Introduction

Recognizing the value of interactive communications with their customers, companies are increasingly incorporating social media into their overall communications strategies. Unlike traditional static marketing, social media is a dynamic promotional tool enabling real-time, organic conversations between companies and their customers and among customers themselves. By directly engaging with their customers, businesses are able to build audiences and reach, establish trust and digital influence, and groom evangelists who wield the power of word-of-mouth endorsements over their social circles. These spheres of influence comprise a landscape where individuals transform themselves into company spokespersons interacting directly with customers on the ever-increasingly networked and social public stage.

Social media for business has evolved from chic, to mainstream, to essential.

Further, compared to advertising campaigns in traditional media (print, radio, and television), the costs associated with adopting and maintaining a social media presence are relatively low. For a modest investment, social media delivers an extraordinary return—allowing companies to engage their customers and prospects directly, track who is following them, monitor what is said about the company and their services and products, update their followers on new products, and obtain instant consumer feedback. It is little wonder that a majority of Fortune 500 companies have either a Twitter or Facebook account and that an ever-growing number of small and medium-sized companies are leveraging social media in a variety of novel and innovative ways.

Despite the transformative power of social media for businesses, it is not without its unique set of challenges. Sadly, human beings are inherently prone to mistakes, misconduct, and both purposeful and inadvertent acts of mischief. It is here where social media’s Achilles’ heel is exposed. Given the viral nature of social media, a single human mishap can damage a business’s reputation, brand equity, and goodwill virtually in seconds. It should come as no surprise, therefore, that the explosion in the business adoption of social media carries with it increased legal risks.

Disclosure of sensitive company information, inadvertent transmittal of customer contacts and business leads, unfair and deceptive company and product endorsements, and unwitting employment and labor law violations are just a handful of the everyday risks arising from the use of social media in the workplace. As the popularity and business usage of social networks continue to grow, navigating the legal risks therein becomes increasingly more challenging.

How This Book Is Organized

This book is comprised of 12 chapters, each focusing on an important legal aspect of the business use of social media and the special measures companies can adopt to minimize their potential liability. The book may be read from cover to cover to gain a comprehensive overview of the legal landscape. The chapters also stand well separately on their own, serving as a handy reference guide and offering readers the flexibility to find just the information they need.

Chapter 1: Social Media Promotion Law: Contests and Sweepstakes

Chapter 1 covers the legal rules governing online prize promotions (in particular, sweepstakes and contests). Promotions conducted via social media sites are a valuable means of generating consumer traffic and brand awareness while simultaneously fostering customer loyalty and increasing sales. Nevertheless, advertisers should pay close attention to significant legal compliance concerns. Indeed, under certain circumstances, even innocuous-looking “promotions,” such as requiring an applicant to encourage friends to “like” you on Facebook, may unwittingly transform the promotion into an illegal lottery. Advertisers must also comply with platform-specific promotion and contest guidelines. For example, if people enter your contest by “liking” your business page or leaving a comment, or if your promotion is being run on your Facebook page, your promotion violates Facebook’s Promotions Guidelines and may result in your business page being suspended or terminated. Although the world of social media might often seem like the Wild West, online promotions are governed by strict rules and regulations, which businesses must take careful steps to observe.

Chapter 2: Online Endorsements and Testimonials: What Companies and Their Employees Can and Cannot Tweet, Blog, or Say

Chapter 2 examines the Federal Trade Commission’s updated Guides Concerning the Use of Endorsements and Testimonials in Advertising. The FTC guides apply to consumer testimonials, such as reviews and recommendations, that endorse a product or service on any social media site. Employees who post reviews of their employers’ products and services on social media sites (either directly or through third-party advertisers) without disclosing their corporate affiliations can expose their employer to an FTC enforcement action. Failure to comply with the guidelines may result in liability for not only the employee endorser, but also for the employer.

Chapter 3: The [Mis]Use of Social Media in Pre-Employment Screening

Chapter 3 examines the permissible use of social media in pre-employment screening and reminds employers to avoid obtaining information that is unlawful to consider in any employment decision, such as the applicant’s race, religion, or nationality. Further, employers should refrain from circumventing an applicant’s privacy settings on social media sites, because such circumvention could expose an employer to an invasion of privacy claim.

Chapter 3 also alerts employers to the (for most, surprising) fact that social media background checks are subject to the Fair Credit Reporting Act (FRCA), a federal law that protects the privacy and accuracy of the information in consumers’ credit reports. For companies that assemble reports about applicants based on social media content and regularly disseminate such reports to third parties (including affiliates), both the reporting company and the user of the report must ensure compliance with the FCRA, including obtaining the applicant’s permission before asking for a report about him/her from a consumer reporting agency or any other company that provides background information.

