Technology, Social Media, and the Public Employee

The government increasingly relies on modern technology in order to communicate policies and activities and to elicit comments or “feedback” on agency initiatives and past performance. Agency websites and social media platforms (Facebook, Twitter, Instagram, LinkedIn, etc.) can provide rapid sharing of information and can enable individuals and groups to interact more effectively with agency staff, the public and decision makers. And the ongoing COVID-19 pandemic and the subsequent closure of government offices necessitate more reliance on teleworking, a trend likely to continue for the foreseeable future. Certainly, reliance on technology, including social media, will accelerate over time. But the broad appeal and widespread use of these communications platforms have created difficult challenges for agencies as well as for other employers.

What are the challenges posed by the public employee’s use of communications technology such as social media? First, the pervasive use of that media implicates substantial concerns as to the security of electronically stored agency information (ESI) and the risk of the disclosure — intentionally or by accident — of private or confidential information in the agency’s custody. Agencies must respond to that challenge proactively. Second, an agency employer needs to prescribe, and implement, clear policies for employees and contractors regarding the authorized use of devices that access social media platforms. Otherwise there will be a substantial risk of intentional or accidental misuse of those platforms. Third, agencies must consider how the use of social media for employment-related communications may affect the agency’s reputational interests and its potential legal liabilities. In this regard, public employees must understand how they should use social media — whether on the job or off the job — when they communicate about the agency’s activities or events in their daily lives.

This article explores these complex topics and provides several recommendations for the appropriate use of social media and other internet-based technologies in the public employer setting.

The Security of Government Information

A government agency always must maintain the security of its information, whether that information is stored in a file cabinet, on the agency's computer network, or on agency-issued laptops.

Governments and businesses have been subjected to many cyberattacks and data breaches that compromise the integrity of their computer systems and cause massive breaches of privacy and disruptions of service. Although many threats to government databases originate from professional hackers or other outside entities, agency employees also may inadvertently enable the disclosure of nonpublic information. When, for example, an agency attorney uses a laptop in a coffee shop to communicate about a proposed rulemaking with an agency project officer, there is a significant risk of confidential information being revealed over an unsecured wireless network. And if agency employees visit an unreliable website or open a link from an innocuous-looking email from their smartphone, this activity could compromise security and enable a computer virus.

To address these problems, agencies must provide orientation and training that emphasize the importance of maintaining the security and privacy of nonpublic government information. Employees should be reminded that they are not to discuss sensitive, proprietary or otherwise nonpublic information over social media. Nor, of course, can employees disclose such information for personal or financial gain. Existing ethics policies must be updated to incorporate computer-based media as a potential means by which employees could violate confidentiality or conflict-of-interest restrictions.

Authorized-Use Policies

Portable computer devices have introduced welcome flexibility into the work environment. Consistent with this trend, many agencies authorize their employees to use their personal computer devices for agency business. Agencies also may authorize employees to travel or work remotely using agency-owned devices. There are significant advantages to these bring-your-own-device (BYOD) and teleworking arrangements (improved efficiency in work, improved employee morale, cost savings for employees). However, the employee’s use of computer devices, such as a personal smartphone or a laptop computer, creates significant risks, including negligent or intentional misuse of the government’s information in the employee’s personal custody.

Government Records and Sensitive Information

When a government employee uses a device to communicate about agency business or to create work-related documents, the employee becomes the custodian of information that could be classified as a government record. Government records, by statute or regulation, must be preserved in accordance with applicable record retention laws, schedules, and policies. Government agencies recognize that the digital age requires these steps; otherwise, the documentation of government decisions or activities will "go missing."

Anticipating these laws and regulations, the agency should require the employee to acknowledge in writing that the agency legally owns the government information stored on the device and that the agency has the right to access it, including taking the device into its possession without objection or interference by the employee(e.g., denying access by locking the device with a password or an encryption key). The written consent of the employee to these requirements may avoid, or at least reduce, the possibility of a later dispute between the agency and the employee if the agency, or a third party, requests or demands access to that information or wants to take custody of the device itself.

The agency also should consider issuing a policy that prohibits or limits access to sensitive information, including classified or law enforcement information, or to databases that contain personal or proprietary information.

