I wanted to take this take a moment to send out a TWISML Hat tip to the authors of The Now Revolution, Amber Naslund (@ambercadabra) and Jay Baer (@jaybaer).
Amber and Jay were in St. Louis last week as guests of the Social Media Club of St. Louis (@smcstl) and were here to promote their new book: The Now Reviolution: 7 Shifts to make your business smarter, faster, and more social.
I had the unique opportunity to see Amber and Jay each individually speak about their book and also was in attendance at their joint presentation to the Social Media Club. (A special thank you to @standingpr, @at_law, and @lumiereplace for the invites to these great events). I also had the chance to catch a Cardinals game with Amber and I have to say that I came away impressed.
Amber and Jay have written a unique book which recognizes that Social Media isn't a job, and doesn't focus on Facebook, Twitter, Linkedin or any particular site. What Amber and Jay have done is attempt to help businesses understand that the real secret sauce behind social media is that it allows you to better understand, serve, and communicate with your customers. That's what's really important. Those companies that grasp this fundamental truth have a leg up on their competition.
Monday, April 25, 2011
Social Media Posts: What do you do with a "bad" post?
Businesses that are considering using social media often spend an inordinate amount of time worrying about what can go wrong. From the disgruntled customer, to the misguided employee, to the inarticulate spokesperson, there are indeed many things that can go "wrong" when using social media, however, the mere possibility that something could go wrong does not mean your company should go running for the exits.
In truth, things can go "wrong" in almost any area of your business and the mere fact that it occurs on social media has little to do with the media itself. When an employee goes AWOL and posts inappropriate or unflattering content, it has been said that "you don't have a social media problem, you have a hiring problem." Similarly, staying off of social media due to concerns that a customer may say something unflattering is really akin to stating that your business is unwilling to address complaints. (Thanks to Amber Naslund and Jay Baer authors of The Now Revolution, and a TWISML Hat tip preview). In reality, these issues are human resource and customer service problems which every business must address in one form or another. Social media just serves to magnify the problems.
An interesting area where these issues find an interplay with the law is what you do with "bad" posts once they are out there. While at first, it may seem reflexive to delete the post (if you are able), in many instances it might not be that simple.
A recent tragic case arising out of a dorm room incident at Rutgers University has brought about some potentially significant developments in this area of social media law. The case out of Rutgers arose when Dharun Ravi allegedly videoed his roommate Tyler Clementi's relationship with another student via webcam and distributed a link to that webcam via social media. After Clementi learned that his relationship had been broadcast he tragically took his own life. Charges were initially brought against Mr. Ravi alleging counts related to invasion of privacy. While these facts are tragic, what is particularly interesting when considering the application to social media law is that Ravi was also recently charged with tampering with evidence. (For a more detailed account of the incident, see article by Beth DeFalco of the AP Roommate charged with hate crime in N.J. Suicide).
While on its face, this case may seem unrelated to a business' use of social media, the tampering with evidence charges may provide a window into future developments. As with the evidence in this criminal case, a business that knows civil litigation is likely to arise has a duty to refrain from destroying relevant evidence. While, initially, it may seem perfectly reasonable for a business to delete offensive posts, or remove client complaints, this duty to preserve evidence makes it advisable to consider whether the post potentially relates to a larger legal issue.
Although these evidentiary considerations present potential problems, they do not mean that troublesome posts must be left up indefinitely. Even though the law directly relating to this kind of material is in many respects still being written, a business can provide itself with an added layer or protection through the use of a properly crafted social media policy. Addressing how your business will deal with this sort of material, setting up procedures on how to retain/store relevant posts, training employees on how to deal with these issues, and taking proper measures to ensure that you do not run afoul of the evidence tampering laws are all fairly easy ways to protect your business. As with many other legal issues, proper planning on the front end can help minor legal problems from developing in to major legal disasters.
Let me know what you think.
