Employment Law SOS: Social media strife and employee criminal records

4 mins read

David Beswick of Eversheds on Twitter spats and employees with criminal records

We suspect several of our employees have been making inappropriate comments on Twitter about work colleagues including bad mouthing senior managers. We’ve warned the individuals involved but it’s highlighted the fact we have no formal social media policy. How do I establish one and can I launch disciplinary action if any of the employees reoffend?

The huge growth in popularity of media in recent years means that it is increasingly important for businesses to prevent and deal with problems arising from employees’ use of blogs and social media sites. Having a Social Media Policy in place (either incorporated into an employee handbook or as a stand-alone policy document) ensures that employees are left in no doubt on any restrictions on the acceptable use of social media both in relation to work-related activities but also activities of a personal nature which may affect their employers' interests.

Having a clear policy in place also assists in supporting consistent treatment of staff, fairness and transparency. A Social Media Policy is usually a non-contractual document, and as such an employer would be able to implement such policy and change it as the need arises without first seeking the agreement of the workforce.

However, a communication exercise, often reinforced through training or discussion, should take place when implementing any new policy to make sure employees understand what the policy means, how it applies to them and what will happen if they do not comply. An employer will then be in a more favourable position to fairly take disciplinary action for any breach of the policy.

I have been recruiting for a team leader role and interviewed a very impressive candidate. I was intending to offer them the role when a background check showed they had a criminal record and has served an 18month prison sentence. This has made be very nervous about proceeding but if I do change my mind then could they bring a discrimination case against me?

The Rehabilitation of Offenders Act 1974 (“ROA”), subject to some exemptions (which do not ordinarily apply in the manufacturing sector) allows a person who has been convicted of a criminal offence but who does not re-offend during a specified period from the date of conviction to be considered as rehabilitated and their conviction becomes "spent".

As such job applicants are entitled to hold themselves out as having a clean record even in response to a direct question on the subject. During the rehabilitation period, the conviction is "unspent" and should be disclosed in response to a request for details of the individual's criminal record.


The period of time that a crime remains unspent depends on the length of the original custodial sentence and whether the candidate was an adult or a child at the time of the offence. Sentences of over 4 years are never spent.


If the conviction is spent an employer cannot refuse to employ the job applicant without breaching the ROA. The ROA does not state what sanction a court can apply for breaches of the ROA and would allow a general claim for damages i.e. loss of earnings from a failure to offer employment. The Equality Act 2010 does not classify job applicants with a spent conviction as having a “protected characteristic”, and as such breaches of the ROA are not covered by the Equality Act.

The ability to apply for a Criminal Records checks from the Disclosure and Barring Service (“DBS”) only applies to an employer must in a specified category of organisations. These fall under the broad categories of employers working in specified sectors e.g. Financial Services or with children or vulnerable adults. These categories are unlikely to apply to most manufacturing organisations. If an employer does not fall within these categories then it cannot apply for such a certificate and as such has no means of obtaining details of an employee’s criminal past except through direct questions as part of the recruitment process (which as stated above an employee need not disclose if the conviction is spent).

Even without having a social media policy in place, it is possible that employees’ use of social media may breach other existing policies. For example, Confidentiality, IT and Communications Systems, Disciplinary, Anti-Harassment and Bullying, Equal Opportunities or Data Protection. If it is clear from those policies that the employees’ actions in relation to the use of social media is unacceptable, disciplinary action may be taken based on those existing policies.


However, areas where there is often uncertainty unless expressly dealt with in a separate Social Media Policy include personal use of social media during and outside working hours, particular actions that are strictly prohibited and monitoring. Further, a Social Media Policy can set out practical requirements particular to social media use, for example a requirement for employees to immediately remove any social media content that is considered by their employer to be unacceptable.

60 second guide to...Data Protection

The Data Protection Act 1998 (DPA) has been in force in the UK since 1 March 2000. The DPA imposes broad obligations on those collecting and processing personal data (i.e. data relating to living individuals who can be identified from that data), as well as providing rights to the individuals about whom personal data is collected. This means that all businesses operating in the UK holding information about individuals (whether employees, customers or otherwise) are impacted by the DPA.

The Information Commissioner’s Office is responsible for enforcing the obligations and rights under the DPA, although individuals may also apply to the courts. As well as adverse publicity, serious breaches of the DPA can result in both criminal and civil liability. The Information Commissioner’s office has the power to issue enforcement notices and impose fines up to a maximum of £500,000.


Data protection is a significant issue for employers, including issues relating to automated decision-making, monitoring of staff, the processing of sensitive personal data (such as health, race, sexual life and religious beliefs) and the retention of data. Having policies and procedures in place to deal with such matters is key. The approach often taken by the Information Commissioner’s Office in response to an alleged breach is to consider the practices already in place with a view to ensuring compliance, before commencing enforcement action.


Individuals have the right of access to data held on them (“subject access request”). Subject access requests are becoming more prevalent in the employment context and can be a useful way of employees obtaining evidence of information held about them by their employer. Dealing with subject access requests can be a time-consuming process and requests should be actioned immediately upon receipt to ensure compliance within the 40 day statutory timescale.


The Information Commissioner’s website contains useful guidance for organisations regarding data protection obligations.