Skip Ribbon Commands
Skip to main content

​Best-in-class personal and business insurance solutions customized for CPAs, their families and firms.

Education Center

Social Networking - The Risks and Rewards of an Interactive Presence

Professional Liability, Practice Management, Privacy and Security




Social media is everywhere, but does anyone really know what it is? Social media outlets are easily named – blogs, Facebook®, LinkedIn®, Twitter®, YouTube® – but has anyone considered the potential liability and risks associated with its use? This article will review some of the risks social media presents and suggest guidelines for mitigating this exposure.


Social media differs from traditional media. Historically, media was one-sided. The “press” reported what it believed was important. Common characteristics of social media include allowing members to construct a personal profile, creating a list of connections, and being able to communicate with all of the connections at one time. The connections or followers can interact immediately and directly with the authors of the material, as well as interacting with one another. As a result, everyone becomes a commentator.


How much is social media used? Queen Elizabeth II has Twitter® and Flickr® accounts, a Facebook® page, YouTube® channel and her own website. Facebook’s® 400 million users are greater than the U.S. population of 315 million. Clients, employees and competitors also are engaged in using social media, so its use has proliferated exponentially.


Social media provides accounting firms with numerous opportunities for marketing to clients and recruiting employees. One firm’s “Flash Mob to Party Rock Anthem” generated a response that increased its presence throughout New Jersey with clients, prospective employees and the general public.


How else can social media be used? For example, if a potential client is referred to three CPAs, the prospective client is likely to access LinkedIn® for areas of expertise and references.


Social media’s interactive element also creates an opportunity to foster relationships with clients and potential clients. As market differentiation offers the ability to distinguish firms and the unique services they provide, many accounting firms have successfully embraced social media to pursue business development activities.


Notwithstanding the benefits, accounting firms must be cautious about social media. The instantaneous feedback can be both negative and positive. For example, an April 2009 video was filmed by two employees of a national pizza chain, in the act of “tainting” a sandwich as an attempt at humor. While the YouTube® post recorded over a million viewers, within 48 hours, the reputation of the pizza chain was severely damaged.


What are the risks?


The risks of social media can be classified into the following vulnerabilities, each of which will be discussed briefly:

  • Decreased productivity
  • Employment claims
  • Reputational harm
  • Professional liability exposure

Decreased Productivity
Do employees quickly change screens as someone approaches? Social media provides employees (and partners) with unlimited opportunities to expend their time on personal social media sites, while continuing to engage in billing clients. One study showed that the average Facebook® user spends 55 minutes per day on social networking sites.1 How much of that time is time spent at work? That data may never be available, but it represents critical time diverted from client engagements.


Employment Claims
Is a prospective employee’s Facebook® account examined before hiring? If so, the firm may discover information that it otherwise would not know, such as a candidate’s age or religious beliefs.  If the firm becomes aware that an applicant is a member of a protected class under state and federal legal and regulatory requirements, the firm must ensure that this information is not used in its employment decision making process.  Obtaining information through social media which employers are prohibited from requesting directly may place the firm in the difficult position of proving a negative – that the firm did not use the information in arriving at its employment decisions.  As there are other issues which may arise when a firm uses social media in the hiring process, it is recommended that an employment attorney be consulted to assist with drafting policies specifying permitted use of social media in the hiring process.


Is an employee harassing someone online?  It should be noted that social media merely represents another medium through which harassment or discrimination may occur.  Anti-harassment and anti-discrimination policies should be developed to address unacceptable use of social media, prohibit harassing and/or discriminating postings on social media sites, and also address the potential consequences of violating employer policies. 


Do partners or senior managers “friend” subordinates? If so, the individual in a position of authority may be subjected to allegations of favoritism, discrimination or even retaliation if they “unfriend” a subordinate who engaged in protected activity, such as filing a charge with the Equal Employment Opportunity Commission (“EEOC”). 

Reputational Harm
The reputation of an accounting firm may be jeopardized where clients present their views of a firm, which could represent false or misleading statements. Moreover, the firm may be unable to respond due to confidentiality requirements.


In the absence of employee training on social media protocols, inappropriate use of social networking sites could have a detrimental impact upon your firm.


Consider the following scenario:


A disgruntled former client of an accounting firm tweeted about the poor services and billings for work that wasn’t performed. What wasn’t tweeted is that the client failed to provide the information required to perform the work. Unfortunately, the firm was unable to inform a potential client who read the tweet of this information.  The potential client’s decision to use another accounting firm appeared to be influenced by this unilateral information.


Professional Liability Exposure
Breaches of confidentiality, whether intentional or inadvertent, may implicate federal and state laws and regulations, as well as ethical guidelines of the profession. Consider the following:


An expert who deals exclusively in mergers and acquisitions posts “unexpected meeting at ABC client equals lots of opportunities in the next two weeks.” Such a posting may result in a claim alleging that the expert accidentally disclosed that ABC client was in the midst of acquisition discussions. If the transaction failed to materialize, the firm could potentially be sued for the negotiated selling price at the time of the post due to the breach of confidential information.


In another scenario, a firm may be involved in litigation related to an audit of a client that declared bankruptcy nine months after the audit report was issued. In the litigation, opposing counsel may introduce a social networking post by a discontented staff member   commenting that ‘The partner only showed up to sign the report.’  This posting may be admissible and ultimately detrimental to defense of a claim alleging inadequate employee supervision.


A LinkedIn® discussion related to the technical aspects of a current tax strategy could be misconstrued as tax advice and give rise to a malpractice claim. Litigation also may arise if copyrighted material is utilized without authorized permission and attribution.

