The 24/7 world of social media and all the associated usage of mobile technologies in this electronic age carry risks as well as rewards for companies and staff. Anne Hughes of Fox Solicitors examines the risks and suggests solutions.

Editor's note: As the author of this piece, Anne Hughes, a senior partner at Fox Solicitors, writes, there are downsides to the proliferation of mobile technologies and social media sites when it comes to business. Issues of client confidentiality and business reputation are on the line. While this article focuses on general issues for employers and employees, the implications for wealth management, where reputation and client privacy are vital concerns, are obvious. 

In a world where everyone is glued to their smartphones and addicted to Facebook and Twitter, there are still a few people (usually those over 20) who want their personal communications to remain private. 

There has been much controversy recently over the government’s proposals to introduce new laws allowing it to snoop on all electronic communications of UK citizens without a warrant.  But how do people feel about their employers snooping on their personal communications?

Carrying a Blackberry 24/7 means that the line between your work and your private life becomes more blurred and most of us use work email for personal use. iPads are the latest “must-have” executive accessory for work and play; many people don’t think twice about forwarding confidential company documents to their personal email accounts so that they can access them away from their desks.

This helps us cram more working hours into our days and so has an obvious upside for business. But there are downsides too.  Sensitive confidential information may be lost or stolen. As staff “tweet” about their day, or post comments on Facebook about their boss’s latest antics, their right to freedom of expression and privacy comes into direct conflict with the company’s interest in protecting its professional reputation. This has led to a string of employment tribunal cases hitting the news in the past couple of years.

A manager of a Wetherspoons pub claimed that she had been unfairly dismissed when she was sacked for posting negative comments about the pub’s customers on her Facebook page (Preece v JD Wetherspoons).  She claimed that her right to freedom of expression had been infringed. There was a sigh of relief from many employers when the tribunal decided that Wetherspoons had acted lawfully. Although Preece (the pub manager) had a right to freedom of expression under Article 10 of the European Convention on Human Rights, the tribunal decided that the action taken by Wetherspoons was justified in view of the risk of damage to its reputation. Wetherspoons was in a much stronger position to defend this claim because it had a clear written HR policy which stated that the company may take disciplinary action should the contents of any blog, including pages on sites such as MySpace or Facebook "be found to lower the reputation of the organisation, staff or customers and/or contravene the company's equal opportunity policy."

Last year in Northern Ireland, an employee (a Mr Teggart) brought a claim against TeleTech UK Limited after being sacked for posting obscene and lewd comments about the promiscuity of a female colleague on his Facebook page (Teggart v TeleTech UK Limited).

The comment mentioned TeleTech and was read by Teggart’s Facebook friends, including some work colleagues; although the female colleague about whom the comment was posted did not see it herself, she heard about it.  In March 2012, the Northern Ireland industrial tribunal decided that Teggart had been fairly dismissed.  It did not matter that he actually posted his comments on Facebook in his own time and outside work.  The tribunal said that TeleTech had not infringed Teggart’s rights to freedom of expression and privacy.  The reasoning was that Teggart abandoned any right to consider his comments as being "private" when he posted them on Facebook. The right of freedom of expression must be exercised responsibly, and it did not give Teggart the right to make comments which damaged his colleague’s reputation and infringed her right not to suffer harassment.

The difficulty for employers is balancing an employee’s rights against those of others (including other employees and the company itself).  There have been cases when tribunals have decided that employers have got it wrong. An employer can be far more confident taking action to monitor, investigate and take disciplinary action against employees if there are clear written policies in place beforehand, so that everyone knows where they stand.

Here are some pointers:

- The business should have a clear internet and electronic communications policy for staff, which lays down the ground rules and explains the consequences of failure to comply;

- Staff should be required to be familiar with the policy and warned that a breach of it will be treated as serious misconduct, which could lead to dismissal;

- If employees are expected to work away from the office, they should be provided with a secure way of accessing the confidential information needed to get the job done.  It’s a constant challenge to keep pace with IT, so that employees are not tempted to find their own practical shortcuts to get the job done.  Many employers have invested in software like Citrix, to enable employees to securely log in to their work desktop remotely.  Some employers are now offering employees a downloadable “app” for their personal iPhones, so that they can also securely access their work emails from their phones.  The aim is to enable employees to work flexibly (to maximise their productivity) while minimising the risk to confidentiality;   

- If you want to monitor an employee’s use of emails and internet at work, the Employment Practices Code published on the Information Commissioner's Office's website is essential reading (www.ico.gov.uk).  Do not assume that the company has the right to inspect all communications sent and received (and internet content accessed) from the employee’s computer and Blackberry just because the devices belong to the company.  If the company generally allows (or tolerates) employees using their work computers to send personal emails and to access social networking websites for personal use, there may be a legitimate expectation of privacy in respect of those activities.

Proof of a leak

If it is discovered that an employee has forwarded confidential information to their personal email account, the company will want to make sure that the information has not been misused or leaked.  Often, an employer’s first step is to carry out an investigation (including a forensic IT investigation and an interview with the employee concerned).  Then, the company may ask the employee to give written undertakings to confirm that the information has not been misused or disclosed to any third parties.  The company can then decide whether disciplinary action is appropriate.

If the company believes that there may be company information stored on an employee’s personal computer or other device, it may wish to inspect those devices and delete the relevant information.  This may form part of the disciplinary investigation.  But it is obviously not that simple, because most employees will regard this to be a gross intrusion into their privacy. 

In reality, most of us store a huge amount of personal information and photographs on our personal computers, belonging to us and our families.  Any proposed process for inspecting an employee’s personal devices must show respect for their privacy and property.  Here are some tips on best practice:

- Appoint an independent IT expert, who will inspect the employee’s devices only with their consent and under their supervision. Unless the employee gives their consent, the company is unlikely to have the right to inspect the employee’s personal devices without a court order;

- The scope of the IT expert’s job should be very clearly defined and explained to the employee in advance;

- The IT expert should enter into a separate confidentiality agreement with the employee, agreeing not to disclose to any third party information belonging to the employee;

- In return for the employee’s co-operation, the company may be willing to indemnify the employee in respect of any damage to their device, software or personal data (including deletion). 

This generation of staff has learnt how to multi-task so that we are almost constantly online. It seems that we are still working out where the dividing line should be between work and our private lives.

The challenge for employers now is to help staff understand when it is appropriate to switch on and off from work and when to keep them separate.