You may be familiar with social networking sites that provide individuals with opportunities to create a personal profile and ways to interact with each other online. Some of these sites include MySpace, Facebook, Friendster, LinkedIn, LiveJournal, Twitter and Bebo, to name a few. The Privacy Commissioner has created a document you may not be aware of that discusses privacy implications for employees who use social networking in the workplace.
Why is this an issue? Some organizations allow employees to access and use their social networking sites while they are at work, either during work time or during their break times. In some cases, organizations create their own internal sites for employees to interact in a similar fashion—it can be helpful in work situations. Either way, there are privacy implications for employees. Consequently, it is important for employers to create privacy policies and policies regarding the appropriate use of social networking sites in the workplace.
What are the privacy implications for employees? The sad truth is, most people think that their social networking sites are private; however, this is not quite true. The information in these sites can be accessed by current and potential employers, recruitment agencies, competitors of the employer, the government and law enforcement, and others. Some users are nonchalant about their privacy settings and may not realize the implications until much later—until it is too late.
With respect to monitoring of employee social networking use, employers are recommended to make sure employees understand existing workplace policies and any monitoring of their social networking sites by the employer so things are clear from the outset. Employees need to understand that when they use these sites at work in a workplace context, their personal information can be collected, used or disclosed by the employer. Employers need to know that any tracking of employees is subject to applicable privacy legislation that must be complied with.
In addition to helping employees understand that their information that is posted online gains a sense of permanence and can be circulated and searched by others, employers are recommended to inform employees about the consequences of inappropriate disclosure on social networking sites—they need to understand the possible consequences of an improper or unintended disclosure, including:
- a defamation lawsuit;
- copyright, patent or trademark infringement claims;
- a privacy or human rights complaint;
- a workplace grievance under a collective agreement or unfair labour practice complaint;
- criminal charges with respect to obscene or hate materials;
- damage to the employer’s reputation and business interests.
Plainly put, the Privacy Commissioner urges that legal responsibility for damages from an inappropriate disclosure could potentially rest with individual employees, management or the organization as a whole.
One can see why it is important for employers to develop and communicate a clear policy on social networking use at work. The Privacy Commissioner states that, while many employers have guidelines and codes of conduct for email and Internet use, social networking creates different privacy challenges which should be specifically addressed in conjunction with these other workplace rules. These rules and policies regarding social networking must be communicated clearly to the employees.
More specifically, the Privacy Commissioner states that the policy should generally establish best practices and outline expectations for acceptable use of social networking use in the workplace, set out the consequences of misuse, and address any workplace privacy issues. The policy should touch on:
- whether the organization permits the use of personal or employer–hosted social networking use in the workplace;
- if it is permissible, the context and purposes for which it may be used;
- whether the employer monitors social networking sites;
- what legislation applies to the collection, use or disclosure of personal information in the workplace in that particular jurisdiction;
- what other rules may apply to the use of social networking in the workplace (collective agreements; other relevant legislation);
- the consequences of non-compliance with the policy; and
- any other existing policies about the proper use of electronic networks with respect to employee privacy and handling confidential information.
In a nutshell, is important for employers to use plain language and make it clear as to why it is important to keep some personal and corporate information confidential or undisclosed. At the same time, it is important for employers to recognize that they need to use their judgment, be reasonable, and comply with applicable privacy and other legislation if they decide to collect, use or disclose personal information from social networking sources.
The Privacy Commissioner states:
A privacy-friendly workplace calls for fair use of information by all parties
- The antitrust case against Google - November 17, 2023
- Voluntary Code of Conduct on the Responsible Development and Management of Advanced Generative AI Systems released - October 20, 2023
- Privacy Commissioner of Canada releases Annual Report - September 22, 2023