In the session “Top 10 in 2010: Legal Risks Facing Nonprofit Boards” at the BoardSource Leadership Forum 2010, Melanie Lockwood Herman, Nonprofit Management Risk Center, and Jeffrey S. Tenenbaum, Venable LLP, presented their list of the top ten legal risks facing nonprofit boards:
- Exposures from social media use, misuse, and naiveté
- Going rogue: the unhappy employee
- IRS Form 990 and federal tax-exempt status
- Copyrights and Trademarks
- Lobbying and political activity compliance
- Third-party sexual harassment
- Failure to limit contracting authority and other common mistakes in contracting
- Lack of synchronicity in board policy and practice
- Failure to understand and manage conflicts of interest
- Reliance on the good will, good nature (and insurance coverage) of others
Tenenbaum highlighted two main concerns of social media legal risks: intellectual property (IP) and employee use. He emphasized that these risks can arise whether the social media use is for official or personal purposes.
Nonprofits are increasingly using social media to disseminate information through platforms such as Twitter, Facebook, and blogs. The risk is two-fold. On one hand, when an organization makes accessible its own IP on the web, it may be concerned that others will use the IP in a way that was not intended or not known by the organization. On the other hand, when an organization uses or includes the IP of others, the risk of copyright infringement liability may be heightened if not done properly.
Employees present another major risk area in their use of social media for both official purposes and personal use (whether at work or at home). Risks include:
- Vicarious liability (i.e., the organization is held liable for the employee’s actions).
- The threat of, or defending against, lawsuits such as defamation (the number one area of lawsuits connected with social media).
- Negative publicity when an employee’s statements for personal purposes are perceived as being made on behalf of, or associated with, the organization.
- Establish a social media policy (e.g., when to use disclaimers, guidelines for use of the organization’s or others’ IP, etc.).
- Provide a process in the employee handbook or social media policy if there are plans to monitor employees’ use of social media [Ed.: An employer’s right to monitor employee use of social media is not absolute. Please check appropriate laws.].
- Always keep in mind: “Just because [social media] is easier and quicker doesn’t mean it deserves a less rigorous review.”
It is important to note that the law surrounding social media is developing. For example, just one week before the forum, a Regional Director at the National Labor Relations Board filed a complaint against American Medical Response of Connecticut, Inc. for allegedly firing an employee for posting negative comments about her supervisor on her personal Facebook page. (The complaint is currently waiting to be heard before an Administrative Law Judge.). Such current events can help organizations understand where the law might be heading which in turn can help shape appropriate policies. Accordingly, organizations should periodically revisit discussions about these social media risks as major legal developments in this field occur.
Herman highlighted a new concept entering the workplace liability conversation known as “workplace bullying” which is part of the Healthy Workplace Bill Campaign that started in 2001 to enact state anti-bullying laws. The Workplace Bullying Institute (WBI), a nonprofit dedicated to the eradication of workplace bullying, defines “workplace bullying” as repeated abusive mistreatment such as verbal abuse, threats, humiliation, work interference or sabotage. Herman also emphasized the importance of recognizing workplace bullying as addressing a problem different from traditional forms of harassment. According to a WBI national study, 35 percent of workers report bullying first-hand; 68 percent of bullying is same gender harassment; and bullying is four times more prevalent than illegal harassment.
The Healthy Workplace Bill has not been enacted in any state but has been proposed in 17 states, including California. Although not yet law in any state, Herman suggested nonprofits should still consider the detrimental effects of bullying in the workplace. Additionally, workplace bullying may be relevant to other actionable claims. For example, when the Indiana Supreme Court affirmed a $325,000 verdict in a suit alleging assault and intentional infliction emotional distress claims in the 2008 case, Raess v. Doescher, it stated that workplace bullying, although not an element of either claim, is a phrase “like other general terms used to characterize a person's behavior, [that] is an entirely appropriate consideration in determining the issues before the jury” and furthermore “could ‘be considered a form of intentional infliction of emotional distress.’”
Herman also quickly noted other potential legal implications related to workplace bullying such as OSHA’s “general duty clause” to provide a safe environment, negligent hiring (e.g., knowing or should have known the hire was a bully), and negligent referral (e.g., failing to warn about known propensity for violence).
- Establish written policies about appropriate workplace behavior.
- Make prompt investigations of complaints.
- Consider conflict resolution training.
- Hold staff and volunteers accountable.
- Use written records to track poor performance.
- Make reference checks during the hiring process.
- Have a clear process for giving referrals.
IRS Form 990
The IRS Form 990 is more than just an annual financial return. As Tenenbaum noted, the Form 990 has evolved from an accounting form read mainly by the IRS to a public relations tool (or nightmare) that is read by not only regulators but also the public, donors, media and even possible adversaries. Thus, while the Form 990 is still an important tool for the IRS regarding legal compliance, Tenenbaum emphasized that organizations should use the Form 990 proactively to tell a story, add details, and put the organization’s best foot forward.
- Work towards being able to check “yes” to suggested policies and also take the opportunity to revisit current policies and revise as necessary.
- Know the red flags for violations. For example, most automatic excess benefit transaction abuses are unwitting and unintentional.
- Seek the help of appropriate, knowledgeable experts for nonprofits. Tenenbaum’s observation is that most auditors “don’t know what they don’t know.” For example, in his experience, not all auditors have been aware of the requirement for nonprofits to comply with the Financial Accounting Standards Board (“FASB”) Interpretation No. 48 (“FIN 48”) for fiscal years beginning after Dec. 15, 2006. FIN 48 applies to “uncertain tax positions” (i.e., a more than 50 percent chance that something is not properly characterized). Not only does this trigger certain requirements for the auditor, it also requires the nonprofit organization to check the FIN 48 field in Part IV on the Form 990 and complete Schedule D. (For more information, please visit the IRS website).
