Created by Hunton & Williams LLP as part of the IAPP’s Pro Bono Privacy Initiative
Individuals are not the only users of social media technology. All types of organizations have effectively engaged with social media technology to: innovate and communicate within their organization, work collectively with partners, and dialog with clients, supporters and influencers.
Yet, almost every day we hear of situations involving social media that highlight its risk and that perhaps prevent some organizations from moving to adopt such new technology.
With a certain amount of planning and discipline, however, organizations and businesses of all types can realize the benefits of this technology while managing the inherent risks. The type of risk inherent in the use of social media is really no different than the risks of traditional media. But the scope or scale of those risks is increased by social media because of the speed (instantaneous) with which information is released, the breadth (potentially vast) of the audience reached and the potential permanence of digital information once it is shared or published.
The way organizations can address social media risks is not that different from the way one would handle other risks. You must create appropriate policies, educate your workforce (and potentially your clients, volunteers and supporters) and continually reassess your approach.
Tip #1: Establish Policies
Organizations should establish policies that clarify the boundaries and guidelines of appropriate use of such tools by employees. Before an organization can do this however, it must assess its individual exposures and risks in the social media space based on the sector it is in, the regulations to which it is subject, the scope of its employees’ use, and as importantly, its values and strategy.
The policy should specifically address what is permissible or not when engaging in social media activities. Consider including in your policy guidance regarding the following:
- the circumstances under which employees (or Board members or other key personnel) are authorized to speak on behalf of the organization, and the rules that apply in cases where they are;
- the rules that apply when employees or other key personnel are not authorized to speak on behalf of the organization, but want to talk about or make references to the organization;
- whether there are any topics that employees should avoid talking about (whether or not they are authorized to speak on behalf of the organization), even if they are only expressing their own opinion or thoughts;
- whether, when authorized to speak on behalf of the organization, employees can mix personal and business content and, if they can, guidance on how to do so responsibly;
- whether employees’ social media accounts can include “Friends” that are personal friends as well as those that are business colleagues or whether business and personal contacts must remain separate;
- whether company logo or other brand identities can be used by employees on social computing sites;
- whether employees’ business email address can be used when registering for third party sites; and
- whether approval to use third party social media applications to conduct company business, such as to post or share company materials, to network with clients or to speak on behalf of the company, is required and what precautions should be taken.
Tip #2: Educate Workforce
Once the policy is established, you have to make sure that your workforce and other key personnel are sufficiently educated and familiar with your policies in order to recognize situations that may present risks, to know where to go to get answers to their questions, and ultimately to handle the risks appropriately. A policy implemented without proper education will not achieve the intended results. It is important to emphasize with employees that the same good judgment they use in the physical environment should be displayed in a virtual environment. Consider conducting a workshop for key personnel; publishing an article in newsletters or other messages to the organization’s volunteers or supporters; holding a short briefing at an upcoming Board of Director’s meeting.
Tip #3: Reassess Regularly
Social media capabilities and sites continue to evolve. Companies should be prepared to modify their policies as the use of social media expands and evolves – what was appropriate in the policy one day, may not be the next. An ability to react to changes in the social media space is critical for companies to keep pace with these emerging social media tools. Consider an annual review of your policy and practices.
Tip #4: Learn From Others
For your convenience, we have included what we think may be useful resources as you create your own social media policy. IBM is not responsible for the content found on third party sites.
Social Media Governance database of social media policies
Mashable Business “10 Must Have’s for Your Social Media Policy”
IBM Social Computing Guidelines
Social Media Today “57 Social Media Policy Examples and Resources”
The information in this presentation was compiled from sources believed to be reliable for informational purposes only. All sample policies and procedures herein should serve as a guideline, which you can use to create your own policies and procedures. We trust that you will customize these samples to reflect your own operations and believe that these samples may serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute legal advice and accordingly, you should consult with your own attorneys when developing programs and policies. You should not take, or refrain from taking action based on its content. We do not guarantee the accuracy of this information or any results and further assume no liability in connection with this publication and sample policies and procedures, including any information, methods or safety suggestions contained herein. Moreover, this presentation cannot be assumed to contain every acceptable safety and compliance procedure or that additional procedures might not be appropriate under the circumstances.