Venting around the water cooler has been a way of life in most companies, but with the advent of social media, those gripes have moved online where the audience size is so much greater.  In fact, I dare say that if some of your employees had work place issues yesterday, they have probably already written or blogged about it.  This is why when Facebook, Twitter and other sites gained popularity, many employers enacted social media policies to control what employees could say about the company or their fellow employees.

But what if you have never had to enforce your policy?  In fact, you have never even thought about going on line and checking to see what your employees are saying about you.  But now, you’re curious.  Well, unless an employee’s postings are available for viewing, you cannot ask for their password; not if you live in the states of California, Delaware, Illinois, Maryland, Michigan and New Jersey.

But let’s say the posting is not password protected so you accessed it and now you are upset.  Before you take disciplinary action, you better study the situation.  Why? Because federal law, specifically the National Labor Relations Act (NLRA), has long protected an employee’s right to discuss work related matters with co-workers.  This is what is called “concerted activity” and it covers many different areas, including discussions about pay, work conditions, or even safety concerns.

In the past year, the National Labor Relations Board, which enforces the NLRA, has issued a series of reports in which they have reviewed over thirty social media policies.  To date, only one has been upheld in full.  What can we glean from these reports?

First, the NLRB hates broadly written policies.  If an employee can interpret the language as interfering with his or her concerted activities, the policy is likely invalid.  For example, look at the difference between a policy which requires employees to be respectful, fair and courteous in their postings versus a policy which states that individuals should not post statements that are malicious, obscene, threatening or intimidating.  The former is invalid whereas the latter is valid.

Second, the employer has a right to protect its name and reputation, but again, the language has to be specific.  Compare language that merely states: “avoid harming the image and integrity of the company” (invalid) versus prohibiting statements that convey or imply egregious acts such as sexual or racial harassment or sabotage (valid).

Third, the employer can require that an employee obtain permission before posting anything that would be written in the company’s name or could be attributed to it.  Alternatively, it can require that the employee expressly state that his postings are his own and do not represent the company’s views.

Fourth, the employer can outright prohibit disclosure of its trade secrets. It can also prohibit the disclosure of its confidential information, but it has to provide specific examples of the types of information covered (systems development, processes, products, know-how, technology, internal reports and internal business-related communications).

Fifth, the employer cannot require the employee to (a) adopt a friendly tone in his postings; (b) resolve concerns by directly speaking with co-workers and supervisors instead of complaining online; (c) report any inappropriate social media activity; (d) secure permission before sharing or posting information online or (e) preclude communications with the media

Finally, employers cannot rely on generic language that says: “this policy will be administered in compliance with applicable laws and regulations including Section 7 of the NLRA”.  This is what is called a “savings clause” and it is really a misnomer because it will not save the company from liability.

Clearly, more reports are expected from the NLRB and as more guidance is provided, the better informed an employer will be in ensuring that its social media policy is valid.