5. Findings
5.1. What is Cyberbullying in the Workplace?
One of the goals of this study is to gain insight into the meaning of the term cyberbullying in a workplace context. Respondents use many of the same words to describe their understanding of cyberbullying, often positioning it within the context of harassment. For example, one respondent remarks, “Bullying and harassment are one and the same. To me, it is all violence really. When you are harassing someone, you are being threatening or intimidating, and I think bullying is exactly the same thing” (R4). Another respondent further qualifies the distinction, describing cyberbullying as “a form of harassment… it is more of the mental harassment as opposed to the physical” (R7).
While virtually all respondents connect bullying and harassment, two respondents make reference to the legal definition of harassment as being tied to prohibited grounds of the human rights code. “Harassment typically refers to protected grounds of human rights, whereas bullying doesn’t usually discriminate based on any protected grounds of human rights. Thus, bullying could be a white man intimidating a white man or a white female, and it may just be that the person’s mode of operation is to try and get what they want. It may not be discriminatory. Harassment generally is with regards to gender, gender expression, race, or age and involves a more legal aspect.” (R5). One respondent further argues that the terms “harassment” and “bullying” can be, but are often not used interchangeably because of the adult versus youth associations with the terminology. “I think we use ‘bullying’ more when referring to children and ‘harassment’ more with adults. And when I think of what they are, I think they have the same components.” (R8).
Respondents then proceed to distinguish between cyberbullying and face-to-face bullying in the workplace context. Only two individuals feel that face-to-face bullying represents a greater concern than cyberbullying, primarily because of the presence of immediate physical threat. “With face-to-face, there is a person right in your face. You are going to have that intimidation factor, and the person cannot get away. Cyberbullying is still just as bad, but they are not face-to-face. It removes the immediate threat of physical harm.” (R2). The remaining seven respondents feel that for several reasons cyberbullying is more concerning than traditional forms of bullying, despite the lack of a physical component. First, cyberbullying is not limited to the workplace. Employees can use social media platforms and mobile communications to engage in unwelcome behaviour well beyond the confines of the physical workspace and traditional work hours of nine to five. As one respondent notes, “Cyberbullying is not as personal and I think people can go a bit further with it… with the accessibility. If someone really wants to bully someone else they have so many ways to do it.” (R1). In addition, the opportunity for anonymity afforded by technology means that victims of cyberbullying do not always know the identity of their aggressor. “Cyberbullying for the most part is worse, in my experience, because of its anonymous nature. You don’t know who is attacking you… Anonymity makes cyberbullying more challenging to deal with in terms of getting a starting point to help the person dealing with it.” (R6). This sense of anonymity allows perpetrators to operate online under the guise of their “virtual self”, thus making them feel protected and empowered to act with less inhibition, as well as potentially contributing to the escalation of cyberbullying behaviour. Finally, cyberbullying is viewed as more serious because technology provides wide reach and instantaneous dissemination. “The viral opportunity allows cyberbullying to have a much more expansive coverage… workplace bullying tends to be more contained. Once you get it into social media elements, you know the breadth will be much wider.” (R7).
5.2. Examples of Workplace Cyberbullying
During the interviews, respondents share anecdotes of cyberbullying occurrences in their workplaces. Only one respondent reports not having encountered any form of cyberbullying within the organization. This is likely due to the nature of the organization (nonprofit) and limited reliance on technology within the organization. The remaining eight respondents describe a range of reported cyberbullying cases with which they have dealt in recent years in their organizations. Examination of the nature of these incidents reveals five distinct categories of cyberbullying behaviour described below.
The disgruntled employee. The most common example of cyberbullying behaviour, identified by four respondents, involves employees’ posting inappropriate comments online about their co-workers, their managers or about the organization in general. For example, one respondent remarks, “In my role, sometimes people will send me snapshots of their employee’s postings on Facebook or making inappropriate comments about a colleague on Facebook…I had one incident where there was a picture of staff and someone wrote that person is really rude and don’t work with them, and they shouldn’t be working for the company.” (R4). In the manager-subordinate context, “people have posted comments about their boss on their personal Facebook pages, calling them out, and that can be interpreted in a really negative way…and it starts offending and people are commenting on it.” (R4). Another respondent suggests that these types of behaviour tend to be more common among junior employees. “In a call centre environment, that is where the majority of these types of cases happen. I think it’s the nature of the environment—it is little less professional…they are young; they make $15 an hour; it is not a high, coveted job…there’s a bit of immaturity in that particular setting.” (R7).
