An employer’s recourse against an employee’s social media blunders
Provided by Bowmans
By Rosalind Davey
04 Dec 2015
An employer does have recourse against employees whose social media blunders cause brand damage, or result in the disclosure of confidential information or vicarious liability.
The CCMA has accepted that certain conduct on social media may warrant disciplinary action. However, the ordinary principles of fairness and equity apply. When investigating such conduct care must be taken not to unlawfully infringe rights to privacy and the provisions of the Regulation of Interception of Electronic Communications Act.
Furthermore, not all comments on social media that are critical of an employer will warrant dismissal. For example, if the post constitutes conduct in furtherance of a protected strike or amounts to a protected disclosure, dismissal may not be permissible.
An interesting Labour Court case, Beaurain v Martin NO & others (2014), explored the possibility of posts on Facebook constituting protected disclosures. In this case an employee, Mr Beaurain, was employed by Groote Schuur Hospital. During his employment he raised various complaints regarding health issues at the hospital. Each complaint was investigated and he was informed that the complaints were without merit. Getting no joy from the hospital, Mr Beaurain started posting his complaints on Facebook among others.
In about June 2009, the head of Mr Beaurain’s department addressed a letter to him to inform him that he was to stop posting his claims pertaining to health risks at the hospital, on social media. Mr Beaurain did not heed this instruction and continued to post about these so-called health risks. This resulted in a further letter in which was given a final instruction to stop the conduct.
Notwithstanding this Mr Beaurain posted “the management of [the] Hospital are currently in the process of licking the doors to the filthy toilets in the service areas of the hospital. The locked toilets will then be inaccessible to most people. But the majority of these toilets are still very filthy. Most of these toilets are still in such a terrible state of disrepair that it is impossible to flush the waste way. These filthy toilets are causing foul air to enter the air conditioning system and be pimped into the hospital wards. I took the pictures of the toilets in this album on Friday, 9 October 2009. The management of [the] Hospital do not succeed in seeing to it that the engineering department at the hospital fix these 15 toilets that are locked up and hidden away in the services areas of the hospital. I suspect that most of the managers at [the hospital] just do not care.”
Pursuant to this Mr Beaurain was charged with gross insubordination and dismissed. Mr Beaurain referred a dispute to the Labour Court wherein he claimed that he had been dismissed pursuant to making a protected disclosure.
The Judge considered the evidence before him and held that, “In the evidence before me, Dr A made it clear that the problems with the toilets on the interfloor area – that were not being used by patients or visitors – did not pose any health risk. It could not lead to the spread of bacteria through the air-conditioning system. Dirty toilets could post a health risk if users physically touched them and then touched other surfaces, but this was not a concern that arose in this case. The applicant’s belief, on the evidence before me, was not reasonable.”
The Judge went on to state that information that the toilets were in an unsanitary state does not fall within the ambit of the Protected Disclosures Act.
Although, ultimately, the court found that Mr Beaurain’s posts on social media did not constitute a protected disclosure, what is interesting is that the Judge entertained the possibility of a protected disclosure being made on social media.
The court did, however, emphasize that an objective of the Protected Disclosures Act is to provide procedures in terms of which an employee can disclosure information in a responsible manner. That information should be disclosed in a responsible manner balances the employer’s interest in protecting its reputation against the public interest in disclosure of irregularities.
Although, ultimately the posts on Facebook were found not to be protected disclosures, that social media posts may constitute protected disclosures was not ruled out. The court stated that “publishing the allegations on the Internet is unlikely to solve the perceived problems … it was unnecessary to publish to the international community, who could do little to help. The Internet is, unlike the press, not subject to editorial policy: there was no prospect of a moderator contacting the hospital for its side of the story so that the public be given a balanced perspective. The publication was therefore unfair as well as unreasonable. And, as I have set out above, the employer had investigated and adequately responded to the health concerns; the quality concerns were in hand and receiving attention.”
Mr Beaurain’s dismissal was found to be fair.
The CCMA determined a dispute pertaining to dismissal for social media misconduct in Sedick & another v Krisray (Pty) Ltd (2011 CCMA). Here, an operations manager and a bookkeeper were regular and enthusiastic Facebook users. Both were employed by a family-owned and managed business.