In truth, things can go "wrong" in almost any area of your business and the mere fact that it occurs on social media has little to do with the media itself. When an employee goes AWOL and posts inappropriate or unflattering content, it has been said that "you don't have a social media problem, you have a hiring problem." Similarly, staying off of social media due to concerns that a customer may say something unflattering is really akin to stating that your business is unwilling to address complaints. (Thanks to Amber Naslund and Jay Baer authors of The Now Revolution, and a TWISML Hat tip preview). In reality, these issues are human resource and customer service problems which every business must address in one form or another. Social media just serves to magnify the problems.
An interesting area where these issues find an interplay with the law is what you do with "bad" posts once they are out there. While at first, it may seem reflexive to delete the post (if you are able), in many instances it might not be that simple.
A recent tragic case arising out of a dorm room incident at Rutgers University has brought about some potentially significant developments in this area of social media law. The case out of Rutgers arose when Dharun Ravi allegedly videoed his roommate Tyler Clementi's relationship with another student via webcam and distributed a link to that webcam via social media. After Clementi learned that his relationship had been broadcast he tragically took his own life. Charges were initially brought against Mr. Ravi alleging counts related to invasion of privacy. While these facts are tragic, what is particularly interesting when considering the application to social media law is that Ravi was also recently charged with tampering with evidence. (For a more detailed account of the incident, see article by Beth DeFalco of the AP Roommate charged with hate crime in N.J. Suicide).
While on its face, this case may seem unrelated to a business' use of social media, the tampering with evidence charges may provide a window into future developments. As with the evidence in this criminal case, a business that knows civil litigation is likely to arise has a duty to refrain from destroying relevant evidence. While, initially, it may seem perfectly reasonable for a business to delete offensive posts, or remove client complaints, this duty to preserve evidence makes it advisable to consider whether the post potentially relates to a larger legal issue.
Although these evidentiary considerations present potential problems, they do not mean that troublesome posts must be left up indefinitely. Even though the law directly relating to this kind of material is in many respects still being written, a business can provide itself with an added layer or protection through the use of a properly crafted social media policy. Addressing how your business will deal with this sort of material, setting up procedures on how to retain/store relevant posts, training employees on how to deal with these issues, and taking proper measures to ensure that you do not run afoul of the evidence tampering laws are all fairly easy ways to protect your business. As with many other legal issues, proper planning on the front end can help minor legal problems from developing in to major legal disasters.
Let me know what you think.
Monday, April 18, 2011
Is Social Media information "valuable property"?
An interesting question was raised last week Claridge v. Rockyou, Inc. ((2011 WL 1361588 (N.D.Cal.)): Is the personally identifiable information ("PII") submitted to social media sights "valuable property"? Assuming the answer to this question is yes, an interesting corollary to the question, from a privacy perspective is: What are you doing to protect this valuable property? How your company answers both of these questions could have serious consequences.
THE CASE:
Here's what happened: RockYou develops and distributes applications and services for use on social media sites. Among the applications developed by RockYou are Gourmet Ranch and Zoo World. When customers sign up to use RockYou's applications, they are asked to provide an e-mail address, and registration password which RockYou stores. In certain instances, RockYou also requires customers to provide user names and password information necessary for accessing social media sites.
The Plaintiff, a registered account holder with RockYou, brought suit alleging that RockYou failed to secure and safeguard Plaintiffs PII, including email, passwords, and social media login credentials. Plaintiff alleged that while RockYou promised to safeguard user sensitive PII through a policy which stated that "RockYou! uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your information..." RockYou instead stored PII in clear or plain text which provided no encryption and easily allowed intruders to read and remove the information. Plaintiffs PII was therefore easily accessible to anyone with a minimal amount of hacking ability (of which this author has none).
Plaintiff alleged that instead of leaving the barn door open (to steal a phrase from Gourmet Ranch) RockYou could have followed any one of a number of commonly used methods of protecting PII.
