20110720 fose 2011 sm governance

Uploaded on

This workshop delivered July 20, 2011 at FOSE 2011 described the elements of a social media governance framework, identified structural and policy statements to include in the social media policy, and …

This workshop delivered July 20, 2011 at FOSE 2011 described the elements of a social media governance framework, identified structural and policy statements to include in the social media policy, and describes strategies for capturing and managing social media-generated content as records.

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • The first step many organizations take to manage Web 2.0 is to try to block them. This is unrealistic for a number of reasons.
  • Moving into mainstream
  • Technology changes much faster than the law or policies can keep up with. That’s why it’s better to use a comprehensive policy that can cover new technologies as they appear.
  • Here’s Best Buy’s policy. There is a little more to it, but fundamentally this is it. And while it doesn’t cover records management, compliance, etc., if your employees embrace it (and are trained on how it applies) it will cover the vast majority of issues found in much more detailed policies. http://www.bby.com/2010/01/20/best-buy-social-media-guidelines/
  • Zappos is a $1b clothing and shoe retailer – and their Twitter policy is only 7 words.
  • Here’s a very succinct Twitter policy from a blog by an HR-focused law firm, GruntledEmployees.com. “Our Twitter policy: Be professional, kind, discreet, authentic. Represent us well. Remember that you can’t control it once you hit “update.””
  • Official vs. unofficial includesDisclaimers (this is or is not official; disclaimer of responsibility if it isn’t)Also includes a link to his social media policy
  • Whether approval is required to create an account (official only)It’s also useful, as CSU does, to list all the official accounts somewhere on the website.
  • This includes things like:What user names are appropriate, and whether to use the organization as part of it (e.g. Dell_JeffW)Pictures – same thingBio – same thing, plus things like official account, name (and sometimes personal Twitter handle) of the person behind the account, etc. Different types of contact informationIt’s also valuable to have guidelines for what types of contacts are appropriate. An official federal government account could “friend” Barack Obama on Twitter, but probably shouldn’t friend his re-election campaign or the Democratic Party (and even if it did the Republican Party as well, it’s still problematic). Similarly, it might look a bit odd for an energy company account to “friend” a parody account like BPGlobalPR, or a competitor, or an unsavory group, etc.
  • Pretty straightforward here. Three main points:If third party content is allowed, it should be reviewed so people don’t upload pornography, etc. If it is reviewed, the organization may have some responsibility to remove things that are inappropriate. This should be spelled out clearly and adhered to rigorously – all goes back to transparency. If an official account “likes” something on Facebook, or retweets something on Twitter, this could be considered approval or even recommendation – and if it’s something offensive, or illegal, or otherwise inappropriate, this could cause serious issues.
  • The policy should outline what types of groups are appropriate and what types of groups should be out of bounds. This is especially important for official commercial accounts but could be applicable even to personal accounts where the connection could be made to the organization because of the employee’s visibility. For example, it would be inappropriate for an official in charge of elections to be a member of a Facebook group focused on reelecting one candidate or another. Moreover, there are any number of groups dedicated to patently offensive or illegal causes; having accounts associated with these types of groups could bring significant risk to the organization and its brand. ~Another related area involves conveying a perception of approval of content that might be controversial, offensive, or illegal. For example, both a Facebook “like” and retweeting content on Twitter are often perceived as approval of that content. If an official account or the personal account of a senior manager retweets a sexist joke or something that condones illegal drug use, that could also cause serious issues for the organization.
  • Pretty straightforward
  • These are specific to government. It’s always a good idea to link back to the organization’s home website and vice versa so it’s clear that the account is an official one. Because of public records and sunshine laws, it’s important for the agency to be open about whether comments are allowed or monitored and whether it believes them to be covered under such legislation. And for public safety accounts in particular, such as fire departments or police, the account should note whether it’s monitored and what the “official” mechanisms are to report safety issues.
  • This is an example of a guideline for how to engage those that comment on your social media, and those that post or comment on third party sites. This triage chart from the American Society of Chemical Engineers is not for every user in the organization, but it can be quite useful for those responsible for monitoring and engaging comments about the organization such as public affairs.
  • These are specific to government. It’s always a good idea to link back to the organization’s home website and vice versa so it’s clear that the account is an official one. Because of public records and sunshine laws, it’s important for the agency to be open about whether comments are allowed or monitored and whether it believes them to be covered under such legislation. And for public safety accounts in particular, such as fire departments or police, the account should note whether it’s monitored and what the “official” mechanisms are to report safety issues.
