Framing the New Frontier

Once rejected as a trend, social media is quickly becoming a communications imperative for organizations – although it’s not without its risks. Organizations without policies in place to manage, monitor and respond to social media activities may find themselves on the losing side of a lawsuit related to intellectual property, employment, competition and/or defamation law. Putting in place a social media policy will provide needed guidance to your employees and enable your organization to realize the benefits of social media while mitigating some of the associated risks.  

Social Media: Risks and Rewards

Facebook eclipsed Google as the most popular Web site in the United States in 2010,¹ while other social media platforms such as LinkedIn, Foursquare and Twitter continue to grow. The ubiquity of social media, expansion of Web 2.0 tools and growth of user-generated content has provided fertile ground for organizations to engage directly with consumers and stakeholders alike.

However, as with all new frontiers, the opportunities – and potential downfalls – are immense. The same qualities that make social media valuable also expose organizations to significant risks. According to a 2009 survey by Deloitte², 74% of 2,008 employees surveyed said it was easy to damage a company’s reputation online. The speed, sense of anonymity and informality inherent in the medium make social media a breeding ground for corporate liability and litigation.

Even the best-intentioned employees may unwittingly expose an organization to legal risks, as underscored by a question posed to The Ethicist in the New York Times³. In it, “Name Withheld” from Dallas asked if it was ethical for his boss to require staff to use personal accounts to give a favourable rating to iPhone apps the company creates. Also known as “Astroturfing,” this false advertising is unethical and contravenes competition law in the United States and Canada. Had appropriate policies and procedures been in place from the start, the company in question would likely never have engaged in such deceptive practices.   

Social media provide a potentially global platform for employees to reveal, whether wittingly or unwittingly, privileged or proprietary information, infringe intellectual property, violate privacy rights or make defamatory statements. Most organizations have a policy governing employee behaviour in place. But policies covering telephone, email or in-person exchanges cannot fully address the novel uses of social media. Companies should not wait until they are in the middle of a public relations or legal crisis to put a social media policy in place.  Proactive management is the best way to mitigate the legal and reputational risks.

The time to act is now. One out of every six executives in Canada believe social media are the most important means for an organization to engage the public about their brand³, and 90% of Canadian companies are now participating in the social media in some way. The efficiency, security and success of organizations with employees using social media depend on developing a coherent and responsive policy.     

Getting Your Policy off the Ground

A social media policy is a tool to educate, guide and control employee behavior online. An effective social media policy will reflect the organization’s goals and activities. It will contain a self-evident statement of purpose (i.e. what the document is for and why it is needed). This purpose will not only help determine the appropriate scope but align communications activities with organizational goals. A policy too limited in scope will do little to mitigate risk. A policy too broad may become unwieldy and therefore ineffective.

The first step towards compliance, and ultimately optimizing an organization’s activities online, is for all employees to be on the same page. To understand their responsibilities fully, employees must understand the threat that seemingly innocuous online behaviour can pose to the organization. Explaining the intention of the policy – to mitigate risk – positions employees as equal partners in protecting the reputation and interests of the organization. Because the policy is meant to guide employee behavior, clarity and transparency is paramount. A list of key terms and definitions can further aid in comprehension.

A description of the role employees play in social media should follow the statement of purpose and definitions.  Staff must have a clear understanding of roles and expectations. In the absence of a social media policy, some employees might take it on themselves to act as spokespersons, for example, thus blurring the distinction between sanctioned and unsanctioned online activity. From unofficial blogs to tweets about company activities, an enthusiastic or disgruntled employee with a penchant for posting can easily influence a brand for the better, or worse. Establishing an unambiguous line between authorized and unauthorized communication, as well as putting in place an approval hierarchy, is vital to managing and monitoring use of social media.

Establishing the Boundaries

Once you have defined the purpose, key terms and clarified employee roles, it is critical to set out the boundaries of acceptable use. Many current examples exist of employees making unauthorized statements online, such as 15 British Airways employees suspended in February for comments made on Facebook⁵. A description of prohibited content or behaviour, as well as examples of such behaviour, will help employees self-monitor their actions online and provide organizations recourse for violation. Descriptions should be specific to the platform used (such as Twitter or Foursquare) to ensure accuracy and relevance. By cross-referencing descriptions of prohibited use to existing policies such as anti-discrimination policies and confidentiality agreements, organizations can further strengthen their social media policy by ensuring comprehensive coverage of prohibited activities and use.

The consequences of contravening the policy should be unequivocal, but support mechanisms should be in place to assist in compliance. Contact information for the various departments involved in managing and monitoring social media activities for the organization must be included for the policy to be effective. Employees looking to report violations, receive clarification or flag issues may be left without recourse if the appropriate contacts aren’t provided, rendering the policy useless in the event of a crisis. Including this contact information at the end of a document, following an explanation of consequences for contravening the policy, will highlight the obligations of employees and commitment of the organization to supporting
acceptable use.

Litigation related to social media activities is an evolving area of law. Imprudent comments and disclosure of confidential or proprietary information can have devastating consequences for individuals and organizations. As the lines between work and personal life blur, so too does the distinction between the roles and the voice of the individual. As a starting point for reputational and legal risk management online, social media policies are the first defense against liability and damages arising out of social media.

1 Experian Hitwise, 2010,  www.hitwise.com/ us/press-center/press-releases/facebook-was-the-top-search-term-in-2010-for-sec/
2 Deloitte Ethics in the Workplace Survey, 2009, www.deloitte.com/assets/ DcomUnitedStates/Local%20Assets/
Documents/us_2009_ethics_workplace_survey_220509.pdf
3 The Ethicist, by Randy Cohen, New York Times July 30, 2010, www.nytimes.com/2010/08/01/magazine/01FOB-Ethicist-t.html
4 SAS/Ledger Social Media Survey, March 2010, www.sas.com/offices/NA/canada/ en/news/preleases/social-media.html
5 “BA suspends cabin staff in Facebook row over list of strike-breaking pilots,” Feb. 12, 2011, http://www.guardian.co.uk/ business/2010/feb/12/bae-facebook-strike-action.