While after reading the opinion, one wonders whether this initial security failure would have been enough to let the matter move forward, if Plaintiff's allegations are true, RockYou likely did not help itself when it delayed in responding to the warnings of a noted online security firm that there was a problem with its database. Specifically, the firm informed RockYou of a SQL injeciton flaw which would allow a hacker to introduce malicious code into a company's network. At some point it was alleged that at least one known hacker accessed the database and copied the email and social networking login credentials of approximately 32 million users.
Plaintiff alleged nine separate causes of action: 1) Violation of the Stored Communications Act 18 U.S.C. Section 2702; 2) Violation of California's Unfair Competition Law, Cal. Bus. & Prof. Code Section 17200; 3) Violation of California's computer Crime Law, Cal. Penal Code Section 502; 4) Violation of the California Consumer Legal Remedies Act, Cal. Civ. code Section 1750; 5) Breach of Contract; 6) Breach of implied covenant of good faith and fair dealing; 7) Breach of implied contracts; 8) negligence; and 9) negligence per se. The Court dismissed the majority of these claims, but allowed Plaintiff's breach of contract, implied contract, and negligence based counts to survive.
In allowing these counts to survive, the Court recognized the issue as whether the plaintiff had sufficiently alleged any actionable harm or concrete loss. Plaintiff's general allegations were that defendant's customers paid for its products and services by providing their PII, and that the PII constitutes valuable property that is exchanged not only for defendant's products and services, but also in exchange for defendant's promise to employ commercially reasonable methods to safeguard the PII that is exchanged. As a result, defendant's role in allegedly contributing to the breach of plaintiff's PII caused plaintiff to lose the ‘value’ of their PII, in the form of their breached personal data. See Claridge *4-5.
While the Court recognized that this theory was novel, it declined to hold as a matter of law that Plaintiff failed to allege an injury. Moreover, the Court specifically noted that the unauthorized disclosure of personal information via the Internet is itself relatively new, and likely to raise issues of law not yet settled by the courts. Finding that the Plaintiff's allegations of harm were sufficient to allege a generalized injury in fact, the case was allowed to move forward.
WHY IS THIS IMPORTANT?:The reason that I find this case particularly interesting is the potential messages that it sends to those companies who possess customer PII. While it is unquestionable that it is a good business practice to protect all client data, did RockYou open itself up to additional exposure by expressly promising to do so? Would the Court have found the same potential liability without the express provisions cited by the Plaintiff?(The breach of contract claim surely would have been more difficult to prove.) Would the claim have been different if RockYou had heeded the warnings of the security firm? What if it had basic protections that were nonetheless breached? An even more interesting question is whether the negligence claims would have been allowed to move forward even without the express promises of safety.
Another emerging issue which this case, and those that will surely follow behind it, could have an impact on is how the log on and user information for social media accounts is considered in the employee/employer environment. If this sort of PII is found to be valuable property does that have an effect upon who retains it when an employer/employee relationship ends? What about "personal" blogs which are directly business focused? Is the lined blurred?
Once again, its important to note that as this is still a rapidly developing area, many of these questions have not been definitively answered by the Courts. While they may not solve every problem, having policies and procedures can provide you with a leg up if and when the issue heads before a Court. (Imagine if RockYou had also had a line in their disclosures which said something along the lines of "PII Submitted to this site is NOT valuable property for the purposes of calculating legal damages...would that have helped?) The intersection of Privacy law and Social Media is sure to be a hot area for litigation for years to come.
Let me know what you think.
THE CASE:
Here's what happened: RockYou develops and distributes applications and services for use on social media sites. Among the applications developed by RockYou are Gourmet Ranch and Zoo World. When customers sign up to use RockYou's applications, they are asked to provide an e-mail address, and registration password which RockYou stores. In certain instances, RockYou also requires customers to provide user names and password information necessary for accessing social media sites.
The Plaintiff, a registered account holder with RockYou, brought suit alleging that RockYou failed to secure and safeguard Plaintiffs PII, including email, passwords, and social media login credentials. Plaintiff alleged that while RockYou promised to safeguard user sensitive PII through a policy which stated that "RockYou! uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your information..." RockYou instead stored PII in clear or plain text which provided no encryption and easily allowed intruders to read and remove the information. Plaintiffs PII was therefore easily accessible to anyone with a minimal amount of hacking ability (of which this author has none).
