Risks associated with use of social media
August 2017 | SPECIAL REPORT: TECHNOLOGY RISK MANAGEMENT
Financier Worldwide Magazine
August 2017 Issue
Social media provides a unique opportunity for businesses to promote their brand, and interact and connect directly with customers and potential customers. However, the instant, informal and public nature of social media brings with it numerous risks, and the constant growth and development in this area can make it difficult for business to effectively manage these risks. This article considers some of the risks that businesses should be looking out for and how they can be minimised.
Defamatory and offensive content
Most social media platforms have in place terms of use which prohibit users from posting defamatory or otherwise damaging content. Despite this, businesses may nevertheless find themselves subject to potentially damaging statements or allegations (for example, unsubstantiated claims relating to the business’ services or philosophy, or criticism of an individual’s actions or character).
In these circumstances, the individual or business in question may have a cause of action under the law of defamation in respect of content published in the previous 12 months if it can show that the content lowers the subject in the estimation of right-thinking members of society and has caused or is likely to cause serious harm to the subject. Businesses could also find themselves liable if, after being put on notice, they fail to remove defamatory content posted by a third party about another third party. Businesses should carefully consider the content and tone of statements that they make on social media. A comment that one person considers to be amusing or generally in good taste may be considered offensive by another.
Advertising
Businesses should be aware that any content posted on their social media pages in connection with their products and services has the potential to be classified as an advertisement and therefore within the remit of the Advertising Standards Agency (ASA). User-generated content on social media pages can also be classified as advertising where it has been ‘adopted and incorporated’ into a business’ own marketing communications, e.g., where a business requests content from users and places that content on its social media page. Businesses are entitled to implement a reasonable moderation policy in respect of user-generated content, but if this policy involves the removal of all negative content, this is likely to be regarded by the ASA as excessive and therefore the user generated content would be within their remit. Where user-generated content is considered within the remit of the ASA, the CAP Code (which applies to non-broadcast advertising) will apply in full and businesses will need to make sure that their content is responsible and not misleading, harmful or offensive. The ASA may also have jurisdiction in respect of user-generated content over which the business has exercised editorial control, such as advertorials.
Confidentiality
What begins as an innocuous post by an over-enthusiastic employee about a new client or deal could lead to an action for breach of confidentiality, which will be costly and damaging to a business. Similarly, posting personal information about employees or third parties without first obtaining their consent could expose the business to claims arising from public disclosure or misuse of personal information, and be in breach of data protection law. Sending confidential communications over social media is unwise unless the recipient has agreed to this, and you are satisfied that the other party’s confidential information is not at risk (which you rarely ever can be).
Infringements of intellectual property rights
Content may infringe a third party’s intellectual property rights where, for example, the user has copied the whole or a substantial part of a work protected by copyright (e.g., posting photos or videos owned by a third party), or has used an identical or confusingly similar trademark for a commercial purpose without the owner’s consent (e.g., using a logo similar to another brand in order to promote their business on social media). Social media platforms will usually have a procedure for reporting infringements. Businesses should act quickly to enforce their intellectual property rights in order to prevent further infringements and recover any losses incurred as a result of any actual infringement. Equally, businesses must ensure that they have obtained any necessary licences or consents before posting any content that is owned by third parties.
Monitoring use
Although the terms of use on social media platforms will usually prohibit users from posting content that infringes a third party’s rights (and businesses should always familiarise themselves with these terms of use), infringing content may nevertheless be posted despite the platform’s best efforts to prevent this. In order to mitigate damage, businesses should have a policy in place to monitor social media for negative comments about the business or its products and services, and infringement of the business’ intellectual property. It is important not to ignore complaints, or misleading information posted about your business. A policy for responding to such posts should be put in place, and a response may require coordination by numerous individuals or departments across your business such as senior management, legal, public relations and human resources.
Implementing an employee social media policy
All businesses should put in place a social media policy for employees to ensure that social media is used in an appropriate manner. The policy should govern how employees use social media for business-related matters, as well as personal use, in order to protect the business’ intellectual property, its confidential information and that of third parties, as well as its reputation. However, the policy should not be excessively strict or impractical, as that may result in non-compliance. It should clearly set out what is and is not acceptable behaviour when using social media at work, and what employees can and cannot say about the business on social media. Compliance with the social media policy should be monitored and enforced in a uniform manner, and training on the policy and any relevant legislation should to be provided to all employees.
Purchasing insurance against social media claims
Although the risks can be minimised, they cannot be eradicated and businesses may find themselves the subject of proceedings relating to use of social media. The costs involved in defending such actions can be colossal. Therefore, when purchasing or renewing insurance cover, businesses should consider purchasing a policy that covers online liability. Additional insurance may be required to cover cyber liability (such as privacy, data breaches and data security), business interruption and liability for website consent.
Summary
In order to maximise the benefits of social media, businesses must first recognise and prepare for the risks associated with its use. A social media policy should be the first line of defence for all businesses against liability and damage to its reputation. Businesses must also implement effective monitoring of social media to bring infringing, offensive or unwanted content to a business’ attention as soon as possible, so as to mitigate any damage that may be caused. Although the risks can be reduced, they cannot be completely eliminated, and consequently businesses should consider purchasing insurance against social media claims.
Eitan Jankelewitz is a partner and Alicia Morton is a trainee solicitor at Sheridans. Mr Jankelewitz can be contacted on +44 (0)20 7079 0136 or by email: ejankelewitz@sheridans.co.uk. Ms Morton can be contacted on +44 (0)20 7079 0139 or by email: amorton@sheridans.co.uk.
© Financier Worldwide
BY
Eitan Jankelewitz and Alicia Morton
Sheridans
FORUM: Best practices in data loss prevention
Next generation of risk management meets the next generation of IT solutions
Cyber risk frameworks as a tool for improving cyber resilience
The danger within – tackling insider threats in the financial services sector
Developing a compliance strategy to meet data privacy regulations
Addressing the dark web challenge in the boardroom
The increasing importance of effective cyber security diligence in corporate transactions