With the rush to create content, it’s easy to forget that all business communications directed to the public are subject to a variety of laws, regulations and other legal concerns. This article provides a high-level overview of the key points to keep in mind as you assess whether your company-related blog is legally compliant.


  • DO make a clear decision on whether the company will sponsor and/or host a blog (or several), and what the objectives are for each blog. Blogs don’t make sense for all companies and you should be clear about why having a blog (or several) will advance the corporate interests as well as interest readers, and are worth the resources to start and keep one or more blogs running.
  • DO implement a clear policy on employee blogs, especially those in which senior executives contribute. Chances are, a number of your employees already have a blog that prominently features their association with the business, and many are saying plenty of things (and sharing images) relating to the company. Some of that content may be innocuous; other types may be embarrassing or come back to haunt the company in litigation. Implementing and enforcing a clear policy that provides reasonable parameters for such postings can save you headaches down the road.
  • DO train employees on how to comply with all applicable laws and corporate policies when blogging, and include a section on this compliance requirement in the company’s corporate blogging policy. Compliance guidance also should instruct against blogging that, while not an outright legal violation, may be damaging to the company.
  • DO monitor postings periodically to ensure that they are complying with the corporate blogging policy, and take action when you see clear examples of noncompliance, such as providing retraining or clearer instructions on content that is not acceptable. For example, blogging often can result in the public airing of a personal dispute between employees that is taken online, thus inviting unwanted attention from both within and outside the company to content that is not favorable to the company. Employees also may post content that undermines customer confidence in the business by revealing too much about the company’s inner workings, or by disparaging the company; both of which may violate company employee conduct policies and should be handled promptly.
  • DO assign authors for the blog and their responsibilities before launching the blog. The ideal business bloggers should be adept writers and content employees who can remain calm when diffusing complaints and rants from unhappy third-party posters.
  • DO keep the blog current. This requires regular posting and a fair amount of effort, but is a necessary ingredient to maintaining interest in the blog.
  • DO set the expectations of the blog’s readers by placing in a clear and conspicuous location on the Web site the blog’s terms and conditions of use, as well as general “moderator” guidelines (without hard-to-understand legalese) that set ground rules for engaging in the blog’s discussions.
  • DO consider, before creating a corporate blog, how the posted content will affect the company’s discovery and document-retention obligations. If there is litigation involving the company that may relate to content posted on the blog, the company will need to have a method to archive the material.
  • DO be mindful of consumer protection laws and require a review process that helps ensure that all objective statements made by employees on the blog are truthful, not misleading and are substantiated by reliable evidence. A company and its blogging employees can be held accountable under the Federal Trade Commission Act, the Lanham Act and state consumer protection and unfair trade practice laws for making statements (or omissions) that are materially misleading, including statements that are not substantiated. Thus, if truth-in-advertising laws would prohibit such statements from appearing in an advertisement or on the company’s corporate Web site, then they have no place on the blog either.
  • DO be mindful of privacy and information security laws. Collecting personal information about individuals who post and/or visit the blog — from names and e-mail addresses to Web site cookies and URLs — must comply with the FTC Act, the Children’s Online Privacy Protection Act (COPPA) (if collecting personal information from children under 13) and state privacy and information security laws, as well as international privacy and data security laws if foreign consumers’ personal information is collected. The company should determine at the outset what level of personal information, if any, will be collected via the blog, and then design the blog’s infrastructure accordingly. These efforts should include: 1) posting a privacy policy that explains those practices to blog visitors; and 2) making clear to blog visitors when they are leaving the blog’s Web site (thus, eliminating any confusion when they click on a link provided on the blog that takes the user to another Web site that may have different privacy practices).
  • DO be mindful of intellectual property laws and train your blogging employees on such requirements. Employee postings on a corporate blog that include a third-party’s intellectual property, such as copyrighted material or trademarks, may expose the company to allegations of infringement. Given that blogs, by their nature, tend to build off the content of other Web sites and materials through linking and copying, it is critical that such use complies with “fair use” principles (i.e., posted for purposes such as criticism, comment, news reporting, teaching, scholarship or research).
  • DO train your employees on how to avoid posting content that is likely to incite tort-based causes of action, such as defamation, trade libel, product disparagement, negligent or fraudulent misrepresentation and vicarious liability for an employee’s posting. While tort-based actions like these do not frequently arise against individual bloggers, the prospect of deep pockets associated with a corporate blog may invite various claims associated with postings (usually negative postings).
  • DO be mindful of security laws if they apply to your business. Publicly traded companies need to train their employee bloggers of the risks associated with: 1) making material misstatements that could manipulate the stock price and expose the company to liability for securities fraud under Rule 10b-5; 2) disclosing material non-public information that could be considered a prohibited selective disclosure under federal securities laws; and 3) failing to include appropriate cautionary language accompanying a forward-looking statement on a corporate blog, which may fall outside the statutory safe harbor for such statements. Note that the SEC currently allows blogs to be used to disseminate a company’s financial information, but the blog must reach a sufficiently large audience that is broad and nonexclusionary. See “Sun Asks SEC to Allow Blog Fiscal Filings.” Sun Microsystems’s proposal was pending as of the date this article was drafted.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]