Plaintiff alleged that instead of leaving the barn door open (to steal a phrase from Gourmet Ranch) RockYou could have followed any one of a number of commonly used methods of protecting PII.
While after reading the opinion, one wonders whether this initial security failure would have been enough to let the matter move forward, if Plaintiff's allegations are true, RockYou likely did not help itself when it delayed in responding to the warnings of a noted online security firm that there was a problem with its database. Specifically, the firm informed RockYou of a SQL injeciton flaw which would allow a hacker to introduce malicious code into a company's network. At some point it was alleged that at least one known hacker accessed the database and copied the email and social networking login credentials of approximately 32 million users.
Plaintiff alleged nine separate causes of action: 1) Violation of the Stored Communications Act 18 U.S.C. Section 2702; 2) Violation of California's Unfair Competition Law, Cal. Bus. & Prof. Code Section 17200; 3) Violation of California's computer Crime Law, Cal. Penal Code Section 502; 4) Violation of the California Consumer Legal Remedies Act, Cal. Civ. code Section 1750; 5) Breach of Contract; 6) Breach of implied covenant of good faith and fair dealing; 7) Breach of implied contracts; 8) negligence; and 9) negligence per se. The Court dismissed the majority of these claims, but allowed Plaintiff's breach of contract, implied contract, and negligence based counts to survive.
In allowing these counts to survive, the Court recognized the issue as whether the plaintiff had sufficiently alleged any actionable harm or concrete loss. Plaintiff's general allegations were that defendant's customers paid for its products and services by providing their PII, and that the PII constitutes valuable property that is exchanged not only for defendant's products and services, but also in exchange for defendant's promise to employ commercially reasonable methods to safeguard the PII that is exchanged. As a result, defendant's role in allegedly contributing to the breach of plaintiff's PII caused plaintiff to lose the ‘value’ of their PII, in the form of their breached personal data. See Claridge *4-5.
While the Court recognized that this theory was novel, it declined to hold as a matter of law that Plaintiff failed to allege an injury. Moreover, the Court specifically noted that the unauthorized disclosure of personal information via the Internet is itself relatively new, and likely to raise issues of law not yet settled by the courts. Finding that the Plaintiff's allegations of harm were sufficient to allege a generalized injury in fact, the case was allowed to move forward.
WHY IS THIS IMPORTANT?:The reason that I find this case particularly interesting is the potential messages that it sends to those companies who possess customer PII. While it is unquestionable that it is a good business practice to protect all client data, did RockYou open itself up to additional exposure by expressly promising to do so? Would the Court have found the same potential liability without the express provisions cited by the Plaintiff?(The breach of contract claim surely would have been more difficult to prove.) Would the claim have been different if RockYou had heeded the warnings of the security firm? What if it had basic protections that were nonetheless breached? An even more interesting question is whether the negligence claims would have been allowed to move forward even without the express promises of safety.
Another emerging issue which this case, and those that will surely follow behind it, could have an impact on is how the log on and user information for social media accounts is considered in the employee/employer environment. If this sort of PII is found to be valuable property does that have an effect upon who retains it when an employer/employee relationship ends? What about "personal" blogs which are directly business focused? Is the lined blurred?
Once again, its important to note that as this is still a rapidly developing area, many of these questions have not been definitively answered by the Courts. While they may not solve every problem, having policies and procedures can provide you with a leg up if and when the issue heads before a Court. (Imagine if RockYou had also had a line in their disclosures which said something along the lines of "PII Submitted to this site is NOT valuable property for the purposes of calculating legal damages...would that have helped?) The intersection of Privacy law and Social Media is sure to be a hot area for litigation for years to come.
Let me know what you think.
