Cyberbullying at Work : In Search of Effective Guidance

With rapid technological change has come a blurring of boundaries between personal and workplace space. Employers are challenged to develop guidelines and policies to direct the appropriate use of technology to maintain a civil workplace. Because of the lack of shared understanding, or even terminology, around the issue of cyberbullying, employers are seeking a response from lawmakers to assist with this issue. Lawmakers are reluctant to develop legislation prematurely, given the rapid change in the capabilities of technology, the diverse social norms about its use, and the uncertainty of the role and responsibility of employers in minimizing cyberbullying and facilitating a civil workplace environment. This Canadian study seeks insight into these emerging issues through in-depth interviews with human resource professionals representing diverse business and industry sectors.


Introduction
Discourse around the issue of cyberbullying has most often been in the context of adolescents bullying their peers, its impact on the physical and mental health of vulnerable populations, and the responsibility of schools and parents to provide adequate oversight to identify this behaviour and take OPEN ACCESS appropriate actions to limit it [1,2].In contrast, there is a paucity of academic literature focused on cyberbullying among colleagues at work.However, instances of this behaviour are receiving increased attention in the media.For example, a Toronto police officer was demoted and put on unpaid leave for 24 days for accessing police records while on duty to gather information, which was then used to harass her former boyfriend and his current wife over Facebook [3].
The explosive growth of social media technologies and the ubiquitous use of Internet and mobile tools provide more mechanisms through which bullies can target their victims [4].As of 2013, the number of active Facebook users stands at over 1.15 billion.Twitter users send approximately 400 million tweets per day, and every second, 8000 Instagram users "like" a photo [5].The extent and importance of social media in our lives has potentially concerning implications for its use and misuse.
Online bullying in a workplace context is further complicated by the transformation that organizations are undergoing due to technology, social media and mobile platforms."Work" is no longer a well-defined activity with sharp boundaries in terms of time, location, and tools.All three have blurred boundaries, which serve to modify the understanding that employees and employers have of civility, bullying and the limits of their corresponding rights and obligations, particularly in relation to online communication.This study explores the developing online social norms on what constitutes cyberbullying at work in a Canadian context, and examines how these norms should inform the actions of organizations and policy makers.

Defining Cyberbullying
Bullying, harassment, mobbing, cyberdeviancy, e-harassment, and cyberagression are among the terms used to describe humiliating and intimidating acts that may occur in the workplace.According to Einarsen and his colleagues [6], "bullying" is the term used in English-speaking countries, "harassment" in French-speaking countries, and "mobbing" in European countries.Weatherbee [7] sees "cyberagression" and "e-harassment" as part of a broader constellation of cyberdeviant workplace behaviours that include cyberloafing, hacking and online gambling.
Regardless of the label applied to this behaviour, Einarsen's and colleagues' [6] classic definition of bullying outlines the essential components.First, the behaviour perpetrated against the target is unwanted and viewed as harassing and offending by the target.Second, this behaviour persists over time in both frequency (at least once a week), and in duration (for six months).If this behaviour against the target occurs infrequently or in isolation, then it is categorized as an uncivil act [8] or as a conflict, as opposed to bullying [6].Third, this negative behaviour is systematic and planned.Finally, the target finds it difficult to mount a defense, because there is a real or perceived power imbalance between the target and the perpetrator.Einarsen and his colleagues [6] tend to view bullying behaviour as explicit, whereas others see it as subtle [9,10], which has implications for both how it is interpreted by those involved and by those creating codes of conduct to control its occurrence.
Einarsen's and colleagues' [11] negative acts questionnaire is commonly used by researchers to define explicitly the behaviour that constitute bullying.It divides bullying behaviour into three different categories: work-related; person-related; and physically intimidating.Work-related includes having information withheld, opinions ignored, unreasonable deadlines imposed, work monitored excessively, pressure not to claim entitlements, and unmanageable workloads.Person-related bullying includes being humiliated or ridiculed in relation to work, having key areas of responsibility removed or replaced, gossip or rumours spread about you, insulting or offensive remarks or allegations made about you, being ignored or excluded, or encouraged to quit, or the target of practical jokes, or the subject of excessive testing and sarcasm.Finally, physically-intimidating bullying includes being shouted at, being the target of spontaneous anger or finger-pointing or personal space invasion or shoving or blocking or threats of or actual physical violence and abuse.Many of these bullying behaviours can occur in cyberspace, as well as face-to-face.
Cyberbullying is usually defined as using electronic media (e.g., e-mail, SMS, social media, virtual communities) to inflict intentional and repeated harm to a target similar to conventional bullying [12].However, cyberbullying has some additional features that makes it unique from traditional bullying [13][14][15][16][17][18][19][20].First, with cyberbullying, the perpetrator can be anonymous, which not only reduces responsibility for these negative acts, but also the possibility for sanction.Second, there are no limits for reach and frequency.These negative acts can be perpetrated broadly and repeatedly because there are virtually no boundaries on the extent of the audience.Finally, there is no generally accepted code of cyberconduct, which means formal and informal control mechanisms are limited.For these reasons, it may be understandable why cyberbullying has become a significant form of bullying in the workplace [12,21].