Chapter 4: Monitoring, Regulating, and Disciplining Employees Using Social Media

Chapter 4 examines employer monitoring of employee online postings, together with the National Labor Relations Act’s impact on social media-related employee discipline for both union and nonunion employees. In the past two years, employers have faced a mounting wave of regulatory action taken against them for:

• Instituting policies restricting employee use of social media where such policies impermissibly discourage employees from exercising their rights under the NLRA (that is, “to engage in ... concerted activities for the purpose of collective bargaining or other mutual aid or protection”)

• Unlawfully discharging or disciplining employees for their online communications where the specific social media post constituted “protected concerted activity” (that is, group activity protected by the NLRA) and the subject matter of the post involved wages or other terms and conditions of employment

Importantly, even employees’ general complaints (whether on company time or otherwise) about their employment or about their co-workers may fall within the NLRA’s purview and be considered protected concerted activity. Employers therefore face potentially liability any time they terminate or discipline employees for engaging in social media activity.

In this chapter, you will learn how to avoid unlawfully discharging or disciplining employees for their online communications, and guidelines for properly observing employees’ rights to privacy.

Chapter 5: Social Media in Litigation and E-Discovery: Risks and Rewards

Chapter 5 examines the role of social media in civil litigation. With the rapid proliferation of social media, information placed on social networking sites such as Facebook, YouTube, Twitter, and foursquare is increasingly becoming the subject of discovery requests in litigation. Users of these sites may tweet or post detailed status updates without considering the implications of their posts as it effects their (or their company’s) litigation position. Courts are increasingly permitting such relevant evidence to be used at trial, despite a party’s privacy settings. Further, under both federal and state rules of civil procedure, companies have an obligation to preserve all relevant communications, documents, and information—whether in the form of hard or digital copy, email, social media post, or otherwise—whenever litigation is pending or is reasonably anticipated. A company that fails to properly preserve relevant information can face hefty sanctions by the court, including monetary penalties, dismissal of its complaint, or an entry of default judgment in favor of its opponent. Companies should therefore take time to review and update document-retention policies and ensure that such policies particularly include social media activity.

Chapter 5 also details the impact of the Stored Communications Act (SCA) on social media discovery requests. In addition to limiting the government’s right to compel online service providers to disclose information in their possession about their customers and subscribers, among the most significant privacy protections of the SCA is the ability to prevent a third party from using a subpoena in a civil case to get a user’s stored communications or data directly from online providers.

Chapter 6: Managing the Legal Risks of User-Generated Content

Chapter 6 discusses the legal risks for companies in allowing user-generated content (UGC) to be posted on their sites, and the associated legal protections. Two federal statutes in particular—the Digital Millennium Copyright Act (DMCA) and the Communications Decency Act (CDA)—are examined. Because social media sites are not exempt from traditional copyright laws, hosting infringing copyrighted content can create liability for contributory infringement. The DMCA shields online service providers (including website owners) from liability for copyright infringement by their users, provided that certain steps set forth in the DMCA are strictly followed. Importantly, however, DMCA immunity is not available for sites that receive a direct financial benefit and draw new customers from UGC. For social media sites hosting UGC, it is unclear under what circumstances courts will hold that the site is drawing in new customers to receive a direct financial benefit. Further, the DMCA protects from liability the owners of Internet services, not the users (including marketers) who access them. Marketers utilizing UGC are not shielded under the DMCA with respect to uploading onto a third-party’s website copyright-infringing content.

Similarly, the CDA immunizes website operators and other interactive computer service providers from liability for third-party content, including content that may constitute defamation, invasion of privacy, and intentional infliction of emotional distress. The provider, so long as not participating in the creation or development of the content, or otherwise exercising editorial control over the content such that the edits materially alter the meaning of the content, will be immune from state law claims (except intellectual property claims) arising from third-party content. For companies that operate their own blogs, bulletin boards, YouTube channels, or other social media platforms, therefore, it is imperative that they avoid contributing to the creation or development of the offensive content so that their immunity is not revoked. In this regard, CDA immunity may be further forfeited if the site owner invites the posting of illegal materials or makes actionable postings itself.

Chapter 7: The Law of Social Advertising

Chapter 7 alerts social media business practitioners that they, like traditional advertisers, are subject to the FTC Act (regarding false advertising vis-à-vis consumers); section 43 of the Lanham Act (regarding false comparative advertisement claims); the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act; and the Children’s Online Privacy Protection Act (COPPA).