During the course of 2010, additional family members where brought into the company in order to gain experience. The two employees in question became disgruntled at the strong family presence within the business and the perceived special treatment of family members. They posted derogatory comments on their respective Facebook walls pertaining to the director and management. The comments were predominantly posted outside of working hours on personal devices and were not a flattering portrayal of the company and its management.
While no-one was named, the employees made use of pseudonyms which were all but transparent. Unfortunately for these employees, the marketing manager (who was the owner’s daughter) joined Facebook and navigated to the employees’ profiles in order to send them friend requests. When she accessed their respective profiles, it became apparent that they did not have any privacy settings in place. Accordingly, the marketing manager could see all of their wall posts including those pertaining to the company and its management team. Screen-shots of the employees’ profile pages were taken and the posts were reported to the company.
The situation was exacerbated by the fact that the two employees engaged their subordinates in the Facebook conversations and former employees of the company also commented negatively on the wall posts. Since there were no privacy settings in place, the entire content of the feeds was open to the public and potentially to the company’s clients to see.
The employees were charged with misconduct for, among others, bringing the name of the company into disrepute in the public domain. A disciplinary hearing was held and the employees were dismissed. In the CCMA arbitration that followed, the bookkeeper alleged that her posts had been a means for her to vent her emotions and that they were nothing more than innocent banter. The Commissioner disagreed.
A more serious allegation was raised by the operations manager who argued that her right to privacy had been infringed as the employer had accessed her Facebook profile without her consent. She further alleged that she did have privacy settings in place on her Facebook profile and that her employer had accessed her account illegally. The Commissioner gave a detailed account of the workings of Facebook and the array of privacy-settings available on the platform. The operations manager eventually conceded that she did not have any privacy-settings in place at the time her posts were accessed.
The Commissioner considered the Regulation of Interception of Communications and Provision of Communication-related Information Act (the Interception Act) which governs the circumstances in which someone may lawfully intercept the contents of a communication to which he or she is not a party.
The Interception Act provides, among others, that an interception of a communication will be lawful where a party is deemed to be a recipient of the communication or where a party who is a recipient of the communication has consented to its being intercepted. The Commissioner held that, in the present instance, any person using the Internet would qualify as a recipient of the comments posted on the employees’ Facebook profiles. This conclusion was drawn on the basis that the Internet generally constitutes the public domain.
More specifically, since the employee’s communications were not privacy protected they had waived their right to privacy and the posts fell wholly within the public domain. The Commissioner was satisfied that the company had legally read, downloaded and printed the Facebook posts and that the posts accordingly constituted admissible evidence.
Considering the employees’ positions within the company, what they had written, where they had posted the comments, to whom these comments were directed and to whom they were accessible, the Commissioner confirmed that the posts were capable of bringing the company’s good name and reputation into disrepute. The employees’ dismissals were therefore upheld.
In Media Workers’ Association of SA on behalf of Mvemve and Kathorus Community Radio, the employee worked at a local community radio station as a content manager. He posted comments on his Facebook profile which were critical of the organisation’s Board and of its station manager, whom he alleged was engaged in criminal activity. It appears that, in this instance, the employee’s Facebook profile was unprotected. The employee was requested to issue a public apology on Facebook, which he refused to do. The employee was subjected to a disciplinary hearing and dismissed.
In the ensuing CCMA arbitration, the Commissioner did not consider the employee’s right to privacy as no infringement of this right was alleged. The Commissioner based his decision on the fact that the employee had tarnished the image of his employer by posting unfounded allegations on Facebook without addressing his grievances internally. The employee’s dismissal was upheld.
Smith v Partners in Sexual Health (Non-Profit) (CCMA 2011) concerned an employer who had obtained access to an employee’s private internet-based Gmail account. Internet search engines, such as Google, offer free email account hosting services to users who sign-up for these services. People can only access their email accounts once they have created and verified usernames and passwords that enable them to log into and out of the account.
