Tuesday, August 28, 2012

Dealing with Legal Risks of Social Media

In my post last week, I've shared about the benefits and risks of social media in organizations. Today, I'll be sharing more on the legal risks of social media in an organisation and how they can use Social Media Policies to address these risks.

To make things easier, we'll be using Royal Brisbane and Women’s Hospital (RBWH) as this week's example. Located at Herston within the Metro North Health Service District, RBWH is a key provider of health care services for Queensland Health. Ever since it was established, RBWH has been providing state-of-the-art medical care and the best possible outcomes to all their patients over a comprehensive range of specialities.

With hundreds of patients and a good number of staff, this 929-bed public hospital has a good chance of exposure to legal risks caused by social media. Possible legal risks that organisations face for implementing Enterprise 2.0 includes:
  • Trademark infringement
  • Copyright breaches
  • Privacy breaches
  • Defamation
  • Conduct of employees that an employer may be liable for

As for an organisation like RBWH who is in the healthcare industry, the most common and relevant legal risks would be:

  1. Loss and disclosure of confidential information - With many doctors each dealing with at least 100 a year, this risk becomes particularly relevant to RBWH. Suppose a doctor befriends all his patients through social media sites like Facebook, Twitter and LinkedIn and one day, he decides to leave the hospital to open his own clinic. He could then easily contact his "followers" and "friends" to invite them to go to him instead. This would be classified as a breach of information as the customer database belongs to RBWH and not the doctor.

  2. Reputation Risks - These days, social media accounts are all inter-connected with each other. It also shows others where we work, where we stay, and what we like. If one is not careful while posting something on these websites, the public may assume that these individuals are posting on behalf of their organization. For example if a doctor posts "Enjoying a break from work with my cigarette" and his "Followers" know that he is working at RBWH, this could damage RBWH's reputation as a clean and healthy environment for patients.

  3. Discrimination claims - The hospital is where we can find different people from different background with different personalities. Hence, the chance of discrimination claims are fairly high here. According to Dundas Lawyers, adding clients and co-workers on social media sites but not adding certain ones can be argued for as discrimination. So if a doctor "follows" someone on Twitter but does not "follow" another, or if they "unfollow" someone, the doctor and RBWH may be called to court for "discrimination.

Becareful when you unfollow someone! image courtesy of joyoftech.com

To prevent these risks from causing damage, an organisation can implement several safeguards by creating a Social Media Policy. These policies should clearly address the following areas:

  • Access – The policy should define who can access social media in the workplace, when they can do so, and what can they do on these sites. This is to ensure use of social media does not affect job performance and protect the organisation from unneccesary risks.

  • Management – Who is responsible for the implementation and management of social media in the organisation has to be determined. Someone should be in charge of keeping updated on what others are saying about the organisations in social media sites.

  • Privacy issues – Specify how individuals working in the organisation should protect confidential company, employer, employee and patient information. This is to ensure they do not post statements that reveal private information that can cause trouble.

  • Monitoring – Notify those in the organisation why you are monitoring their social media usage, how you are going to do it, and when will monitoring take place.

  • Violation consequences – Clearly state the consequence of violating company policies in different scenarios. This is to ensure those working in the organisation are aware and will adhere to the new social media policy.

  • Integration – The company should determine how this new policy should be intergrated with other existing policies within the organisatio
    n. This is to help employees understand how all the policies fit together.
After you've got your social media policy up, the next step would be to educate your employees to ensure they know how to engage effectively and carefully in social networking sites. Below is an example of how Sutter's Health kept their employees aware of their new social media policy.

Sutter Health's Social Media Policy Overview

Well that's all for this week. Hopefully what I've discussed here helped you understand the legal risks of social media and social media policies better. Stay tuned, as I'll be blogging about Enterprise 2.0 adoption. See ya!


  1. We are looking at a balance of risks and benefits . Perhaps beside having social media policies , it would come handy if an organization has a risk management plan (RMP) specifically dedicated for social media to mitigate any risks arise from within . Social media crisis can be hurtful to an organization especially from the aspect of corporate reputation loss.

    1. Perhaps it won't hurt to have an extra safeguard with the help of RMP. Thanks Adrian. :)

  2. Hi there, very nicely structured piece of information on this topic. I just wanted to ask your opinion about SMP. Given that an employee having signed a social media policy agreement before employment, do you think that it should still have effect after the employee has resigned?

    Please have a look at my blog at http://calditz.wordpress.com when you can!


    1. Thanks Calvin. Well, regarding your question, it would depend on whether the social media policy mentions how long an employee is binded to this contract(it usually should).

  3. It is a good example for the legal risk that organization using social media as a portal to the world, in fact the doctor dinner with a cigarette are the clear example that will give a big reputation impact to hospital. The other example are also great.. please keep it up.. will visit you next time...

  4. Your social media policy suggestions are very well written. It is important that organisation addressed those areas mentioned and regularly educate the users on it. It is no point having a policy that no one is aware of. Keep up the good work!

    1. Yup, you are right. Thanks for your feedback Karen :)

  5. Hi Zeng!
    Well written post, and it is a good idea to chose an hospital to illustrate your article.
    For this type of company I think the legal risk of information disclosure is even greater as illness is a very sensitive topic and patients wouldn't like to have their symptoms communicated to an online community. The risk of being sued if it were to happen is really high. Teaching a code of conduct to ALL employees, from the cleaning person to the doctor, is therefore critical.

    Nice reading you.
    See you!


    1. Hi Aurelie. Yeah, patients definitely don't like their private information made public. Glad to hear you enjoyed the article. :)

  6. Very impressed with your blogging format! It's so easy to read and structured well!. I also like the fact you've chosen a local Hospital for your example, I don't know why but it makes me relate to the topic more haha. But yes! I cannot agree more with educating your employee's more on using social media and associating their company in their "tweets" or posts and so forth... Too many stories about people getting fired over such a thing. Excellent image also, - made me giggle :)

    1. It's great that you found my post structured. I make it a point to do that so its easy to read. Glad you also liked the example because I've received feedback that my readers love examples close to home.

      Yeah, education and awareness are truly important because if you spend all your money on writing a good policy without making your employees aware of it, the whole policy is pretty much useless.

      Thanks for visiting Mihi, really appreciate it. :)

  7. Hi Zeng,

    I totally agree with you, especially when you mentioned the ways that can help in preventing risks from causing damage or harm to an organisation.


    1. Good to hear we share the same thoughts. Truly a social media policy's purpose is to protect organizations from any loss or damage.