Thursday, March 17, 2011

Drafting Good Policies for Social Media Use at Work – Part Two

In my first post on this topic, I covered some of the risks inherent when employees participate in social media systems (“SM”) whether officially on behalf of the employer or unofficially. This post outlines guidance for crafting an atmosphere at work that embraces SM while educating and guiding employees to prevent problems and protect the employer, other employees and the public.

Basic Policy

Your organization may already have rules and regulations that apply to your industry or operations. You may even have agreements in place with each employee at hiring that cover confidentiality, protection of intellectual property and duties of non-disclosure. It may be that you already have all the official policy language you need to address the risks listed in the earlier posts should an employee cross any of those lines. Why have yet another one?

SM gives people power of a magnitude they have not had before. Destructive, impulsive and malicious actions have never been as easy to permanently and broadly publicize as they are now that we have linked to each other through the Internet and mobile phone networks. Do not assume everyone will connect the dots. Even if you already have all the official and legal protections in place, pull it all together in a reminder that puts each obligation into the SM context. If you do not have everything covered, fill in the gaps. Make sure everyone clearly understands their obligations.

“Friending-Friendly" Rules

Once your policies, confidentiality and non-disclosure agreements adequately cover the prohibitions and restrictions that apply to each employee, turn the opposite direction and put guidelines in place that help the well-intentioned. Rather than a list of “Do Not” items, for example, lay out the reasons for concern and points to keep in mind when communicating with others in any way that may involve or reflect on the employer or other employees. Phrase them in "Do" terminology.

There are a number of resources rich with references and examples of how other organizations have approached this challenge. Several are listed in the footnote. Among them all, there are four main ingredients for an effective, comprehensive SM policy:

1. Concern. Acknowledge the existence of SM. Some companies and organizations prefer an “ostrich approach” and essentially pretend SM is not pervasive, not used widely among their staff and poses no threats. What you don’t say CAN increase the risks to your organization, the public and your employees. Step forward and embrace reality. Make it a point to show you know and understand the power, potential and pitfalls of SM usage and that you are establishing consistent guidance that makes sense within the organization’s particular needs.

2. Community. Stress the importance of being transparent and clearly distinguishing whether you are or are not representing the organization. Leave no doubt. This is an issue of honesty to their "friends" and integrity in their online community. Give examples of how to scrub online profiles of all links to the organization, for example, and disclaimer language that you believe is sufficient and appropriate for most contexts. Explain how others may be confused by a person's role or position with the organization so they clearly see the risk. Employees of a legal department could be misunderstood as giving legal opinions, for example; those who work for a publicly-traded company might be misinterpreted as divulging hints that influence others to buy or sell stock in that company; behaving as if you have "secret" information could look like someone revealing previously non-public facts about the company; etc.

Be detailed and specific. Explain how links, logos, email addresses, lingo and job titles may divulge or mislead as to their relationship to the employer even if the employer’s name is not shown. There should also be a consistent method of “branding” officially-sanctioned SM activities so the public can easily identify those and distinguish them from others.

3. Conduct. Remind staff of the public nature of “private” postings and how online activities may be traced. Share some examples of embarrassing consequences others have endured that make an inadvertent “reply all” mistake look miniscule by comparison. Respect runs both ways and the “Golden Rule” and “Granny’s Rule”* are useful guidelines that help make your point. It is always wise to assume that your staff will NOT make the same assumptions you do. Employees are diverse in many ways other than skin color, so spell out the workplace rules that govern appropriate uses of SM during working hours, on the employer’s equipment, etc. Just because activities are permitted or even encouraged in the organization’s Wiki, for example, does not transfer to personal blogs or other non-work-related SM activities.

4. Confidentiality. What one person thinks is “confidential” or covered by your confidentiality policy may be quite different from what another thinks. Remember that people in different jobs have different perspectives and may have been taught different obligations based on their roles. This is a good place to roll it all into one statement that summarizes and refers to the restrictions and duties regarding confidentiality, professional responsibility, non-disclosure, privacy, public/non-public information, trade secrets and communication with people outside the workgroup. You might be amazed at how some never connect themselves to the bigger picture.

Someone in the IT department may not think twice about posting a question in a peer support Wiki that can expose security weaknesses or divulge trade secrets if they are not made aware of how easy it is to do. A support staff member may not be aware of how rules of professional responsibility that govern the supervisors apply to his work. Those who do not often work with the public or in a PR function may overlook the issues with commenting about a particularly problematic day at work or potentially disastrous issue they are working to contain. Trust them to do the right thing the vast majority of the time, but equip them to understand where the boundary lines are so they do not accidentally cross them.


Your policy documents will have more detail under each of these general areas that fit your organization’s unique needs. If you don’t already have the fundamental policies and employee agreements in place, you may need to consult legal counsel about what to do. If your employees are located in more than one jurisdiction, you definitely need to know what difference that may make on any such policy and whether you can consolidate them all into one document or need different versions.

Social media has been here long enough that no one seriously expects it to go away anytime soon. Rather than obstruct or block SM use, proactively educate your staff and address the risks, responsibilities and rewards of appropriate social media usage and you will more likely benefit from risk containment as well as employee confidence in your leadership.

* The "Granny Rule:" If you wouldn't want Granny to see it online, don't post it.

1 comment:

0s0-Pa said...

FTI consulting is a good source for more information on eDiscovery, in case anyone needs additional info or insight.