Presentation presented to employees in a previous role. Unfortunately corporate identity has had to be removed, however content is still relevant to policies and legislation
2. Contents
1. What is Social Media?
Employee guidelines for using Social Media
Management guidelines for using Social Media
2. Case Study: Preece v Wetherspoon
3. Using Social Media in the Workplace
Social Media Case Law
4. Relevant Policies and Procedures
Acceptable Use Policy
5. Data Protection Act
Subject Access Requests
Breaches, enforcements, penalties
6. Scenario’s
7. Summary
2
3.
4. What do you think “Social Media” is?
Company Policy states:
“Social Media is defined as any mechanism or system that
allows individuals the ability to express or share personal
views or comments with the Public”
Wikipedia states:
“Social Media employ web and mobile-based technologies to
support interactive dialogue … using social software which
mediates human communication”
A Generic Understanding: Anywhere (usually online) a person
can share an opinion that can then be viewed by others in the
future.
4
5. Examples of popular social media sites
5
Twitter Facebook LinkedIn
Myspace Reddit Yammer
Friends
Reunited
Google + Bebo
6. Other Social Media outlets
Most websites include some form of Social Media, even if the site itself exists for other
reasons.
Some examples are:
Comments – Online newspapers, BBC news site etc.
Blog posts/comments– Online opinions
Reviews – Leaving feedback on products/services
Forum posts – Chatting in online groups
Photo Sharing sites
Apps – Public chats
Recognise any other logo’s?
6
7. Employee Guidelines for using
Social Media
Discuss:
What type of issues have you dealt with in this area? Or are familiar
with?
Can you think of any other issues that could cause a problem?
7
8. Employee Guidelines for using
Social Media
Golden Rule:
Don’t post any information that could be damaging to our (and potentially your)
reputation.
Anything that constitutes bullying, harassment or discrimination
Posting negative opinions of others online, spreading rumours, e.g. , relating to race, gender, religion
etc.
Anything that is confidential in nature
Leaking information about the company, e.g. Contracts wins/losses etc.
Anything that would breach Data Protection laws
Any leaks of employee’s or client’s personal or sensitive data , e.g. Employee or Client contact
details
Anything that breaches copyright laws
Any publication of copyrighted materials into the public domain, e.g. Taking information from one
company to a rival company for competitive advantage
Anything that could damage working relationships with other employees/clients
Sharing any sensitive information without relevant consent e.g. Client performance data
8
9. Employee Guidelines/Use of Social Media
Continued……
Anything that can be construed as controversial
Pointing out conflicts of interest publicly, courting the media
Anything that is dishonest, untrue or misleading
Lying about job conditions, company performance
Anything with company logos or trademarks (unless authorised)
Using logos to lend authority to a web identity, or to joke about or degrade the company image
Using your company email address for non work related activities
Running personal business, excessive personal emails
Anything anonymously that breaches this policy
Attempting to hide your identity while committing any of the above breaches of policy
9
The Employees Guide to Social Media has been distributed in your Social
Media pack this morning
10. Employee Guidelines Toolbox Talk
To help you all ensure your employees adhere to the
Employee Guidelines for Social Media,
a Toolbox Talk has been prepared for Team Managers to distribute
You will need to go through the presentation with all your staff and record completion.
The presentation goes through:
What is Social Media?
Why have a Social Media policy?
Employee Guidelines for using Social Media
This will be distributed now and must be completed by 30/11/12.
Email noctraining@ourcompany.com when these are complete so they can be included in the month
end report
10
11. Management Guidelines to Social Media
Personal Social Media Use at Work:
Employees can use the internet for personal use, including restricted use of social
networking sites before/after work or during breaks.
Personal Social Media Use in Private Life:
The company should respect their employees right to a private life and
understand that social media networking sites are now part of everyday life
However, the company have a duty to ensure that employees are protecting their
and our reputation when using social media.
Any breach of the company policies could amount to gross misconduct.
