"I recall when a misdirected reply-to-all email was the toughest thing you had to think about at work."
Joann Lytle, a partner at Philadelphia law firm McCarter & English, understands that things have changed. Furthermore, there are many avenues for workers and companies to get themselves into legal trouble these days via electronic communications and social media platforms such as Facebook, Twitter, YouTube, Linked In, and others.
Businesses use social media for advertising, providing customer support, performing analysis, and even recruit staff, according to Jennifer Reno, risk manager at the shopping network QVC. It is common because, in comparison to other types of marketing, it is relatively inexpensive.
However, low-cost social media can lead to unforeseen high costs if it is not properly handled or insured, according to experts. Employees and employers also can misuse the system.
"In essence, people can make rash, ill-considered remarks as a result of the pace and ease with which they can communicate. There's no anonymity, and there's no filter. This is a permanent record, and clearly, rules and case law are still in their infancy and change daily," Reno explained.
Employees, in particular, are susceptible to misusing social media. "They can indulge in bullying, intimidation, complaining about their boss, sharing confidential details, security breaches, and union organizing," Reno continued, adding that "youthful indiscretions" can pursue people throughout their careers.
Privacy rights violations are among the most common risks.
After a clinic employee shared a picture of her and the fact that she had tested positive for a sexually transmitted disease, a Minnesota woman filed a lawsuit against the clinic. Since the website where the photo and comment were posted was a personal page of the employee and not one managed by the company, the employer was not liable.
"You might imagine the outcome if the employee had done it on company premises with her mobile device," Lytle speculated. Employers who encourage workers to use their own devices at work without any limitations, she said, should consider the risks involved.
A hospital employee was fired, according to Reno, for tweeting her boyfriend's ex-medical girlfriend's background. Another case involved a nurse who shared information about a child admitted to the hospital with measles on a Facebook anti-vaccine page. Her Facebook profile mentioned the nurse's name and place of employment.
By visiting an employee's restricted site and disclosing information to others, an employer could infringe on their privacy rights. According to Reno, 26 states have passed legislation prohibiting employers from demanding or needing passwords to their employees' internet accounts.
Employees who use their email or other accounts for work purposes without their employer's permission cause problems.
Lytle cited a case from 2019 in which an employer permitted an employee to use a personal Dropbox account for work-related purposes. There were both work-related and personal files in that password-protected Dropbox account. Some personal images included pictures of parties and the employee's boyfriend, which Lytle described as "borderline explicit." The company's IT administrator accessed the Dropbox account's username and password, discovered the images, and forwarded them to company executives. After being forced to leave, the employee filed a lawsuit. While the employer claimed that the Dropbox folder containing the employee's images was a work account, the court found that the employer's conduct invaded the employee's privacy.
"If there were some arguments that the employee had saved or even accessed the images from Dropbox on a work machine, the outcome may have been different, changing the presumption of privacy. So, depending on what their workers do and how the employer responds, there are ways an employer can get into serious trouble," Lytle said.
Lytle shared another example from California, in which a school principal discovered negative remarks about the school on MySpace and shared them with the local newspaper. After receiving death threats, the former student and her family were forced to relocate. They filed lawsuits against the journal, the principal, and the school board. The court dismissed the lawsuit because "no rational person will have any presumption of privacy after posting anything like that on MySpace," according to the court.
Managing the Risk
Even before considering insurance, Reno stressed employers' value having a system to handle social media risk. She urges employers to create and assign a social media usage policy to their workers.
She said, "You do need to know what your business, your staff, and your management are doing on social media." "What is the aim of your social media marketing site, as well?"If it's something that needs to be resolved, they'll answer to the poster and make sure it gets some kind of resolution.
It's also crucial to have a control system in place. "You want to be able to trust everybody, but you can't trust everyone. You will want to know how your staff is using [social media] and how they are promoting your products on it," she said.
The framework should also include a complaint resolution process.
"We track our social media on a minute-by-minute basis and use it to make sure that if consumers should genuinely complain about the format of a show, what someone is wearing, or a reporter, the information is communicated to a variety of departments," she said.
Reno advises that in cases where negative remarks can harm a company's image, it's better to respond as soon as possible. "Taking full responsibility is the most important thing. Make no excuses, and respond right away. There should be no more than a day's delay; ideally, it should be within hours, if not minutes.
Reno believes that risk assessment should be completed before insurance is considered because it allows an insured to "present the best face forward" to underwriters. "So you're not only giving them spam, but you're giving them a constructive approach to social media," she said.
To understand how specific exclusions could apply, Lytle emphasized the importance of reading the entire policy, such as a standard ISO commercial general liability policy with provisions for personal and advertising injury liability.
According to Lytle, it's also crucial to double-check whether the policy covers the company or entity.
Insureds can turn to other coverages, such as work practices liability insurance if CGL exclusions apply. This may be relevant if an employer fires an employee after looking at his or her social media accounts or if an employer chooses between two candidates after looking at their social media and discovering one is pregnant, or if an employee alleges a toxic work environment after some coworkers engaged in text abuse or cyberbullying.
"Each of these scenarios could result in a wrongful termination, discrimination, or hostile work environment lawsuit," Reno said.
Defamation, libel, slander, theft, plagiarism, piracy, misappropriation, or violation or interference with an individual's right to privacy are all covered by specialized media liability insurance, essential to QVC since it is a broadcaster, she added.