In the March 29, 2016 Ask The Headhunter Newsletter, a reader goes up against her boss and wonders how to stay out of trouble.

Question

My boss just told us that it’s mandatory for us to join a closed LinkedIn group, on which she will give us work assignments — for instance, shared reviews of resumes or other documents or topics that she feels will enhance our knowledge by group sharing.

company_secretsI have no problem doing this via work e-mail, but to be forced to join a social media group — where what we post can be mined, according to one of my clients — is tantamount to agreeing to LinkedIn’s terms and conditions, none of which I have been able to see.

Maybe I’m being cynical, but I think that my 30-something boss wants to make a splash for her own career via becoming the leader of a LinkedIn group. I don’t know if she has thought this through.

I am also concerned for my own professional status. Frankly, I don’t know what behaviors the 20-somethings in the group are up to, and I’m not sure I want to be linked publicly to them. My co-workers are spread across the country, and I’ve never met some of them. Those that I’ve met (only virtually) I barely know. 

I just un-joined the group. Who comes first? My boss or my company?

Nick’s Reply

LinkedIn is not an online work collaboration platform, though I know this social networking site has experimented with the idea. There are many good collaboration systems that your boss could use (Microsoft Office 365, Google For Work, Slack) but this isn’t one of them.

I don’t think you’re being too cynical. Your guess about your boss’s motivations for getting you all into a LinkedIn group could be correct – she may be trying to build her network. More important, I think you’re right to worry about your company.

Information you and your co-workers post on a LinkedIn group would likely be mined and sold by LinkedIn. Your boss may not realize that this could have serious privacy implications, including violation of your company’s confidentiality and intellectual property policies.

Check your boss

I don’t know how big your company is, but I’d consider paying an in-person visit to HR. Without mentioning your boss or this project, I’d ask:

“If I wanted to set up an online collaboration area where my co-workers and I and our clients could post and exchange company documents that we can all work on, would company policy permit that? I’ve come to you because I’d never do anything like this without first checking the policy.”

My guess is HR will tell you, No way!

Then you have to find a diplomatic way to tell your boss. Or to tell HR what your boss is up to.

One way to do this might be to explain to your boss that you spoke to HR because you wanted to know the policy about how you should register on LinkedIn for this project since you’d be posting company work. That’s a legit concern that has nothing to do with you thwarting your boss.

Then you’d probably have to explain to your boss: “It turns out HR is worried about something far bigger: confidentiality of company data.” Then your boss can save face, drop the whole idea, and possibly avoid getting fired, too.

Suggest some alternatives

Quickly research some of the mainstream collaboration platforms available to your company, including free ones. Take a look at Microsoft Office 365, Google For Work and Slack. When you talk to your HR department, ask whether any of these are approved for company use. Then mention these to your boss. If her real goal is collaboration, you may save the day.

My guess is that your boss is merely very naïve. Putting your concerns about your own privacy aside, I think your bigger worry should be potential violation of your employer’s policies about proprietary and company confidential information being disseminated on the Internet. That liability would be on you. And that’s not to say your personal information wouldn’t be compromised, too. LinkedIn has been in some serious legal controversies concerning misuse of customer information. (See LinkedIn Users Sucker-Punched by Wrong References and LinkedIn: Busted for U.S. wage law violations, sued for “injury” to users.)

LinkedIn is not a collaboration system, where company and user data is protected, so I don’t know how your boss got this idea. LinkedIn is a public sewer of personal information and misinformation, in addition to being a potentially useful database about people. (Yes, I think it’s both. LinkedIn needs to clean up its act.)

You can see my cynicism. And I understand yours. I think you can help your boss by suggesting that LinkedIn be used the way it’s intended — or in whatever way makes most sense to your company — and by getting your HR department’s blessing before posting company information online.

Have you ever had to buck your boss to protect yourself or your company? How did you do it? Was HR helpful? Where should an employee draw the line when instructed to do something questionable?

