Q. I work for a company, in the personnel department, and I have been asked by management to set up a page on a social networking site for our Company. I am concerned about the control of personal data in the event that an employee or third party should post something defamatory or offensive on our site. Is the Company responsible for such posts, or for inaccurate personal data posted on our page by third parties?
The governance of matters involving the Data Protection Act lies with the Information Commissioner's Office (the ICO). The ICO must consider what the reasonable steps should be in all the circumstances (this is likely to vary between different sizes of company and types of social networking sites). The ICO will expect IT and social media policies to be in place to deal with issues such as inaccurate posts and complaints. In addition, you may wish to consider your policies for monitoring and moderating the site, so that specific employees are responsible for checking the content posted by employees and third parties to seek to avoid offensive and defamatory content.
This is a highly technical area and you should seek specific legal advice to avoid some of the pitfalls.