Blogs and similar media present a unique opportunity to get a positive image of a business into the public domain.

Internally, virtual communities contribute to increased cohesion between groups of employees; information, knowledge and best practice can then be quickly shared among them. Externally, networking with other professionals may lead to business opportunities. And an openness to modern forms of communication may enhance the employer's appeal for recruitment purposes.

More controversially, the internet generally, and social media in particular, provide a rich vein of information about candidates on recruitment and can also provide evidence in cases involving the employee.

From an employer's perspective, the key risks relate to:

Discrimination. Anti-discrimination laws can hold employers "vicariously" liable for discrimination by their employees. Where comments are made about another employee online that amount to harassment, liability can arise for the employer, whether or not the employee is using the employer's equipment.

To avoid liability, an employer may contend that the employee was not acting "in the course of employment", but tribunals apply a very wide test to this concept. The fact that the offending act took place while an employee was not physically at work or acting under instruction from an employer is unlikely to be sufficient to defeat the claim (Jones v Tower Boot Co Ltd [1997] ICR 254).

If an employer takes all reasonably practicable steps to prevent the harassment, it will not be liable. Appropriate policies and training should therefore clearly indicate to employees that online behaviour, even outside the workplace, should conform to appropriate standards.

Confidential information. Employers are also exposed to the danger that employees may post confidential information online. Employment contracts should be reviewed to ensure they specifically address the issue.

LinkedIn creates a whole host of problems for the employer that encourages its use because it effectively creates a list of an employee's business contacts including, potentially, clients or customers. Is that contact information still confidential once customer details are made public in this way? If this is the only record of an employee's business contacts, to whom does it belong? What can an employer do to ensure it can access that information? If an employee uses LinkedIn after employment to contact clients or suppliers, does that breach post-termination restraints aimed at non-solicitation?

There is, as yet, very little case law. (For partial answers, see Pennwell Publishing (UK) Ltd v Ornstein [2007] IRLR 700, Hays Specialist Recruitment (Holdings) Ltd v Ions [2008] IRLR 904, and WRN Limited v Ayris [2008] EWHC 1080.)

For the time being, employers should impose controls on the use of LinkedIn, maintaining that contacts remain the property of the employer, imposing express obligations to return information stored on such media on termination of an employee's contract of employment, and establishing independent databases. In appropriate cases, restrictive covenants should be used.

Recruitment. A recent survey commissioned by Microsoft in December 2009 revealed that fewer than 15% of candidates believed that information available online could affect their job prospects, while 41% of UK recruiters surveyed said that they rejected candidates based on their online reputations.

Given the types of information typically found on blogs or social networking websites, a claim for discrimination is a real prospect if the information is used to reject a candidate. While a job applicant's sexuality or religious beliefs would never usually be included in their CV, employers can now gain access to such information with relative ease via the internet.

Most employers would provide a different reason for rejection, but if a job applicant were to become aware of the real reason, a successful claim is likely. More subtly, inferences can be drawn where there is no clear explanation for rejection, and the evidence points to a discriminatory reason.

The Information Commissioner's Office has not issued specific guidance on the use of online profiles to inform recruitment decisions, but when an employer consults them to glean information about candidates, it processes (in the Data Protection Act 1998 (DPA) sense) that information if it records or uses the information.

Specifically, Part 1 of the Employment Practices Data Protection Code (the Code) requires the candidate to be given an opportunity to comment on the information's accuracy (for background, see feature article "Data protection: breaking the employment practices code”). Candidates should be told about the employer's vetting and verification exercises and the nature of the enquiries should be proportionate. Few employers who have a general dig around on Facebook are likely to satisfy these requirements fully.

Data protection during employment. During employment, the requirement for fair and lawful processing requires employees to be told when and how online information will be viewed (Part 3 (monitoring), the Code).