Copyrights and Trademarks
When handling copyright and trademark risks, Herman stated the biggest myths are:
- Fair use as a defense against infringement applies broadly to all nonprofits.
- If you attribute the source, it is not copyright infringement.
- Organizations own the copyright to non-employee work if it pays for it.
First, being a nonprofit does not alone put the nonprofit’s use of others’ copyrighted work within the doctrine of “fair use.” To determine fair use, the court looks to four factors: (1) purpose or character of use, (2) nature of copyrighted work, (3) amount and substantiality, and (4) effect on potential market.
Second, the rules surrounding the attribution of sources are not absolute. For example, Google was sued in 2005 by the Authors Guild for copyright infringement for its Google Books service (previously called Google Print) which copies portions of books with attribution to the authors. Tenenbaum also suggested being careful with buried pages (e.g., long hyperlinks) because the page might not have been intended for public consumption even though you stumbled upon it.
Third, there is a distinction between employees and non-employees when it comes to IP ownership. A simple explanation provided by Herman: for employees, if the organization pays for the work, then organization owns the copyright for the work; for non-employees, the organization does not own the copyright regardless if it pays for the work unless there is something in writing such as a work-for-hire agreement, copyright assignment, or license (i.e., permission to use).
- Use “©[YEAR] by [Organization]” for an organization’s IP. (Note, © can be used even if the work has not been registered for a copyright.).
- Consider registering certain published material by the organization. (This also makes it easier to prove infringement by others.).
- Use work-for-hire agreements with independent contractors.
- Establish standards for publications, both written and electronic (e.g., emphasize the importance to get permission).
- Centralize responsibility for reviewing and publishing an organization’s work.
- Be aware that some IP may be subject to more than one area of IP law (e.g., both trademark and copyright law).
- Consider using rights dealers and other services that may be able to help you understand what permission you need such as the Copyright Clearance Center or American Society of Composers, Authors and Publishers (ASCAP).
- *Note: Patents, another area of IP law, are generally very complicated and require the assistance of an expert such as an attorney.
Legal complications aside, perhaps the easiest consequence to understand is Herman’s statement that an organization simply does not want to be seen as one that violates others' intellectual property.
Additional explanations, tips, and tools may be found in resources such as Purdue Online Writing Lab “Quoting, Paraphrasing and Summarizing,” Duke University Libraries “What & How to Cite,” and Plagiarism Checker.
Tenenbaum noted one of the most common mistakes with contracts deals with the concept of apparent authority. For example, if a third party reasonably perceives an agent to have the authority to act on behalf of a principal (here, a nonprofit organization), the nonprofit organization will be bound to that contract even if that agent did not have such authority. See American Society of Mechanical Engineers, Inc. v. Hydrolevel Corp.
Additionally, failing to properly document a contract can make conflicting interests difficult to manage. Most understand that each party’s basic goals are to minimize financial and liability risks, and maximize the benefits. However, contracts can vary widely and the terms often depend on circumstances such as the respective leverage of the parties. It is highly suggested for nonprofits to seek legal counsel, particularly for more difficult types of contracts such as technology or software development.
- Confirm scope of authority with both those who have authority and those who do not have authority (e.g., outlining a two signature requirement for checks).
- Have a contract signing policy.
- Have model forms in your contract bank as a starting point (e.g., hiring agreement for independent contractors).
- Look to model provisions.
- Spell out expectations in the contract.
- Plan for an exit strategy in the contract.
- Avoid legalese when possible; contracts need to be understandable and clear.
- Consider insurance options (generally no insurance for breach of contract but other options might be available such as event, employment, etc.).
Conflicts of Interest
Tenenbaum suggested the two biggest myths regarding conflicts of interest (COIs) are: (1) all COIs are bad for the organization and (2) disclosure of a COI is enough to remedy it.
There has been much emphasis in the sector that a written COI policy is a best practice. However, as Tenenbaum noted, simply having a COI policy is not enough, it needs to be an appropriate COI policy for your organization. Questions to ask include:
- Is it too narrow?
- It is too complicated?
- Is it practical?
- Does it address the common past problems of the organization?
While the IRS provides a sample COI policy, Tenenbaum emphasized it deals only with the IRS’s concerns about financial transactions. Other COIs such as decisions made in the interest of another organization may be just as important for some organizations.
- Use examples to explain types of COIs.
- Have a good process outlined, especially for key steps such as how to disclose a COI, determine whether it is in the best interest of the organization, and determine whether a transaction is a good deal for the organization.
- Circulate and re-sign the COI policy each year.
Finally, Tenenbaum and Herman briefly touched upon insurance. When dealing with other parties, they strongly suggest against using an “in others we trust” or “hope and a prayer" risk management approach.
- Be willing to talk about divergent interests.
- Only agree to insure that which you have control over.
- Don’t assume the other party’s insurance will cover you.
- Get it in writing!
As Herman and Tenenbaum noted, legal risks can be especially difficult to understand because they touch multiple areas of law. However, that does not mean they are not manageable. Awareness and prevention are the keys; and nonprofits are encouraged to contact an attorney or appropriate legal expert when more assistance is needed.
This post is part of a four-part series on the BoardSource Leadership Forum 2010. Part I covers the opening plenary and "Politics and Budgets" session, and can be accessed here. Part III covers "Nonprofit Governance Challenges" and can be accessed here.
Although synchronicity problems between the board policy and practice were not addressed in this post, Herman suggested the book The Will to Govern Well by Glenn H. Tecker, Jean S. Frankel, and Paul D. Meyer for addressing such issues.
Venable LLP also has a library of free publications on nonprofit organizations and associations on a variety of legal topics on its website.