Social media is a part of daily life. For many people, using apps like Facebook, Instagram and BeReal to share updates and photographs online throughout the day has become second nature – even if they’re at work.
Employers should consider what social sharing at work really means, and if sensitive data could be at risk.
In this article Alex Craig, head of data protection at Muckle LLP, explains how using social media apps at work could pose a potential personal data breach for employers.
The compliance risks of social media
The Information Commissioner’s Office (ICO) regularly shares various enforcement action it’s taken against high profile companies for non-compliances with UK data protection legislation. Common cases arise when a company has incurred a personal data breach while carrying out their contracted services.
However, what happens if the individual consumer creates a personal data breach using a company’s service?
This is something that has been highlighted by the social media app “BeReal” where individuals are randomly notified during the day to take a photo using both the front and back cameras on their phone within a two-minute window.
What is BeReal?
The purpose of the app is to capture individuals’ photos off-guard to appear more “real” than photos they may share on other social media platforms.
As well as a photo of the individual, the photo taken with the back camera could be a meal they’ve just cooked, a TV show they’re watching, or their computer screen at work.
But as the app grows in popularity, do we need to be more careful what we post when we’re working? Or is zooming in on your friend’s work computer just innocent fun?
Breach of confidentiality
Individuals have admitted to sharing photos of their computer screens at work which poses a potential personal data breach for the employer if the photo includes data relating to an identifiable individual.
An individual may be in breach of confidentiality should the information present on their computer screen contain confidential company information. This may lead to potential disciplinary action.
Social media policies
Given the complications that may arise from both a data protection and employment conduct perspective, employers have acted by implementing internal social media policies on the acceptable personal use of social media in the workplace to uphold data protection standards and general company management confidentiality.
An outright prohibition on taking or posting images of the workspace gives employers a clear route to action the employee’s potential misconduct should a breach arise.
For the individual BeReal user, for example, the focal point is determining whether the post could have a negative impact on themselves and anyone or anything captured in the photos. For the company, it’s a matter of considering whether they have the necessary policies and procedures in place to manage the use of personal social media in the workplace.
Data protection advice
Our data protection team can support with bespoke advice about specific types of policies and procedures to assist in dealing with situations like this.
If you have any queries, please do not hesitate in contacting us.