The joke that went too far. The second most common occurrence of work-related cyberbullying is described by several respondents as an online communication that begins as innocent office banter, such as a joke circulated via e-mail. As one respondent states, “People can be devastated by what has been written [on social media] about them, but yet when they look further into it, they find that it wasn’t meant to have that direction and meaning. Some of it is misunderstanding of the impact versus intent.” (R6). However, when the communication escalates to the point where one or more individuals perceive it as inappropriate or unwelcome, then it moves from the realm of online banter to cyberbullying. “I can think of a case where we had somebody e-mailing inappropriate pictures…it is one thing to receive when you are forwarding it around, it is not okay when somebody takes offence.” (R2).
The broken office romance. Two respondents describe examples of workplace romances that ended poorly and ultimately led to cyberbullying. In each case, one of the partners uses either company time or company online communication resources to engage in bullying behaviour toward his or her ex. “I have heard of a few incidences….of ex-boyfriends stalking. It is basically instant messaging, sort of like MSN, and I’ve heard of several cases of harassment through here.” (R1).
The dysfunctional team. Two respondents from organizations, where working in large and sometimes diverse teams is an expectation of their environment, speak of situations where one or more employees fall out of favour with their work team, which then leads to team members’ using social media to post negative statements about the banished member(s). “….Individuals are hired together, train together, same hours, same workspaces, and that persists for up to a year until they move to different teams and shifts. So people either get along or they don’t, and I came across a situation where an employee complained of harassment. She had fallen out of favour with the group, and all the individuals had taken to comments on Facebook. I think there were Twitter posts too. It was an all-out assault.” (R5).
The power-tripper. In this context, cyberbullying occurs as a result of a toxic manager-subordinate or employee-to-employee relationship, where one individual attempts to establish undue or inappropriate authority over the other. Two respondents describe instances where this form of cyberbullying arose within their respective organizations. “One thing that I notice is that people are overworked, so you do notice a lot of cyber-harassment cases between managers and employees, because a lot of stress in involved…especially in a professional services firm. People will feel so fortunate to have a job they do put up with a lot.” (R1).
5.3. Technology and Cyberbullying
A broad range of communication mechanisms through which cyberbullying may occur are used in today’s workplace, including e-mail, instant messaging and social media. We asked respondents about the vehicles most commonly used by employees to interact with one another. Their responses suggest that a dichotomy exists between formal and informal communication channels and methods. Respondents agree that e-mail is the most prevalent form of formal online communication in the workplace. “I would have to say that the primary mode of communication is e-mail, but there are also lots of teleconferences and we also have instant messaging… those would be the primary business forms of communication.” (R5). Instant messaging is another commonly used form of communication, both in the formal and informal context. “Internally, e-mail, we have IM (instant messenger) as well, that is used a lot. Because of laws around re-enactment of documents and things like that, sometimes people prefer to have conversations on IM. Because there isn’t an official trail of that, they can feel free to maybe be a little more unedited in their comments.” (R7). Interestingly, while these more informal tools seem to be the most likely venues for cyberbullying to occur, one respondent expresses concerns about the appropriate use of both formal and informal tools. “There could be cases where people are saying inappropriate things via instant messaging just as easily as they could send an email in all caps…” (R5).
Social Media is used both formally and informally in organizations. Seven respondents state that their companies do not restrict access to social media sites on their servers even though employees do not need social media to perform their daily tasks. Some respondents feel that this is appropriate: “I think it…needs to evolve as technology evolves. I know that at one time, we forbid employees from surfing the Internet. Well, now in this generation, they’re on Facebook; they’re on Twitter; it is part of everybody’s normal routine.” (R7). Others express concerns about his practice. “[We] enable all these social media things in the workplace. Not only is it giving employees the tools to [engage in cyberbullying], but also why are they letting people spend the work day on Facebook? Why aren’t they working?” (R1). In these organizations, social media is frequently used as an informal communication method for employees. In contrast, other companies use social media tools in a more formal manner as they rely heavily on this technology to promote their products/services and to communicate with their customers. These companies tend to have “authorized” social media users. “Here’s what we created: a term called ‘authorized users’, so if you are an authorized user of social media it means that you have been given license to use the company’s name and to communicate on behalf of the organization on various social media outlets. And if you are not one of this small group of individuals… you are an unauthorized user and basically the rules from that point on then talk about what you can and cannot do … including how you address other employees and how it is not appropriate.” (R3).
