Social media represents one of the most significant developments in human communication and has undoubtedly changed the way we interact and share information. Social media has become a prevailing presence in our lives, including the workplace, and therefore poses a significant risk to the reputational integrity of employees and employers, advises legal director, Advocate Tertius Wessels from Strata-g.
“We’ve already seen how social media rants and utterances can get people from all ethnic backgrounds into trouble. But, the reputation of a company may also be called into disrepute when an employee makes inappropriate, insensitive or racial comments or remarks on social media, even if it does not have anything to do with the employer.
“Even if you are posting something on social media in your personal capacity, outside of ordinary working hours or whilst using your own personal devices, if that post can be construed as inappropriate and a link can be drawn between that person and their employer, the employer has the right to take disciplinary action,” Wessels explains.
Each case has to be determined based on its own merits; however, employees stand to lose more than just their jobs or reputation when the Prevention and Combating of Hate Crimes and Hate Speech Bill (the Bill) passes into law. The Bill provides that an act of hate speech is one which is perpetrated by an individual who intentionally publishes, propagates or advocates anything or communicates to any person in a manner which could reasonably be construed to demonstrate a clear intention to:
According to the Department of Justice and Constitutional Development, the Bill will:
Critics have called the Bill unconstitutional, stating it infringes on the individual’s freedom of expression, which is enshrined in the country’s Constitution.
But Wessels says, although the Constitution makes provisions for freedom of speech, the country’s laws are not absolute and need to be balanced against each other.
“Freedom of speech may be protected, but that protection does not extend to hate based on race, ethnicity, gender or religion. One has to look when talking about different people’s constitutional rights to which extent that constitutional right potentially impacts on someone else’s rights - namely the right to dignity.
“Employers, in looking to mitigate the possibility of harm or loss occurring as a result of employee’s comments or remarks should actively educate their employees on the company’s social media policies, and if none are in place move towards having such policies in place. Employers should also regularly conduct workshops on disciplinary codes, grievance procedures, as well as the use of social media and behaviour acceptable in the workplace. And employees should think long and hard before pressing ‘post/tweet',” Wessels concludes.
How times have changed. Social media marketing has evolved from being a bit of fun on the side to an absolute must-have for all businesses that want to remain relevant. Social media isn't just fun and games, though: it gives you access to personal information like never before. The big question is how the rules of PoPI apply when using social media for marketing and client service platforms.Whose data is it anyway?
The main impact that PoPI has on your social media activities is that all data collected from the various platforms is governed by the Act, even though the information was publicly available. If, for instance, you grab a client’s phone number from LinkedIn to implement his or her investment, you will be obliged to protect the data thereafter.
P is for privacy (and policy)
Some customers unwisely expose their personal information such as their identity numbers on customer service pages. It’s essential to remove the information immediately when this happens and start up a personal conversation by phone or email. The process of switching to a private conversation needs to be very clearly incorporated into your company’s social media policy. And, if a third party such as an ad agency manages your social media pages, it’s essential that they’re aware of the Act and abide by the principles of privacy.
Tweeting under the influence
One of the Act’s aims is to ensure that personal information is used only for its original purpose. This affects the rights to the use of the data on influencer’s followers. Although you may pay an influencer to promote your brand, PoPI regulates that their followers’ data cannot be used for other marketing purposes. On a related legal note, it’s important to specify who owns the content that influences post. It’s also essential that they clearly display that they are being paid to market the company or brand.
Beware sudden lane changes
Another PoPI challenge comes when a business changes how it uses a particular platform. For instance, a Facebook page which was initially used for customer service queries may, over time, evolve into a sales platform. Clients can easily unfollow you if they don’t want the sales information, but PoPI says that the onus is on the business to first gain permission from an individual. In short, businesses need to communicate upfront that by using the platform for customer services, customers grant the business permission to send them different kinds of information.
This also relates to the data gained from competitions on social media. Participants need to know that by entering the competition they grant the business the right to send them marketing material. Alternatively, the data should be destroyed after the competition.
Thou shalt be hacked
Another of PoPI’s objectives is to ensure the safety of customers’ data as security breaches are forever on the increase. A recent survey conducted in the US by PWC showed that 90% of large organisations suffered a security breach in 2018 and that 59% of employees steal proprietary data when they quit or are fired.
It’s no longer a question of whether you’ll be hacked, but how you’ll be hacked.
McDonald’s corporate Twitter account was hacked, and a message posted calling Donald Trump a “disgusting excuse of a president with small hands.” McDonald's made a public apology, despite a generally positive response to the tweet.
So, be sure to check the company’s security settings on each platform and use excellent anti-virus software. You should also scan and decode links to make sure they’re the real thing and adopt a very strong password policy.
Big data can’t be personal
Big data analytics has helped many businesses strike a balance between optimising their marketing efforts and not annoying customers with unsolicited communication. However, in order to continue to maintain this balance and provide customers with the information they want, they do need access to as much data about their customers as possible. The trick is that a lot of this information is personal, meaning that the process of analysing data may not be in keeping with PoPI.
Don’t panic, though. Businesses can still get excellent results from analytics without viewing personal information. There are excellent software solutions which hide sensitive data from the analysis but still yield very useful results. Businesses can also implement asset control so that only those with the right permissions can access personal information.
Clouding the issue
One of the most interesting aspects of PoPI to consider is the offshore storage of data where PoPI doesn’t apply. If you’re a Facebook user, for instance, your data is most likely stored in Forest City, North Carolina – a place which has the dubious distinction of being home to more computer servers than people. (Cloud hosting is also tricky with regards to PoPI but that is a topic for another day.)
A word of warning for individuals
On a personal note, do remember that if you’re active on social media and publish personal information, you won’t be able to turn to PoPI or your constitutional right to privacy if the information gets into the wrong hands.
This article has detailed just a few of the ways in which PoPI impacts social media… telling the whole story would fill a lengthy tome! That’s what it makes a lot of sense to appoint a PoPI compliance officer to work with a specialised lawyer and IT provider to structure a system and determine policy and procedure to ensure your company is compliant with PoPI. Social media isn’t a game anymore.
LINDA GRAHAMFinancial Planner at FinCommunications
Timothy van Rooyen Port Elizabeth Attorney, He has extensive knowledge in the industry, being a former prosecutor, he has experience in Criminal Defence.