Prevalence of Cyberbullying
It is difficult to attain any consistent results with respect to the overall prevalence of cyberbullying in the workplace because of cultural differences in what constitutes bullying or cyberbullying [22], the different methods of measuring this behaviour (subjective or objective) [6], and the industry type in which the research is conducted [23].
A 2009 survey of Internet users over the age of 18 reports that 7% have been cyber-bullied and 73% claim to have been bullied via e-mail [24].Privitera and Campbell [23] conducted a study with male employees of the Australian Manufacturing Workers Union and found that 89.3% report experiencing at least one negative act either face-to-face or by e-mail, SMS or telephone at least on a "now and then" basis over the past six months.Of these respondents, 83.5% report more than one instance, with the average being 8.9 negative acts.The types of activity reported over e-mail include: withholding information, spreading gossip, being subjected to allegations against them, and being exposed to unmanageable workloads, behaviour similar to the list compiled by Einarsen [6] and Felblinger [25].Using Leymann's [26] operational definition of workplace bullying, which includes negative behaviour on a weekly basis over the last six months, the researchers find that they can classify 18.7% of respondents as victims of workplace bullying based on behaviour experienced.In terms of self-reports of bullying, 37.5% report being bullied.About half of these respondents report experiencing negative acts via e-mail or telephone or both at least now and then.Interestingly, cyberbullying is always accompanied by face-to-face bullying in this study.Privitera and Campbell [23] conclude that cyberbullying is a new iteration of bullying and many organizations are ill-equipped with codes of conduct, policies and procedures to protect the health, safety and welfare of their employees from this negative behaviour.
A recent UK study conducted by Sprigg, Axtell, Farley, and Coyne [27] focuses on British University employees, and finds that eight out of ten experience one of the listed cyberbullying behaviours [6,25] on at least one occasion in the previous six months, and 14% to 20% experience these acts on at least a weekly basis.Those experiencing cyberbullying also report higher mental strain and lower job satisfaction.The study authors conclude that this is an issue that continues to grow in significance as technology becomes more powerful and ubiquitous in the workplace.

The Impact of Workplace Cyberbullying
Although there is a paucity of research on the impact of workplace cyberbullying, there is a rich literature on the impact of workplace bullying.Organizations are concerned about workplace bullying because of its impact on the target, co-workers, and the overall functioning of the organization.There is much evidence about the deleterious effects of bullying on the physical and mental health of the target [28][29][30][31].Specifically, stress, anxiety, insomnia, low self-esteem and depression are mentioned as health outcomes from ongoing bullying [32].
More interesting is that there are also negative impacts on co-workers who witness bullying.Witnesses report lower levels of job satisfaction and higher levels of stress [33], and a deterioration of both physical and mental health as evidenced by feelings of guilt and fear, insomnia, and headaches [34].Witnesses to workplace bullying fear supporting victims, as they see such support as having negative consequences for themselves, including becoming the next target [34].
As may be expected, bullying also has negative impacts on the overall functioning of the organization in which the bullying is taking place.As Weatherbee [7] points out, there is a loss of productivity among the perpetrators, as they are spending work time on activities unrelated to work, and also using company resources for their bullying.Because of the growing number of issues associated with the misuse of technology, companies are also more likely to monitor employees' online activities [35], which raises concerns about workplace privacy.Companies with ongoing workplace bullying may have trouble with employee retention because of the negative work environment [36].Likewise, a negative culture may mean less commitment to the organization on the part of bullied employees [37].As may be expected, companies with a bullying problem experience higher levels of absenteeism because of the health impacts on those being bullied [38].Finally, if a company has a culture of bullying, it may suffer reputational damage to its brand [39], and disrupted work processes and flow, which make it difficult to meet customer expectations [40].
Although the impact of cyberbullying has not been widely studied, there is no reason to assume that its impacts will be less severe.With the significant role of technology in the workplace, and its increased capabilities, bullying and specifically cyberbullying will become a more urgent problem.Already, there is evidence that bullying of any sort has deleterious impacts on the victims, the witnesses and the organization.The difficulty is that technological capabilities are moving faster than codes of conduct, so it is challenging for governments and organizations to develop frameworks to manage this behaviour effectively.

