Thank You!

You are attempting to access subscriber-restricted content.

Are You Ready to Experience Everything Internal Auditor (Ia) Has to Offer?

​​Bashing the Boss Online

Internal auditors need to understand the potential impact of employees who criticize their organizations on social media.

Comments Views

​Employees are well aware these days that their email and online activity in the workplace is monitored for incidences of malpractice, fraud, and even cyberattacks. Furthermore, employment contracts can stipulate that personal mobile devices, laptops, and tablets used for work purposes — however infrequently — may be subject to scrutiny.

Nonetheless, employee awareness of employers' rights to monitor their social media activities is alarmingly low. Organizations are increasingly checking trends and posts on sites such as Facebook, Twitter, and Instagram as part of their reputational protection efforts and monitoring of customer feedback.

In the U.S., some employees mistakenly believe that any criticism of their employer is protected and categorized as free speech under the First Amendment of the Constitution. However, the right to free speech applies to an individual's action as it relates to the government — not a company. Consequently, employees can be terminated for saying something that embarrasses or disparages an employer on social media sites. Employees need to be mindful of what they say about the organization on social media — and internal auditors need to understand the potential impact.

Provoca​​​​​t​​ive Posts

There is a long list of case studies in the U.S. and worldwide where employees have either been fired or seriously reprimanded for circulating work-related posts or messages on social media, or posts that have been deemed to be in such poor taste that they reflected badly on the employer.

In July, a Jefferson County Court, Texas, employee was fired over a Facebook post that was copied and reposted by others condemning the Black Lives Matter movement — just five days after the Jefferson County Sheriff's Office implemented its social media policy. Typical of many, the policy says that department personnel are free to express themselves as private citizens on social media sites to the degree "that their speech does not … negatively affect the public perception" of the organization.

Several people have also run afoul of employers due to posts, messages, photos, and videos that others have uploaded to social media sites that have "tagged" or made reference to them. Some have even been recorded bullying or abusing people at work. In September, an employee at Idaho-based Northside Bus Co. was fired after cell phone video footage showed her pouring water on an 8th grade student who accidentally dropped a water bottle. While individuals are often disciplined or dismissed quickly, it is the lingering association with such behavior that organizations are worried about, and which internal auditors need to be aware of.

Social Med​​ia​​ Policies

According to Workplace Fairness, a nonprofit organization that champions workers' rights, employers have considerable latitude in monitoring computer and internet usage. Furthermore, if organizations draw up clear social media policies and communicate them to staff, they can limit employees from criticizing the company, revealing details of working practices or new products and services that are about to be launched, or posting anything that does not keep with the organization's profile or ethic (uploading adult material, sharing photos detailing recreational drug use, circulating extremist political views, and so on).

Human resources (HR) will usually take the lead in drafting such policies, but legal and internal audit will have a hand in monitoring their effectiveness in many organizations, and will take an increasing interest in the policies' ramifications. For example, auditors could examine whether policies lead to an increase in the number of staff being disciplined (or dismissed), and what the potential costs might be to the organization in terms of legal fees, loss of sales (depending on how reputationally damaging the posts might be), and staff training.

"Compliance functions, such as HR, legal, and internal audit, can have a strong role to play in ensuring that organizations create a social media policy that both protects the enterprise and is also simple enough for employees to understand and follow," says Claire Knowles, employment law partner at Acuity Legal, a U.K. law firm.​

Having a social media policy does pay off — and not just in the U.S. In 2011, an Apple employee based in the U.K. was dismissed for posting, while at home, several status updates on Facebook criticizing the company and its products. An employment tribunal upheld his dismissal because Apple had given him specific documentation that stated employees should not do anything that might damage the company's image. The company also had provided training that directly related to conduct outside of work, with particular reference to social networking sites.

Legal Co​​nsi​​derations

But organizations must not jump the gun — and internal audit may prove a useful resource in reminding management that it cannot ride roughshod over employees' legitimate rights to protest. The U.S. National Labor Relations Board, the organization that enforces the National Labor Relations Act (NLRA), has found that many employer social media policies are "unlawfully broad" and cannot be enforced. As a result, it recommends that "employer policies should not be so sweeping that they prohibit the kinds of activity protected by federal labor law, such as the discussion of wages or working conditions among employees." So organizations need to make their policies specific and recognize that employees do have some key legal protections regarding how they use social media. For example, the NLRA protects people engaged in "protected concerted activity" around "wages, hours, and working conditions" for the purpose of collective bargaining, mutual aid, or protection. So, if an employee complained about working unpaid overtime, his or her comments would be deemed protected speech.

Employees may also be protected if they attempted to keep their discussions private from their employers. Following the New Jersey case of Ehling v. Monmouth-Ocean Hospital Service Corp. — where an employee's private Facebook correspondence was sent by his coworker to a hospital manager without his consent — employers may be violating federal law if they access an employee's Facebook posts when that person intended the posts to remain private. In this case, the employee adjusted the privacy settings to limit access only to the employee's Facebook friends, which did not include the employer.  

"If employers have social media policies in place, they need to ensure that they are communicated throughout the organization and that everyone understands them, and the consequences of violating them," says Melanie Lane, an employment law partner based in the London office of international law firm Olswang. "Similarly, employees need to check their employer's policy and think before they post messages."​

Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to remove comments.



Comment on this article

comments powered by Disqus
  • AuditBoard_Apr 2020_Premium 1
  • Fastpath_Apr 2020_Premium 2
  • IIA Membership Centers_Apr 2020_Premium 3