Notwithstanding these default privacy protections, the account offers an automatic sign-in function to users once they have been registered. This feature allows parties to bypass the requirement for usernames and passwords by taking them directly into email accounts. In effect, the user is permanently logged onto his or her email account and needs merely to open an internet browser to access it.
The employee was employed as an administrator by the company. The company set up a business Gmail account in order to correspond with donors and sponsors, and to attend to general administrative matters. The employee was responsible for co-coordinating the company’s correspondence on the Gmail account. The employee also had a private Gmail account which she accessed intermittently from the company’s computer. The employee used the automatic sign-in feature for her account.
While the employee was on leave, the CEO accessed the employee’s work computer and logged into what was ostensibly the company’s Gmail account. Upon accessing the account, the manager was inadvertently taken into the employee’s personal account. Here the CEO discovered correspondence between the employee, third parties and former employees of the company, pertaining to the company’s confidential internal affairs. These communications also referred to the CEO in derogatory terms.
The employee was charged with material breach of contract, insubordination (insolence) and insulting behaviour, and bringing the name of the company into disrepute. The company alleged that the employee’s comments were so severe that the trust relationship had been irreparably damaged. A disciplinary hearing was held and the employee was dismissed.
In the ensuing CCMA arbitration, the employee alleged that her emails had been obtained in violation of her right to privacy and in contravention of the Interception Act. The Commissioner considered whether the employee had waived her expectation to privacy when she elected to use the automatic sign-in feature. This possibility was dismissed by the Commissioner who noted that the contents of a private internet-based email account differed materially from the content on social networking sites where access to the public was generally unrestricted by default and readily accessible.
The Commissioner drew a distinction between the Gmail account and an email account which is established on a personal or work computer. The Commissioner confirmed that, notwithstanding that an employee may use an employer’s property to access a Gmail account, the message is nonetheless stored on a server which is owned and administered by Google.
In such cases, an employer cannot claim ownership of or access the content in the Gmail account since the service contract for the account is concluded between Google and the individual. In contrast, the Commissioner observed that when an email account is established and located on a personal or work computer, the message will be downloaded from the main server and stored on the user’s hard drive or a local server. In such an instance, the email has a physical presence on the computer. Thus, arguably, the employer is entitled to access it. The Commissioner conceded that, had the employee downloaded her Gmail emails onto the employer’s computer, the employer may have had a claim to such emails.
The Commissioner considered the date stamps on the email printouts provided by the employer and found that only one of the emails produced as evidence at the arbitration had been printed on the day that the CEO accidentally accessed the employee’s account. The rest of the emails had been printed on different dates and, as such, the Commissioner concluded that the company must have accessed the employee’s account subsequently in a deliberate attempt to obtain printouts of the emails. In doing so, the employer had breached the provisions of the Interception Act and the employee’s right to privacy.
The Commissioner confirmed that any evidence which is based on a breach of a constitutional right will only be admissible if it is justified by the provisions of section 36(1) of the Constitution. The Commissioner held that, in the present instance, there was nothing to justify a limitation of the employee’s right to privacy through the employer’s interception of her communications. As such, all of the emails were inadmissible except for one. The Commissioner concluded that on the substance of the one email which was lawfully before the CCMA, the employee’s dismissal was substantively unfair.
Other laws that may be relevant when dealing with complaints regarding social media misuse or abuse relate to protection from harassment, prevention of unfair discrimination, electronic communications and transaction, RICA, copyright, advertising standards and consumer protection.
A social media strategy is key to mitigating the risks for companies. Thereafter it is imperative that a social media policy, setting out social media dos and don’ts, is developed and implemented. Staff training is important as is ensuring that the company has appropriate enforcement mechanisms.
(This article is provided for informational purposes only and not for the purpose of providing legal advice. For more information on the topic, please contact the author/s or the relevant provider.)
Social Media Law articles on GoLegal
- The impact of the Cybercrimes Act on electronic communication and service providers
- Maintaining compliance with the Protection of Personal Information Act – Part 1: Application and Exceptions
- The newly enacted Cybercrimes Act and what it means for South Africans
- POPIA Alert: When does public interest trump your right to privacy?