  • Here’s an example of this from the Seattle Fire Dept – it clearly says “This site is not monitored. Call 911 for emergencies.” It also notes the applicability of public records laws and has a link to the main website.
  • The first step is to determine whether or not something is in fact a record. Just as we know that most email messages are not records, for most organizations their Facebook fan page updates will not be records either. In other words, we have to ask the same questions about these tools that we’d ask about any other type of information:Does it document a transaction or a decision? If it does, it’s probably a record. Is it captured in another form? This is the biggest reason why most social networking sites like Facebook and Twitter wouldn’t need to be captured as records – in most cases they are being used as another transmission mechanism for information stored elsewhere. Now, just because it isn’t a record doesn’t mean it couldn’t be discoverable or a public record and subject to FOIA-type laws. Again, same considerations here as for other types of information. [twitter]Determine whether something is a record or not according to its content and context.[/twitter]
  • Prepare for discovery. This means having the same type of data map you have in place inside the organization, but with listings of all the services you use, the accounts used there, etc. At a minimum you should list any official use of services and official accounts. It also means understanding the process for getting at that information in the event of litigation, FOIA request, etc. The time to put that process in place is before the subpoena is received. For hosted tools, such as FB or Twitter, it may mean taking periodic snapshots of what is posted to them. Right now there aren’t a lot of tools that do this; one way that can be effective is to capture the RSS feeds generated by these tools. As updates are made, they are published through the RSS feed, which can be saved locally. It might also require working with the third-party vendor in the event that some information or some updates are not available through RSS – for example, web-based email. It’s also important to note that at least for commercial solutions there is very little ability to put or enforce legal holds or to prevent a user from deleting an account, at least without a subpoena and without doing it before the user knows to delete it. [twitter]Prepare for discovery in advance, including listing official use of services and accounts.[/twitter]
  • As we just noted, the records management or communications policies (or both) should address the use of these tools. We’ll look at some examples of policies over the next few slides. At a minimum, the policy should address: Identity, relationship, and transparency – is the account official or unofficial?Security, confidentiality, and sensitive informationComments and responses to commentsResponding to others’ posts on commercial sitesAccuracy and ethicsMonitoring and auditing[twitter]Address these tools in the records or communications policies (or both). [/twitter]
  • How to capture content will depend first on one key variable: where is it stored? The vast majority of social media sites are either hosted solutions or commercial ones – that is, users’ data is not stored inside the organization’s firewall, but on some third party data center outside the control of the organization. This can present a significant issue because how and how long the data is stored is almost entirely dependent on the site’s Terms of Service. If the Terms are changed from retention for 7 years to retention for 2 weeks, or to permanently, it presents a real problem for the records program. And depending on the site this is almost certainly non-negotiable with the exception of governmental entities with the force of the law behind them. ~It’s also the case that some regulatory regimes have geographical aspects that, for example, require particular content to be stored inside a country’s boundaries, or prohibit it from being stored in certain countries’ boundaries. This can present issues for services that store information in the cloud and that might have numerous data centers spread around the world. ~Once the organization has determined what to capture, the next step then is to save that information locally. This is almost always a copy – in other words, saving social content from Facebook does *not* delete it from there. There are a number of ways to accomplish this that we will review over the rest of this module.
  • Finally, there are enterprise versions of every Web 2.0 application. These enterprise versions are often available to be hosted inside the firewall, meaning that security is much more robust. Access can be secured to them much more effectively. They can be integrated into the organization’s identity infrastructure – whether Active Directory or something else – such that any change, post, comment, edit, update, etc. can all be tracked and, more importantly, tracked to a specific named user. No anonymous postings here. Of course, you have to pay for an enterprise version, but what you’re really paying for is a level of peace of mind. And you still get many of the same benefits – ease of use, familiarity with the type of tool, rapid and agile collaboration across geographical and time boundaries, etc. You’re just getting a more secure and robust version of it. [twitter]Consider implementing enterprise versions. FB is FB, but internal tools might be more appropriate.[/twitter]
  • At this point I’d be pleased to entertain your questions.
  • In conclusion, Web 2.0 is not something coming down the road or over the horizon – it’s here today and is probably in your organization, whether you know about it or not. It is all but impossible to effectively prohibit them – and the tools can significantly improve an organization’s collaboration and knowledge sharing, thereby adding value to the organization. It is incumbent on records management professionals to step up and lead your organizations in the effective use and management of these tools.


