Facebook, Twitter and related social media provide significant opportunities for companies to build their brand, communicate with customers and expand their reach.  Employees have embraced social media as readily, or even more readily, than Internet Infrastructure companies.  Like other means of communication, social media outlets may be abused by both employers and employees alike.

Do you need a social media policy?

In general, I have to be dragged kicking and screaming to draft a new corporate policy.  I really hate them.  My biased viewpoint is that policies often function as a convenient way for companies to avoid taking action to address hard behavioral issues.  Rather, the company drafts a policy that prohibits a certain activity, then begins to take disciplinary action.  From my perspective, education and discussion often engender a positive corporate culture that minimizes discipline and encourages everyone to row the same direction.  It also avoids policy fatigue where employees are presented with a fat binder to read and acknowledge on day one, and multiple updates and additions to policies that are neither read nor properly understood.

I am, however, a realist.  I realize that the state of U.S. law is such that employers are required to notify employees what is required of them, and what is, or is not, permitted at work.  As a result, many companies have confidentiality policies.  Here is where you can incorporate social media into your general employment policies.  If you have a confidentiality policy, you should revise it to specifically cover social media and similar technology.

Potential employees and social media.

Now that we all Google each other, it doesn’t seem farfetched to begin to review a potential employee’s Facebook site prior to making the hiring decision.  I question the wisdom of this.  While putting yourself online has generally been held by U.S. courts to show a reduction in your expectation of privacy in the online material, social media is a bit different.

When individuals interact in a social situation, they often disclose things about themselves that employers are simply not allowed to factor into their employment decisions.  So, for example, a person’s Facebook page may disclose their religion.  Once an employer knows that information, the fact that the employer knew the potential employee’s religion can be used in an employment discrimination suit.  And honestly, don’t even think of “friending” a potential employee to learn things about them that the general public doesn’t have access to.

Employment investigations

A fact of life is that we all complain.  Employees are no different.  Courts have held, and Congress has legislated, that employers cannot generally prohibit employees from getting together.  While this is generally applied to issues like labor organizing, it has also been applied to corporate policies that sought to restrict employees from getting together after work for a beer or otherwise socializing.

Social media is likely to be classified in the same category.  As a result, employers are likely to find more and more employees venting about their employer on a social media site.  Because these sites are searchable, companies are rightly concerned about protecting their brand, so that a new customer looking for the company doesn’t first learn that Bonnie in tech support had a bad day yesterday.

While employers can generally terminate employees for making defamatory statements about their employers, there is a fine line between defamation and simply complaining.  A good confidentiality policy will prohibit employees from disclosing internal processes and disclosing non-public information about the company.  An employer can take action based on unauthorized disclosures of this nature. However, terminating an employee for simply complaining about a bad day may cross the line.

Also important is how the employer learned of the employee’s actions.  Employers must remember that the Stored Communications Act prohibits accessing electronic communications without authorization.  I would say that monitoring an employee’s keystrokes or learning their MySpace password surreptitiously would violate the SCA.  I also believe that “friending” an employee to gain access to secured information may also violate laws designed to curb activities like “pretexting.”

At base, I do think that acknowledging social media in your policies is a good idea.  However this change should be coupled with a renewed effort to learn what aspects of your company may be bothering employees, and providing a topic for a Tweet you don’t want to read.

Edit 7/28/2009

A good description of twitter policies - good and bad - is here.

A very funny sketch about the utility of twitter

The New Jersey Superior Court recently determined that an individual commenting on a blogged news story was not entitled to the protection of the state’s shield laws that allow reporters to refuse to disclose their sources.  This case is very interesting because it provides real insight into the difficulty courts have applying laws based on physical media to the virtual world.  It is also interesting to hosts since it discusses allegations of defamation – which hosts must deal with on a daily basis.

While the facts of the matter are not clearly set out in the decision, it appears that the defendant was a participant in a message board, and allegedly defamed the plaintiff in several of her posts on the board.  She then invoked the journalist shield law to avoid disclosing her sources.  The court was forced to analyze whether her conduct fell within a law written with traditional media in mind.