Companies concerned with protecting information tend to have more formal communication methods in place. However, companies with high customer interaction are more likely to use a combination of both formal and informal communication methods. As one respondent’s description suggests, communication approaches can be a subtle signal to discourage potential inappropriate online communication that can ultimately be construed as a form of cyberbullying.
“[When] people call in sick, we don’t encourage texting. We want them to call; we want them to communicate verbally with the management team. A lot of the managers will say the same things; if they receive a text they will ask them to call them. Same thing goes for email, and managers are encouraged to speak to them if they have issues instead of texting or other social media.”
(R4)
Respondents indicate that in today’s work environment, mobile phones are increasingly used for both personal and business purposes. “Yes, basically e-mails are supposed to be work-based, but I know, just as I was leaving we were actually talking about how it’s not valid anymore, because basically in any position you are given a company phone and you’re suggested to cancel your other phone, so that is your phone and of course you’re going to use it for personal use.” (R1). This overlap between personal and corporate usage on mobile phones makes it difficult for companies to control mobile conduct.
As might be expected, organizations with informal communications tend to be more concerned with freedom of expression. As one respondent in a higher education setting states, “You have a little more tolerance here, this being the marketplace for ideas, whereas in other workplaces I worked, there is less tolerance than here.” (R6). Organizations with limited resources, such as start-ups or nonprofits, have informal communication and if policies exist at all, they also tend to be informal. “We don’t have a policy on online communication around [social media].” (R8).
Technology is evolving and developing rapidly. Respondents recognize that these tools are important for their business, but are still grappling with how to integrate them into their business such that they use them effectively and appropriately and do not contribute to the further blurring of personal and workplace boundaries. “I think now with the accessibility on someone’s cell phone—you have your Facebook on your cell phone, your LinkedIn on your cell phone, and you have your text messages. If someone really wants to bully someone else [at work], they have so many ways to do it.” (R1).
5.4. Cyberbullying Policies and Practices
Employers, with whom we spoke, fall under the jurisdiction of either the Canadian Occupational Health and Safety Act or the Ontario Occupational Health and Safety Act which, as noted above, has been amended by Bill 168. Respondents are familiar with the amendments. Several respondents indicate that these pieces of legislation are transforming training and policies within their organization. “Bill 168 was a couple of years ago now, so we adapted our policy to make sure we were in compliance. We are a national organization and want to make sure that we have consistency across our platforms so whatever is the highest standard is what we would ensure is included.” (R5). Respondents are not very familiar with Bill C-13 and its potential workplace implications.
Respondents provide diverse accounts of the cyberbullying policies in their organizations. All nine respondents report the existence of workplace discrimination, harassment, and violence prevention policies in their organizations, which have been developed in accordance with the Ontario and Federal Occupational Health and Safety Acts. “Absolutely we have the policies that I have administered which [include] the discrimination harassment policy which covers all forms of legal type of harassment discrimination. We have the civility guidelines and respectable workplace policy…” (R6).
Bullying behaviour tends not to be explicitly defined, and instead generally falls under the harassment policy. “We consider any form of bullying under the harassment policy. So we have a very well defined, well-documented policy on harassment and employees are required to review it.” (R7).
Beyond harassment policies, five respondents mention having a code of conduct or civility guidelines and even fewer (three) have specific IT appropriate usage policies. These policies tend to informally discuss behavioural conduct such as acting professionally and with civility. “We have an overarching code of conduct that basically says thou must behave in this fashion to work for the organization. It is all very common principles about representing yourself and the company well.” (R3). IT appropriate usage policies vary and do not explicitly discuss cyberbullying. These policies focus more on security and privacy rather than on cyberbullying. “But there is an IT, intellectual property code of ethics policy that is signed annually which would be for the use of IT.” (R2).
Social Media specific policies are rare (two of nine respondents) and only occur in organizations where there is heavy client engagement through social media. These policies outline appropriate conduct in the social media space and who should be using corporate social media applications.
“We do, we have an associate standard that outlines responsibilities of the associate, involves social media appearance guidelines, behaviours, what’s appropriate, what’s not appropriate in the workplace, and we do have a health and safety policy, bullying and harassment policy because certain provinces have very specific guidelines for policies, so we have a very specific one for Ontario and BC. They go over what is bullying and harassment and what to do if you feel you are being bullied or harassed.”