: :

22 Comments
  1. Posting other people’s resumes on Linkedin, without their permission, is a violation of their privacy and could expose your firm to liability. Check with your legal department for advice. They might have a lot more clout in talking with your boss than HR.

  2. I cannot fathom any instance of this scenario that does not violate the most basic of boilerplate employer agreements that everyone signs, which all reference confidential company documents and IP.

    Nick is being kind when he refers to this boss as naive. There are so many native platforms built in to most companies IT (Sharepoint, Lotus Notes) and if not, free or nearly free on the outside, ranging from Google Business to eRooms to a simple Dropbox share. Bottom line, I bet Legal would have a sphincter attack if they caught wind of this.

    OP, do not participate in this without EXPRESS written approval from Legal, in any platform they ultimately come up with.

    Or, if it is an extremely small company where the boss has the most clout, consider polishing your resume, and arrange an email trail expressing your disapproval of this process to insulate yourself from liability.

  3. I work in IT.

    I recall something like this in the past. Short version is the IT guy told the boss “I am no longer legally viable for this behavior-task…sign this”. That is the concept.

    Pretty much what Nick has already said is get the current documented rules, or if none exist have HR tell you, on specifically how company data is protected from being transmitted to the public, intentionally or accidentally.

    This brings up the issue of data storage, from local hard drives on laptops to the servers, to the storage architecture (glorified computer chassis with a specific operating system to keep track of all the hard drives that are portioned off to be used as shared drive letters for users and servers).

    The cloud..fancy term, means “someone else’s physical location” for a server, etc. Or “someone else’s data center”. The bean counters are in love with clouds. Clouds are great for the small company but if you can afford your own space for servers, you’re paying extra for doing what you can do yourself. Not to mention, the network performance of a local data center is WAY FASTER than the Internet (cloud). Anyone who tells you otherwise is lying.

    Regarding clouds, the benefit is you can fire your own IT people and pay someone else to do it. Of course this is done everywhere and isn’t it great that nobody can afford to buy your own products–due to all the offshoring and outsourcing? Those are the consequences to doing things without being able to connect the big picture consequences.

    Speaking of consequences, putting company data on a social site, like LinkedIn…any of them, is akin to publicly sharing your data. Competitors can use that data to damage you, and anything questionable will also come to bite you.

    Your boss clearly didn’t ask a lawyer about what they thought putting company data on LinkedIn was all about, regardless of any company policy.

    So yes, this reply is detailed, but it is exactly because of the Twitter short attention span mentality out there that has gotten this person to decide that LinkedIN is a good place for company data–in short because thinking your ideas through takes way more time and effort than a Tweet. And it isn’t obvious to figure out the consequences of your actions. Hindsight is 20-20 only because life has shown you the domino effect of your lack of planning, research.

    So, yes for me…in 10 seconds of reading Nick’s article, I was WTF is that person thinking? Oh wait, she’s not thinking and is clueless. As usual.

    ***Finally, what you do is type up an email, tell your boss that you’re going to have them and the company sign off on “you’re not responsible for what happens to company data–any intellectual property discussed–on this LinkedIn collaboration site.

    I guarantee you there will be no signature, and that manager will be having a discussion with the lawyers.

  4. I certainly would not post company information on a LinkedIn site–it is a public-facing site. Nothing is private that is posted on LinkedIn, Facebook, Twitter, etc.

    I’m going to a school where part of our “professional growth” assignments include creating a LinkedIn profile. Their reasoning is that you get exposure to employers who may be looking for junior web developers. While I get what they are trying to do, I did not like being forced to create a profile I did not want.

  5. Yes, I have worked for a boss who had no boundaries. One boss wanted me to teach her LinkedIn and Facebook on the job for her personal use. She also wanted to use her own personal Facebook and Twitter to promote the company. It was all about her. When I told her why the company needed a company FB and Twiitter not her personal one, she got super mad. I discussed it with her boss, sharing my concerns and asking if I was allowed to help her do her private social media at work? In the end, this narcissistic boss and I parted ways and she did have to use a corporate social media page. There is always pushback when you cross or stop someone whose ego is on the line. Even if you do it and say it with professional rationalism and logic. So, OP, expect pushback.

