Start: Tony Wilson

What your business can learn from WikiLeaks

Special to The Globe and Mail

The face of Julian Assange the founder of the website specialised in publishing secret documents WikiLeaks is seen through a a magnifying glass on December 6, 2010 in Paris. WikiLeaks divulged today a secret list compiled by Washington of key infrastructure sites around the world that could pose a critical danger to US security if they come under terrorist attack. AFP PHOTO / THOMAS COEX (Photo credit should read THOMAS COEX/AFP/Getty Images)

The big news story this past week – and likely the next month – is the publishing of private diplomatic communications or “cables” by WikiLeaks. Although you might not see much applicability between the WikiLeaks story and the day-to-day operation of your business, let me show you the connection.

First, a quick snippet from the leaks themselves: the Afghan government is corrupt and the European Union has given up on the country; Russia is a “mafia state” run by Batman (Putin) and Robin (Medvedev); al-Qaeda is financed by Saudi Oil prices, whose government wouldn’t object to the U.S. “taking out” Iran’s nuclear weapons facilities; and France’s President is “mercurial.”

Story continues below ad

Every day, it seems, excerpts from diplomatic cables are released to the media containing amazingly candid and frank assessments of world leaders and current geopolitics as seen through the eyes of U.S. and other world diplomats. Some of it sounds like gossip or chitchat – if the cables were Facebook posts, one might think there’s a bit too much “oversharing” going on.

Imagine if your managers or employees began disclosing the substance of internal memos, negotiation strategies during transactions, or sensitive and confidential information about your company?

The trouble is, it happens all the time on Facebook, Twitter and other social networking sites.

I’m not talking about deliberate misappropriation and use of confidential information lifted from paper files or hard drives and surreptitiously copied onto jump drives – like when an employee leaves with your customer list to start a new business. I’ve covered that issue, and the need for confidentiality covenants in employment contracts in a previous column. In short, all contracts for people who work for you should include covenants of confidentiality, so that the contract imposes duties on employees and contractors not to release, publish or misuse confidential information and trade secrets belonging to the company. Where there are such contractual protections in place, the employer has more enforceable remedies in the event the confidentiality covenants are breached.

But what about water-cooler chatter and, dare I say, work-related office gossip?

More and more, this sort of “chitchat” is finding its way onto social networking sites, where someone makes a seemingly innocuous status update and hits the “post” button before thinking who might see this information and what damage it might cause if friends or followers started connecting the dots. Information that may be innocuous between co-workers may be embarrassing and career-limiting if it found its way onto the Internet, where as they say, no one knows you’re a dog.

Like the WikiLeaks story, it’s not newsworthy unless it’s interesting, and when it’s interesting, people can lose their jobs. There’s the story from 2008 about a public relations executive who tweeted to his followers as soon as he got off a plane in Memphis, “I would die if I had to live here.” Of course, the PR executive didn’t realize that Memphis was the head office of FedEx, which was one of his company's largest clients. And FedEx found out about the tweet.

The Israeli army called off an incursion into a West Bank village because a soldier revealed on Facebook his combat unit, the location of the operation, and when the operation was to begin! He said “On Wednesday we clean up Katana and on Thursday, God willing, we go home.” His Facebook post was discovered by other members of his unit. The soldier was court-martialed and sentenced to 10 days in jail.

And Lady Shelley Sawers, the wife of the director of MI6, Britain’s Secret Intelligence Service, made postings to Facebook about her husband, their family, and their social and professional circle, which exposed potentially compromising details about where they lived and worked, who their “friends” were, and where they went on holiday. Lady Sawers put no privacy protection on the account, and any of Facebook's then-200-million users could see all her posts, no matter what terrorist organization the users belonged to.

So what do you do if statements are made by your employees on Facebook, Twitter, or on a blog that shouldn't be made? It may not be as serious as alerting all terrorists on Facebook where you plan to take your holidays, or reveal what town your army unit was about to secretly enter. But certainly, indiscreet posts in the world of business can jeopardize your business, reputation and, perhaps, the relationship you have with customers, especially if your customers are the subject of the tweet or post.



What if an employee’s posts to a social network site are disparaging and, perhaps, defamatory to your business or they tarnish your company’s reputation? What if disparaging comments made by employees on blogs or on Facebook complain about the company’s hiring practices, human rights practices, workplace safety, sexual harassment on the job, hiring practices ("only good looking girls need apply here"), and other information, which may open up a hornet’s nest of legal consequences?

The answer is this: you need a social networking policy in your business that all your employees and managers must agree to as a term of their employment, delineating what they can say, and not say, on social networks, even if their participation in social networks is from their own computers or smartphones after hours.

In some business sectors that require absolute secrecy – for example, the Hells Angels, the CIA or the plutonium reprocessing industry – you might have a “no social networking whatsoever” policy, and given the need for secrecy in those three aforementioned industries, such a policy might not be totally out of line. In other organizations, you might restrict it to non-work hours on non-work devices and prohibit discussions of work and the identification of your employer.

In a future column I’ll discuss more thoroughly some of the things you should think about including in your social media policy.

But with WikiLeaks, in the paper again today, I just want you to realize the need to have such a policy.

Special to the Globe and Mail

Vancouver franchise lawyer Tony Wilson is the author of Buying A Franchise In Canada – Understanding and Negotiating Your Franchise Agreement and he is ranked as a leading Canadian franchise lawyer by LEXPERT. He is head of the Franchise Law Group at Boughton Law Corp. in Vancouver and acts for both franchisors and franchisees across Canada, many of whom are in the food services and hospitality industry. He is a registered Trademark Agent, an Adjunct Professor at Simon Fraser University and he also writes for Bartalk and Canadian Lawyer magazines.

His book “Manage your On Line Reputation” has just been published by Self Counsel Press.