing the Legal Risks:social media in the workplace
  2. 2. If you want to learn about risk, give mining a try
  3. 3. …and morespecifically, try gold mining
  4. 4. So what does gold mining have to do with social media?
  5. 5. Translating and applying the mining industry’s risk management framework to the office environment
  6. 6. International Organization for StandardizationISO 31000: family of standards “to provide principles and generic guidelines on risk management”
  7. 7. What is risk?“The effect of uncertainty on objectives, whether positive or negative”
  8. 8. Risk management steps1. identify 2. assess 3. prioritise 4. treat
  9. 9. Risk treatment1. eliminate 2. mitigate 3. share 4. accept
  10. 10. So what is the biggest single source of risk in the office environment?
  11. 11. these guys
  12. 12. Vicarious liability(employer’s general risk)
  13. 13. What is vicarious liability?Strict – or “no fault” - liability of an employer forthe conduct of an employee acting in thecourse and scope of employment.
  14. 14. Bezuidenhout NO v Eskom 2003
  15. 15. Managing the risks posed by vicarious liability1. identify 2. assess 3. prioritise 4. treat
  16. 16. Treating the risks posed by vicarious liability1. eliminate 2. mitigate 3. share 4. accept
  17. 17. …and sowhat about social media?
  18. 18. Step 1. IdentifyConduct: use of social media in the workplace
  19. 19. Step 2. Assess
  20. 20. Defamation Confidentiality4 specific risks Personal Information Intellectual Property
  21. 21. Defamation Confidentiality1st risk Personal Information Intellectual Property
  22. 22. Defamation“the intentional and wrongful publication of words orbehaviour to a third party which has the effect(objectively viewed) of injuring or undermining aperson’s or entity’s good name, status or reputation”
  23. 23. DefamationThe internet has increased the scope of and riskassociated with defamationThere are now more ways in which publication mayoccur
  24. 24. RememberDefamation includes the repeating,confirmation or proliferation of defamatorycontent……so beware of republishing, email forwarding,linking and retweeting.
  25. 25. …and, of course,vicarious liability
  26. 26. Defamationeliminate > mitigate > share > accept
  27. 27. Eliminate> Lock employees out of social media sites> Limit access for work purposes only
  28. 28. Mitigate> Training> Internet usage and email policies> Communications and brand guidelines> Management pre-approval of publications
  29. 29. Share> Disclaimers on digital properties> Website terms and conditions> Insurance
  30. 30. AcceptHope for the best and deal with it if it happens
  31. 31. “psychotic, lying, whoring, still-going- to-clubs-at-her-age skank”This guy shot JFK
  32. 32. Defamation Confidentiality2nd risk Personal Information Intellectual Property
  33. 33. Pretty much all well-drafted commercialagreements these days containconfidentiality – or non-disclosure –provisions of some sort or another.
  34. 34. …once again, vicarious liability
  35. 35. Confidentialityeliminate > mitigate > share > accept
  36. 36. Eliminate> Do not accept confidential material> Only accept what is strictly necessary
  37. 37. Mitigate> Training> Employment agreements and policies> Secure networks and robust IT infrastructure
  38. 38. Share> Well considered NDAs> Insurance
  39. 39. AcceptHope for the best and deal with it if it happens
  40. 40. Defamation Confidentiality3rd risk Personal Information Intellectual Property
  41. 41. The right to privacy is protected by theConstitutionHowever, there is currently no umbrella lawgoverning privacy of personal information inSouth Africa
  42. 42. Chapter 8 of ECTA contains a data protection“Code of Good Practice”, but compliance isvoluntary.If adopted, the principles should be included inwebsite privacy policy and consequences ofbreach should be clearly stipulated.
