The Wall Street Journal recently published an article by Lindsay Gellman on a new app by Collectively that allows users to post anonymous reviews of and complaints about their employers.  The app is cheekily called “getthememo.”  According to the article, Collectively’s mission is to create a space for workers “to speak freely about what’s happening at work” to “make the company better.”  The site’s privacy policy makes clear that it will go to great lengths to protect user’s anonymity.

The proliferation of apps and other sites such as eBossWatch and Glassdoor that invite employees to “anonymously” dish out dirt about their bosses and working conditions is of course a concern to companies.  The biggest risks are that employees might reveal proprietary information and trade secrets, falsely malign a Company’s products, customers and employees, and a company may have limited ways to limit the potential damage done by the post or take action against a bad actor who may have violated policies, contracts or the law.  The ease of use of apps in particular allow employees to easily post at any time from their phone.  In this era of personal transparency when people instantly and frequently post everyday events from their phones, there is a greater danger that employees may be less mindful of employer policies when utilizing these apps.

In light of these risks, companies should review their social media policies and training to ensure that employees are on notice that:

• it is a serious violation of policy for employees to post proprietary information and trade secrets on social media sites; and

• company code of conduct rules apply to online conduct in the same way they do to offline conduct.

At the same time, companies need to be mindful that non-supervisory employees generally have the right to discuss terms and conditions of employment, even through social media, subject to some exceptions.  The National Labor Relations Board and many ALJ rulings involving social media activity of employees have recognized that nonsupervisory employees have the right to engage in protected concerted activity online.  Further, under the recent National Labor Relations Board decision Purple Commuications, Inc., 361 NLRB No. 126 (Dec. 11 2014), employers may not prohibit employees from engaging in protected communications through the employer’s email system, subject to reasonable restrictions.

Companies also should know that notwithstanding the supposed anonymity of postings, they may learn the identity of authors of posts in some situations.  Glassdoor’s and eBossWatch’s terms of use warn users that their identities may be revealed in certain circumstances, including pursuant to legal process.  Also, pursuant to company electronic communication and bring your own device policies, a company may learn the identity of an employee who utilizes a grip sites through its network or a device used for personal and work purposes.  This is because:

•  A company’s computer system may capture all communications on a company’s network as well as information posted on external sites accessed through the company’s network

• Company electronic communications policies typically set out a company’s right to read, monitor, delete and disclose all communications captured by its computer systems

• Company BYOD policies typically require an employee to surrender personal devices so that a company can ensure the safety of its proprietary information and trade secrets, investigate misconduct, or comply with legal obligations and warn employees that person information on the device may be compromised and seen by the company as a result

• Companies such as getthememo, Glassdoor and eBossWatch may reserve the right or be required to disclose a user’s identity in some circumstances

Notably, the  getthememo app verifies a user’s association with a particular company by sending an email to the individual’s work email and cross-checking it against the user’s work email posted on LinkedIn, belying its promise of anonymity.  Glassdoor and eBossWatch expressly warn users in their terms of use that their identity could be revealed in a number of ways including pursuant to legal process.

In sum, companies need to be wary of the potential risks posed by employee use of grip apps and sites, but also can take some actions to mitigate risk by implementing appropriate policies and training.