Canadian Law Related to Cyberbullying
There are several legislative sources that potentially apply to cyberbullying in Canada.First, employees in Canada are protected from harassment, and sexual harassment, by provincial human right codes-provincial statutes that list grounds on which basis harassment, and discrimination, are not permitted.Among these prohibited grounds in Ontario for example are race, colour, citizenship, sexual orientation, gender and disability [41].Each province has similar legislation, and there is federal legislation that applies to federally-regulated industries such as telecommunication and banking.It is a violation of the human rights code to harass (or sexually harass) an employee on the basis of one of the prohibited grounds.We examine, in the paper, whether cyberbullying is equivalent to harassment as defined by human rights statutes and human rights case law, but to the extent that it is, then provincial human rights legislation will govern it.
Second, the health and safety of employees fall under provincial jurisdiction as well, and in recent years several provinces have amended their legislation to broaden the definition of health and safety so that it potentially covers bullying at work under the definitions of either "psychological harassment" or "workplace harassment".Quebec includes a definition of "psychological harassment" in its Act respecting Labour Standards in 2004 [42], and other provinces including Saskatchewan, Manitoba, British Columbia, and Ontario later followed suit.In Ontario, the amendments are widely known as Bill 168, which came into effect in 2010.Under Bill 168, "workplace harassment" is defined as "engaging in a course of vexatious comment or conduct against a worker in a workplace that is known or ought reasonably to be known to be unwelcome" [43].This definition of workplace harassment is broader than harassment on the basis of one of the prohibited grounds, covered by the Human Rights Code, and covers bullying as well.Employers are obligated to have a policy to protect individuals with respect to workplace violence and harassment, and must review the policies as often as is necessary, but at least on an annual basis [43].
Employees have the ability to pursue private legal action against their tormenters in addition to any employer obligations.Generally known as "protection orders" issued by the court at the request of one party, these orders impose restrictions on the harassing party that if broken may result in criminal charges or financial penalties.The most common form of protection order is a restraining order, which may restrain physical contact, as well as regular and online communications [44].It should be noted that the identity of the harassing person must be known in order to issue a protection order.Many cyberbullies attempt to hide behind a cloak of perceived online anonymity, although it may be easier to unmask them in the workplace.
A third source of law potentially governing cyberbullying exists in the Criminal Code.Criminal Harassment is defined in Section 264 of the Code.It focuses mainly on physical behaviour, such as repeatedly following a person, conducting constant surveillance on a person whether at home or at work, or threatening a person [45].Section 264 also defines as criminal harassment repeated communication with a person or someone known to them.However, in order to amount to a criminal offence, the communication (as well as other forms of harassing conduct) must cause the victims to fear for their safety or the safety of someone known to them.While most forms of workplace bullying listed by Einarsen et al. [11], such as ignoring a person's opinion or imposing unreasonable deadlines, will not cause a person to fear for his or her safety, and therefore, will not meet the threshold of criminal harassment, some of the forms of cyberbullying, such as electronic threats of physical violence and abuse, may very well pass the criminal threshold.
As we indicate at the beginning of this paper, bullying is most often discussed in the context of adolescents, and although not directly related to the workplace, it is instructive to note the legislative efforts to curtail bullying in the educational sector as well.In Ontario, bullying has been added to the Education Act in 2012 under Bill 13 [46].The Act defines bullying as "aggressive and typically repeated behaviour" that causes "harm, fear or distress to another individual, including physical, psychological, social or academic harm, harm to the individual's reputation or harm to the individual's property", or creates a "negative environment" [46].The definition mentions that bullying can be based on the grounds prohibited by the Human Rights Code, but adds other grounds relevant to youth, such as size, strength, intelligence and peer group power [46].Bill 13 clarifies that bullying behaviour includes the use of electronic and written means.It also explicitly defines "cyber-bullying", as "bullying by electronic means" and lists the examples of "creating a web page or a blog in which the creator assumes the identity of another person"; "impersonating another person as the author of content or messages posted on the internet"; and "communicating material electronically to more than one individual or posting material on a website that may be accessed by one or more individuals" [46].Note that the last example is commonplace, and it is the content of the material that causes the bullying.However, the legal definition of cyberbullying in the education context remains helpful for the purpose of inquiry into better understanding cyberbullying at work.
Finally, the Canadian federal government has introduced amendments to the Criminal Code that will criminalize some forms of cyberbullying.Known as Bill C-13, the amendments have been introduced late in 2013, partially in response to two incidents of cyber-bullying of adolescents that resulted in the deaths of two young girls, Rehtaeh Parsons and Amanda Todd [47,48].The Bill introduces a new criminal offence, of "Publication of an intimate image without consent" [49].Under the proposed offence, it will be a crime punishable by up to five years in prison to publish, distribute, transmit, sell, make available or advertise an intimate image of a person without that person's consent [49].An "intimate image" is defined as a "visual recording of a person made by any means" in which "the person is nude, is exposing his or her genital organs or anal region or her breasts or is engaged in explicit sexual activity" [49].In order for the offence to have been committed, the victim must have had a reasonable expectation of privacy in the circumstances of both the recording and its dissemination.The Bill also permits the court to limit convicted offenders from accessing the Internet once they serve their sentence and are discharged, and applies the court's powers of authorizing search and seizure of child pornography to the new definition of intimate images as well [49].
While the offence of disseminating an intimate image may or may not be directly applicable to most workplace cyberbullying interactions, Bill C-13 does update other sections of the Criminal Code that may be more relevant to the workplace, by explicitly including telecommunication as a means of communication.First, Bill C-13 clarifies that the definition of "communication" in the Criminal Code encompasses telecommunication as well [49].In addition, Bill C-13 proposes that individuals who telecommunicate information they know to be false in order to injure or alarm another person, individuals who telecommunicate indecently in order to alarm or annoy another person, and individuals who telecommunicate repeatedly in order to harass another person will all be punishable by up to two years in prison [49].
If the Bill passes, these updated telecommunication provisions may be relevant to the forms of behaviour described in the works of Einarsen et al. [11].Unfortunately, Bill C-13 also includes several controversial provisions with respect to enhanced government and law enforcement surveillance powers, as well as the ability of private sector corporations to cooperate with government investigations voluntarily and with impunity [50].It is unclear, therefore, whether and when the Bill will pass and amend the Criminal Code.
As a result, the legal framework that most directly applies to workplaces across Canada is the gradually expanding provincial framework, in the context of health and safety at work.This framework slowly but consistently legally recognizes that bullying is a health and safety matter that should be addressed by employers.With this in mind, we pose the following research questions.