  43. 43. Enter the Protection of PersonalInformation Bill (POPIA)
  44. 44. POPI the intention> To give effect to the Constitutional right to privacy> To regulate the collection/processing of personal information> To provide individuals with rights and remedies> to establish an Information Protection Commission
  45. 45. POPI Section 10Personal information may only be processed:> with the data subject’s consent> if processing is necessary for completion of a contract> if it protects a legitimate interest of the data subject> if in compliance with an obligation imposed by law> if in pursuance of the legitimate interests of the processor
  46. 46. Direct MarketingOpt-in versus opt-out
  47. 47. Direct marketing Opt outECTA (section 45) and the CPA (section 11) both requiredirect marketers to provide recipients with an option to “optout”The CPA envisages an “opt out” registry (like that of theDMMA), but this has not yet been implemented.
  48. 48. Direct marketing Opt inPOPI, however, will implement an “opt in” framework,mirroring the approach being adopted in Europe.
  49. 49. Direct marketing Opt inDirect marketing is prohibited except:> with specific consent of the data subject> to customers, where: > the processor has obtained personal information in the context of a sale > for marketing of processor’s similar products/services > if data subject has been given opportunity to object or opt out (free of charge)
  50. 50. Direct marketing Soft opt inIn the UK, the implied “opt in” is known as a “soft opt in”.It applies also in the context of negotiations leading up to asale.
  51. 51. …you know thescore by now
  52. 52. Personal Informationeliminate > mitigate > share > accept
  53. 53. Eliminate> Do not collect/process personal information> Only collect what is strictly necessary
  54. 54. Mitigate> Training> Internal policies and guidelines> IT and online security> Compliance with ECTA, CPA and POPIA> Regular audits
  55. 55. Share> Detailed commercial agreements> Website terms and conditions> Insurance
  56. 56. AcceptHope for the best and deal with it if it happens
  57. 57. Defamation Confidentiality4th risk Personal Information Intellectual Property
  58. 58. What is IP?“A work or invention that is the result ofcreativity, such as a manuscript or a design,to which one has rights and for which one mayapply for a patent, copyright, trademark, etc.”
  59. 59. Intellectual Property Copyright Trademark Patent
  60. 60. COPYRIGHT
  61. 61. What is copyright?“A proprietary right which arises automaticallywhen an author reduces an idea to a materialform.”
  62. 62. What is copyright?No requirement for registration (in SA)Copyright can be: > assigned (must be in writing and signed) > licenced
  63. 63. Breach of copyrightBreach or infringement of copyright may be:> direct (guilty knowledge is not a pre-requisite)> secondary/indirect (unauthorised dealing)> contributory (facilitation of infringement)
  64. 64. Important!Copyright in work produced by employee in thecourse of employment vests with employerOnline properties often comprise of many differentcopyrighted assets
  65. 65. TRADEMARKS
  66. 66. What is a trademark?A mark which distinguishes a person’s goodsor services (requirement of distinctiveness)Must be registered with CIPC and renewedevery 10 years
  67. 67. Breach of TMInfringer’s mark is confusingly similar in respect of the samegoods/services (reasonable likelihood of confusion)Infringer’s mark is identical or similar to a registered mark inrespect of similar goods or services
  68. 68. Breach of TMDilution of trade mark:> by blurring (dilution of uniqueness; may be different or non- competing goods/services)> by tarnishment (negative/offensive use of TM)
  69. 69. Meta tags and PPCA common sense approach should be employed (certain bonafide uses protected under Trade Marks Act)> purely descriptive purposes (advertising products on an e- commerce site) would generally be ok> use of a competitor’s marks to deceive or lure consumers would generally not be ok
  70. 70. In depth – trademark This is Terri Welles
  71. 71. Intellectual Propertyeliminate > mitigate > share > accept
  72. 72. Who ownsyour twitter account?
  73. 73. …or who isusing it??
  74. 74. Eliminate> Use only proprietary material> Limit access to the internet / social media
  75. 75. Mitigate> Training> Internal policies and guidelines> Provide access to stock content providers> Regular audits and management sign-off
  76. 76. Share> Detailed commercial agreements> Limit liability for 3rd party IP infringements> Insurance
  77. 77. AcceptHope for the best and deal with it if it happens
  78. 78. …back to mining
  79. 79. Risk management steps1. identify 2. assess 3. prioritise 4. treat
  80. 80. Risk treatment1. eliminate 2. mitigate 3. share 4. accept
  81. 81. the end