  6. Note that we are talking about a CLOSED LinkedIn group here. How visible and mineable is a closed group?

    -d

  7. That person’s boss is either incredibly amateurish and ill-informed, or is carrying out a plan with an ulterior motive which has been equally amateurishly- and ill-conceived. I would love to hear a rational explanation for why that LinkedIn plan is a good way to accomplish anything, because I can’t think of any.

  8. I wonder how current and potential custgomers would feel about this, particularly ones with whom the company has NDAs. Discussing your work for me and my confidential information on a non-internal company site would make me highly concerned. And that’s not even touching on stuff like government contract work, medical stuff covered by HIPAA, etc., etc.

    I’d skip HR and go straight to IT and legal.

  9. I agree about skipping HR, and going directly to whoever is the IT security person. The writer’s company had better have one.
    I bet though that this is a case of “if you only know how to use a hammer, everything looks like a nail.” If the Boss doesn’t know any of the real collaboration tools she might go to LinkedIn. I don’t think that she thinks that starting a closed group is going to do a lot for her networking.
    The lack of understanding of network insecurity shown by the Boss is hardly unique – it is how all sorts of interesting things get out there into general view. But it does give IT security people the heebie-jeebies.

  10. I killed my LinkedIn profile page after discovering that they will sell individual-specific information without the knowledge or permission of the poster. Use at your own peril.

  11. I’d skip HR and go straight to your company’s legal dept., if you have one. I can imagine what legal would think, and would very quickly put the kibbosh on the boss’ plans.

    That said, I think Nick nailed the approach to take with the boss (because she is still the boss). Don’t make it about you, your privacy, your concerns. Make it about the COMPANY, the clients, liabilities, etc. That’s where legal can help. It isn’t safe, this kind of thing puts the company at risk, etc.

    It seems hard to believe that the boss didn’t think about the risks and liabilities of this hare-brained idea.

    If the boss is so clueless, she may not hear what the employee has to say, or care. But if it comes from clients, from her boss, from legal, from IT, then she might get it.

    How do people like that get promoted to be a boss/management?

  12. I see that you’ve mentioned Slack as a way for employees to collaborate.
    We have Slack and it’s taken a dark turn. Instead of being used as a
    collaboration tool, it’s being used as a way for cliques to form and to
    spread gossip. It has deeply divided our once close-knit group.
    I’ve asked for it to be either monitored more closely or to be shut down
    altogether, but I’ve met some real resistance. So …
    1. How do I get this group back on track?
    2. Is there another app that allows similar types of collaboration?
    3. How do I approach this with HR and IT?

  13. @Diana

    “Note that we are talking about a CLOSED LinkedIn group here. How visible and mineable is a closed group?”

    Think of it essentially as one of the easiest things to crack once someone knows it exists.

  14. @Kerry Boytzun: “The cloud..fancy term, means “someone else’s physical location” for a server, etc. Or “someone else’s data center.”

    Ha! Thanks for clearing that up for people. What we now call “the cloud” used to be a mainframe, or any other centralized storage/processing unit. “Cloud” sells well to bean counters because it sounds like such a new concept, and mysterious.

    “Regarding clouds, the benefit is you can fire your own IT people and pay someone else to do it.”

    We used to call that timesharing. :-)

    Before someone smacks me for over-simplifying, there’s a lot more to cloud technology than this, of course, and it’s more sophisticated in many ways than mainframes and timesharing. But the basic concept is the same. The marketing is very different.

    Thanks for the lesson, Kerry! I love your written disclaimer suggestion.

    @Diana: As dlms0305 points out, LinkedIn mines whatever is in the LinkedIn database. Don’t confuse “closed” with “private.”

    @CJ: Thanks for the review of Slack. I suppose any tool can be used the wrong way, but as you point out, someone has to be responsible for monitoring the use of a tool. I don’t think I’d blame the tool: company e-mail could be abused the same way.

