From a legal standpoint, engaging in social business means you’re damned if you do, and damned if you don’t.

Social business is a rapidly emerging and expanding phenomenon, creating novel situations not foreseen by our current legal system. Should managers friend employees on Facebook or connect with them on LinkedIn? What are the legal implications of making these connections — or not? Such questions just begin to get at the legal complexities that can impact organizations and managers in an age of social media.

In many ways, social business puts managers in a “damned if you do, damned if you don’t” dilemma, but managers cannot afford to ignore the legal implications of social business. We outline some key legal considerations for managers.

Damned if you don’t.

Given the potentially dicey legal situations social media presents, many managers may be tempted simply to avoid social media entirely, in the hopes that doing so will limit their legal risk. Unfortunately, this is not the case. Managers can be held liable for ignoring information readily available on social media platforms.

One potential risk involves “negligent hiring.” An injured third party could sue a company for hiring a dysfunctional employee if that dysfunction was evident on social media platforms and would have been readily apparent through a cursory search. In fact, the easier it is to search, the greater the legal burden to do so. Although there is no case law on this issue yet, it is a real business risk.

Another potential risk is ignoring illegal employee online activity during work hours or on work computers. In Doe v XYC Corp. (2005), the courts ruled that the company could be held liable for being unaware of (and therefore not notifying authorities about) an employee’s illegal activity given the opportunity — even though their policies indicated they would not monitor employee’s online activity.

Ignoring what happens in social media is not a viable legal strategy.

Managers also must remain cognizant of employees’ online activity, even when it happens outside of work hours and work computers. The Philadelphia Police Department was sued for creating a racially hostile work environment through social media. A blog started by a white police sergeant and dedicated to law enforcement issues deteriorated into posts about questionable law enforcement practices such as racial profiling. These issues, discussed by employees online and at work, became racially derogatory; as a result, a complaint was filed on the basis that the blog created a hostile work environment for nonwhite officers. The department chose to settle the case out of court.

The key takeaway here is that ignoring what happens in social media is not a viable legal strategy. Companies can be found liable if there is a reasonable expectation that the manager should have known what was happening online.

Damned if you do.

Before managers jump headfirst into social media, however, there are also legal issues associated with overreaching for information on social media.

Some of these legal issues are explicit. Eleven states have passed laws that prohibit employers from asking employees or potential employees for passwords to their social media sites for review. Even in states where this practice is not explicitly illegal, in Pietrylo v Hillstone Restaurant Group (2008), the courts found that employers could not use information found online when they were found to have coerced passwords from employees.

Even when managers legitimately access information on social media sites, they must be careful about how they act on that information. For example, managers open themselves up for discrimination lawsuits if they discover protected information about their employees. In TerVeer v Library of Congress (2012), an employee filed suit against his employer, claiming a manager harassed and ultimately fired him after surmising the employee was gay when the employee “liked” a pro-gay parenting page online (the case is still pending).

If managers choose to act on employees’ actions online, they must be sure they do so in a way that does not infringe on established workplace protections.

Likewise, managers have to be careful about how they respond to employee actions online. In Hispanics United of Buffalo, the employer was found to have unjustly fired five employees for criticizing the performance of a co-worker on Facebook. The National Labor Relations Board (NLRB) upheld the employees’ claims that they were engaging in “concerted activity” that is protected by the National Labor Relations Act.

The key takeaway here is that if managers choose to act on employees’ actions online, they must be sure they do so in a way that does not infringe on established workplace protections.

What’s a manager to do?

Clearly, social media creates a legal predicament for many managers. A recent survey by Grant Thornton highlighted that managers find it difficult to assess social media’s risks and rewards. One solution is to develop an official online policy for employees. Only 33% of businesses have such a policy, but they can provide valuable guidance for employees and managers regarding acceptable online behaviors. These policies must be crafted carefully, however, as the NLRB found that one such policy established by Costco was overly broad and placed unreasonable restrictions on employee behavior. And, as the survey pointed out, employees must be trained in how to follow the policy.

Another solution might be to hire a third-party vendor to assist with legal issues raised by social business. Companies such as Social Intelligence and Reppify search online information and provide reports on job applicants that are scrubbed of any protected information. Others, like Hearsay Social, assist with compliance issues raised by social business in regulated industries, such as finance and healthcare.

Even though social business creates a delicate legal environment for many managers, it would be a mistake put off addressing these issues until faced with a dilemma. Social media moves so quickly that managers must have guidelines in place before situations arise. Companies should periodically review these guidelines, as the legal environment is likely to evolve as the continued adoption of social media creates unexpected situations that current case law has not anticipated.