Fact Sheets

Privacy and Social Networking in the Workplace

What are Social Networking Sites?

SNS such as MySpace, Facebook, Friendster, LinkedIn, LiveJournal, Twitter and Bebo are Internet-based services that provide individuals a way to interact with each other online. SNS allow an individual user to construct a personal profile on a website, and build a list of other users with whom they have a connection.  Individuals on SNS can communicate with other users by posting messages on their SNS personal pages, using email, instant messaging, or through file-sharing.

Some organizations may allow employees to access and use their personal SNS in the workplace during normal work hours or break-times. Other organizations might develop their own, internal SNS to help employees work collaboratively — regardless of their physical location. Some organizations may establish an official, external SNS to communicate with customers, business partners or the media.  

Using SNS in the Workplace

The use of social networking sites (SNS) in the workplace raises privacy implications for both employees and employers. Organizations should develop policies on the appropriate use of SNS in the workplace.

Privacy implications for Employees

Most individuals view their personal SNS pages as private. However, employees should be aware that any of the information or communications posted on their SNS can potentially be accessed by:

  • current or potential employers;
  • recruitment agencies;
  • co-workers;
  • the employer’s competitors;
  • government and law enforcement agencies;
  • others outside the employee’s trusted network.

Depending on the privacy settings set by the individual user, personal information and communications posted on an SNS can be read by unintended people. 

Monitoring Employee SNS

  • Employees should know that, subject to existing workplace policies and rules, some organizations monitor their employees’ SNS.
  • Employees should be aware that when using SNS in a workplace context — including an SNS hosted by their employer — that their personal information can be collected, used and disclosed by the employer. This could include off-duty comments and postings on a SNS about workplace issues or that may otherwise reflect on the employer.
  • Employers should view tracking existing employees through personal or work-based SNS as a collection of personal information that may be subject to applicable privacy legislation in their jurisdiction.

Implications for Staffing and Recruitment

Many employers and recruitment agencies use Internet search engines and read personal SNS, websites and blogs to learn more about job applicants – and existing employees.  During the staffing process, this practice may become a problem if it substitutes for more formal and thorough reference checks.

  • Employees should know that SNS information may seem transitory and informal, but once personal information is posted online it gains permanence — and can be circulated and searched by others.
  • Employers and recruiters should be aware that SNS pages, even if publicly available, can contain inaccurate, distorted or out of date personal information about job applicants, and should therefore be cautious about relying on that information.
  • Employers and recruiters should also guard against using personal information gathered from SNS — or any other online source — in a discriminatory manner against a job candidate or an existing employee.

Consequences of Inappropriate Disclosure on SNS

Employers and employees should be aware of the potential damages to individuals and the corporation through inappropriate disclosures of personal or confidential business information on SNS. The possible consequences of an improper or unintended disclosure may be:

  • a defamation lawsuit;
  • copyright, patent or trademark infringement claims,
  • a privacy or human rights complaint;
  • a workplace grievance under a collective agreement or unfair labour practice complaint;w
  • criminal charges with respect to obscene or hate materials;
  • damage to the employer’s reputation and business interests.

Legal responsibility for damages from an inappropriate disclosure could potentially rest with individual employees, management or the organization as a whole.

Employers: Develop and Communicate a Clear Policy on SNS

While many employers have guidelines and codes of conduct for e-mail and Internet use, SNS pose different privacy challenges which should be specifically addressed in conjunction with these other workplace rules.  Clear rules and policies drafted specifically on the use of SNS should be communicated to all employees.

The policy should generally establish best practices and outline expectations for acceptable use of SNS in the workplace, set out the consequences of misuse, and address any workplace privacy issues.

Specifically, the policy should address:

  • whether the organization permits the use of personal or employer-hosted SNS in the workplace;
  • if SNS are permissible, in what context and for what purposes may they be used?
  • whether the employer monitors SNS sites;
  • what legislation applies to the collection, use or disclosure of personal information in the workplace;
  • what other rules may apply to the use of SNS in the workplace (collective agreements; other relevant legislation);
  • the consequences of non-compliance with the policy and,
  • any other existing policies about the proper use of electronic networks with respect to employee privacy and handling confidential information.

Determine what data should not be disclosed

Employers should inform employees in plain language why it’s important to keep some personal and corporate information – about themselves, their co-workers, clients and the organization – confidential or undisclosed. Similarly, employers need to exercise judgment and abide by applicable privacy and other legislation if they decide to collect, use or disclose personal information from SNS sources.  A privacy-friendly workplace calls for fair use of information by all parties.

A Word on Jurisdiction

In Canada, the Privacy Act deals with the collection use and disclosure of personal information in the federal public sector. Both the OPC and Treasury Board Secretariat have produced guidance that may be helpful to understanding the use of SNS in the workplace. Every province and territory has some form of public sector privacy legislation and an oversight authority.  

With regard to the private sector, our Office, Alberta, British Columbia and Quebec have full private sector privacy legislation. Through the Personal Information Protection and Electronic Documents Act (PIPEDA), the OPC has oversight over all federal works, undertakings and businesses including their employees and the personal information of commercial activities in those provinces other than Alberta, BC and Quebec (and Ontario with regard to personal health information).

May 2009