(R4)
Some company policies are more specific than others. Those organizations concerned with information security have very clear and explicit standards on social media conduct and ensure individuals are held accountable for their actions on social media. For example, one respondent from the financial service sector reports the following, “Those interactions started to emerge I’d say really in 2008, and we implemented a policy internally that basically said that you aren’t allowed to use the name or the trademark, and if you do there will be employment consequences. So personally or professionally you are not authorized to use the name.” (R3). However, the same respondent goes on to describe the potential pitfall of adhering strictly to internal policy. “We have to recognize that employees in their own time, if they aren’t using the trademark, then it is not my domain to tell the employee that you can’t do that on Twitter…Our domain is to say you can’t do that using our systems, and you can’t use our logo. But on your own time, that is your own time. This is what the law is for. So that was very interesting because it was definitely a case of cyberbullying. It was definitely a group of our employees and the relationship was definitely employee-based. It was a bit of a grey area.” (R3).
5.5. Adequacy of Current Policies and Practices
When we asked respondents whether they feel that their organization’s policies are adequate, the feedback is mixed. Three respondents believe that their policies are adequate; two others feel they are quite inadequate at the present time, and the remainder suggest that there is room for improvement. Those who believe that they have adequate policies do, however, mention that their training can be improved to ensure that employees are aware of the policies. One respondent feels that even though cyberbullying is not explicitly outlined in policies, it is covered. “We don’t [have policies on cyberbullying]…[but] we talk about e-mailing explicit jokes, pictures or messages that are inappropriate and make people [feel] uncomfortable, is not tolerated, but nothing on social media, we may need to go and change policy.” (R4).
Two respondents feel they can improve their current policies by adding a cyberbullying component. “Yeah so cyberbullying specifically we haven’t put in there, but we want to include wording next year when we have everybody sign the code of ethics for next year….We specifically want to include some wording around that to make it exceptionally clear because we think it is becoming more and more prevalent.” (R2).
One respondent also notes that cyberbullying is not very well defined and thus it is difficult to develop policy around it. Legislation, such as Bill C-13, although motivated by youth-incidents, can help employers define cyberbullying and consequences in a more concrete manner. “Well, hopefully [Bill C-13] will help clarify, to a lot of employers and employees, what it is and what it isn’t. And then if it is [cyberbullying], I think it is important to deal with it just as you would any other type of bullying.” (R2).
Respondents describe a variety of training methods for new employees around workplace civility and harassment. All respondents confirm that such training is a standard component of the new employee orientation process. However, the majority of company training programs requires that employees read the policies and sign off, indicating that they have read and understood them. Only two employers require that new employees attend a workshop on the policies and/or answer a quiz on the policies, as a method to ensure understanding. However, respondents report that very little content is included on the topics of bullying or cyberbullying. “As part of the new hire process, every employee has to go through harassment discrimination training, a onehour slide show and has to answer a quiz at end, but I would say out of 60 question there are three on cyberbullying, There are a few questions, but don’t think it is treated seriously…” (R1).
Once employees are on-boarded, very little communication about policies continues. Three companies have employees review policies and sign off on them annually or retake a quiz to ensure understanding. These quizzes tend to be online and informal. Other companies require that employees review policies only when changes are made.
“… when the policy in BC came out November 1 last year I had sent the policy to all BC managers and had a conference with all of them and said I want to bring this to your attention, here is the new policy, went through it with them and sent them an employee list for all the stores and asked them to spend ten minutes with their employees to let them know where it is posted, educate them and sign off on it.”
(R4)
Only two respondents’ organizations provide ongoing communication about policies and appropriate workplace conduct. They tend to rely on topic-specific workshops or quarterly newsletters originating from the HR department. These forms of communication are specific to a certain topic. “We have a publication … and it sends out every quarter in an email to all employees. It will have a section on compliance and…I am in the midst of writing an article on non-retaliation.” (R5).
Once again, it appears that while workplace bullying is now on the radar of HR departments, they struggle to keep up with appropriate policies and practices, given that the issues are still developing and that as technology develops more concerns emerge about the opportunities for inappropriate behaviour.
6. Conclusions
The overall purpose of this study has been to gain insight into the nature, scope and understanding of cyberbullying in the workplace through the experiences of HR professionals working in a range of industry and business sectors. The first significant finding is that there is no generally accepted definition or understanding of what constitutes cyberbullying in the workplace. For some, it is subsumed under harassment; for others it is something quite different. Business and industry have not been able to generate a shared understanding themselves. This is a typical pattern as we seek appropriate responses to changes in the external environment; in this instance, technology and social media.
