Threat Intelligence Blog

by Tobias Losch, GLEG

In this blog series on social media and online monitoring, we’ll discuss five best ways for companies to address compliance regulations – and protect their organizations – while respecting employee and third-party privacy concerns.

In our previous posts, we discussed why companies need to find a balance between a legitimate interest in finding misbehavior and meeting compliance requirements with expectations of privacy, along with why you need to set objectives and clear boundaries. In today’s post, we’ll examine the need for transparency and a social media policy.

3. Strive for Transparency

General policies around online monitoring should be addressed in a transparent and reasonable manner. While it may be difficult or not even advisable to describe scope and objectives in an enumerated fashion, the boundaries of monitoring efforts should be stated clearly – and respected. Tell your employees what you’re monitoring and why. Used wisely, transparency is a shield much, much stronger than any team of defense lawyers.

4. Develop a Clear Social Media Policy, and Update it On a Regular Basis

A conflict that never materializes is better than a conflict resolved. Companies should have a formal social media policy, both to provide guidance and to protect from liability and operational risks. Any policy should be reviewed and updated regularly in order to ensure it is still useful and appropriate. Consider how industry guidelines may impact your business, such as those recently issued by the FDA and the FFIEC.

As employees utilize social media for both personal and corporate marketing purposes, there is the potential for numerous labor law issues. The law surrounding this medium is still evolving. It is important to stay abreast of this ever-changing body of law and develop a social media policy that will withstand these changes.

Much of the conduct that companies would logically punish falls under federal labor laws, and an employer could be compelled to appear before the National Labor Relations Board (“NLRB”) to defend its actions. Some nonunion employers may be surprised to know that they are subject to NLRB’s jurisdiction, and that their policies must comply with the National Labor Relations Act.

In our next and final post, we’ll take a look at why you may wish to consider using a third-party monitoring service.


The author received his legal education at the University of Göttingen (GER), practiced law previously as an attorney in Germany, and is GIAC certified for Law of Data Security & Investigations. He serves as a leader of Cyveillance’s Global Intelligence Team. Disclaimer: This blog post is a general reflection of certain topics and is not intended as a comprehensive discussion of the law. It does not constitute legal advice for any particular situation. If you need specific legal advice, please consult your own counsel.

Additional Posts

The Heartbleed Bug: Cutting Through the Noise

As a trusted security partner, our phones have been blowing up the past 24 hours with clients ...

Social Media Monitoring and Compliance: Five Best Ways to Navigate Complexity in the Workplace, Part II

by Tobias Losch, GLEG In this blog series on social media and online monitoring, we'll discuss five ...