Research Questions
Overall, this exploratory study examines the perspective of human resource professionals in Canada on current workplace policies and practices with respect to cyberbullying and the extent to which they reflect existing norms.More specifically, the study seeks answers to the following questions:

Design
As part of a pilot study; we conducted nine semi-structured interviews with HR professionals over a two-month period; beginning early February and ending in late March; 2014.Respondents represent a cross section of business/industry sectors including; finance; education; retail; professional services; telecommunications and the nonprofit sector.Respondents are predominately female (eight out of nine interviewed).All respondents have a minimum of three years and up to 30 years of experience in an HR capacity.Each interview is audio-taped, and lasts approximately 30-45 min.Through a formal consent form, we assure respondents of anonymity and confidentiality in order to encourage candid responses and to mitigate potential respondent biases related to social desirability.

Instrument
We developed the interview guide based on a review of the current literature related to workplace cyberbullying.It consists of five key topics for discussion, beginning with the respondents' interpretations of the meaning of cyberbullying in the workplace context, and then moving to recollections of particular instances of cyberbullying behaviour (if any) that they encounter in their HR role with the organization.The third topic relates to common tools and methods used for communication within the organization that can lead to cyberbullying behaviour.The final two topics examine the nature and perceived adequacy of current workplace policies and procedures related to cyberbullying and respondents' concerns about how future cyberbullying legislation may impact the organization.

Analysis
We transcribed the audio-recordings verbatim, providing respondents with the opportunity to review their transcript for accuracy and intended meaning.Three researchers then independently content-analyze the data using standard qualitative data analytic methods [51].Specifically, we aggregate the transcripts for all nine interviews by each of the five discussion topics.Each researcher then identifies similarities and differences across all respondents on a question-by-question basis, using a matrix format for each question, with themes, trends, issues and/or concerns listed along one axis and respondents on the other axis.Once the researchers complete their independent analyses, we review the collective results to identify points of similarity, as well as inconsistencies.We discuss any identified inconsistencies among the researchers and the final analysis reflects the consensus that is reached.The consolidated summaries for each topic are presented in the next section.Note that we identify direct quotes from the nine respondents by an assigned code from R1 to R9 respectively.

What is Cyberbullying in the Workplace?
One of the goals of this study is to gain insight into the meaning of the term cyberbullying in a workplace context.Respondents use many of the same words to describe their understanding of cyberbullying, often positioning it within the context of harassment.For example, one respondent remarks, "Bullying and harassment are one and the same.To me, it is all violence really.When you are harassing someone, you are being threatening or intimidating, and I think bullying is exactly the same thing" (R4).Another respondent further qualifies the distinction, describing cyberbullying as "a form of harassment… it is more of the mental harassment as opposed to the physical" (R7).
While virtually all respondents connect bullying and harassment, two respondents make reference to the legal definition of harassment as being tied to prohibited grounds of the human rights code."Harassment typically refers to protected grounds of human rights, whereas bullying doesn't usually discriminate based on any protected grounds of human rights.Thus, bullying could be a white man intimidating a white man or a white female, and it may just be that the person's mode of operation is to try and get what they want.It may not be discriminatory.Harassment generally is with regards to gender, gender expression, race, or age and involves a more legal aspect."(R5).One respondent further argues that the terms "harassment" and "bullying" can be, but are often not used interchangeably because of the adult versus youth associations with the terminology."I think we use 'bullying' more when referring to children and 'harassment' more with adults.And when I think of what they are, I think they have the same components."(R8).
Respondents then proceed to distinguish between cyberbullying and face-to-face bullying in the workplace context.Only two individuals feel that face-to-face bullying represents a greater concern than cyberbullying, primarily because of the presence of immediate physical threat."With face-to-face, there is a person right in your face.You are going to have that intimidation factor, and the person cannot get away.Cyberbullying is still just as bad, but they are not face-to-face.It removes the immediate threat of physical harm."(R2).The remaining seven respondents feel that for several reasons cyberbullying is more concerning than traditional forms of bullying, despite the lack of a physical component.First, cyberbullying is not limited to the workplace.Employees can use social media platforms and mobile communications to engage in unwelcome behaviour well beyond the confines of the physical workspace and traditional work hours of nine to five.As one respondent notes, "Cyberbullying is not as personal and I think people can go a bit further with it… with the accessibility.If someone really wants to bully someone else they have so many ways to do it."(R1).In addition, the opportunity for anonymity afforded by technology means that victims of cyberbullying do not always know the identity of their aggressor."Cyberbullying for the most part is worse, in my experience, because of its anonymous nature.You don't know who is attacking you… Anonymity makes cyberbullying more challenging to deal with in terms of getting a starting point to help the person dealing with it."(R6).This sense of anonymity allows perpetrators to operate online under the guise of their "virtual self", thus making them feel protected and empowered to act with less inhibition, as well as potentially contributing to the escalation of cyberbullying behaviour.Finally, cyberbullying is viewed as more serious because technology provides wide reach and instantaneous dissemination."The viral opportunity allows cyberbullying to have a much more expansive coverage… workplace bullying tends to be more contained.Once you get it into social media elements, you know the breadth will be much wider."(R7).

