Managing the Risks of Employee Blogs

01 February 2007 Publication
Authors: Eileen R. Ridley

Midwest In-House

By Eileen Ridley and Marcheta Leighton-Beasley

The age of the information superhighway has provided extraordinary opportunities for people to communicate with one another and obtain exchange information. Recently, one of the more popular methods of discourse on the Internet has been blogging, which has not only provided individuals with a forum to express their views, but has also been credited as reviving moribund journalistic sources.

A “blog” (short for “web log”) is a website where entries are made in journal style and may combine text, photographs, videos and links to other websites. Blogs number in the millions and often contain personal online diaries while permitting visitors to provide comments regarding the content of the blog.

Generally, blogs are accessible to anyone with Internet capabilities, although there are some blogs internal to organizations and only specified users have access to them.

A unifying attribute of blogs is that they encourage candor, criticism and interactive discourse. At present, no laws specifically regulate blogging.

As blogging has increased, so have the potential risks associated with the practice. These risks are both commercial and employment-related and any savvy business enterprise should consider both the benefits and risks that come with blogging.

Companies may benefit from the use of blogs as they are a very efficient method to communicate with market targets and engage in active discourse with present and potential customers.

However, companies must also grapple with the associated risks of the practice and must integrate the existence of blogs in their policies related to electronic communications and data protection. Blogs are multiplying at an enormous rate and it will be the rare company that is not affected in some way by their popularity.

Business risks
Given the breadth of the potential audience of blogs, the possible business risks are equally large. These risks include the unauthorized disclosure and/or use of trade secrets, trademarks, copyright or other confidential or proprietary non-public information. Indeed, additional risks exist if present or former employees create personal blogs containing sensitive business information regarding a potential sale of the company or termination of a principle officer.

Such revelations could expose the company to liability in a variety of forms including “insider” information liability from the Security and Exchange Commission. Similarly, privacy laws aimed at protecting customer consumers’ personal information may be violated if a blog reveals any such information to the public.

Faced with such breaches, a company must consider how to best to respond to the revelation. If legal recourse is to be taken, the company must evaluate weigh the considerable cost of protecting such information with against the value of retaining the proprietary nature of the information disclosed.

It should be borne in mind that more and more bloggers are endeavoring to create their sites anonymously. Indeed, there are websites available which purport to instruct would-be bloggers how to best to cloak their identity. Such practices, of course, result in higher litigation expenses as a company seeking to protect its proprietary information will have to invest resources to trace the source of the information.

When dealing with these issues, the courts usually have to weigh the company’s business interests with the purported Constitutional rights of the blogger under the First Amendment.

An example of this tension is found in Apple Computer, Inc. v. Doe 1, 33 Media L. Rep. (BNA) 1449, 74 U.S.P.Q.2d 1191, 2005 WL 578641 (Cal.Sup.Ct. Trial Div. 2005) (Apple). In Apple, specifications and other information regarding a new, unreleased Apple product was placed on a blog, which was not authorized or sponsored by Apple. Apple sought to remove the content from the blog and to learn the identity of the anonymous authors. The authors resisted Apple’s legal efforts citing their First Amendment rights and the fact that they were journalists for a high-tech publication.

The court permitted the revelation of the authors’ identities, noting that, while they certainly benefited from the Constitutional right of free speech, that right was not absolute. It certainly did not include the right to break the law through speech violating trade secret laws. The fact that the authors were journalists did not alter the court’s decision.

A similar result in the copyright context can be found in Los Angeles Times v. Free Republic, 28 Media L. Rep. (BNA) 1705, 54 U.S.P.Q.2d 1453, 2000 WL 565200 CC.D. Cal. 2000). Free Republic operated a blog that posted verbatim copies of Los Angeles Times’ articles and provided the ability for bloggers to comment upon those articles.

The Los Angeles Times argued that Free Republic should not be permitted to post such copies because infringed on its copyrighted works, which, in turn, constituted its core business enterprise.

Free Republic contended it should be permitted to post verbatim copies of the articles in order to obtain relevant comments given that such activities were protected under the “fair use doctrine.” However, the court ruled Free Republic could not merely post copies of articles since that infringed on the Times’ business enterprise – especially given Free Republic’s ability to affect its purpose through other means.

Other than affirmatively seeking to remove blog content, businesses should also consider blogs in the context of their efforts to protect the proprietary nature of their intellectual property.

For example, in order to protect both trade secrets and trademarks in court, a business must establish that it has taken significant efforts steps to protect the secrecy of the material. Often, a company will routinely make searches of public sources to confirm its proprietary information has not been made public. As of late, these searches often include websites. However, they should also include a blog search in order to establish the company’s complete effort to protect its information.

Employment risks
In addition to business risks, companies face potential employment risks from blogging including defamation, discrimination and harassment claims. This is particularly true if the company has either sponsored a blog or benefits from it.

An example of this sort of liability is in Blakey v. Continental Airlines, Inc., 164 N.J. 38 (June 1, 2000). In Blakey, Continental Airlines’ pilots were given a software package allowing them to communicate with each other through posts (similar to blogs). A female pilot brought suit against Continental claiming harassment and discrimination, and a number of male pilots posted comments on the lawsuit and the female pilot.

The female pilot contended these comments were attributable to Continental and were therefore actionable. Continental argued that it did not sponsor the site and therefore should not be held potentially liable for the comments made on it.

The court said that to be liable, Continental need not have sponsored the site – rather, all that needed to be shown was that Continental benefited from it. Thus, the court in Blakey applied a very broad test to determine if a company might be held vicariously liable for comments made by its employees on blog sites.

Company response
To the extent companies address the potential exposures posed by blogging, they should do so in a consistent manner. Upon learning of potential liability from blogs, a company should assess the cost of addressing the blog content, recognizing that if the blogger is an employee, the company cannot discipline that individual if the blog content is a protected activity (e.g., union organization, complaints of discriminatory conduct, etc.).

Moreover, companies should include blogging in their electronic media policies. Such policies should include the following elements:

  • No unauthorized disclosure of trade secrets, trademark, copyright or other confidential, proprietary non-public information;
  • No unauthorized use of the company’s name, logo, or slogans;
  • No blogging on company time;
  • No disparaging, threatening, harassing or other inappropriate content about the company or its employees;
  • A statement that the views expressed are those of the author and not the company’s;
  • Violation of the policy may subject the employee to disciplinary action, up to and including termination;
  • Blogs are subject to the company’s electronic data communication policies and may be monitored by the company;
  • A statement that employees are responsible for the content of the blog, including any actual or alleged violation of laws such as privacy, confidentiality, trade secret and copyright provisions.

Your company should ensure wide distribution of the policy, which is acknowledged in writing by the company’s employees.


This article originally appeared in Midwest In-House and is reprinted with permission.