Digital Transformation

Businesses urged to be careful with social networking posts

Data protection laws could be broken if companies let their staff write whatever they like on social media.

Businesses have been warned to be careful about what they post on social networking sites after the Information Commissioner’s Office (ICO) issued new guidance about data protection.

The paperwork, published on the organisation’s website, relates to portals like Facebook as well as online forums and covers companies that encourage their staff to post comments for commercial purposes, reports.

It explains that even if employees are commenting on individuals to express personal views, the fact that they are doing so for commercial reasons means they need to comply with the Data Protection Act (DPA).

This would still be the case even if the company has asked workers to follow social media through their personal pages, as they are acting on behalf of the organisation.

"The processing is for the organisation’s corporate or organisational purposes, not for the purposes of the employee’s personal, family or household affairs," the ICO states.

An exception would be if the employee had not been instructed to carry out marketing and promotional activity via social media, but followed his or her company and posted comments purely for personal enjoyment.

"If an organisation does decide to use social networking sites then it must ensure that it complies with the DPA," the ICO warned.

Where personnel use one social media account for both business and personal use, posts must be carefully checked for compliance with the DPA in the event that they are not made for purely domestic or recreational purposes.

Kathryn Wynn of law firm Pinsent Masons said: "Businesses need to be more careful than ever about who they authorise to use social networks and train staff and have clear policies about what would be considered unacceptable use."

It comes after a poll by the ICO and London Economics found that 82 per cent of companies are unable to quantify their current spending on data protection, with 87 per cent of respondents saying they could not provide estimates on future expenditure.