When it comes to "sensitive" personal data (including sexuality, race and beliefs), additional layers of protection do not apply where the data subject deliberately makes the information public (paragraph 5, Schedule 3, DPA). The employer must still comply with the pre-conditions for processing ordinary personal data, assuming "public" in this context is interpreted narrowly.

The employer must also comply with the second and third data protection principles relating to the purpose, accuracy, and proportionality of its processing (Schedule 3, DPA).

Employers should also take steps to ensure that they comply with the seventh principle (data security). Training on data protection generally should ensure that employees understand that it is not appropriate to disclose personal data relating to their colleagues on social media without their permission.

Loss of productivity. Access to social media on the employer's equipment in the employer's time can lead to reduced productivity. If the employer allows access during work, it should be very clear about the parameters.

In Grant & Ross v Mitie Property Services UK Limited (unreported), two sisters were dismissed for internet usage. The employer's internet usage policy permitted access outside "core working times". The employment tribunal found their dismissals to be unfair because the employer's rules about when employees could access the internet at work were unclear.

Loss of reputation. Often, the employer's main concern is to protect its reputation, but damage will often be speculative and difficult to substantiate. Furthermore, the employee may be using his own equipment in his own time.

In the context of social media, there is very little case law. In Taylor v Somerfield (unreported), the claimant had posted a video on YouTube showing two of his colleagues hitting each other with plastic bags and was dismissed for bringing Somerfield into disrepute. The tribunal did not accept that there were sufficient grounds for dismissal: it was influenced by the fact that there were only eight hits on the video clip and no loss caused to the employer.

Privacy. An employer's desire to protect itself may also put it on a collision course with an employee's rights of privacy and freedom of expression. Section 98 of the Employment Rights Act 1996 must be construed in a way which is consistent with the European Convention on Human Rights (the Convention). If an employer dismisses an employee in breach of those rights, dismissal could be disproportionate and therefore unfair.

Private life includes social interaction and the right to develop relationships with others, even at work (Niemietz v Germany [1992] 16 EHRR 97).

Early cases suggested that if the employee put his information in the public domain, he lost his right to privacy under Article 8 of the Convention (X v Y [2004] IRLR 625). Later cases suggest it is not quite that simple. Since all UK legislation must be construed in a Convention-friendly way, what is "public" for these purposes will also inform what "public" means under the DPA.

In McGowan v Scottish Water, for example, McGowan was covertly filmed leaving his house and travelling to work along a public street (EATS/0007/04). Just because he was in public did not mean he had lost his right to privacy.

Is the internet any different? It would be a mistake for an employer to assume that just because the information is publicly available, the employee has no right to privacy. In Pay v United Kingdom, Pay did not lose his right to privacy when engaging in sado-masochistic activities in a private club ([2009] 1RLR 139). Photographs of those activities were then posted on the internet. Pay was wearing a mask and had not authorised the photographs to be posted online. Although Pay was engaging in these activities in a public context, Article 8 of the Convention still applied. However, on the facts of the case, the European Court of Human Rights found that Pay owed a duty of "loyalty, reserve and discretion" to his employer. Pay's dismissal was proportionate because of the nature of his role as a probation officer dealing with sexual offenders.

In most employment contexts, the real question will be whether it is proportionate and therefore fair to dismiss an employee for what has been done or reported online rather than whether the employee has retained his or her right to privacy. Pay sets a low bar for the employer seeking to justify dismissal where there is some connection with the employee's role.

Employers could block or impose an outright ban on any access to social networking sites at work, but this does not cure the problem of "out of hours" activities and is likely to be unpopular. Employers would also lose the opportunity to exploit any consequential business advantages.

Given that the main source of the issues arising out of blogging and social networking websites is the perception that these sites are "private", a more effective way for employers to manage these issues may be to draw to employees' attention that anything they post is, in fact, public, and consequences can flow from online behaviour.

In addition to the steps mentioned above, the publication and implementation of a specific social media policy may set clear parameters about permitted use (see box "Social media policy guidelines”).