Managing Social Media Risk: What Employers Need to Know
Do you think your employees’ use of social media is strictly their business? Perhaps you’re even encouraging employees to find creative ways to use social media to market and serve customers. If so, think again. The most commonplace activities your employees engage in online every day can become your company’s worst nightmare.
Consider these scenarios:
-Jean, a new brand manager, builds an extensive following with her blog and on Twitter as she promotes her firm’s new product line. One off-color comment prompts thousands of her "followers" to boycott the company instead.
-Amy insults her supervisor in a Facebook post; her coworkers ‘comment’ back and it becomes an online gripe session about workplace issues. Amy is fired for violating her company’s internet policy, which specifically prohibits disparaging comments online about the company, its employees and supervisors. Sounds reasonable—until the National Labor Relations Board (NLRB) charges the policy limited employees’ rights to engage in protected activity, including discussing terms of their employment.
-IT director Peter gets a frantic midnight call from the CEO—the company’s entire network is down. Hours later Peter discovers the cause: malware infected the system through a social networking game played by just one employee.
These are only a few glimpses into the tumultuous arena of social media risk. What employees say and do using social media—on company time and technology or strictly on their own—can damage your company reputation, image and brands, leak strategic information to your competitors, expose your entire network to viruses, malware and run you afoul of a broad range of confidentiality and compliance issues.
How do you manage these risks and still take advantage of the power of social media tools? How do you guide and manage employees’ personal online behavior without alienating your workforce and inviting expensive litigation--or worse? You not only need an intelligent social media use policy, but a way to monitor and enforce how well employees follow it.
What Risks Do You Face?
Watch your reputation: Your employees are the human face of your company. Their private comments can go viral, making your company appear insensitive, arrogant, discriminatory, negligent or noncompliant. Employees’ company-sanctioned use of social media to handle customer issues can result in lack of response or inappropriate response. And your company’s social media campaigns and strategies can be undermined or destroyed by an employee’s offensive language, imagery, or tone.
Ungoverned use of social media can expose you to a host of legal risks, including:
- Invasion of privacy
- Discrimination and sexual harassment claims
- Wrongful discharge
- Intellectual property, copyright, and royalty issues
- Criminal activities
The Federal Trade Commission has treated any company with a website as being an ‘advertiser,’ subject to new regulations when using social media. Many companies are unaware that they are likely not covered for this regulatory risk under their general liability policies, and in fact may need to purchase specialty policies specifically tailored to cover advertising and media risk.
Union or not, here they come:
The National Labor Relations Board (NLRB) is increasingly weighing in on whether Section 7 of the National Labor Relations Act protects employees—even non-union workers—who use social media to discuss and even complain about their supervisors, working conditions and compensation. Engaging in these discussions is generally "protected activity" under federal labor law, and the NLRB has challenged some employers’ internet/blogging policies because their prohibition on disparaging comments about supervisors and employment conditions is too broad and restrictive. On the other hand, NLRB has declined to challenge employers that bundled these online behavior prohibitions into a list of other clearly egregious behaviors, like disclosing proprietary information or making explicit sexual references.
Financial services companies face additional, specific regulatory burdens when it comes to social media use. FINRA has issued guidance [FINRA 10-6] requiring such firms to monitor and control communications via social networks, and has begun aggressively auditing companies and individuals and levying stiff penalties. One large insurance company was recently hit with a multi-million dollar fine for failing to meet FINRA guidelines for internal control policies. The SEC has also been reviewing website-only disclosures to ensure compliance with Regulation Fair Disclosure (Reg FD), and issued guidance for compliance in 2008.
The American Medical Association (AMA) has issued guidelines for healthcare professionals using social media, specifically focusing on potential infringement of patient privacy in violation of both HIPAA and the HITECH ACT. The British Medical Society has gone further, issuing warnings to doctors and nurses that activity on social networks can not only lead to violations of patient privacy, but can expose the doctor or nurse (AND their employers) to potential malpractice litigation.
What steps can you take to protect your company and your employees?
1. Find out what your social media ‘footprint’ is. Conduct a social media assessment, preferably using an analytics application to help you make fact-based decisions. Analytics allows you to:
- Gather data on what employees are doing online now, officially and privately
- Evaluate what employees are saying/doing on both public and private sites and activities
- Monitor public/customer/client comment about your company
Don’t expect to "set it and forget it"
Social media is constantly evolving, and your policies and strategies must do so as well. Using analytics will allow you to continuously monitor employee compliance and help identify trends, relationships to outcomes and areas of improvement. Together, an intelligent policy and the right analytical tools will ensure that everyone performs to maximize your social media goals.