It’s this analysis that I find fascinating.  The logic the court uses to reach its decision is among the most tortured I’ve ever read.  While recognizing that the New Jersey legislature, and courts interpreting the statute, have expanded the scope of the shield law beyond traditional media, the court does not seem to understand how blogs, newsgroups and other user driven content forums operate.  Instead, the court focuses on the more salacious aspects of the dispute:  the fact that the alleged defamation took place on a website used by pornography actors.

What is missing from this decision is a true analysis of what makes an internet journalist.  Basically, this decision should have turned on two issues:  when does a writer become a news gatherer; and will the purposes of the shield law be served by extending its protection to citizen journalists.

While I can’t answer either of these questions, here are some questions I think are pertinent:

• What is the context of the writing?
• Is the writing based on personally observed, or personally researched, matters?
• Is the author detached from the issue?
• Does extending the shield law encourage factual reporting?
• Does extending the shield law facilitate dialogue on issues thought to be important by the readers of the publication?

In my opinion, user driven content more closely resembles the issue driven content of the turn of the century.  At that time newspapers, broadsheets and other forms of media were not considered to be unbiased and completely impartial.  Decisions based on a mid to late 20th century understanding of the role of media in our lives will continue need to employ convoluted logic to fit that understanding within contemporary journalism.

The U.S. Court of Appeals for the 9th Circuit recently handed down an interesting decision in Barnes v. Yahoo. While the facts underlying the dispute are disturbing, they are, unfortunately, all too common occurrences for hosts.

Ms. Barnes broke up with her boyfriend. Her boyfriend then decided to post indecent pictures of her on a Yahoo site, and solicit partners for Ms. Barnes in on-line chats, sending the partners to Ms. Barnes’ office and house. Ms. Barnes contacted Yahoo and followed Yahoo’s procedures to delete the profile, and take other administrative action. Yahoo dropped the ball several times, leaving the profile up in spite of repeated assurances that it would be deleted. Yahoo only deleted the profile when Ms. Barnes filed suit against the company.

While it is always gratifying to read new decisions reinforcing the conduit protections given to internet infrastructure providers by the CDA, there was an aspect to Ms. Barnes’ claim hosts should be aware of. One of Ms. Barnes’ claims was based on the fact that Yahoo repeatedly failed to follow its own policies.

While the Court of Appeals held that the CDA protected Yahoo in this case, its opinion specifically stated that the CDA does not confer blanket immunity on internet infrastructure providers for third party content. More particularly, if the injury to the plaintiff comes from the provider’s actions in a way that can be decoupled from the type of content, the CDA may not apply.

This illustrates a point I often make: the CDA is not a license to bury your head in the sand when third parties complain about content. You need to have a policy to address complaints about content, implement the policy as best you can, and follow the policy. I suspect we will begin to see an increasing number of suits that stem from either a host’s failure to even respond to content complaints, or, more likely, the host’s failure to follow through on its own policies.

The best advice I can give is to come up with policies that work for your business. When designing compliance policies, don’t simply outsource the work to an attorney or consultant who gives you a pretty policy without any relevance to your business. You need a policy that works with your business, not one that is designed to be implemented without reference to how you work. Spending some time on this process may help save you some litigation dollars (and pain) down the road.

My past two blog entries, and my next three, are based on my presentation at WebHostingDay in March.

Right now, I’m in Prague, at the Cloud Computing Expo, and here, like at WHD, the most questions I got dealt with “whose law applies?” This is a topic that lawyers and scholars can debate until even the worst insomniac gives into sleep.

At base, in a contract, the parties are given a great deal of latitude in choosing law. This applies, in a general fashion, to U.S. contracts, as well as contracts with most of the industrialized world. There are a number of exceptions, for example issues related to human resources, private data, anti-competitive activity, and other areas of particular political interest. As a general matter however, courts and governments treat contracting businesses as “big boys” and let them choose a law to govern their contract.