Any misuse of social media will be fully investigated and could lead to disciplinary
action.
We reserve the right to monitor internet and email use (Acceptable Use Policy).
11
The Managers Guide to Social Media has been distributed in your Social
Media pack this morning
12.
13. Preece v Wetherspoon: the Verdict
Ms Preece:
Was dismissed on the grounds of gross misconduct:
Her actions were deemed to have been inappropriate, in breach of
company policy, and identified Wetherspoon’s specifically
She appealed this decision however was unsuccessful and her
dismissal was upheld.
She then brought a claim to the Employment Tribunal for unfair
dismissal. Her claim was dismissed .
Reasons:
Despite her comments being posted with private settings, they were still in the public domain.
Even if she had posted the comments at home not within work, the Tribunal believed that
Wetherspoon’s would have still have had the right to act in the same way.
Her right to freedom of expression could be restricted if the comments posted could damage
reputation, i.e. her employers.
13
14. Preece v Wetherspoon: Learning Points
Key learning points of Preece v Wetherspoon case:
• It highlights the importance of having a Social Media policy
• Formalises acceptable and unacceptable behaviours in a changing environment
• Defining key terms such as blogging and provide examples
• Ensuring clarity for both parties to ensure understanding
• Clarify the sanctions if the policy is breached
• Again, ensuring clarity for both parties
• Have a clear and concise disciplinary policy listing examples of gross misconduct (MORE
ON THAT TOMORROW/NEXT WEEK)
• Ensuring employees are made aware of unacceptable behaviours and any potential disciplinary sanction
• Any breaches of policies should be dealt with fairly and consistently so an employer is in
a strong position to defend any potential claims.
• Having a policy in place ensures the company can treat staff fairly and consistently, and ensures staff in all
corners of the country are able to apply the policy equally
14
15.
16. Social Media and Employee Misconduct
As Social Media can be used at any time inside or outside of
work, the human
rights of your employees must be considered:
European Convention on Human Rights (ECHR)
Article 8 provides a right to respect for private and family life.
Article 9 provides a right to freedom of thought, conscience and religion.
These articles must be taken into account to ensure we cannot irresponsibly intrude into
our employee’s private lives, or tell them what they are/are not allowed to think/believe.;
However this must not compromise existing legislation and company policies.
16
17. Potential Negative Impacts in the
Workplace
While there are many advantages to social networking in the workplace, ( building a wider
contacts network, opening communication channels), there are also potentially negative
impacts, such as:
Drop in productivity with excessive use of social media
Reputational damage by personal views being construed as Company opinions
Operational damage by leakage of confidential information
Recent improper use has led to this policy being drawn up along with the guidelines.
17
18.
19. Social Media Case Law:
Flexman v BG Group
The Current Situation:
The dispute over Mr Flexman’s profile led to his resignation following a breakdown in his relationship
with senior executives.
In October 2012, the tribunal found BG Group’s delay in dealing with the case, and the failure to
address a grievance complaint brought by Mr Flexman, meant he was fully entitled to quit in June
2011 and claim constructive dismissal.
It found the firm guilty of a “serious breach” of contract.
A second hearing will take place in November to determine Mr Flexman's compensation.
A BG Group spokesman said: “We are aware of this initial ruling and are studying the reasoning in
detail as well as examining all options open to us in line with the legal process.”
19
20.
21.
22. Relevant Policies & Procedures
The following policies all relate to Social Media use in the workplace.
A “Social Media Pack” containing these policies has been emailed to
all Managers
this morning:
IT Acceptable Use Policy
Disciplinary Procedures
Social Media Policy
Managers Guide to Social Media
Employee Guide to Social Media
22
23. Acceptable Use Policy
Acceptable Use Policy documents are handed out during induction of new starters. These
documents must then be signed on an annual basis and submitted to the Site Security Liaison
Officer.