The CAN-SPAM Act of 2003 establishes the United States’ first national standards for the sending of commercial email, provides recipients the right to opt out of future emails, and imposes tough penalties for violations. Despite its name, the CAN-SPAM Act does not apply only to bulk email; it also covers all commercial electronic messages, including business-to-business and business-to-consumer emails, as well as commercial solicitations transmitted through social media sites. If the primary purpose of a solicitation transmitted through Facebook or other social media site is commercial, care must be made to clearly and conspicuously identify the communication as such and to observe other requirements imposed by the CAN-SPAM Act. This is true whether the electronic communication was submitted by an advertiser or by a consumer who has been induced by the advertiser to send the message.

Further, COPPA, which was enacted in 1998, proscribes unfair or deceptive acts relating to the collection, use, and disclosure of information from children under 13 on the Internet. COPPA requires website operators or other online services that are either directed to children under 13 or that have actual knowledge that they are collecting personal information from children under 13 to obtain verifiable parental consent before such information is collected, used, or disclosed. In 2010, to account for the rapid developments in technology and marketing practices, and the proliferation of social networking and interactive gaming with children, the FTC proposed amending the federal regulations implementing COPPA (COPPA Rule). The proposed changes were finally made public on September 15, 2011.

The proposed changes, if adopted by the FTC, will profoundly impact websites and other online services (including mobile applications that allow children to play network-connected games, participate in social networking activities, purchase goods or services online, or receive behaviorally targeted advertisements) who collect information from children under 13 years old. Under the proposed Rule, operators who merely prompt or encourage (versus require) a child to provide personal information will be subject to COPPA.

Of special note, the proposed revisions to the Rule, among other changes, expand the definition of personal information to include not only names, addresses, email addresses, phone numbers, and other identifiers included in the current Rule, but also geolocation information, screen names or usernames, and additional types of persistent identifiers, such as IP addresses, unique device identifiers, and tracking cookies used for behavioral advertising. Similarly, photographs, videos, and audio files that contain a child’s image or voice may also be added to the definition of personal information, as would all identifiers that permit direct contact with a person online, including instant messaging user identifiers, Voice over Internet Protocol (VoIP) identifiers, and video chat user identifiers.

The proposed change would also revise parental consent requirements. Currently, in order for operators to collect, use, or disclose personal information of children, they must first obtain verifiable parental consent.

The proposed changes add new parental consent mechanisms, including submitting electronically scanned signed parental consent forms, consent through video conferencing, and verifying a parent’s government-issued identification against databases of such information. Further, the FTC’s proposed Rule change would eliminate the less reliable “email plus” method of obtaining parental consent, which currently allows operators to obtain consent through an email to the parent, provided an additional verification step is taken, such as sending a delayed email confirmation to the parent after receiving the initial consent.

Chapter 8: Trademark Protections from Brandjacking and Cybersquatting in Social Networks

Chapter 8 discusses the importance of trademark and brand management in the Web 2.0 universe. In light of the high organic search ranking social media sites achieve on search engine results pages, social network usernames have increasingly become highly valuable commodities. A Google search of your brand can easily produce results from a social media page that appears to be an official brand page, but is in fact a page of a disgruntled customer or parodying competitor. Controlling your business’s social network usernames—and securing your ability to protect your brand in each social platform—is therefore critical; after all, you do not want your company’s image (or message) to be hijacked by spammers, cybersquatters, impersonators, or competitors. In addition to platform-specific brand-protection enforcement mechanisms, this chapter details the legal remedies available under the trademark infringement and anticybersquatting rules of the Lanham (Trademark) Act.

Chapter 9: Balancing Gamification Legal Risks and Business Opportunities

Chapter 9 explores the unique issues surrounding gamification and social media and the legal considerations that apply when companies employ the mechanics and dynamics of gaming to social media interactions on web and mobile platforms. For example, leader boards, badges, and expert labels (gamification staples) all implicate truth-in-advertisement issues (and FTC enforcement actions) to the extent that such labels imply an expert status that the user does not actually possess with respect to the endorsed product. Further, virtual currencies in the form of points, coins, redeemable coupons, and so on are subject to federal regulations prohibiting expiration dates less than 5 years after the virtual currency is sold or issued. Likewise, behavioral and hypertargeting—leveraging of social history data (where you are and what you are doing at any given time)—gives rise to a host of federal and state privacy rules regarding recording, storing, handling, and transferring geolocation and other consumer data.