Examples of Workplace Cyberbullying
During the interviews, respondents share anecdotes of cyberbullying occurrences in their workplaces.Only one respondent reports not having encountered any form of cyberbullying within the organization.This is likely due to the nature of the organization (nonprofit) and limited reliance on technology within the organization.The remaining eight respondents describe a range of reported cyberbullying cases with which they have dealt in recent years in their organizations.Examination of the nature of these incidents reveals five distinct categories of cyberbullying behaviour described below.
The disgruntled employee.The most common example of cyberbullying behaviour, identified by four respondents, involves employees' posting inappropriate comments online about their co-workers, their managers or about the organization in general.For example, one respondent remarks, "In my role, sometimes people will send me snapshots of their employee's postings on Facebook or making inappropriate comments about a colleague on Facebook…I had one incident where there was a picture of staff and someone wrote that person is really rude and don't work with them, and they shouldn't be working for the company."(R4).In the manager-subordinate context, "people have posted comments about their boss on their personal Facebook pages, calling them out, and that can be interpreted in a really negative way…and it starts offending and people are commenting on it."(R4).Another respondent suggests that these types of behaviour tend to be more common among junior employees."In a call centre environment, that is where the majority of these types of cases happen.I think it's the nature of the environment-it is little less professional…they are young; they make $15 an hour; it is not a high, coveted job…there's a bit of immaturity in that particular setting."(R7).
The joke that went too far.The second most common occurrence of work-related cyberbullying is described by several respondents as an online communication that begins as innocent office banter, such as a joke circulated via e-mail.As one respondent states, "People can be devastated by what has been written [on social media] about them, but yet when they look further into it, they find that it wasn't meant to have that direction and meaning.Some of it is misunderstanding of the impact versus intent."(R6).However, when the communication escalates to the point where one or more individuals perceive it as inappropriate or unwelcome, then it moves from the realm of online banter to cyberbullying."I can think of a case where we had somebody e-mailing inappropriate pictures…it is one thing to receive when you are forwarding it around, it is not okay when somebody takes offence."(R2).
The broken office romance.Two respondents describe examples of workplace romances that ended poorly and ultimately led to cyberbullying.In each case, one of the partners uses either company time or company online communication resources to engage in bullying behaviour toward his or her ex."I have heard of a few incidences….ofex-boyfriends stalking.It is basically instant messaging, sort of like MSN, and I've heard of several cases of harassment through here."(R1).
The dysfunctional team.Two respondents from organizations, where working in large and sometimes diverse teams is an expectation of their environment, speak of situations where one or more employees fall out of favour with their work team, which then leads to team members' using social media to post negative statements about the banished member(s)."….Individuals are hired together, train together, same hours, same workspaces, and that persists for up to a year until they move to different teams and shifts.So people either get along or they don't, and I came across a situation where an employee complained of harassment.She had fallen out of favour with the group, and all the individuals had taken to comments on Facebook.I think there were Twitter posts too.It was an all-out assault."(R5).
The power-tripper.In this context, cyberbullying occurs as a result of a toxic manager-subordinate or employee-to-employee relationship, where one individual attempts to establish undue or inappropriate authority over the other.Two respondents describe instances where this form of cyberbullying arose within their respective organizations."One thing that I notice is that people are overworked, so you do notice a lot of cyber-harassment cases between managers and employees, because a lot of stress in involved…especially in a professional services firm.People will feel so fortunate to have a job they do put up with a lot." (R1).

