Staff warned on social media posts

Companies which let staff loose on social media could find themselves in breach of the Data Protection Act – and facing enforcement fines of up to £500,000 – even if employees claim they are expressing personal views when commenting on individuals via social media.
The warning comes in new guidance issued by the Information Commissioner’s Office.
It cites one example where a company decides to improve customer relations and awareness of its products by setting up a social networking account and asks senior staff to post messages commenting on the latest developments within the industry.
Some of these messages comment on the actions of high profile business leaders within the industry.
Although senior staff may express a mixture of corporate and personal views, the messages aren’t being posted for recreational or domestic purposes. They are part of the company’s marketing strategy and are being posted for corporate purposes.
Data protection law expert Kathryn Wynn of Pinsent Masons said that new guidance should prompt companies to place tighter controls on the use of social networks by staff.
“The ICO’s guidance makes it clear that even unauthorised posts by employees on social networks can put companies on the hook for data protection compliance,” Wynn said. “Firms would be required to meet the requirements of the DPA even where posts express a personal opinion if the comment pursues a commercial purpose. Previously businesses may have argued that the personal opinions of their staff about others were exempt, but the ICO makes it clear that this may not always be the case.”
“Businesses need to be more careful than ever about who they authorise to use social networks and train staff and have clear policies about what would be considered unacceptable use,” Wynn added.