The company expects that its computer facilities to be used in a professional manner. E-mail and
internet is provided at its own expense and for business purposes only
Any personal use by company employees, temporary staff, sub-contractors, contractors or third
parties must not interfere with the normal business activities of the company and should not
involve solicitation, personal profit and must not potentially embarrass the company.
Material that could be considered offensive must not be accessed, viewed, downloaded,
uploaded, copied, stored, printed or transmitted using company computer systems.
When using these technologies, employees are representing the company. Corporate email and
internet activities can be traced back to an individual within a company, and both the company
and the individual will be held responsible for defamatory or illegal content.
23
24. Acceptable Use Policy – Management Responsibilities
All Managers are responsible for ensuring employees, contractors and third party users:
Are properly briefed on what is considered acceptable use prior to being granted access to
sensitive information or information systems
Are provided with any relevant guidelines to show expectations of acceptable use
Are advised to fulfil the acceptable use policy
Continue to have appropriate skills and qualifications necessary to comply with the policy
Are provided with the maintenance cover and technical support for the computer and IT
departments approved associated equipment
Are provided with the software required to enable the Employee to carry out HisHer duties
Are protected by ensuring compliance with license agreements for any software provided to carry
out their duties
Policies must be signed at induction and submitted to the Site Security Liaison Officer.
24
25.
26. The Data Protection Act
The Data Protection Act (DPA) 1998 defines UK law on the processing of data
related to a person who can be identified from that data.
The DPA controls how personal data of a data subject is:
used by data controllers or
processed on their behalf by data processors.
Data Subject: An individual who is the subject of personal data
Data Controller: A person who determines the purposes for which, and the manner in
which, data is processed (now and in the future)
Data Processors: Any person who processes the data on behalf of a Data Controller
26
27. The Data Protection Act
Types of Data under the Data Protection Act
Personal data is any information which can identify an individual. This includes any
expressions of opinion about the individual.
Sensitive personal data includes the individuals' race, ethnic origin,
sexuality, religion, health, trade union status, political beliefs or criminal record.
There are 8 Principles to follow under the DPA
when dealing with Personal (and Sensitive) Data
27
28. Data Protection: 8 Principles
The key principles for personal data are that they will be:-
1. Processed fairly and lawfully
2. Processed for specified and lawful purposes
3. Accurate and up to date
4. Adequate, relevant and not excessive
5. Only held for as long as necessary for the purposes requested
6. Processed in accordance with the rights of data subjects, e.g. individuals have the right to
have data about them removed
7. Appropriate technical and organisational measures shall be taken against unauthorised or
unlawful processing of personal data and against accidental loss or destruction of, or damage
8. Not transferred to a country or territory outside the European Economic Area unless that
country or territory ensures an adequate level of protection for the rights and freedoms of
data subjects in relation to the processing of personal data.
28
29. Data Protection: Elearning
New Elearning module available, to be completed by latest 21st December
To ensure all staff can adhere to our Data Protection policy.
This is Data Protection, AND Code of Conduct 2
Will chase both up as they are both mandatory for all employees.
Details of how to locate and complete both the Data Protection and the Code of Conduct 2
elearning modules will be emailed out this afternoon/tomorrow morning with initial
completion data (Data protection likely to be 0%), and updates will be sent out weekly, the same
way as the first set of modules were chased.
Supervised elearning sessions will also be arranged again, if required.
29
30. Subject Access Request
Individuals are have the right of access to their personal data within reason by
submitting a subject access request.
Requests must be in writing and a fee may be required (normally £10)
which must be paid up front.
We must respond within 40 days from the date that the request is received.
If a request is made in the NOC: If anyone wants to raise a Subject Access Request, discuss
their requirements with them, as often they will require specific information that can be
filtered, e.g. across date ranges or relating to specific matters , rather than having to find
and supply everything about the employee.
Searching for data: Find emails and manual files across relevant date ranges using
specific senders and recipients and the use of initials, employee numbers and
nick names.