Technology and Cyberbullying
A broad range of communication mechanisms through which cyberbullying may occur are used in today's workplace, including e-mail, instant messaging and social media.We asked respondents about the vehicles most commonly used by employees to interact with one another.Their responses suggest that a dichotomy exists between formal and informal communication channels and methods.Respondents agree that e-mail is the most prevalent form of formal online communication in the workplace."I would have to say that the primary mode of communication is e-mail, but there are also lots of teleconferences and we also have instant messaging... those would be the primary business forms of communication."(R5).Instant messaging is another commonly used form of communication, both in the formal and informal context."Internally, e-mail, we have IM (instant messenger) as well, that is used a lot.Because of laws around re-enactment of documents and things like that, sometimes people prefer to have conversations on IM.Because there isn't an official trail of that, they can feel free to maybe be a little more unedited in their comments."(R7).Interestingly, while these more informal tools seem to be the most likely venues for cyberbullying to occur, one respondent expresses concerns about the appropriate use of both formal and informal tools."There could be cases where people are saying inappropriate things via instant messaging just as easily as they could send an email in all caps..." (R5).
Social Media is used both formally and informally in organizations.Seven respondents state that their companies do not restrict access to social media sites on their servers even though employees do not need social media to perform their daily tasks.Some respondents feel that this is appropriate: "I think it…needs to evolve as technology evolves.I know that at one time, we forbid employees from surfing the Internet.Well, now in this generation, they're on Facebook; they're on Twitter; it is part of everybody's normal routine."(R7).Others express concerns about his practice."[We] enable all these social media things in the workplace.Not only is it giving employees the tools to [engage in cyberbullying], but also why are they letting people spend the work day on Facebook?Why aren't they working?"(R1).In these organizations, social media is frequently used as an informal communication method for employees.In contrast, other companies use social media tools in a more formal manner as they rely heavily on this technology to promote their products/services and to communicate with their customers.These companies tend to have "authorized" social media users."Here's what we created: a term called 'authorized users', so if you are an authorized user of social media it means that you have been given license to use the company's name and to communicate on behalf of the organization on various social media outlets.And if you are not one of this small group of individuals... you are an unauthorized user and basically the rules from that point on then talk about what you can and cannot do ... including how you address other employees and how it is not appropriate."(R3).
Companies concerned with protecting information tend to have more formal communication methods in place.However, companies with high customer interaction are more likely to use a combination of both formal and informal communication methods.As one respondent's description suggests, communication approaches can be a subtle signal to discourage potential inappropriate online communication that can ultimately be construed as a form of cyberbullying.
" [When] people call in sick, we don't encourage texting.We want them to call; we want them to communicate verbally with the management team.A lot of the managers will say the same things; if they receive a text they will ask them to call them.Same thing goes for email, and managers are encouraged to speak to them if they have issues instead of texting or other social media."(R4).
Respondents indicate that in today's work environment, mobile phones are increasingly used for both personal and business purposes."Yes, basically e-mails are supposed to be work-based, but I know, just as I was leaving we were actually talking about how it's not valid anymore, because basically in any position you are given a company phone and you're suggested to cancel your other phone, so that is your phone and of course you're going to use it for personal use."(R1).This overlap between personal and corporate usage on mobile phones makes it difficult for companies to control mobile conduct.
As might be expected, organizations with informal communications tend to be more concerned with freedom of expression.As one respondent in a higher education setting states, "You have a little more tolerance here, this being the marketplace for ideas, whereas in other workplaces I worked, there is less tolerance than here."(R6).Organizations with limited resources, such as start-ups or nonprofits, have informal communication and if policies exist at all, they also tend to be informal."We don't have a policy on online communication around [social media]."(R8).
Technology is evolving and developing rapidly.Respondents recognize that these tools are important for their business, but are still grappling with how to integrate them into their business such that they use them effectively and appropriately and do not contribute to the further blurring of personal and workplace boundaries."I think now with the accessibility on someone's cell phone-you have your Facebook on your cell phone, your LinkedIn on your cell phone, and you have your text messages.If someone really wants to bully someone else [at work], they have so many ways to do it."(R1).

Cyberbullying Policies and Practices
Employers, with whom we spoke, fall under the jurisdiction of either the Canadian Occupational Health and Safety Act or the Ontario Occupational Health and Safety Act which, as noted above, has been amended by Bill 168.Respondents are familiar with the amendments.Several respondents indicate that these pieces of legislation are transforming training and policies within their organization."Bill 168 was a couple of years ago now, so we adapted our policy to make sure we were in compliance.We are a national organization and want to make sure that we have consistency across our platforms so whatever is the highest standard is what we would ensure is included."(R5).Respondents are not very familiar with Bill C-13 and its potential workplace implications.
Respondents provide diverse accounts of the cyberbullying policies in their organizations.All nine respondents report the existence of workplace discrimination, harassment, and violence prevention policies in their organizations, which have been developed in accordance with the Ontario and Federal Occupational Health and Safety Acts."Absolutely we have the policies that I have administered which [include] the discrimination harassment policy which covers all forms of legal type of harassment discrimination.We have the civility guidelines and respectable workplace policy..." (R6).
Bullying behaviour tends not to be explicitly defined, and instead generally falls under the harassment policy."We consider any form of bullying under the harassment policy.So we have a very well defined, well-documented policy on harassment and employees are required to review it."(R7).
Beyond harassment policies, five respondents mention having a code of conduct or civility guidelines and even fewer (three) have specific IT appropriate usage policies.These policies tend to informally discuss behavioural conduct such as acting professionally and with civility."We have an overarching code of conduct that basically says thou must behave in this fashion to work for the organization.It is all very common principles about representing yourself and the company well."(R3).IT appropriate usage policies vary and do not explicitly discuss cyberbullying.These policies focus more on security and privacy rather than on cyberbullying."But there is an IT, intellectual property code of ethics policy that is signed annually which would be for the use of IT." (R2).
Social Media specific policies are rare (two of nine respondents) and only occur in organizations where there is heavy client engagement through social media.These policies outline appropriate conduct in the social media space and who should be using corporate social media applications.
"We do, we have an associate standard that outlines responsibilities of the associate, involves social media appearance guidelines, behaviours, what's appropriate, what's not appropriate in the workplace, and we do have a health and safety policy, bullying and harassment policy because certain provinces have very specific guidelines for policies, so we have a very specific one for Ontario and BC.They go over what is bullying and harassment and what to do if you feel you are being bullied or harassed."(R4).Some company policies are more specific than others.Those organizations concerned with information security have very clear and explicit standards on social media conduct and ensure individuals are held accountable for their actions on social media.For example, one respondent from the financial service sector reports the following, "Those interactions started to emerge I'd say really in 2008, and we implemented a policy internally that basically said that you aren't allowed to use the name or the trademark, and if you do there will be employment consequences.So personally or professionally you are not authorized to use the name."(R3).However, the same respondent goes on to describe the potential pitfall of adhering strictly to internal policy."We have to recognize that employees in their own time, if they aren't using the trademark, then it is not my domain to tell the employee that you can't do that on Twitter…Our domain is to say you can't do that using our systems, and you can't use our logo.But on your own time, that is your own time.This is what the law is for.So that was very interesting because it was definitely a case of cyberbullying.It was definitely a group of our employees and the relationship was definitely employee-based.It was a bit of a grey area."(R3).

