I’ve covered breach of confidence on this site before in my article on the struggle to recover from confidentiality slip up, but there’s one particular area that it’s worth focusing on further – social media. Generally, it seems companies appear to take one of two approaches to employee use of social media.
The first is to try to control it – ban use of social media on company devices, and ban employees from using sites (e.g. on their own devices) during work time. This is incredibly hard to enforce – how do you do this for people working away from the office, for example – and comes across as quite controlling.
Where do you draw the line? Is LinkedIn social media? How do you decide who can use these sites legitimately, for example for customer research? Which departments? If marketing then why not others? How senior? How do you define “lunchtime”, time for which people are not paid, and manage their access then?
To move away from a lot of difficult questions, the second approach is to accept that it is now part of peoples’ lives, and put guidelines and policies in place regarding acceptable use in terms of what they do, when, and how often. A difficult choice, and one that tends to reflect the type of staff working in a particular business and overall company culture.
What does deserve real attention however, whichever route you take, is strong guidance over what is, and is not, appropriate to share publicly.
It might seem too obvious to bother stating, but employees should – under no circumstances – share personal and private data from work on social media. This leaves the employer open to claims for breach of confidentiality, and to investigation for breach of data privacy laws, with consequential fines.
Yet, even though it would seem so obvious, it still happens. Recently, it came to light that in the three years between April 2011 and 2014, there were 50 cases of data being posted on social media by NHS staff.
It’s easy to think “it won’t happen to me” but as soon as you have one employee, you are at risk. I’m thinking of adopting the old Martini slogan – unless you supervise what your employees do “anytime, any place, anywhere” then you are always at risk that they could inadvertently share something inappropriate.
So how can you protect yourself?
There are two simple measures you can take to minimise your risk of a breach happening, and put protection in place to defend yourself if it does.
1) Make sure your policy for data protection and use of social media is comprehensive, and that staff are reminded of these regularly.
You can’t watch what your employees do 24/7, but you can ensure they know what is and is not acceptable, and that you are protected should anything go wrong.