From Law Practice Today
Social-Media Policies for Law Firms
By Molly DiBianca
Social media is everywhere and its ability to produce a negative impact on your firm is just as great as its ability to effect a positive one. Be sure to educate your employees on the proper use of these powerful tools now instead of doing damage control later.
If your law firm does not yet have a social-media policy, shame on your law firm. Law firms, like any other business, are accountable for the conduct of their employees. And employees are using social media. Ignoring this reality will not reduce your firm’s exposure to risk. The only way to manage exposure is to tackle it head on. And the best way to tackle social media is to educate employees about the firm’s expectations with a well-drafted policy.
Some firms may be more comfortable with the idea of social-media guidelines, rather than a more formal policy. Either one is fine, so long as it is fits the culture of the firm. Substantively, there is little difference between the two—employees are obligated to comply with either type equally. If it will be published in a document separate from the employee handbook, it’s probably more appropriately described as “guidelines.”
Specific provisions can vary greatly between policies, depending on the size of the firm, firm culture, and other considerations. For example, firm-authorized participation in social media, such as firm-sponsored blogs, warrant additional considerations, such as ownership of content, that are not addressed in this article. Many provisions, though, are nearly universal and can (or should) be included in any social-media policy.
Purpose & Scope
In the beginning of the policy, set the stage for readers by identifying the purpose and philosophy behind the policy, to whom and in what context the policy applies.
Purpose: Formulating the purpose of the policy is an important part of the drafting process. If the drafters can’t agree on or articulate a clear purpose, the policy is far more likely to fail. Unsure about what the purpose should be? Consider education as a possible purpose. For example, “The purpose of this policy is to educate users about social media so they can avoid common missteps, thereby preventing embarrassment (or, worse, liability), to the firm and the user.”
Users: To whom does the policy apply? Do all provisions apply to all users? Does the policy treat attorneys and non-attorney staff differently? Are there different expectations for partners than for associates? If so, make clear who is responsible for complying with which sections. Most firms will find it easier to draft a single policy with standards that are applicable to all users.
Technology: Be clear about the technology and the conduct to which the policy applies. Of course, you couldn’t and shouldn’t try to identify every social-media application or Web site. Instead, use a broad definition and identify categories that fit within that definition, providing examples for each. Include the disclaimer that the policy is not attempting to identify each and every technology but, instead, offering some examples. It is a good idea to identify types of social media or specific applications that the average user may not immediately consider. For example, Facebook and Twitter are the most obvious examples of social-media sites at the moment. But Flickr and YouTube are equally important and may be worth a specific mention.
Scope: In this section, make it clear that the policy applies to all social-media usage, including use on- and off-duty, regardless of whether the firm’s equipment is used. Some jurisdictions, such as New York, California, and Illinois, limit what off-duty conduct employers can regulate, and firms in those jurisdictions should be aware of those restrictions.
Once the scope of the policy has been clearly defined, there are a few administrative issues to address.
First, be sure to explain that the social-media policy is intended to build on the firm’s other policies—not to supersede them. All firm policies apply to conduct taken online just as they do for conduct in the workplace. For example, conduct that violates the firm’s anti-harassment or anti-discrimination policies is prohibited both at the office and in cyberspace. Ideally, this section will identify by name other policies that may be implicated by the social-media guidelines. Commonly, these policies include:
Ethics; Conflicts of Interest
Internet Acceptable Usage
Second, identify a contact person who can speak knowledgeably about the policy and, in particular, about social media. Provide the person’s e-mail and phone number and require (or suggest) that users contact this individual with any questions about the policy. Users should be made aware that the best practice is to seek an “official” answer prior to posting any questionable material. As the saying goes, “When in doubt, don’t.” Ideally, the contact person will be someone who has at least a basic understanding of social media, so he or she can answer questions in a relevant and knowledgeable way.
Duty to Report
Third, require that users report any violations of the policy and identify how and to whom such reports should be made. If an employee observes threatening comments made by a coworker on the coworker’s Facebook profile, you want the employee to report it. The firm can only mitigate and prevent potential harm of which it is aware. And, too often, management is the last to become aware of unacceptable conduct occurring online. You can delineate a specific reporting structure for social-media issues or, alternatively, use the same reporting structure that is set forth in the firm’s anti-harassment policy.
Standards for Use
After the key introductory and administrative provisions, the policy should identify what social-media conduct is prohibited. Although these “usage standards” can vary a great deal in form and substance, the prevention of certain online conduct should be considered a top priority. For example, consider the following sample provisions:
Preserve confidentiality: Firm information should not be shared outside the firm. Do not post pictures of firm events or of the interior of the firm’s offices. Do not share any information about clients, coworkers, or affiliates online and do not identify these individuals by name.
Be Polite: Do not post derogatory, defamatory, or inflammatory content about others for any reason. Disagreeing with another person’s opinions or actions is a legitimate form of expression. But express your disagreement in an intellectual and rational way supported by facts and references that are free of any overt or underlying negativity. Stay calm even if others post information about you or the firm that is untrue. And be aware that conflicts of interest can result from an employee’s online comment about litigation or potential litigation.
Comply With All Firm Policies. Any conduct that would be grounds for dismissal if performed at work will be grounds for dismissal if performed online. Just as the firm does not tolerate use of race-, religion-, or gender-based slurs in the workplace, an employee’s use of such slurs in cyberspace will be grounds for immediate termination. Similarly, just as workplace harassment will not be tolerated, harassing behavior that is conducted online will not be tolerated. Threats of violence towards others, like hate-based language and harassment, is grounds for termination.
Once the policy has been drafted, consider testing it with one or more pilot groups. Consider including in the pilot group users from key departments, such as marketing, IT, and human resources. Be sure that the members of the pilot group are regular social media users. Ask these users to read and comment on the written policy and then to apply it to their own social-media use over the course of a few weeks. Ask them to report possible holes in the policy or issues that they encounter that the policy does not adequately address. After collecting this feedback, revise the policy accordingly.
Once your revised draft has received the blessing of the powers to be, give some thought to how it should be delivered before rolling it out to the entire firm. Ideally, the policy release would coincide with some training and education given in house. Training can take the form of a CLE on ethical issues in social media. It also can involve more hands-on training, like a class on how to use Twitter.
When educating users, emphasize the most problematic issues in social media for legal professionals: confidentiality and privacy. Reiterate the critical importance of preserving confidentiality and review ways that confidential information can be inadvertently disclosed with social media. And remind users that they are responsible for protecting their privacy and the privacy interests of others. For example, they should be cautioned about the ways in which they share personal or private information about themselves with others online. They should assume that their coworkers and clients wish to maintain the highest level of privacy, as well. And, most of all, remind them to assume that anything and everything posted online will stay online forever and will be available for everyone to see.
About the Author
Molly DiBianca practices employment law at the law firm of Young Conaway Stargatt & Taylor, LLP. She writes the Delaware Employment Law Blog and Going Paperless Blog and speaks frequently on legal issues relating to social media.