Adequacy of Current Policies and Practices
When we asked respondents whether they feel that their organization's policies are adequate, the feedback is mixed.Three respondents believe that their policies are adequate; two others feel they are quite inadequate at the present time, and the remainder suggest that there is room for improvement.Those who believe that they have adequate policies do, however, mention that their training can be improved to ensure that employees are aware of the policies.One respondent feels that even though cyberbullying is not explicitly outlined in policies, it is covered."We don't [have policies on cyberbullying]…[but] we talk about e-mailing explicit jokes, pictures or messages that are inappropriate and make people [feel] uncomfortable, is not tolerated, but nothing on social media, we may need to go and change policy."(R4).
Two respondents feel they can improve their current policies by adding a cyberbullying component."Yeah so cyberbullying specifically we haven't put in there, but we want to include wording next year when we have everybody sign the code of ethics for next year….We specifically want to include some wording around that to make it exceptionally clear because we think it is becoming more and more prevalent."(R2).
One respondent also notes that cyberbullying is not very well defined and thus it is difficult to develop policy around it.Legislation, such as Bill C-13, although motivated by youth-incidents, can help employers define cyberbullying and consequences in a more concrete manner."Well, hopefully   Respondents describe a variety of training methods for new employees around workplace civility and harassment.All respondents confirm that such training is a standard component of the new employee orientation process.However, the majority of company training programs requires that employees read the policies and sign off, indicating that they have read and understood them.Only two employers require that new employees attend a workshop on the policies and/or answer a quiz on the policies, as a method to ensure understanding.However, respondents report that very little content is included on the topics of bullying or cyberbullying."As part of the new hire process, every employee has to go through harassment discrimination training, a onehour slide show and has to answer a quiz at end, but I would say out of 60 question there are three on cyberbullying, There are a few questions, but don't think it is treated seriously..." (R1).
Once employees are on-boarded, very little communication about policies continues.Three companies have employees review policies and sign off on them annually or retake a quiz to ensure understanding.These quizzes tend to be online and informal.Other companies require that employees review policies only when changes are made."… when the policy in BC came out November 1 last year I had sent the policy to all BC managers and had a conference with all of them and said I want to bring this to your attention, here is the new policy, went through it with them and sent them an employee list for all the stores and asked them to spend ten minutes with their employees to let them know where it is posted, educate them and sign off on it."(R4).
Only two respondents' organizations provide ongoing communication about policies and appropriate workplace conduct.They tend to rely on topic-specific workshops or quarterly newsletters originating from the HR department.These forms of communication are specific to a certain topic."We have a publication ... and it sends out every quarter in an email to all employees.It will have a section on compliance and…I am in the midst of writing an article on non-retaliation."(R5).
Once again, it appears that while workplace bullying is now on the radar of HR departments, they struggle to keep up with appropriate policies and practices, given that the issues are still developing and that as technology develops more concerns emerge about the opportunities for inappropriate behaviour.

