Social Media Regulation: The Line Between Privacy and Protection

The debate over how much responsibility social media companies should have when it comes to regulating or policing what users post continues, particularly in the past year or so. Big tech has faced no shortage of criticism over its failure to curb the proliferation of pandemic misinformation, not to mention accusations that social media platforms like Facebook and Twitter fostered and galvanized an online movement that led to the Jan. 6 insurrection at the U.S. Capitol building.

But for every voice pushing for tighter restrictions under Section 230 of the Communications Decency Act, there’s an equal level of pushback arguing that these regulations violate the First Amendment and protected free speech. In parallel, employers are facing similar quandaries when it comes to regulating social media use among their employees–and they can’t just ignore it. Organizations have to evaluate this issue and they have to take it seriously.

That said, you can’t institute a complete ban on social media use–there are real privacy and personal freedom issues at hand that must be balanced.

Why Employers Must Consider Regulating Social Media

It’s clear that social media companies must have a certain level of responsibility over the content users post and provide better security for users–but it’s also clear that reaching an agreement on this at the federal level will be an uphill battle. In the meantime, employers (non-social media companies) can’t just wash their hands of responsibility and assume that the platforms will take care of it. In this day and age, a corporate social media policy is a must.

Your employees’ social media behavior can reflect poorly on your company and create security vulnerabilities. We’ve seen countless examples of people being fired for their social media posts–especially those deemed racist, harassing or similarly distasteful. Companies don’t want to take the risk of being associated with the people who made such posts because it can cause significant reputational damage.

There’s also the matter of employees posting sensitive information about their employer or customers, including financial information or other private matters. Sharing publicly about a client win before it’s been announced, publicly announcing illegal drug use or intoxication or venting about how much a person hates their current job seem like obvious no-no’s, but people still do it.

Finding the Balance Between Personal Freedom and Corporate Safety

So, what can you regulate in terms of your employees’ social media use? And what should you be focused on? How do you find the balance? The National Labor Relations Board has focused heavily on social media use and related policies in the last few years, and employers who discipline workers for their social media posts can run afoul of the National Labor Relations Act–though the NLRB’s rulings have been mixed in terms of what type of posts are protected and which aren’t.

There’s no easy answer, and it’s getting harder. A 2018 Gartner report found that of 239 large corporations, half were monitoring the content of employee emails and social media accounts. But with the rise of remote work, corporations have less visibility into–and manageability of–the cybersecurity of its workforce, because so many people are now working from home on their own personal wireless networks. And they’re using phones and laptops for both work and personal use. Employee-owned smartphones have business apps; work-issued laptops are used to access employees’ personal Facebook accounts and so on.

But employers can’t just ban the use of social media altogether. Not only would this be a major overreach in terms of personal liberties, but the fact is, social media use can actually be helpful for a company. Development of individual brand and reputation can also extend to the company’s reputation when done in a positive way.

Personal Security Is Corporate Security

In this digital mashup of personal and private, professional and public, companies have to take their employees’ personal security to heart. It is critical for organizations to incorporate employee cybersecurity guidelines and best practices to improve not only the employees’ digital hygiene and personal security, but also the company’s security. This is a challenge to manage as a corporation, because employees still have individual rights, including the right to freedom of expression.

That’s why having a detailed policy in place is essential. Companies can’t simply wash their hands of the issue and let employees dictate their own use of social media. Organizations must have some well-documented corporate policies on what employees can and can’t do. It’s not necessarily that people are trying to do something malicious when they use social media; most just don’t know what is acceptable to their employers and what isn’t.

Companies need to take the responsibility to educate their employees on what social media practices create vulnerabilities. They need to provide detailed guidelines, policies and recommendations to their employees about how to stay protected. This includes training on how to use digital resources in ways that don’t damage their employer and keep everyone safe from both reputational harm and cyberattack. This training needs to be done on a continual basis, with regular reminders to employees of these policies.

These policies have to go beyond simply telling employees what they can and can’t do on behalf of the company. It has to entail all of the things above and really make it meaningful so that employees come away with a better understanding of the potential security risks social media can pose to the company and to themselves.

Don’t Fail to Plan

Whether or how social media companies and platforms will be regulated (from a federal standpoint) remains to be seen–and how that is balanced with personal freedoms and privacy is likely to be a long-term conversation. You can’t wait for these regulations to be handed down from the federal level before taking action to protect your own organizations. Your employees’ social media use can have a major impact on your company, not only reputationally but from a cybersecurity perspective, too. By having a detailed plan in place that weighs these risks with personal privacy rights, you’re headed in the right direction.

Avatar photo

Aaron Barr

Aaron Barr is the Chief Technology Officer and Co-Founder of PiiQ Media and a recognized expert in information operations and exploitation, social engineering, open source intelligence, and digital covert operations. He has 25+ years of experience supporting information security and U.S. intelligence organizations, with an emphasis in information warfare and influence. Previously, he served in roles including program manager, technical director, and as a lead engineer for a major defense contractors' cybersecurity integration group. In his career, he’s also led technical operations programs for three separate U.S. intelligence agencies. Aaron is currently focused on developing individual and organization risk mitigation products and solutions for information exposure and exploitation created through social media and other digital services.

aaron-barr has 1 posts and counting.See all posts by aaron-barr