Organizations should consider the need to purchase media liability coverage to address this exposure.


Managing Social Media Risks


While many risks associated with social media cannot be avoided, they can be managed, primarily by creating a written social media policy for all personnel and monitoring usage.


Social Media Policies
Accounting firms should establish a social media policy after evaluating the firm’s risk tolerance. In addition, training should be provided to all employees regarding what constitutes proper and improper use of social media. 


In order to develop an effective policy, the firm’s goals and objectives of social media use should be explained, and guidance should be provided regarding what is and what is not acceptable use of social media..  While no two social media policies are likely to be the same, an effective social media policy should address:


  • Use of company assets for social networking;
  • Access to social networking sites from the office;
  • Disclosure of client or firm information;
  • “Friend-ing” subordinates;
  • Use of the firm’s intellectual property;
  • Statements affecting the company’s interests or reputation (potential allegations of “improper advertising” may arise if an employee makes positive statements about the firm but does not disclose its relationship to the firm);
  • Defamatory, harassing or discriminatory language;
  • Use of information obtained from social media in employment decisions;
  • Content that violates laws and regulations;
  • Content that would constitute a violation of other firm policies, rules, standards of conduct or requirements applicable to employees; and
  • Consequences of violating the employer’s policies.


The policy also should encourage employees to carefully consider and review anything that they have written prior to posting it online. The caveat remains that information released in the electronic universe can be permanent. In other words, use common sense.


Your social media policy should not be so broad that it prohibits conduct which is protected by federal and state laws.  Some states, such as New York, have enacted statutes that prohibit an employer from taking action against an applicant or employee for engaging in legal off-duty conduct.2 In states with such laws, an employer may be unable to take action against an employee who posts pictures of himself drinking or smoking.  In addition, the National Labor Relations Act, (“NLRA”) prohibits an employer from taking action against an employee for engaging in certain concerted activity.  This prohibition applies even when the employees are not members of a union.  Where employees’ social media postings address wages and/or working conditions, disciplinary action taken by an employer against the participating employees may violate the NLRA.  In these situations, consultation with an employment attorney is recommended, as the law is evolving in this area. 


Monitoring Usage


CPA firms should consult with attorneys who specialize in employment and privacy law about the legal ramifications of monitoring employee usage of social media. For instance, the Federal Wiretap Act and Electronic Communications Privacy Act of 1986, amending the Federal Wiretap Act of 1968, imposes criminal and civil penalties against anyone who intentionally intercepts an electronic communication.  However, the law contains exceptions, including an “ordinary course of business” exception. Employer monitoring should conform to both federal and state laws and regulations to minimize the risk of invasion of privacy claims which can be asserted by employees.


For example, in one case, employees of a restaurant created a password-protected MySpace® page where employees posted complaints. After management learned about the page, an employee was pressured to reveal the password.  Shortly thereafter, two employees were terminated for unprofessional conduct based upon the web page posting. The company was held to have violated the employees’ reasonable expectation of privacy because the site was password protected.  Moreover, the supervisor’s access of the webpage was unauthorized as the employee testified that she felt “coerced” into providing the password to her supervisor.  Therefore, employers should consider the implications of being deemed an unauthorized user of a private social media site.




Social media is here to stay, so embrace it . . . with caution. Employing a comprehensive social media strategy can assist accounting firms in managing the risks related to social media. An experienced employment/labor law attorney with expertise in drafting and defending social media policies should be consulted to ensure that the policy is not overly broad and that it is in compliance with federal and/or state laws, such as the NLRA. Appropriate employee use of social media can produce many benefits, and the implementation of policies and training can help to avoid the potentially serious ramifications that may arise from improper usage.


Updated May 2012
By Accountants Professional Liability Risk Control, CNA,
333 South Wabash Avenue, 36S, Chicago, IL 60604.



This information is produced and presented by CNA, which is solely responsible for its content.


The purpose of this article is to provide information, rather than advice or opinion. It is accurate to the best of the authors’ knowledge as of the date of the article. Accordingly, this article should not be viewed as a substitute for the guidance and recommendations of a retained professional. In addition, CNA does not endorse any coverages, systems, processes or protocols addressed herein unless they are produced or created by CNA.


Any references to non-CNA Web sites are provided solely for convenience, and CNA disclaims any responsibility with respect to such websites.


To the extent this article contains any examples, please note that they are for illustrative purposes only and any similarity to actual individuals, entities, places or situations is unintentional and purely coincidental.  In addition, any examples are not intended to establish any standards of care, to serve as legal advice appropriate for any particular factual situations, or to provide an acknowledgement that any given factual situation is covered under any CNA insurance policy.  Please remember that only the relevant insurance policy can provide the actual terms, coverages, amounts, conditions and exclusions for an insured.  All CNA products and services may not be available in all states and may be subject to change without notice.


IRS Circular 230 Notice: The discussion of U.S. federal tax law and references to any resources in this material are not intended to: (a) be used or relied upon by any taxpayer for the purpose of avoiding any federal tax penalties; (b) promote, market or recommend any products and/or services except to the extent expressly stated otherwise; or (c) be considered except in consultation with a qualified independent tax advisor who can address a taxpayer’s particular circumstances.


Continental Casualty Company, one of the CNA insurance companies, is the underwriter of the AICPA Professional Liability Insurance Program.


CNA is a registered trademark of CNA Financial Corporation. Copyright © 2012 CNA.  All rights reserved.


1. Facebook® Press Room, (as visited Mar. 3, 2010)


2. N.Y. Labor Law § 201-d