    As for how to approach HR and IT, I think the suggestion I offered in my reply to the OP is pretty good. And marybeth explains why – it’s about the company’s interests, not about you. But first ask, is it your role to “get the group back on track?” Be careful. How you get the group back on track depends a lot on the culture at your company – is this kind of sniping behavior tolerated in other forms, or are the company’s standards of conduct otherwise high? It might take little more than going to your boss and/or HR and saying, “I’m using Slack as instructed, but some of the communication on Slack is making me very uncomfortable.” I don’t think I’d be more specific than that. Let them go find the examples. And I’d put your concern in writing – maybe an e-mail – before or after you go meet with the boss and/or HR in person. This memorializes your concern and puts the company on notice that there’s a problem. If the gossip leads to real trouble and a lawsuit, your memo becomes evidence. A smart company will realize that and take action. Be careful.

  15. WOW! This sounds like a bunch of adolescent mgrs. looking for centralized gossip groups. Yikes! What happened to the grown-ups?

  16. Why assume a hostile stance? True, the boss has made an unwise decision, but there’s agreement she’s young and probably ignorant about LinkedIn. I wouldn’t go running around tattling or asking HR or the legal department questions until I’d talked to her –in terms of rescuing HER from legal problems. Finding out what’s not allowed, and then telling her won’t be nearly as effective as informing her first about LinkedIn and what trouble she might be causing herself.

  17. @Addie: I didn’t read the question nor Nick’s answer as a hostile stance.

    The OP’s question and comments didn’t specify the company culture nor what kind of person the boss is. Some bosses are great, and you can go to them when you spot problems or future problems. I have a boss like that now, and it is wonderful. That doesn’t mean I’m not careful of people’s egos and where they rank in the hierarchy, but I’m not afraid to pass along info. or notify the boss(es) of problems or potential problems.

    In my previous job, with my last two direct bosses, that was not the case. The way to keep your head was to tell the boss what she wanted to hear, regardless of whether it was the truth or not. Those who told the truth got fired, got demoted, got tasks for which they were not trained and later fired because they weren’t doing their jobs, got their jobs re-written and weren’t informed, then faulted for not doing their jobs, got so much work piled on them that it was impossible to do the job, and when they asked for help, were ignored and targeted to be let go when the next round of budget cuts arrived.

    I was reading in between the lines on this Q&A, and assumed that the culture in OP’s workplace makes it impossible for her to talk to the boss about this directly. It can be very hard if the “problem” is the boss’ brain-child and the boss is the kind of person who never wants to hear anything bad, even if it means greater harm down the road to the company, to clients, to the company’s reputation, etc. Perhaps the boss is one of those fair-haired children who can do no wrong, so OP is uncertain how to approach this. OP sees the issues, but, perhaps from previous personal experience or perhaps from watching what happened to colleagues who had to deliver bad news, and hence her question for Nick.

    I have an example for you from my previous job. I worked at a large state university, running an online master’s program. Without going into details but due to budget cuts and the 2003-04 recession, my dept. was put under the control of another school. (Our interim dean was also dean of that school. Our business offices were combined and put under Nursing’s control, etc.) While we were still under Nursing, my boss (who held a higher position in Nursing) and Nursing decided that she wanted all information–course content, student applications, faculty information, students’ grades and GPAs, including SSNs and copies of nursing students’ licenses and other highly personal information on our shared server. She was in cahoots with Nursing’s business office manager and re-organized nursing staff’s tasks to do this job. She wanted me to put my program’s and my students’ and faculty’s information on the server as well. I saw all kinds of red flags, and remembered how a few years earlier the Cont. Ed. dept.’s server had been hacked and students’ credit card numbers and information was compromised. I very carefully demurred, not only because I had far too much and no one to help me but because I feared that our shared server could be hacked and I thought it was foolish to put that kind of personal information on it. She insisted that it was safe–much safer than keeping everything on paper and storing it in my office. I reminded her that I was bound by FERPA, and that so long as I did my due diligence re keeping student records locked up, there were federal and state laws that protected us in the event someone broke into my office and got into my files. She wasn’t having any of it and insisted that online was safer.