30
31. Subject Access Request
Which of the following would be personal data that may need to be used to
comply with a subject access request? The individual requesting the data (the data
subject) is Jane Roe who has worked for the company for 3 years.
An email to Jane Roe regarding their internal application?
Yes, this is personal data
An email to everyone in one team about their performance/sales figures including for
the data subject Jane Roe?
If all team members figures are included, then no.
If the email just shows Jane Roe’s data, then yes
A reference provided to Jane Roe’s prospective new employer?
No, as she is not the recipient of the email
Details of a recent grievance raised by Jane Roe whereby she has requested for all data
relating to her employment?
Yes, this is personal data
31
32. Withholding data from
Subject Access Requests
Withholding Data
Reasons to withhold data are as follows:-
Legal correspondence for the purpose of seeking advice
Confidential management planning
Any “without prejudice” discussions and negotiations
Confidential references, if the data subject is not the recipient
Prevention and detection of crime
Relating to corporate finance
Third Party Data
If a data controller needs to disclose information relating to another individual who could
be identified, they are not obliged to comply with the request unless:-
The other individual has consented
If it is reasonable to disclose without consent (details can be kept anonymous)
32
33. What is a Breach of Data Protection?
Which of the following could potentially constitute a breach of data protection:-
A copy of an employee’s 121 performance review notes being left face up on a
manager’s desk in the office?
Copies of work orders/Documents on the fax machine/Printer?
Salary details for senior management/directors being shared with company
employees?
An email from a manager to his/her team summarising performance statistics?
An employee discussing a colleague’s recent disciplinary meeting details whilst on
the telephone on the train?
Accessing company policies as an employee?
33
34. Top Ten Tips for Complying with Data Protection
Check who is in the email trail when forwarding/replying to all
Use an appropriate volume and tone whilst on the phone
Collect documents from the printer immediately after printing
Consider thin meeting room walls – who can hear next door?
Keep passwords secret and do not write them down
Password control – Use different letters, numbers and symbols
Keep laptops securely locked and store them out of sight when not in use
Report the loss of any IT equipment immediately
Consider the location of where you carry out work on your laptop, e.g. train
Lock your computer whenever you step away from your desk
34
35. Data Protection Enforcement & Penalties
Assessments made by the Information Commissioner
Enforcement notice
Court order to comply
Compensation – damage and distress
Right to prevent processing – if likely to cause substantial damage or distress
Right of rectify, block, erase or destroy
Monetary penalty notice
The maximum fine is £500,000.
35
36. Scenarios
A member of your team has reported that one of their colleagues seems to always be
on Facebook during work, and is updating her profile with pictures of shoes, clothes
etc. that she is copying over from the Selfridges website. They’ve asked if something
can be done as the contract is so busy. What would you do?
One of your colleagues in the business
has seen an email chain whereby earlier
in the email you have been described by
a member of your team as an incompetent
waster. How would you handle this?
36
37. Scenarios
On Monday morning a staff member approaches you over something they have seen on
facebook over the weekend. Two colleagues have called him/her something which
could be perceived as discriminatory. What action would you take?
A trade union rep has complained
that one of their members who is an
employee has found documentation
by their manager relating to staff
performance in their local cafe.
How would you handle this?
37
38. Summary 1: Social Media
You should now be able to answer the following:
What is Social Media?
Provide some examples of Social Media sites?
Why we have a Social Media policy?
And you have the policies and guidelines you and your team are expected to
follow from now on.
Question:
What will you do differently now in relation
to your own use of Social Media?
39. Summary 2: Data Protection
You should now be able to answer the following:
Who are Data Subjects, Controllers and Processors?
What Personal Data and Sensitive Personal Data is?
Know the 8 principles for dealing with Personal/Sensitive Data?
Know how to action a Subject Access Request?