Conclusions
The overall purpose of this study has been to gain insight into the nature, scope and understanding of cyberbullying in the workplace through the experiences of HR professionals working in a range of industry and business sectors.The first significant finding is that there is no generally accepted definition or understanding of what constitutes cyberbullying in the workplace.For some, it is subsumed under harassment; for others it is something quite different.Business and industry have not been able to generate a shared understanding themselves.This is a typical pattern as we seek appropriate responses to changes in the external environment; in this instance, technology and social media.
The overall purpose of legislation is to govern and guide behaviour.Guidance can be formal and technical, such as a traffic law stipulating that driving is on the right side of the road, or it can be substantive and guide behaviour on socially controversial issues, such as gay marriage.Technology poses a well-known challenge to law, as it typically evolves faster than the legislation that purports to govern it.Emerging law may both shape and reflect social norms in an iterative process.Where specific legislation does not yet exist, companies and organizations must look elsewhere for guidance in developing behavioural norms around the use of technology in their workplaces.Alternatives such as internal policies and guidelines can be developed faster than legislation, but these too can be controversial when they are based on a range of social norms related to culture, age or education.When social norms are in conflict, it is very difficult to develop a broad understanding of acceptable and unacceptable behaviour in the workplace; that is, what constitutes a joke versus bullying, or even more fundamentally, a shared terminology as in what is meant by harassment versus uncivil behaviour.Because of the murkiness around what behaviour is deemed acceptable and not acceptable, and the dynamic nature of the field, law makers are appropriately hesitant about prematurely developing legislation to define appropriate "cyber" behavior.On the other hand, when there are no legal constraints, or when people perceive that there is no guidance around acceptable behaviour, instances of bullying continue to occur.This is not a victimless issue, in that there is much evidence to support the feeling of helplessness suffered by those who experience cyberbullying [23,25,28,32].
In the absence of dedicated Canadian legislation, our respondents clearly feel they lack guidelines for addressing cyberbullying behaviour.Many factors contribute to the sense among HR professionals that at the present time, Canadian law does not present them with a clear approach to workplace bullying.First, a debate exists over the criminal threshold of cyberbullying around Bill C-13.Second, the mapping between traditional adolescent cyberbullying issues and workplace cyberbullying issues is incomplete.Third, there are different provincial approaches to cyberbullying both between provinces, and within each province along the spectrum from workplace health and safety issues to human rights violations.Finally, external guidelines in the form of provincial or federal legislation are targeted at other issues, and use other terminology, such as workplace safety, human rights and the like, rather than cyberbullying.The legislative ambiguity around cyberbullying is then reflected internally, so that even when codes of conduct are in place, cyberbullying is rarely identified explicitly.What respondents report over and over again is the important role that government legislation needs to play on this issue.Cyberbullying is new to HR departments.As technological capabilities increase, this issue is likely to grow in importance [27] and may cease to be seen as subset of bullying [23].What complicates the issue is that so many of the tools that can be used for cyberbullying are not necessarily exclusively available in the workplace.When company computers and company cellphones are also used after hours with the blessing of the company, it blurs the work-personal boundaries and makes enforcing codes of conduct difficult.In addition, many social media tools, including Facebook, Twitter, and Instagram, are core to the marketing strategies of companies, and thus creating rules around their use becomes problematic.Among our respondents, we see a range of strategies for dealing with this issue-some formal and some informal.Employers may have to recognize their role in and responsibility for enabling bullying, by allowing work and personal time to overlap through the expectation of 24/7 employee availability and consenting to the personal use of company-owned technology.Recently, the government of France attempted to tackle this issue, by re-erecting the boundaries between work and personal time through the employer/employee agreement not to work after hours.Over time, as organizations gain experience with social media and the blurring of work and personal space, some of which may not be positive, more formal strategies, such as that initiated by the French government, will no doubt emerge.
This exploratory study with HR professionals provides some key guidance for law makers.First, current Canadian legislation does not appear to provide companies and organizations with a framework for dealing with cyberbullying in the workplace, a response, which they clearly need and for which they are asking.Second, this is a complex area because of the murkiness around the dynamic nature of technology, the blurring of work and personal access to technology, and the lack of shared norms.Perhaps the role of government is not to provide absolute guidance, but rather to influence employers to tackle the issue themselves.In a sense, Bill 168 does this by requiring companies and organizations to develop policies.Finally, perhaps more effort needs to be put into eliminating cyberbullying as opposed to punishing it.Despite their lack of proactivity on the cyberbullying issue, HR departments are very much aware of their key role in maintaining a civil work environment.Workplace stressors will continue as organizations restructure in response to a competitive market and economic constraints [52,53].These stressors impact the work environment, and HR departments use legislation compliance, custom-designed codes of conduct and mandatory training programs to minimize the impact of both the internal and external environment on employee satisfaction and commitment.Perhaps employers should adopt a more proactive approach with their employees by using team-building to strengthen connections in the workplace, and increase education and training programs to identify bullying and to develop mitigating strategies.Employing these tactics may create a greater sense of comfort and connectedness in the workplace, and reduce the likelihood of enabling a bullying culture [54].
How do HR professionals interpret cyberbullying in a work-related context? What relationship, if any, do mobile technologies and online applications have to workplace cyberbullying? What types of workplace policies and practices exist with respect to cyberbullying?  To what extent do HR professionals feel current policies are (in) adequate?
will help clarify, to a lot of employers and employees, what it is and what it isn't.And then if it is [cyberbullying], I think it is important to deal with it just as you would any other type of bullying."(R2).