Monday, April 11, 2011
TWISML Hat tip: Eric Goldman (@ericgoldman)
Wanted to throw out a hat tip to Eric Goldman (@ericgoldman) and his Technology & Marketing Law Blog (http://blog.ericgoldman.org/), for his April 9, 2001 post on People v. Welte (2011 WL 1331900). In Welte the Court considered whether communications with those on a public Facebook friends list violated a no contact order or could be considered stalking.
Just one more reminder as to why its important to know and understand your privacy settings.
Just one more reminder as to why its important to know and understand your privacy settings.
Be careful what you ask for...you just might get it.
It continues to be readily apparent that companies are struggling to find exactly where the line should be drawn between appropriate social media policy enforcement and the rights of workers under the NLRA.
On April 6, social media legal circles were all a 'twitter' upon the announcement that the NLRB will issue a complaint against Thompson Reuters due to its "discussion" with an employee after what Reuters believed was a questionable Twitter post. While it is believed that this is the first NLRB action related to Twitter, it comes right on the heals of the settlement of the claim related to the firing of Dawnmarie Souza by American Medial Response of Connecticut, for statements made about her supervisor on Facebook. As the Souza case was settled prior to the entry of a formal decision, this case presents one of the first opportunities for a formal line in the sand to be drawn with respect to the proper enforcement of Social Media policies and an employee's rights to criticize an employer through social media.
Here, Reuters, in what appears to have been an attempt to start a positive conversation on how Reuters could make itself "the best place to work," asked employees for comments via Twitter on what it could do to improve. Taking the opportunity presented, Reuters environmental reporter Deborah Zabrenko (@dzabarenko) tweeted that "One way to make this the best place to work is to deal honestly with Guild members."
Soon after posting the tweet, Ms. Zabarenko received a call, at home, informing her that her post had violated a Reuters policy that employees were not to say anything publicly that could damage the reputation of Reuters. Ms. Zabarenko raised the issue of intimidation and the NLRB is now suing Reuters for violation of a workers right to discuss working conditions (which, ironically is exactly what Reuters asked its workers to do when it asked for suggestions on how to make Reuters the best place to work).
While I'm not an NLRA, or employment law expert, this does strike me as an interesting case. The issues presented in the Facebook/Souza claim (calling supervisor the equivalent of a mental patient) seemed much farther removed from legitimate criticism of the working environment than those present here. Although I won't pretend to predict the ultimate outcome of the claim, it provides another example of how social media continues to vex even those companies that are trying to take advantage of the medium.
In some respects, I have to commend Reuters for using social media to ask the question: "How can we make this the best place to work," as that is exactly the kind of conversation that can be constructive via social media, but in using social media, you have to be prepared for answers that you sometimes don't like. This is not to say that employees have a free reign with their social media comments, they don't, and sometimes what you say can and should have repercussions, but knowing what sort of statements are actionable is essential. What is important is that your company have a well thought out social media policy which considers these issues before they become legal problems, and that those enforcing your social media policy know and understand the ramifications of their actions in enforcing the policy.
On April 6, social media legal circles were all a 'twitter' upon the announcement that the NLRB will issue a complaint against Thompson Reuters due to its "discussion" with an employee after what Reuters believed was a questionable Twitter post. While it is believed that this is the first NLRB action related to Twitter, it comes right on the heals of the settlement of the claim related to the firing of Dawnmarie Souza by American Medial Response of Connecticut, for statements made about her supervisor on Facebook. As the Souza case was settled prior to the entry of a formal decision, this case presents one of the first opportunities for a formal line in the sand to be drawn with respect to the proper enforcement of Social Media policies and an employee's rights to criticize an employer through social media.
Here, Reuters, in what appears to have been an attempt to start a positive conversation on how Reuters could make itself "the best place to work," asked employees for comments via Twitter on what it could do to improve. Taking the opportunity presented, Reuters environmental reporter Deborah Zabrenko (@dzabarenko) tweeted that "One way to make this the best place to work is to deal honestly with Guild members."