In addition, the agency should consider establishing clear policies (sometimes called "acceptable use" policies) that draw limits on permissible uses by the employee of either type of device (personal or agency-issued). For example, the agency may decide that employees cannot use a government-owned device for personal use at all, or that employees must "partition," by separate drives or folders, their government work from their private work.

Employees also must recognize that the use of their own devices or agency-issued devices may result in a loss or waiver of any privacy in the employee's communications on those devices. The agency should explicitly inform the employee that the use of such devices provides no privacy protections and that such communications may be monitored or later reviewed by the agency. For example, the employee's communications with a spouse or attorney on an agency laptop might be subject to disclosure later. Similarly, if the employee uses a personal device for both agency business and personal business, there could be difficult problems of shielding personal communications from later disclosure if there is a demand or request for information stored on the device.

Personal Opinions

If an employee uses a personal or an agency-owned device to communicate information or opinions — with friends or the public — there is a significant risk that members of the public will attribute, albeit erroneously, the employee's opinions to the agency. The employee inadvertently may "blur" the distinction between his private life and his government employment. These activities can harm the agency and the broader public interest.

Some courts have overturned jury verdicts or issued sanctions against prosecutors for commenting on pending criminal proceedings.

One way to address and remedy the problem of an employee's online speech may be for the agency to instruct its employees to completely avoid mentioning their public employment status on social media or in other internet communications. Alternatively, employees should provide disclaimers on their social media pages that their posts reflect only their personal opinions and not those of the agency.

Agencies may authorize designated employees to manage the agency's social media platforms or its website. Agencies must establish clear rules to preclude those individuals from using the agency media to communicate their personal views. (However, if an individual public official maintains a personal Facebook page or Twitter account to express his personal opinions, that platform might be considered a "public forum" — which means that members of the public can express contrary views.)

There may be situations in which employees asserts that their First Amendment "free speech" rights permit them to communicate over social media concerning agency activities. Or employees may claim that their "speech" is whistleblower activity that is protected by statute. These are controversial issues that have generated many court decisions. If, however, the employee's communication involves views on elections or candidates, the employee may be in violation of the federal Hatch Act or comparable state or local restrictions on a public employee's use of government resources for electioneering.

Legal Issues

A public employee's use of social media implicates several important legal issues.

Before an agency establishes rules or "best practices" to regulate that conduct, the agency's leadership, including its general counsel's office and information technology staff, should evaluate the legal risks of permitting employees to use government-issued computers to communicate over social media. The agency must weigh the operational advantages of enabling employee use of computer devices against the risks, including the legal ramifications of giving its employees that ability.

In addition to the legal issues mentioned in the context of the above sections on security and authorized-use policies, the agency must anticipate that the employee's use of social media could be implicated in a subsequent legal proceeding, for example, a public records request, an internal or external investigation, or a civil or criminal litigation. Information that the employee has created or stored on a computer device might be requested in that proceeding.

Accordingly, the agency must have clear policies already in place that instruct its employees to preserve potentially relevant information that the employees have created or stored on computer devices.

Otherwise, the agency might be subject to serious repercussions if an employee inadvertently fails to preserve such information or consciously deletes or destroys that information.

Take, for example, investigations of employee misconduct. If an employee files a claim against a work colleague or a supervisor alleging discrimination or harassment in the workplace, or files a retaliation claim for having reported such incidents, the social media posts, text messages, and emails of the complainant and the alleged discriminating employee(s) could be quite important to the investigation and resolution of the dispute. The agency therefore must impose a litigation hold to ensure that relevant electronic communications are preserved for possible review during the proceeding. If the opposing party in a federal district court case demands documents from the agency and the relevant electronic information has not been preserved, the agency could be subjected to court-imposed sanctions.

For these reasons, agencies must be proactive in issuing — and enforcing — policies to ensure, as feasible, that information in the possession of their employees is not accidentally or intentionally deleted or destroyed.

Conclusion

Our world of ever-changing computer technology poses unique challenges for the public employer. Agencies must be conscious of not only the opportunities but also the risks of conducting their activities in an online setting. Developing proactive strategies can help agencies navigate these challenges.