Your SlideShare is downloading. ×
Managing Social Media Risks for Municipalities (and More)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Managing Social Media Risks for Municipalities (and More)

853
views

Published on

This is a 45 minute presentation I gave at a government liability conference when asked to deal with social media risk management and data breach management.

This is a 45 minute presentation I gave at a government liability conference when asked to deal with social media risk management and data breach management.

Published in: Business, Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
853
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
7
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • So that’s issue number oneIssue number two is about corporate use of social mediaHere’s a scenario that illustrates a danger of jumping on the corporate communications social media bandwagon without thinking through some important employment-related issuesHow many of you are concerned that Tim has just assigned work?
  • I amHere are the two legal risks flowing from that statement…And I think they are relatively self-explanatory to most of youSo as HR or legal, reach out to your communications prosWork with them, but make sure they understand these risks
  • Transcript

    • 1. Managing Social Media Risks for Municipalities (and more)
      February 9, 2010
      Dan Michaluk
    • 2. Outline
      Harm from off-duty expression
      So you want to blog eh?
      Policy model for managing social media risks
      Current employees as targets
      Risk and control of corporate information
      Due diligence and employee malfeasance
    • 3. Current Employees as Communicators
      Bob and Sue had a long day. They go to the Dirty Dog Pub after work and, over the course of four hours, take jabs at their supervisor, Phil.
    • 4. Current Employees as Communicators
      Jack had a long day. He goes home, cracks open a beer, and boots up his home computer.
      Using a picture of his supervisor taken from the company intranet and some internet based software, he alters the picture so the manager looks ridiculous.
      Jack posts it to his Facebook page. He feels good.
    • 5. Current Employees as Communicators
      Duty of fidelity applies when employee expression is likely to significantly affect a legitimate employer interest
      All other activity is “private”
      The kind of social interaction we engage in today is more likely to conflict with employer interests
      Duty of fidelity is the basis for conflict of interest and other restrictive policy
    • 6. Current Employees as Communicators
      Employee speech can negatively…
      …affect an employer’s duty to other employees
      …affect an employee’s ability to do his/her job
      …affect public perception of employee performance
      …affect an employer’s reputation
    • 7. So you want to blog eh?
      Tim is the CAO at an upper tier municipality who fancies himself a social media guru. He sends and e-mail to all that says, “We ought to be leaders in our field. Accordingly, I encourage all of you to use social media to advance our municipal interests.”
    • 8. So you want to blog eh?
      Risks
      Tim could now be responsible for everything his employees do online
      The municipality may now be responsible for a large wage and overtime bill for “work” assigned by Tim
    • 9. Policy Model for Managing Risk
      Municipalities should consider two policies
      One that guides all employees
      One that guides those who are licensed to speak on behalf of the municipality
    • 10. Policy Model for Managing Risk
      Policy for all employees – theme
      You can do it if you want
      Here’s how you meet our expectations
      Be careful
      If you publish to “friends” you’re still accountable
      Identifying yourself as an employee comes with risks
      Identify special risks (e.g., relating to care and control of sensitive personal information)
    • 11. Policy Model for Managing Risk
      Policy for all employees – content
      Start with a statement of principle
      Then rules that address
      Confidential information, personal information
      Respect for other employees, clients, citizens
      Conflict of interest, conflict with job duties
      Time theft
      Refer to other policies
      Offer support
    • 12. Policy Model for Managing Risk
      License “deputized communicators” on special terms
      Establish clear objectives
      Identify forbidden topics - never
      Identify safe topics – go for it, no review
      Create a workable review process
      Measure time, effort and outcome
      Pay wages for work, reward performance
    • 13. Employees as Targets
      Consider the expression, don’t react to it
      Show support for the employee
      If you take steps to facilitate “takedown,” make clear that you’re taking one step at a time
      Frame your engagement properly from the outset
      Tell the employee to get independent legal advice (Defamation claims are time-sensitive!)
    • 14. Risk and Control of Corporate Information
      Factors reducing control
      The “cloud”
      Mobile storage media
      Mobile devices
    • 15. Risk and Control of Corporate Information
      Implication for solicitors
      The acceptable use policy is not a sufficient administrative control
      New policies and protocol
      Internet publication policies
      Mobile media policy
      Personal device policy
      Departing employee protocol
    • 16. Risk and Control of Corporate Information
      Implications for litigators
      The “get it back” engagement
      Rests on detinue (and breach of confidence)
      Must make a clear and specific demand for “return”
      Should reckon with privacy implications of inspecting a “mixed use” device
      Usually involves retaining a computer forensic specialist
    • 17. Due Diligence and Employee Malfeasance
      New Ontario PHIPA order – HO-010
      Unauthorized access by diagnostic imaging tech.
      Second similar breach at hospital (see HO-002)
      Limited role-based access restrictions on health care providers (access to systems and not within systems controlled)
      All systems not audited
    • 18. Due Diligence and Employee Malfeasance
      Findings on duty to manage malfeasance
      Unreasonable to continue access without a written undertaking to abide by rules (ordered)
      Hospitals must report to regulatory college (ordered)
      Complainant has right to know what discipline was imposed
      Post-breach communiqué to employees called for (ordered)
    • 19. Due Diligence and Employee Malfeasance
      Suggestion that identity of wrongdoer and penalty imposed should be published
      A suggestion at best… not backed by order or reasoning in text of order
      Not normative in employee and labour relations
      Seems mean-spirited
      Raises defamation issues
    • 20. Managing Social Media Risks for Municipalities (and more)
      February 9, 2010
      Dan Michaluk

    ×