Soon after posting the tweet, Ms. Zabarenko received a call, at home, informing her that her post had violated a Reuters policy that employees were not to say anything publicly that could damage the reputation of Reuters. Ms. Zabarenko raised the issue of intimidation and the NLRB is now suing Reuters for violation of a workers right to discuss working conditions (which, ironically is exactly what Reuters asked its workers to do when it asked for suggestions on how to make Reuters the best place to work).
While I'm not an NLRA, or employment law expert, this does strike me as an interesting case. The issues presented in the Facebook/Souza claim (calling supervisor the equivalent of a mental patient) seemed much farther removed from legitimate criticism of the working environment than those present here. Although I won't pretend to predict the ultimate outcome of the claim, it provides another example of how social media continues to vex even those companies that are trying to take advantage of the medium.
In some respects, I have to commend Reuters for using social media to ask the question: "How can we make this the best place to work," as that is exactly the kind of conversation that can be constructive via social media, but in using social media, you have to be prepared for answers that you sometimes don't like. This is not to say that employees have a free reign with their social media comments, they don't, and sometimes what you say can and should have repercussions, but knowing what sort of statements are actionable is essential. What is important is that your company have a well thought out social media policy which considers these issues before they become legal problems, and that those enforcing your social media policy know and understand the ramifications of their actions in enforcing the policy.
Wednesday, April 6, 2011
This week in Social Media Law: The Title
As I think about it more I guess a little background to the title of this blog may be in order.
Growing up a baseball addict in the age before the internet and ESPN's constant highlight shows (Harry Caray and Steve Stone were my constant companions after school throughout the 80s....those 3:05 start times at Wrigley before the lights were my favorite), I had one program that I couldn't miss on a weekly basis. This Week in Baseball. Mel Allen's distinctive voice brought tales of the American League and the rest of baseball that I rarely had an opportunity to follow, and generally provided a good overview of what had happend in my favorite sport the week before.
That's what I hope to be able to provide for the world of Social Media Law in this blog.
No doubt, there will be developments that merit more timely posts, and sometimes I'll just feel like throwing something out there for discussion, but I hope that on a weekly basis, every Monday, I'll be able to provide a good overview of the week that was in Social Media Law.
If there are areas of the law related to social media that you would like to see covered, topics that you find interesting, issues that you think could present problems to individuals, companies, or lawyers as they plod their way through what I think will be a very exciting area of the law over the coming years, or just something in Social Media that makes you say "How about that!"(Allen's signature call) please share...I'm happy to do the research and provide a place for the conversation to take place, I may not always agree with everything that's out there, but I'm interested in the conversation.
Let me know what you think.
Growing up a baseball addict in the age before the internet and ESPN's constant highlight shows (Harry Caray and Steve Stone were my constant companions after school throughout the 80s....those 3:05 start times at Wrigley before the lights were my favorite), I had one program that I couldn't miss on a weekly basis. This Week in Baseball. Mel Allen's distinctive voice brought tales of the American League and the rest of baseball that I rarely had an opportunity to follow, and generally provided a good overview of what had happend in my favorite sport the week before.
That's what I hope to be able to provide for the world of Social Media Law in this blog.
No doubt, there will be developments that merit more timely posts, and sometimes I'll just feel like throwing something out there for discussion, but I hope that on a weekly basis, every Monday, I'll be able to provide a good overview of the week that was in Social Media Law.
If there are areas of the law related to social media that you would like to see covered, topics that you find interesting, issues that you think could present problems to individuals, companies, or lawyers as they plod their way through what I think will be a very exciting area of the law over the coming years, or just something in Social Media that makes you say "How about that!"(Allen's signature call) please share...I'm happy to do the research and provide a place for the conversation to take place, I may not always agree with everything that's out there, but I'm interested in the conversation.
Let me know what you think.
Monday, April 4, 2011
Impersonating an employee: New and exciting ways businesses are getting into trouble via social media
A recent case out of Chicago, Illinois (Maremont v. Susan Fredman Design Group, 2011 WL 902444, 3-15-2011) exemplifies how businesses are struggling to adapt to the legal issues presented through their use of social media. While on its face, the issue at the heart of this case may seem obvious, in practice there can be many very difficult issues...is your company ready?