Here, though, I need to make a distinction. There is the law that governs a contract, and disputes related to it, and in the Internet world, the law that governs the data. Often times you can agree on the first, but not on the second. Its these distinctions that make for vigorous legal debate. However, the vast majority of disputes relate to contract terms, so for the most part, choice of law can be fixed.

So what considerations come into play? Here’s what I recommend you think about:

1. Where your servers are located.

2. Where most of your contracts require.

3. Where you do business.

4. Where you are incorporated.

Here are things you should put out of your mind:

1. Where you’d like to visit.

2. Where there are cheap plane tickets.

3. Where “everybody else says.”

4. California.

Once you start thinking about these factors, you’ll get a good base to begin to narrow your choices.

I’m often asked “why not California?” There are a number of reasons. The first is that California has some very specific laws that relate to technology, notice and disputes. If you haven’t anticipated these in your contract, they will be imposed by the court. This may change decisions you’ve made. Also, California is a very expensive legal environment. Pursuing litigation there involves some of the most expensive lawyers, cities and consultants in the country. Finally, despite the fact that a lot of technology companies reside in California, its courts, and juries, are no more “tech savvy” than courts in other large states.

One of the hardest things for non-U.S. companies to understand is how to work with U.S. lawyers.  Like it or not, in the U.S. business does not generally get done without the assistance of a lawyer.  Unlike in most other countries, U.S. lawyers play a role as a counselor, advocate and legal advisor.  In most other countries, lawyers tend to focus solely on interpreting the law.

In many cases, this role works to the benefit of non-us companies.  Chosen correctly, your lawyer will not only be a subject matter expert on the legal issues facing your business, they will also have a good idea who are the major players in your industry (at least in the U.S.), have negotiated with them before, and can advise you whether the business terms you are getting are standard for your industry.  Because there are so many lawyers in the U.S., we tend to have pretty specialized practices, or practice area.  As a result, it is generally relatively easy to find a lawyer who has handled your issue before, and is active in your industry.

It is important in your initial consultation with your lawyer, that you adequately explain what you want.  What this means is that you need to do more than send an email that says “I want a new customer agreement.”  The more detail you provide to your lawyer, the better service you’re going to get – and the less expensive the engagement is going to be.  While most lawyers are good at figuring out what clients want, the process can be frustrating and time consuming.  In addition, because of cultural barriers, setting very specific expectations is crucial.

Before you do anything more than ask general questions, you should sign, or at least agree to, the lawyer’s contract.  This contract is called an “engagement letter.”  The engagement letter sets out the terms that will govern your relationship with the lawyer, is generally required by the regulations that govern the lawyer’s ability to practice, and serves as evidence that the attorney-client relationship has been established.

This last point is very important.  Because most lawyers in the U.S. do business with many different clients, you need to make very sure that your lawyer has the duty to keep your information confidential.  While the attorney-client relationship can be created in many different ways, having an engagement letter firmly establishes that one has, or has not, been created.

Your lawyer’s engagement letter should set out the lawyer’s fee or fee structure.  Many U.S. lawyers will agree to talk to you at no charge to simply figure out whether they can help you.  This should be set out in the engagement letter.  However, it is important to know that this preliminary talk will be very general.  You shouldn’t expect to get answers to your questions during the no charge consultation.  Once you have adequately explained your issue to your lawyer you should get a rough estimate of fees.  It is perfectly acceptable to negotiate fees – including the lawyer’s hourly rate.

Finally, non-U.S. clients should accept the “American Rule” on legal fees.  The American Rule is that each side pays their own legal fees.  This rule applies 98% of the time and is waived very infrequently.  While your lawyer may say that he will try to get your attorney’s fees paid, this rarely happens, and you should not count on it.  Regardless of whether you agree, or disagree, with this rule, it is an important part of doing business in the U.S.  Wishing it wasn’t there, or arguing that it shouldn’t apply, isn’t going to change that fact.

Next up:  choice of law.