Chapter 10: Social Media’s Effect on Privacy and Security Compliance

Chapter 10 discusses the security and privacy compliance obligations of companies that gather personal information of its customers online. In particular, the recent FTC settlements with Twitter, Facebook, and Google highlight the risk of using social media without properly structured and implemented privacy and security compliance guidelines. Companies that collect or otherwise obtain consumer data (via online promotions, business apps, site registration, or otherwise) should conduct an annual review of their privacy and security policies, statements, and practices, and ensure that they are truthful, nondeceptive, factually supportable, and consistent with evolving legal standards and industry best practices.

Chapter 11: Legal Guidelines for Developing Social Media Policies and Governance Models

Chapter 11 provides detailed guidelines on how to write an effective corporate social media policy and how to establish the necessary governance models used to monitor employee and corporate usage of social media. This chapter provides a detailed list of vital social media policy provisions to aid you in drafting a policy designed to help your company get the most out of its social media programs while simultaneously minimizing its legal exposure. A well-drafted and consistently enforced social media policy should enable companies to mitigate liability issues and security risks; ensure compliance with federal and state legislation; protect a company’s brand; increase productivity; better monitor and respond to their customers’ performance evaluations, feedback, and complaints; and reduce the company’s exposure to burdensome, costly, and PR-unfriendly litigation.

Chapter 12: Looking Ahead at Social Media Business Opportunities, Expectations, and Challenges

Evolving technologies, together with emerging platforms and channels of communication, inevitably raise new legal issues that employers must address and manage in the modern digital workplace. Because social media law is still in its infancy, businesses are advised to keep abreast of the fast-pacing growth of laws giving definition to this space.

Who Should Use This Book?

The book serves as an indispensable and comprehensive guide to the legal risks associated with the business use of social media. It was especially written for business professionals, and can be used as a valuable educational and reference tool to assist companies of all sizes seeking to train their employees on the safe and legal use of social media.

The intended audiences for this book include:

• Chief Executive Officers

• Chief Marketing Officers

• Chief Information Officers

• Chief Compliance Officers

• Business Owners

• VPs, Directors, and Managers of

• Marketing/Branding

• Social Media

• Communications

• Business Strategy

• Public Relations

• Information Technology

• Customer Service

• Human Resources

• Community Managers

• Social Media Strategists

• Word of Mouth Marketers

• Brand Evangelists

• Agency Account Managers

Features of This Book

Throughout this book, readers are provided with practical pointers to help ensure that their social media programs comply with the law. Each chapter ends with a Social Media Do’s and Don’ts chart that summarizes in easy-to-understand language the principal legal issues addressed in the corresponding chapter.

Further, the appendixes contain the text of the laws referenced throughout this book so that readers might have a handy reference to these original source materials.

A Quick Note about U.S. Legal System

There is no single definitive body of law governing social media. Rather, an amalgamation of both U.S. federal and state law controls activity conducted in this space.

In the United States, courts are set up in a hierarchy:

• United States Supreme Court

• Lower federal courts

• State supreme courts

• Lower state courts

Generally speaking, lower federal/state courts must follow precedent established by a higher federal/state court as to the meaning of the law, even if the lower court disagrees with the higher court’s interpretation. On questions of federal law, the U.S. Supreme Court has the final authority.

Further, lower federal courts are bound by the precedent set by higher courts within their “district.” There are 94 judicial districts, including at least one in each state. These federal “district courts” (trial courts) must follow legal precedent established by the federal “circuit courts” (appellate courts) with the appropriate geographic-based jurisdiction. By way of illustration, a district court that falls within the First Circuit Court of Appeals (which includes the District of Massachusetts, for example) is not bound by rulings from the 9^th Circuit (which includes the District of California, for example), or any of the other remaining eleven circuits.

Because many of the cases cited in this book are from the federal district court level, note that the holdings of these cases are not binding on courts that fall outside of these judicial districts.

Fortunately, courts may rely upon cases from other geographic jurisdictions dealing with similar issues as persuasive (but not binding) authority. This is particularly true for cases of first impression—an apt description for the growing number of social media legal challenges covered in this book.

Legal Disclaimer

The materials in this book, “Navigating Social Media Legal Risks: Safeguarding Your Business,” are for informational purposes only. While we believe that the materials will be helpful, we do not warrant their accuracy or completeness. These materials are general in nature, and may not apply to specific individual circumstances. The information is not intended as, nor is it offered as legal advice and should not be relied on as such. Readers should seek specific legal advice with their own attorney before taking any action with respect to the matters discussed herein. We make no representations or warranties, express or implied, with respect to any information in this book. We are not responsible for any third-party websites or materials that are referred to in, or can be accessed through this book, and we do not make any representations whatsoever regarding them.