In Maremont, Jill Maremont, an employee of SFDG was an active participant in social media, blogging and posting in her own name, on topics directly related to her employment at SFDG. Through her efforts, Maremont developed a sizable following and those posts inured to the benefit of SFDG. She accessed social media sites through SFDG computers, which stored her passwords.
In September of 2009, Maremont was in an accident which left her incapacitated for an extended period of time, in her absence, employees of SFDG made numerous social media postings promoting SFDG on her behalf, without her permission. Upon discovering this activity, Maremont requested that SFDG refrain from using her accounts. SFDG continued these posts despite Maremont's requests. Maremont brought claims alleging violation of the Lanham Act (false endoresment); Illinois' Right to Publicity Act, and Common Law Right to Privacy claims. Her claims under the Lanham Act and Illinois' Right to Privacy Act, have survived Summary Judgment, and the opinion gives at least some indication that a more specifically pled privacy claim may also have had some traction.
The ultimate resolution of these claims is still to be determined, however, their advancement should give pause to companies whose employees use their own followings on social media to promote company business activities. Could you be exposed to similar claims? Would you loose important aspects of your businesses' promotional strategy if certain employees left? How do you protect your company?
While each situation is different, a strong, and business specific, social media policy can help provide you protection. In those instances where substantial company followings and promotion are developed through social media, it is especially important that your policy make clear who owns the accounts being used, who has a right to post on the accounts, and that your company has the right control the accounts, regardless of the content input of employees. These protections can help avoid expensive legal battles if a dispute arises. There are also ways in which policies can make explicitly clear that intellectual property created related to the business of your company during the course of employment is owned by the company. Again, avoiding problems, before they arise, is one of the most important functions of a properly drafted social media policy.
Up next: consideration of the CAN-SPAM Act's application to social media. Can Facebook, Twitter, and Linked-In postings be "spam" under the definition of the Act?
In Maremont, Jill Maremont, an employee of SFDG was an active participant in social media, blogging and posting in her own name, on topics directly related to her employment at SFDG. Through her efforts, Maremont developed a sizable following and those posts inured to the benefit of SFDG. She accessed social media sites through SFDG computers, which stored her passwords.
In September of 2009, Maremont was in an accident which left her incapacitated for an extended period of time, in her absence, employees of SFDG made numerous social media postings promoting SFDG on her behalf, without her permission. Upon discovering this activity, Maremont requested that SFDG refrain from using her accounts. SFDG continued these posts despite Maremont's requests. Maremont brought claims alleging violation of the Lanham Act (false endoresment); Illinois' Right to Publicity Act, and Common Law Right to Privacy claims. Her claims under the Lanham Act and Illinois' Right to Privacy Act, have survived Summary Judgment, and the opinion gives at least some indication that a more specifically pled privacy claim may also have had some traction.
The ultimate resolution of these claims is still to be determined, however, their advancement should give pause to companies whose employees use their own followings on social media to promote company business activities. Could you be exposed to similar claims? Would you loose important aspects of your businesses' promotional strategy if certain employees left? How do you protect your company?
While each situation is different, a strong, and business specific, social media policy can help provide you protection. In those instances where substantial company followings and promotion are developed through social media, it is especially important that your policy make clear who owns the accounts being used, who has a right to post on the accounts, and that your company has the right control the accounts, regardless of the content input of employees. These protections can help avoid expensive legal battles if a dispute arises. There are also ways in which policies can make explicitly clear that intellectual property created related to the business of your company during the course of employment is owned by the company. Again, avoiding problems, before they arise, is one of the most important functions of a properly drafted social media policy.
Up next: consideration of the CAN-SPAM Act's application to social media. Can Facebook, Twitter, and Linked-In postings be "spam" under the definition of the Act?
Subscribe to:
Posts (Atom)