Managing Blog Risks Isn't Blah

In the Internet Age, companies should monitor blogs — even if they disagree with its content — in order to make sure that nothing false or defamatory spreads via electronic communication. By keeping tabs on what blogs say about their organizations, risk managers can identify areas where companies might want or need to act to preserve the good name of their business enterprises.

If an employee posts a blog comment that another company perceives as defamatory, a claim could follow for advertising injury against the employee and possibly against his employer. Example: Employee Milton posts on his blog that "Competitor B sucks and is teetering on bankruptcy." Competitor B learns of this posting, becomes aware that Milt works for a competitor, and files suit against Milt and his employer.

Issues of insurance coverage and legal liability might hinge upon whether Milt acted within his scope of employment when he maintained the blog and wrote the content in question. Regardless, claims may arise that might receive coverage under the Coverage B — Advertising and Personal Injury section of a commercial general liability (CGL) insurance policy.

Time Bandits

With blogging's popularity comes a risk of lost productivity. Admittedly, this is not a classical risk that a risk manager would oversee, but time spent blogging could otherwise go to more productive corporate pursuits. Companies may want to consider reasonable policies that govern or even restrict employee access to online blogs during work hours. These are akin to "fair use" Internet policies that bar employees from viewing porn and other commercial sites during work hours. (Many IT departments have controls that automatically block employee access to certain types of web sites. Management might consider extending such controls to employees surfing or posting on blogs during work hours.)

Companies who act against employees who post to a blog also face risks. In a recent case, Delta flight attendant Ellen Simonetti posted on her blog suggestive photos of herself in her flight attendant uniform. Delta fired her and she later filed an employee grievance, which is still pending. She plans to file a suit in federal court for sex discrimination and retaliation.

Employment Law Issues

Liability issues in relation to employee privacy and employment practices persist. For example, can employers fire employees for blog content that is developed outside of working hours? Discharged employees could file employment practices liability claims against employers, alleging invasion of privacy or violation of First Amendment free speech rights. This is an area of employment practice liability, regardless of whether or not a company has employment practices insurance. Even bogus claims may cost thousands of dollars in legal fees to defend, underscoring the need for insurance coverage or other funding mechanisms to address the risk.

Many corporations support their own blogs to counter negative publicity, to simply promote good PR about the company, or to project a brand and image. When one considers the financial and balance-sheet value of corporate goodwill, enterprise risk management involves preserving a corporation's good name. If proactive measures through blogging can obtain this result, corporate-supported blogs may advance the aims of enterprise risk management.

A recent ad featured the following headline: "The Ugly Truth: Bloggers and Customers Are Talking About Your Company." The ad's follow-up question: "Do you know what they are saying?" Malcontents may write about your company every day and some postings can be damaging if they go undetected and unanswered. A company's reputation (and stock price) may be at risk from inaccurate or slanted blog dialogue. One company — Factiva — offers to send customers blog postings that could represent business threats (visit www.factiva.com).

Employees can post anonymous blogs that contain scathing critiques of employers for the whole world to see. An unnamed Microsoft employee runs a blog called Mini-Microsoft (www.minimsft.blogspot.com), which harshly criticizes corporate life within the software Goliath. He has called Microsoft a "passionless, process-ridden, lumbering idiot." This may hearten Microsoft rivals and undermine morale of rank-and-file Microsoft workers.

On the other hand, this peek into life inside Microsoft also offers upper management an opportunity to step back and reassess its policies, procedures, and culture. Painful as that may be, feedback via blogs may spotlight areas in need of improvement. The problem may not be the blog, but rather the underlying conditions that spawned the blog. Address the work conditions and the blog will be the least of a company's worries.

Another story, perhaps apocryphal, circulates of a Microsoft employee who was fired after posting on his web site a photo of Apple computers being delivered to the software giant's Redmond, Wash., headquarters. Even for-cause dismissals based on blog postings can subject employers to wrongful termination claims.

Cyberspace faux pas can travel like wildfire. If something salacious is posted on a blog, other bloggers can link to your postings which then get transmitted around the world at warp speed. The perceived secrecy and anonymity of the Internet may cause employees to forget that publicly badmouthing a boss or competitor may be grounds for a defamation lawsuit or job termination.

Risk Management Tactics

To manage the risks of blogging, consider the following risk management steps:

• Bar any trade secrets or inside information from being posted on any blog.
• Monitor comments posted on any corporate blog to filter out spam, libelous material, or even porn.
• Get prior legal review of any company-sponsored blog content.
• Engage an expert or consultant to outline the blog risks to your particular industry.
• Include in your employee handbook a section on blogging that states the company's policy. Require each employee to sign for having received, read, and agreed to the handbook.
• Review your insurance policies to see if you are covered for advertising and personal injury liability, including any claims from web sites or electronic media.

Some observers predict that in a few years, companies will ask or require newly hired executives to sign non-blogging agreements when they commence employment. Perhaps this will become as common as non-compete agreements and will expand to include employees below the executive level. Certainly, an employee can manage his own risk of termination by determining his employer's policy on blogging before launching or posting to a blog. Employees in companies also should avoid criticizing their employers or mentioning topics such as products that are in development, mergers or acquisitions under consideration, etc. Those intrepid employees who insist on creating and maintaining blogs on the Internet may be best advised to do so anonymously and to not post their names.

Blog risks are anything but blah. Take steps to manage them now. If you find the right combination of tactics, perhaps you can post them on your own risk-management blog!

Kevin Quinley CPCU, AIC, ARM, is senior vice president of Medmarc Insurance Group in Chantilly, Va. He can be reached at kquinley@cox.net.