The recent high-profile and tragic case of teenager Hannah Smith – who took her own life as a result of abusive messages she received via – illustrates just how harmful online abuse can be. As social networking sites play an increasingly central role within business, the risk of employees being exposed to online abuse by “cyber-bullies” becomes ever greater. Recent news coverage has demonstrated how cyber-bullying (the sending or posting of harmful text or images via the internet or devices such as mobile phones) can have severe consequences. But cyber-bullying is not limited to the lives of teenagers or school communities: workplace intimidation through technology is a phenomenon to which employers need to be alert and take precautions.

Indeed, few would question the damaging impact that bullying, can have on the health and wellbeing of those targeted. Victims of bullying are at increased risk of suffering mental health issues (such as depression and anxiety), as well as wider health problems, which can disrupt their lives at both work and home. From a commercial perspective, bullying (which, according to ACAS, comprises “offensive, intimidating, malicious or insulting behaviour, an abuse or misuse of power through means that undermine, humiliate, denigrate or injury the recipient”) can impact employee morale, potentially resulting in higher absenteeism, and reduced performance and productivity. In severe cases, particularly where criminal proceedings arising from bullying receive media interest, a business can suffer substantial damage to public reputation and customer goodwill.

Cyber-bullying statistics make for startling reading. In 2012, a report by psychologists (“Punched from the Screen”) found that eight out of ten employees had suffered some form of cyber-bullying in the last six months. So what can employers do to make clear that bullying in the workplace is not acceptable, and what are the legal risks for employers if bullying (all too often dismissed as “office banter”) is ignored?

The legal position

The terms “bullying” and “cyber-bullying” are not legally defined and there is no single piece of legislation governing their management in the workplace. There are, however, various statutory duties which protect the mental and physical health of employees: for example, section 2 of the Health and Safety at Work Act 1974 provides that every employer has a duty to ensure, so far as is reasonably practicable, the health, safety and welfare at work of all employees. Further relevant statutes include  the Protection from Harassment Act 1997, the Malicious Communications Act 1988, the Public Order Act 1986, the Defamation Acts of 1952 and 1996, as well the Equality Act 2010, which protects employees from discrimination arising from a protected characteristic.

In addition, duties implied into contracts of employment – such as to provide redress of an employee’s grievance and not to destroy the relationship of trust and confidence – protect employees in the workplace. In the event that an employer were to seriously breach one of these implied duties (for example, by failing to appropriately respond to an allegation of cyber-bullying by a colleague), the complainant would be entitled to resign and claim constructive dismissal. This would potentially expose the employer to a damages award of up to £74,200 (which would become uncapped if, for example, discrimination was included as part of the claim).

Case law clearly demonstrates that an employer can be liable for incidents relating to employment, including those which take place outside the office, via personal devices or outside working hours. For example, in Otomewo v Carphone Warehouse Limited, when two members of staff at Mr Otomewo’s work took his mobile phone without his permission and posted a comment on his Facebook page saying: “Finally came out the closet. I am gay and proud”, the Tribunal made clear that the employer could be liable for the employees’ actions, as the entries had been made in the course of the employees’ employment. The employees’ actions took place at work and during working hours, and involved dealings between staff and their manager. Cases such as this illustrate the extent of a business’ exposure to financial, and reputational, risk if bullying is ignored.

How can employers prevent cyber-bullying?

Cyber-bullying, like offline bullying, cannot be solved by a single solution. There are, however, steps employers can, and should, take to prevent cyber-bullying and to ensure complaints are effectively managed.

One such step is the implementation of robust policies, such as an Anti-Bullying and Harassment Policy and a Social Media Policy, which should be regularly reviewed. Establishing such policies sends a clear message to employees that online bullying and harassment will not be tolerated. The policies should establish rules on employee use of technology and network access (both at work and home), set out how employees can report incidents of cyber-bullying and state that any complaints will be dealt with promptly, sensitively and confidentially. They should make clear that cyber-bullying will be treated as a disciplinary offence and that the business adopts a zero-tolerance approach to any such conduct. As a general rule, the policies should be non-contractual. This will reduce the risk of an employee bringing a breach of contract claim if the business fails to comply with any procedures set out in its policies.  While a smaller organisation may wish to limit the scope of its policies at the early stages of its business development, policies should be carefully monitored and expanded as the business grows.

By law, there is no specific legal requirement to establish a separate anti-bullying and harassment procedure, as the company’s standard grievance procedure can be applied; however, establishing a more detailed anti-bullying procedure makes clear to employees that the business recognises the sensitivity of bullying-related complaints and will take a proactive approach to such incidents.  Case law also indicates that implementing a distinct anti-bullying and harassment procedure may help an employer to establish a “reasonable steps” defence to a discrimination claim.

It is important to assure complainants that they will be protected from victimisation if they raise a complaint. Thorough records should be kept detailing any reported instances of cyber-bullying within the organisation (while taking care to comply with rules regarding of protection of personal data and monitoring of employee online activity under the Data Protection Act 1998). The EHRC Equality Act 2010 non-statutory guidance recommends offering counselling (perhaps via an employee assistance programme) and mediation to both victims and perpetrators of cyber-bullying as appropriate.

When investigating allegations of bullying or harassment, employers should take care to follow the ACAS Code of Practice on Disciplinary and Grievance Procedures, to ensure any investigations are fair (unless there is a good reason to depart from these processes).   Finally, it is worth considering training managers about how to avoid incidents of bullying and harassment and how to deal with any allegations that are raised.

Concluding thoughts

While there are no current plans to introduce specific legislation to deal with cyber-bullying, the Government has recognised the significant risks posed by cyber-bullying and David Cameron has made clear that “perpetrators of abuse on social-networking sites are not above the law”.  There is no doubt that, with new platforms and social networks developing all the time, employers need to be especially vigilant to address the very real threat of cyber-bullying and how this can impact employees within their organisations.  Businesses that fail to implement robust measures to minimise the risks of cyber-bullying do so at their peril.

Felicity Staff , Associate, Employment & Pensions ,Charles Russell LLP