The overall purpose of legislation is to govern and guide behaviour. Guidance can be formal and technical, such as a traffic law stipulating that driving is on the right side of the road, or it can be substantive and guide behaviour on socially controversial issues, such as gay marriage. Technology poses a well-known challenge to law, as it typically evolves faster than the legislation that purports to govern it. Emerging law may both shape and reflect social norms in an iterative process. Where specific legislation does not yet exist, companies and organizations must look elsewhere for guidance in developing behavioural norms around the use of technology in their workplaces. Alternatives such as internal policies and guidelines can be developed faster than legislation, but these too can be controversial when they are based on a range of social norms related to culture, age or education. When social norms are in conflict, it is very difficult to develop a broad understanding of acceptable and unacceptable behaviour in the workplace; that is, what constitutes a joke
versus bullying, or even more fundamentally, a shared terminology as in what is meant by harassment
versus uncivil behaviour. Because of the murkiness around what behaviour is deemed acceptable and not acceptable, and the dynamic nature of the field, law makers are appropriately hesitant about prematurely developing legislation to define appropriate “cyber” behavior. On the other hand, when there are no legal constraints, or when people perceive that there is no guidance around acceptable behaviour, instances of bullying continue to occur. This is not a victimless issue, in that there is much evidence to support the feeling of helplessness suffered by those who experience cyberbullying [
23,
25,
28,
32].
In the absence of dedicated Canadian legislation, our respondents clearly feel they lack guidelines for addressing cyberbullying behaviour. Many factors contribute to the sense among HR professionals that at the present time, Canadian law does not present them with a clear approach to workplace bullying. First, a debate exists over the criminal threshold of cyberbullying around Bill C-13. Second, the mapping between traditional adolescent cyberbullying issues and workplace cyberbullying issues is incomplete. Third, there are different provincial approaches to cyberbullying both between provinces, and within each province along the spectrum from workplace health and safety issues to human rights violations. Finally, external guidelines in the form of provincial or federal legislation are targeted at other issues, and use other terminology, such as workplace safety, human rights and the like, rather than cyberbullying. The legislative ambiguity around cyberbullying is then reflected internally, so that even when codes of conduct are in place, cyberbullying is rarely identified explicitly. What respondents report over and over again is the important role that government legislation needs to play on this issue. Cyberbullying is new to HR departments. As technological capabilities increase, this issue is likely to grow in importance [
27] and may cease to be seen as subset of bullying [
23]. What complicates the issue is that so many of the tools that can be used for cyberbullying are not necessarily exclusively available in the workplace. When company computers and company cellphones are also used after hours with the blessing of the company, it blurs the work—personal boundaries and makes enforcing codes of conduct difficult. In addition, many social media tools, including Facebook, Twitter, and Instagram, are core to the marketing strategies of companies, and thus creating rules around their use becomes problematic. Among our respondents, we see a range of strategies for dealing with this issue—some formal and some informal. Employers may have to recognize their role in and responsibility for enabling bullying, by allowing work and personal time to overlap through the expectation of 24/7 employee availability and consenting to the personal use of company-owned technology. Recently, the government of France attempted to tackle this issue, by re-erecting the boundaries between work and personal time through the employer/employee agreement not to work after hours. Over time, as organizations gain experience with social media and the blurring of work and personal space, some of which may not be positive, more formal strategies, such as that initiated by the French government, will no doubt emerge.
This exploratory study with HR professionals provides some key guidance for law makers. First, current Canadian legislation does not appear to provide companies and organizations with a framework for dealing with cyberbullying in the workplace, a response, which they clearly need and for which they are asking. Second, this is a complex area because of the murkiness around the dynamic nature of technology, the blurring of work and personal access to technology, and the lack of shared norms. Perhaps the role of government is not to provide absolute guidance, but rather to influence employers to tackle the issue themselves. In a sense, Bill 168 does this by requiring companies and organizations to develop policies. Finally, perhaps more effort needs to be put into eliminating cyberbullying as opposed to punishing it. Despite their lack of proactivity on the cyberbullying issue, HR departments are very much aware of their key role in maintaining a civil work environment. Workplace stressors will continue as organizations restructure in response to a competitive market and economic constraints [
52,
53]. These stressors impact the work environment, and HR departments use legislation compliance, custom-designed codes of conduct and mandatory training programs to minimize the impact of both the internal and external environment on employee satisfaction and commitment. Perhaps employers should adopt a more proactive approach with their employees by using team-building to strengthen connections in the workplace, and increase education and training programs to identify bullying and to develop mitigating strategies. Employing these tactics may create a greater sense of comfort and connectedness in the workplace, and reduce the likelihood of enabling a bullying culture [
54].