And you have a copy of the policy to allow you and your team to adhere to Data
Protection policy
Question:
What will you do differently now in relation
to your use of Data? I.e. ensuring it is Protected
40. Actions for You!
All policies relating to this presentation have been sent via email this morning. You
need to ensure you have an awareness of issues that may arise as a result of the
introduction of these policies
You need to hold a buzz session to distribute to Toolbox Talk to your staff detailing
the Social Media policy and its effects. This has been written for you and emailed
to you.
This Toolbox Talk needs to be distributed to all operational staff by 30th
November.
You and your staff need to complete the new Data Protection and the new Code of
Conduct 2 Elearning modules – chase emails will be sent out regularly as per
Sustainability/Code of Conduct 1.
Both these modules must be 100% complete by 21st December.
42. Appendices: Policies and
Procedures
Managers: Click attachments to open and print the relevant policies.
IT Acceptable Use Policy
Disciplinary Procedures
Social Media Policy
Managers Guide to Social Media
Employee Guide to Social Media
42
Notas del editor
1 - Title
2 – Contents – read through, expand where necessary
3 – Title slide
4 – What do you think Social Media is?Get them to try and define before clicking to reveal.
5 – mini quiz
6 – Other forms of Social Media - Give examples for each row 6 still – Other examples of Social Media: picasa, flickr, meetup.com, skype, Slashdot, stumbleupon, wiki, reddit, blogger, 4square, soundcloud, Spotify,
Note responses on Flipchart 7 – Discussion – What type of issues have you dealt with in this area? **Use flipchart for responses**Facebook – ringing sick, being on it when sick, arguments out of work? Disaster recovery day, photo’s of drinks on Facebook***Click for “Can you think of any other types of responses that could cause a problem?Receiving inappropriate messages? Email going around about us being sold off?
8 – Employee Guidelines**Don’t post any information that could be damaging to our (and potentially your) reputation. Anything that constitutes bullying, harassment or discrimination Anything that is confidential in natureAnything that would breach Data Protection lawsAnything that breaches copyright lawsAnything that could damage working relationships with other employees/clients
9 – Employee Guidelines continuedAnything that can be construed as controversialAnything that is dishonest, untrue or misleadingAnything with company logos or trademarks (unless authorised)Using your company email address for non work related activitiesAnything anonymously that breaches this policy
10 - TOOLBOX TALK - send out now -
11 – Management Guidelines to Social Media Personal Social Media Use at work – can use in breaks/before and after workPersonal Social Media Use in private life – Must respect their right to a private liftHave a duty to protect reputationDisciplinary options are available.
12 – Preece v Wetherspoon (handout) Read through handout, get some idea’s.
13 – Preece V Wetherspoon – the verdict – read off screen
14 – Preece V Wetherspoon Learning Points – Read through and expand if necessary
15 – Title – Using Social Media in the Workplace We have to give certain considerations We have to be aware of potential Impacts
Read off slide
Read off slide
handout
Read off slide
22 - List of policies, re-iterate packs have been sent out
Read out
Read out
Read out
Read out
Read out
VALID AS OF NOVEMBER 2012 – MAYBE NOT RELEVANT IN FUTURE
30 – DPA – Subject Access RequestIf a request is made at the NOC (on click)
31 – DPA – SAR 2 – scenario’s – which involve personal data?Yes, personal dataIf all team members details included, no, if just her stats, yesNo, she is not the recipient of the email.Yes, personal data
32 – DPA – SAR – Witholding Data – (without prejudice – consequence free conversations)
33 – DPA – Breaching DPA? – for discussion, all answers are “possibly”
34 – DPA – top ten tips
35 – DPA enforcement – maximum fine amount??? £500 000 – on click
36 – scenario’s 1 – Updating facebook with Selfridges shopping list2 – Colleague described as “an incompetent waster” What would you do? - briedf discussion
37 – scenario’s 1 – Colleague calling another something discriminatory 2 – Employee finds documents relating to staff performance. What would you do? Brief discussion
Valid as of November 2012
Appendices – relevant policies, up to date as of November 2012. Will not be kept up to date in future.