    I dragged my feet as long as I could (not hard given my other duties and the sheer amount of work I had). In the meantime, our shared dean had insisted that the campus-based public health programs put their info. on the server as well, and she, too, refused to listen to the tech/computer people in the school and to the IT folks.

    It didn’t happen the next day, or the next week, or anytime soon, but 8 months after the others put everything on the server, the server was hacked. Faculty and students’ SSNs, grades, GPAs, and other sensitive information covered by FERPA was compromised. Then they were running around trying to cover their butts and looking for scapegoats. The university’s legal dept. had the MOAFs (Mother Of All Fits). The IT folks (school and university) had their neener-neener moment but that didn’t solve the problem nor the liabilities. Students and faculty had to be informed that their personal information may be out there, and there were more than a few nasty letters from people’s attorneys. The shared dean and my boss didn’t lose their jobs but they did throw 3 nursing staff members under the bus, and they lost their jobs despite the fact that they were only following orders from the boss.

    Since I never put my program’s, students’ or faculty’s information on the server, they were safe. The school’s tech folks then worked on encrypting everything, but even then I was told that there is no guarantee of perfect security.

    So…I didn’t take Nick’s answer as a hostile stance, just good, common sense.

  18. @Marybeth

    Yes, I understand some bosses are intractable, and your story is terrifying. But I was reading between the lines too –in a different way. It seemed to me that the questioner, seeing potential negative effects on her professional status, was unsure she wanted to remain in that job if the boss carried out that plan. In that case, there would be everything to gain and nothing to lose in what I call a “deferential confrontation.” You handled your difficulties wisely, without compromising your position or your information. But in our case here, it doesn’t look like the questioner can run for cover.

  19. @Addie: I was thinking about that too, and wondered how much she could actually say to her boss honestly.

    The OP in this week’s Q&A might very well be damned if she does and damned if she doesn’t. If she speaks up honestly to her boss, she might be fired or the boss might retaliate, harming her professionally. And if she doesn’t speak up to her boss, she might be blamed if (when) things head south and information/data is compromised. She could still lose her job and be harmed professionally.

    What she didn’t indicate is what the culture is like there, and what the politics are like. I’m guessing that it can’t be good if she wrote to Nick for advice. If it were the kind of workplace where employees can raise concerns and give their opinions freely, without fearing for their jobs or that the boss will punish them or retaliate against them, then the OP would have done that already, and thus this would not be the topic for this week’s Q&A.

    By the way, in the incident I related, I was scared–of losing my job, of my boss making life even more hellish than it already was, of retaliation, etc. She and the dean were BFFs, and the dean always covered for her, no matter what. My boss got another employee FIRED for no reason other than the woman had the nerve to tell her that she didn’t work for (report to) her and that the work she was giving her needed to go to someone else. The employee, who was black, went straight to the union and claimed that she was targeted because of race. That is something no one wanted to touch, and she was eventually hired by a tenured faculty member who had a grant. Four years after the incident, the matter was still pending with the union. So I was scared, because staff never have tenure, and with this particular boss, it was always “the emperor’s new clothes”. But when things went south, as they sometimes did, it was staff who got blamed and fired, or who faced retaliation and punishment, even when obeying her directives.

    I hope the OP is looking for a new job and that she finds one.

  20. I think that LinkedIn’s user agreement gives them permission to use anything that you post on the site in what ever manner they choose. Do not expect your data to be confidential, even in a closed group.

  21. Isn’t “30-something manager” and “naive” redundant?

    Back in the pre-internet days, most managers had a little gray around the temples for a very good reason: Hard-won experience that would enable you to avoid stupid decisions.

    If this is an example of the “on the fly” decision making that goes on in this firm, I do hope OP has her network lined up to assist in her search for a professional firm to work for.