Q&A - Could company be held responsible for third party comments posted on website social network page?

Q. I work for a company, in the personnel department, and I have been asked by management to set up a page on a social networking site for our Company. I am concerned about the control of personal data in the event that an employee or third party should post something defamatory or offensive on our site. Is the Company responsible for such posts, or for inaccurate personal data posted on our page by third parties?

A. There is a general obligation under the Data Protection Act for all personal data to be accurate and kept up to date.  If personal data is posted on your site by a third party then it is incumbent on the company to take reasonable steps to check the accuracy of data. (since the company is likely to be held to be a "data controller" in such circumstances, despite the terms of use of social media websites suggesting that the company may not be)

The governance of matters involving the Data Protection Act lies with the Information Commissioner's Office (the ICO).  The ICO must consider what the reasonable steps should be in all the circumstances (this is likely to vary between different sizes of company and types of social networking sites).  The ICO will expect IT and social media policies to be in place to deal with issues such as inaccurate posts and complaints.  In addition, you may wish to consider your policies for monitoring and moderating the site, so that specific employees are responsible for checking the content posted by employees and third parties to seek to avoid offensive and defamatory content.

This is a highly technical area and you should seek specific legal advice to avoid some of the pitfalls.