Corporate employee blogs: Lawsuits waiting to happen?

After a top Cisco lawyer's personal blog sparked a defamation lawsuit, the company tightened its employee-blogging rules. How do other high-tech companies compare?

Anne Broache Staff Writer, CNET News.com
Anne Broache
covers Capitol Hill goings-on and technology policy from Washington, D.C.
Anne Broache
5 min read

A recent libel lawsuit filed against Cisco Systems over one of its employees' personal blogs could spur companies, many of which have encouraged workers to share their writings publicly, to reconsider how much latitude to give them.

Thousands of companies have embraced the idea of giving employees an unfiltered voice as a means to keep in touch with customers, suppliers, and the media. Sun Microsystems boasts a 4,000-employee-strong blog network, including its chief executive, and some corporate "spokesbloggers" like Microsoft's Robert Scoble have even rocketed to Internet stardom.


Cisco's legal trouble stems from a Blogspot-hosted blog called Patent Troll Tracker, which Rick Frenkel, who directs the company's intellectual property department, launched last May. His posts focused on patents and patent litigation--an issue that Cisco has pressed Congress to address by overhauling what it views as a broken U.S. patent system.

A few weeks ago, Frenkel revealed his identity, and two patent attorneys in Texas filed suit, accusing him of tarnishing their good names and disparaging a patent case their client had filed against Cisco--all the while allegedly concealing his affiliation with the company.

Cisco has responded by rethinking how it does blogging. Now the Patent Troll Tracker posts appear to be open only to invited readers. Although the company says it's standing by Frenkel and allowing him to continue his personal blog, the incident also highlighted a number of important "lessons," Cisco said in a statement--including the potential perils of unchecked anonymous blogging.

Cisco said it still believes "common sense" should be a guiding force for employees sharing information online, but it also added the following rule to its three-year-old Internet postings policy: "If you comment on any aspect of the company's business or any policy issue the company is involved in where you have responsibility for Cisco's engagement, you must clearly identify yourself as a Cisco employee in your postings or blog site(s) and include a disclaimer that the views are your own and not those of Cisco."

Although it wasn't a surprising move, it also may discourage other employees, said Denise Howell, an intellectual property and technology lawyer based in Newport Beach, Calif., who has written about corporate blogging policies.

"It helps show what expectations are for the company," she said, "but it's telling everyone else, 'Gee, we think you're just as big a risk as this guy.'"

Sun Microsystems, Yahoo, Google, Dell weigh in
To be sure, it's still the exception, not the rule, for companies to have rules governing blogging in the first place. But among those who do, not all of them make it absolutely mandatory to disclose one's corporate affiliation.

Sun Microsystems, which hosts blogs from CEO Jonathan Schwartz and some 4,000 other employees, has had a blogging policy in place since 2004. It broadly prohibits discussing a wealth of "non-public" information, including financial data, code, personal information about other individuals, all manner of confidential information, and "work-related legal proceedings or controversies." (Click for PDF)

But unlike Cisco, Sun doesn't require bloggers to disclose that they work for the company, although Tim Bray, the company's Web technologies director, says he considers doing so "good practice."

Google similarly recommends, but does not require, such disclosures, said spokeswoman Sunny Gettinger. (Google said it has an internal "communications" policy but doesn't make it public, although its general employee code of conduct is.)

Yahoo is arguably even gentler, but its policy has "been successful in providing employees with guidance on blogging practices with respect to the company," said spokeswoman Nicki Dugan. Its guidelines, issued in 2005 (PDF), decree two main rules: don't reveal proprietary information, and be cautious about posting exaggerations, obscenities, or other characterizations that could invite litigation.

Under a separate list of not-mandatory guidelines, Yahoo employees who choose to identify themselves as employees of the company are told to consider telling their supervisors, but they're not required to do so, nor are they required to disclose that they work for Yahoo at all.

"If you're worried about what your mom, manager, ex-coworker, or Terry Semel would think, listen to that instinct," Jeremy Zawodny, one of Yahoo's best-known employee bloggers, wrote in a May 2005 blog post introducing the policy.

The BBC's blogging guidance actually carves out "blogs or Web sites which do not identify the blogger as a BBC employee, do not discuss the BBC, and are purely about personal matters" from its guidance.

"If someone is a fisherman and they want to talk about fly fishing outside of work, then that's not our business, it's personal. But if someone is going to talk about notebooks...they have to say they're from Dell."
--Bob Pearson, Dell vice president

Dell's stance is perhaps the most similar to--and predates--Cisco's. Bob Pearson, the computer maker's vice president of communities and conversations, said the company prides itself on being one of the first companies to release a "clear transparency policy."

That "online communication policy," released in November 2006, sets standards for employees when they're acting as "a delegate of the company."

Specifically, they're expected to disclose their association with Dell whenever they do any sort of blogging, social networking, Wikipedia entry-editing, or other online activities related to or on behalf of the company. If the subject matter crosses over into hobbies or people's personal lives, "there would be no rationale for us to get involved in that," Pearson said in a phone interview Tuesday.

Translation: "If someone is a fisherman and they want to talk about fly fishing outside of work, then that's not our business, it's personal," said Pearson. "But if someone is going to talk about notebooks and anything related to Dell, they have to say they're from Dell."

IBM also requires its employees to identify themselves and their roles with the company if they're blogging about company-related topics. Its lengthy guidelines began through a wiki process in spring 2005 and have been evolving since then.

Other companies were less forthcoming about what rules, if any, they have in place.

Apple and Symantec spokespeople declined to comment on whether they have employee-blogging policies and what they entail. An Adobe spokeswoman said the company "does have an active blogging community and asks those participating to adhere to Adobe's blogging guidelines," but she declined to share those rules. A McAfee representative said the company is in the process of "refreshing" its blogging guidelines--for undisclosed reasons unrelated to the Cisco incident--but declined to share any details about what's in place now.

Microsoft offers employees a list of frequently asked questions about how to apply existing company policies on confidentiality and other matters to the blogging world, but it doesn't make that public, a spokeswoman said. The gist of the guidance, though, is to be smart and use common sense, she said.

Any company that decides to adopt blogging policies should keep them short, clear, and to-the-point, said Howell, the online communications lawyer.

"I don't think you need to necessarily try to take into account every single specific situation that might come up in your blogging policy," she said. "You'll come up with something that's unreadable and draconian. No one will actually read it or respect it."