By Dugald Hamilton, Principal & Founder, 23LEGAL
Social media has become a part of our lives, whether we like it or not. Facebook posts of new babies, insta-blasts of the latest delectable cuisine you have just whipped up in your kitchen or a boomerang story of you and your friends enjoying a Friday night cocktail after a long week.
But what does this mean for your firm? Regardless of whether you use Facebook as part of your firm’s marketing strategy, this global phenomenon impacts your business.
Facebook Terms and Conditions
You may be hard pressed to find someone who has read, and understood, the terms and conditions of Facebook (T&C’s). Yet we use these platforms daily (perhaps hourly in some cases) and blindly accept that these companies have our best interests at heart.
The recent US elections and the large-scale data scraping undertaken by Cambridge Analytica  to attempt to manipulate the election should have sent alarm bells off across the Social Media world. Yet we all still seem to use these platforms and probably haven’t given it another thought.
These recent events should be seen as a chance to consider (or reconsider) whether it is worth the risk of using Facebook; both as a marketing tool but also simply accessing it on devices that also hosts your firm’s data and information.
We seem generally aware that when we are sharing data with Facebook, we give them the ability to access and use that data. Facebook call this “Provid[ing] a personalised experience for you”. But is it really this simple?
Intellectual Property Licence
One key term which generally gets glossed over is what Facebook can do with your Intellectual Property. The T&C’s state:
“you grant us [Facebook] a non-exclusive, transferable, sub-licensable, royalty-free and worldwide licence to host, use, distribute, modify, run, copy, publicly perform or display, translate and create derivative works of your content (consistent with your privacy and application settings).”
Notably you allow them to translate and create derivate works from your content. You need to consider whether any derivative content will be consistent with your branding? Will it comply with your legal and ethical requirements when it comes to advertising legal services? What if it doesn’t?
Generally, Facebook will only respond to orders issued out of a Californian Court . So, there is a risk that you could be subjected to obligations or orders here in Australia (e.g. injunctions or other court orders) which ultimately you may need to seek the assistance of a foreign court to allow you to comply with such order.
Now you can end the licence with Facebook by deleting the Content or your Account, but if you have shared it with others (or if Facebook has) the content will subsist until those people also delete it.
Access to Data
As a user of Facebook, also grant them access to a wide (and possibly exorbitant) range of data. This can stem from simply the data you upload or submit knowingly to Facebook (e.g. a photo or blog post) but also encompasses many other forms of data including, for example, meta data , location settings, device settings, signals and unique identifiers.
One major area of concern which needs active consideration is that that you grant Facebook access to your cameras, microphones and even where you move your mouse on your computer screen . There are reasons why founder Mark Zuckerberg covers his own webcam and microphone on his laptop with tape. 
The risk for firms is that if Facebook (or any other hacker) is recording, storing and using this data, you potentially put yourself at risk of breaching privilege, court orders and causing irreparable harm to your clients and your firm. The reputational damage of a breach alone can cause significant irreparable harm to your brand, and this is before you consider the on flow of that risk to you having to notify your clients and respond to any claims as a result of that breach.
If you turn your mind to how many staff members use Facebook on their work computer, work phone or on their personal devices in their office, around clients or on firm business, the risk is ever present.
Commercial Terms and Conditions
In addition to the T&C’s, when you access Facebook for business purposes you are also subject to Facebook’s Commercial Terms and Conditions (CT&C’s).
Relevantly, these CT&C’s include terms such as:
you can bind your firm when you use it for business;
your access of Facebook complies with all applicable laws, rules and regulations – this may arguably include the laws of other jurisdictions;
an indemnity in favour of Facebook for any damages (including legal fees) related to any claim brought as a result of your use; and
Depending on the service you use, you also agree to a wide range of additional terms and conditions which themselves can have a significant impact on your firm. 
Five Tips for what should you do to minimise risk
Facebook, when used well, can be an essential tool in your Firm’s marketing arsenal. When things go wrong however you need to fully understand what you have signed up for, the risks that flow from that.
So, here’s five tips on what can you do today to start to address this risk:
Read the T&C’s and CT&C’s (and all other terms and conditions) in full so that you fully understand what you are agreeing to by allowing Facebook to be used on your systems;
Begin the discussion about what risk your firm is willing to accept and whether using Facebook is right for your business;
Develop, implement and enforce an appropriate policy for use of Facebook (and all social media for that matter) within your firm, your office and amongst your staff;
Consider whether you can outsource any of this risk; say for example taking out cyber insurance;
Stay up to date and continually review these ongoing risks.
All risk management strategies are designed to ensure that you are prepared to respond meaningfully and quickly to any issues which arise in and around your business. The best time to prepare for that is today.
Meet the author, Dugald Hamilton at the ALPMA Summit in September
Rise of the Machines – The Essential Guide to Future Law Firms (Panel Member)
Dugald Hamilton, Principal, 23LEGAL
 (87 Million users (~300,000 Australian users) had their data accessed)
 (If you are concerned that you may have been caught up in the Cambridge Analytica data breach you can check via this link https://www.facebook.com/help/1873665312923476?ref=shareable )
 Consumer law breaches can be resolved in Australia; however, you are unlikely to be a consumer if you are using or publishing on behalf of your firm
 Meta data is a set of data attaching to files which describes and gives information about the data.
 See for example, Facebook Platform Policy, Self-Serve Ad Terms, Advertising Policies, Facebook Business Tools Terms, Pages, Groups and Events Policy, Facebook Commerce Product Merchant Agreement, Developer Payment Terms, Custom Audiences Terms as an example.
About our Guest Blogger
This extensive experience provided him with a strong foundation to be able to assist you with the most complex of problems and to work with you to resolve it in the best way possible.
As a self-professed tech geek, he is passionate about the intersection of technology and law which can provide new and novel solutions to age-old complex problems. He recently co-hosted the Sydney leg of the inaugural Global Legal Hackathon in February 2018 and is excited about the current legal tech landscape and the advantages is can bring to modern practice.
LinkedIn (23LEGAL): https://www.linkedin.com/company/23legal/
LinkedIn (personal): https://www.linkedin.com/in/dugald-hamilton-8595b640/
Facebook (23LEGAL): https://www.facebook.com/23legal/