Home

Think twice before you tweet

By Samiksha Singh, Director, Employment, Cliffe Dekker Hofmeyr

 

In the age of social media, the line between business and personal interests is blurred and it has become increasingly important to evaluate the potential consequences not only on your personal profile but also on the profile of the brand, institution or company that you associate yourself with.

 

Social media has recently been set ablaze with controversial and inappropriate remarks and the consequences have been far reaching.

 

In the employment context, while there are several cases which confirmed the fairness of dismissals of employees who made disparaging comments about their employers or colleagues on social media, the recent events raise the question as to whether an employee can be appropriately disciplined and possibly dismissed for making inappropriate remarks on social media even if the remark is not related to his or her employment.

 

Can inappropriate conduct on social media, which is not related to the employment of the author, constitute misconduct outside the workplace?

 

While it may not be the conventional nature of an act of misconduct, the age of social media and technological advancement has changed the way in which we communicate and engage with other individuals and with the public. In his South African Social Media Landscape Report, 2014, Arthur Goldstuck, states that:

 

“Employees active in social media are becoming brand ambassadors for their respective brands, often outperforming the brands themselves on social media…”

 

It is important to note that the ‘brand ambassadors’ of a company are not confined to a list of the marketing and public relations employees of the company but every employee of the company becomes a brand ambassador as they in some way or the other publicly display their association with the company. For instance, employees who update their Facebook or LinkedIn profiles to indicate their employment with the company, display their association with and are brand ambassadors of the company much in the same manner as employees who deal directly with customers and the public as outlined in the course and scope of their employment.

 

Accordingly, while employees should ensure that they positively influence public perspective in order to take the brand of their employer forward, employers must take proactive steps to ensure that they are protected from any actual or potential reputational damage caused by inappropriate or unsavoury remarks made by their brand ambassadors. The moment that a comment or remark is posted online, there is no turning back. Posts can be shared instantaneously and screen shots of posts are generally saved for future use. Therefore the ability to delete unsavoury posts and even the author’s account, does not create a guarantee that the actual post will be deleted from virtual or actual reality.

 

According to many of the UK Judgments relating to social media misconduct, the Courts have held that it is not necessary to prove actual damage to the reputation of the company, but that it will be sufficient to show that certain remarks have the potential to cause reputational damage.

 

There are no reported Labour Court judgments in South Africa which deal with the dismissals related to online misconduct outside the workplace. Our Courts will therefore look to the precedent set by the tribunals and Courts in the UK and the decisions by the UK courts will set the trend on how our Courts deal with this new but rapidly advancing issue.

 

In the case of Weeks v Everything Everywhere Ltd ET/2503016/2012, the UK Employment Tribunal was required to deal with an unfair dismissal dispute which arose out of the employee’s misconduct on social media. While the misconduct related to comments about the employee’s workplace and colleagues (these similar cases have already been dealt with by the CCMA in South Africa), the Judge made an important comment about privacy and online misconduct as follows:

 

“many individuals using social networking sites fail to appreciate, or underestimate, the potential ramifications of their ‘private’ online conduct. Employers now frequently have specific policies relating to their employees’ use of social media in which they stress the importance of keeping within the parameters of acceptable standards of online behaviour at all times and that any derogatory and discriminatory comments targeted at the employer or any of its employees may be considerable grounds for disciplinary action. There is no reason why an employer should treat misconduct arising from the misuse of social media in any way different to any other form of misconduct.”

 

It is therefore highly likely that our Labour Courts, in addition to following the UK case law on social media misconduct, will follow our own case law in respect of misconduct committed outside the workplace. In the matter of City of Cape Town v SA Local Government Bargaining Council & Others (2011) 32 ILJ 1333 (LC), the Labour Court upheld the dismissal of a senior employee who was found to be party to the fraudulent issuing of a drivers licence. The Labour Court found that the dishonest conduct of the employee went to the heart of the employment relationship and was essentially destructive of the employment relationship.

 

Employers are advised to implement stringent social media policies which deal with all eventualities relating to online behaviour and to ensure protection against potential or actual reputational damage to the company.

