Lots of IT legal risks are posed by the use of social media. Many of these risks stem from the medium itself and many from the fact that the lines between our professional and personal lives are blurring: we are taking our work home with us and often bringing up personal lives to work.

The concept of an “IT legal risk” has been around for some time and we have indeed been speaking about it for the last decade.  However, it was formally used for the first time in 2009 in the IT Governance Chapter of King III.  King III specifically states that an “IT legal risk arises from the possession, ownership and operational use of technology that may result in the company becoming a party to legal proceedings”.

IT legal social media risks include the following:

Reputational damage to an employer

The old distinction between work and home is breaking down and there is no reason why an employer will not be entitled to take disciplinary action against an employee who posts and inappropriate tweet or status update on their Facebook wall if it impacts on the employer, regardless of whether it was posted at home or at work, or on the employer’s computer equipment or the employee’s.

Breach of confidentiality

One of the biggest social media risks is the disclosure of company confidential information, trade secrets, know-how and other proprietary information.  The common law does incorporate an implied term of confidentiality into every contract of employment and most employment contracts do have confidentiality clauses in them.  Employers should however look at their own unique circumstances and decide whether or not it is necessary to include, or even expand upon the existing confidentiality clause to deal with potential social media risks. [private]

Wasting time

Just as it is not practical to ban employees from surfing the Internet or using e-mail for personal purposes during work hours, similarly there is no point in banning the use of Facebook and other social media platforms during office hours.  Through its Social Media Policy, the company should articulate what is permissible and what is not.

Third Party Liability

This encompasses a wide range of potential risks, including copyright infringement if the copyright owner’s photos, music and writing are reproduced without their consent.  Another threat is from rival companies or competitors arising from an employee defaming that competitor or rival on the employer’s social media platform.


Cyber bullying is a reality and a company is exposing itself to claims of harassment by employees if the company knew what  was going on and especially if the line manager was participating in the offensive conversations where for example, the line manager was linked to the person as a “friend” on Facebook.

Ownership of Social Media Accounts

Where an employee creates a social media account in the name of the company, it is highly likely that the company will be able to obtain the name of the account from the user.  However, this might not be so simple where the social media account is owned by a competitor.  This is what some of the more important social media platforms have to say about ownership of a user account:

  • Facebook:  In registration you undertake not to “create an account for anyone other than yourself without permission” (clause 4.2 of the “Statement of Rights and Responsibilities”).  If you select a username for your account, Facebook reserves the right to “remove or reclaim it” where “appropriate” to do so (such as when a trademark owner complains about a username that does not closely relate to a user’s actual name) (clause 4.10)
  • Twitter:  Twitter reserves the right to “reclaim usernames” (under its terms of service).  Further, in terms of the “Twitter rules” you are not entitled to “impersonate others” or “engage in username squatting”
  • Linkedin:  Under their User Agreement you agree not to violate any “trademark rights” (which means that if you register the account of a company which has a trademark, you are in violation of this clause) (this is in terms of clause 2(c) and 28(e)). [/private]

These risks can most effectively be managed by developing a social media legal strategy, which may include getting a social media policy.

For more information about our social media services, click here.