A single post can turn into a companywide crisis in minutes. In his recent webinar, Social Media & the Law, labor and employment attorney Michael Elkins explained how social media activity—from an employee’s seemingly harmless TikTok to a CEO’s ill-advised Instagram story—can trigger lawsuits, government investigations or viral outrage that damages a brand overnight. For HR professionals, managing these risks is now a core part of the role.
Why HR needs to lead social media risk management
Today’s HR teams aren’t just handling payroll and policies; they’re also coordinating legal, PR and crisis management when online activity involves the workplace. Social media can serve as evidence in harassment or discrimination claims, spark retaliation allegations and, under the National Labor Relations Act (NLRA), fall under protected speech if it involves working conditions or wages. That means HR must be able to spot potential legal issues before reacting to an employee’s post.
Key risks to watch for
- Evidence in lawsuits. Posts can support or undermine harassment, discrimination or retaliation claims.
- Protected activity. Complaints about workplace conditions or wages may be protected under the NLRA, even if posted online.
- Confidentiality breaches. “Day in the life” content can accidentally expose trade secrets or client information.
- Off-duty conduct protections. State laws in places like California, Colorado and New York can limit how employers respond to personal posts.
Building a compliant and enforceable policy
A well-written social media policy can help set clear expectations while protecting against legal pitfalls. Overly broad rules, like “never post anything negative about the company,” can run afoul of the NLRA by chilling protected speech.
Best practices for policy drafting
- Be specific. Prohibit harassment, hate speech and disclosure of confidential information; avoid vague bans on “negativity.”
- Clarify scope. Define how the policy applies to on-duty vs. off-duty activity, and note any state-specific considerations.
- Include a rights disclaimer. Reference employees’ NLRA rights to engage in protected, concerted activities.
- Reinforce confidentiality agreements. Outline what constitutes trade secrets or sensitive business information.
- Add reporting and enforcement procedures. Make it clear how violations will be reported, investigated and addressed.
Responding to viral incidents without making them worse
When a social media incident gains traction, speed matters—but so does precision.
- Pause and gather facts. Preserve posts, screenshots and messages before they’re deleted.
- Assess the legal landscape. Determine if the content is protected speech or subject to state law protections.
- Coordinate with PR and legal. Align messaging to protect both brand and legal standing.
- Communicate internally. Address concerns without publicly discussing disciplinary actions.
A disjointed or overly defensive response can deepen reputational damage. Unified, values-driven messaging—balanced with legal caution—helps maintain trust with employees and the public.