 

For more information please contact Samiksha Singh at

Article published with the kind courtesy of Cliffe Dekker Hofmeyr www.cliffedekkerhofmeyr.com

 

POPI and consent - don’t get caught in your own net

By Gillian Lumb, Director, Kara Meiring, Candidate Attorney, Cliffe Dekker Hofmeyr

 

2020 has given rise to many challenges for employers. The Protection of Personal Information Act 4 of 2013 (POPI) poses yet another challenge. Employers have a grace period of one year as of 1 July 2020 within which to ensure their compliance with POPI. 

 

POPI distinguishes between the collection, storage and processing of personal information and special person information. Special personal information includes e.g. an employee’s race or ethnic origin, health or sex life, religious or philosophical beliefs and trade union membership. Securing an employee’s consent is one of the basis on which an employer can lawfully process both general and special personal information of its employees.

 

It is crucial for employers to understand the meaning and interpretation of consent within the context of POPI. While employers may hope for a “quick fix” to ensure compliance and trust that including a broad, “catch all” consent in employees’ contracts of employment will be suffice – this may not prove to be adequate in every instance. A general consent may be sufficient to cover some of the personal information that will be processed during the course of an employee’s employment, however employers should be aware of the risks associated with relying on blanket consents in every instance. 

 

Section 1 of POPI defines consent as “any voluntary, specific and informed expression of will in terms of which permission if given for the processing of personal information”. Written consent is not expressly required. However, it will be for the employer in its capacity as responsible party to show that it has secured an employee’s consent where it is relying on consent. In the circumstances it is advisable for employees’ written consent to be secured. 

 

The requirement that consent be voluntary, specific and informed means that there should not be any pressure or force placed on an employee to consent. The employee should also be sufficiently aware of the content of the processing given the requirement that the consent is informed.

 

The Information Regulator has yet to give guidance on the interpretation of consent in terms of POP. In all likelihood it will have regard to the General Data Protection Regulation 2016/679 (GDPR) which requires that the consent is unambiguous and must be given by a clear affirmative act. It may well be that the Information Regulator interprets consent restrictively in keeping with the GDPR.

 

In the circumstances clauses relating to the processing of personal information in employees’ contracts of employment which are aimed at securing employees’ consent to the processing, should at minimum set out the nature and scope of the personal information that is to be processed, the reason for the processing, consent to further processing, consent to collection from a source other than the employee and consent to the transfer of the information. The employees must be able to understand in clear language what they are consenting and the extent of the consent. Where necessary provisions should also be made specifically for the processing of special personal information.

 

Employers should bear in mind that POPI does not demand consent in every instance and that processing may take place without consent where e.g. the processing is required in terms of law, or for the purposes of protecting a legitimate interest of the employee.

 

Employers will need to determine on a case by case basis whether the processing which they wish to conduct falls within the scope of the consent which they may have secured from an employee in his or her contract of employment or whether they will need to rely on one of the other basis set out in POPI. 

 

Both special and general personal information may be processed lawfully if the processing is necessary for the “establishment, exercise or defence of a right or obligation in law”. This would cover instances where e.g. an employer processes employees’ personal information to comply with its obligations under the Employment Equity Act.

 

An employer can process general personal information without an employee’s consent where such processing either protects a legitimate interest of the employee, or is “necessary for pursuing the legitimate interest of the responsible party or of a third party to whom it is supplied”. While the term “legitimate interest” is not defined in POPI, it is likely that the Information Regulator will seek guidance from the GDPR in this regard. The GDPR has established a three-pronged test in interpreting “legitimate interest” which considers purpose, necessity, and balance. It first asks, “Is there a legitimate reason or purpose for the processions?”, secondly “Is processing the information necessary for that purpose” and thirdly “Is the legitimate interest overridden by the interests of the data subject?

 

A determination is made as to whether there is a “legitimate interest” for the purposes of processing personal information based on the answers to these three questions.

 

So as not to fall foul of the provisions of POPI it is recommended that employers develop internal policies that will assist them in determining whether in each instance, personal information to be processed is covered by the general consent clause in an employee’s contract of employment alternatively, by one of the other basis for lawful processing. In the absence thereof, the employer will need to prepare and secure a further consent from the employee.

 

For more information, please contact Gillian Lumb at   

Article published with the kind courtesy of Cliffe Dekker Hofmeyr www.cliffedekkerhofmeyr.com

 

 

 

 

 

Courses and Workshops

 

                   

 

The OHS Act and the Responsibilities of Management

03 December 2020 (08:30 – 16:00)

Interactive Online Course

 Our Clients 

 

Android App On Google Play

Android App On Google Play