  • 1. Social Media Governance in Federal Agencies
    Jesse Wilkins, CRM
    AIIM International
    July 20, 2011
  • 2. International - Members in 146 countries
    Independent - Unbiased and vendor neutral
    Implementation Focused - Processes, not just technology
    Industry Intermediary - users, suppliers, consultants, analysts, and the channel
    About AIIM
  • 3. Director, Systems of Engagement, AIIM
    Background in electronic records management, email management, ECM, and social technologies
    Frequent industry speaker and author
    AIIM ERM and Social Business Expert Blogger
    Instructor for AIIM Certificate Programs
    Jesse Wilkins, CRM, CDIA+, ERMM
  • 4. By the end of 2013, half of all companies will have been asked to produce material from social media websites for e-discovery.
    Source: “Social Media Governance: An Ounce of Prevention”, Gartner
    It’s just a fad….
  • 5. Is a Facebook “like” a record?
  • 6. The social media governance framework
    Structural elements of a comprehensive social media policy
    Social media policy statements
    Managing social media content as records
  • 7. The social media governance framework
  • 8. Prohibition is not realistic
  • 9. “A new class of company is emerging—one that uses collaborative Web 2.0 technologies intensively to connect the internal efforts of employees and to extend the organization’s reach to customers, partners, and suppliers.
    We call this new kind of company the networked enterprise.”
  • 10. Ensures that employees know what is expected of them
    Provides guidelines for being more effective
    Reduces risk of someone posting inappropriate content
    Addresses legal and operational concerns
    Why a governance framework?
  • 11. Management
    Strategic roles and responsibilities
    Groups and structures required to manage information
    Policy and procedures
    Processes and standards for managing information
    The governance framework
  • 12. Determines overall strategic goals of organization
    Provides support for social media initiative(s)
    Determines need for policy guidance
    Determines need for enterprise solutions
    Supports – or doesn’t – transformation efforts
  • 13. Governance roles required to ensure compliance with the framework
    Includes usual suspects…
    Also includes new roles
    Social media strategist
    Community managers
  • 14. Social content is just another form of content
    Policy should provide a framework applicable to most or all social media tools – and to other content/communication-related technologies as well
    DON’T write a Facebook policy, a Twitter policy, etc.
    The social media policy
  • 15. Be smart.
    Be respectful.
    Be human.
    Best Buy Social Media Policy
  • 16. Be real and use your best judgment.
    Zappos Twitter Policy
  • 17. Our Twitter policy: Be professional, kind, discreet, authentic. Represent us well. Remember that you can’t control it once you hit “update.”
    Policy 2.0 – in 140 characters
  • 18. Structural elements of a social media policy
  • 19. Purpose
    Policy statements
    Policy elements
  • 20. This policy has three purposes:
    Establish definitions relevant to social business technologies
    Describe usage policies relating to social business technologies
    Describe security and technology policies relating to social business technologies
    Scope: This policy is applicable to the entire enterprise.
    Purpose and scope
  • 21. Responsibilities for policy development and maintenance
    Responsibilities for policy administration
    Responsibilities for compliance with policy
  • 22. Uncommon terms
    Common terms used in an uncommon fashion
    Acronyms and abbreviations
  • 23. Many different elements available
    Detailed in the next section
    Policy statements
  • 24. List any references used to develop the policy
    Internal strategic documents
    Existing policies and procedures
    Statutes and regulations
    Examples and templates
  • 25. Social media policy statements
  • 26. Official vs. unofficial
    Link to social media policy
  • 27. Creation of official accounts
  • 28. Account details
    User name
    Corporate logo usage
    Contact information
    Look & feel guidelines
  • 29. Whether posts will require approval
    Pictures and video
    By the organization
    By third parties
    Links (i.e. “sharing”)
    Applications and widgets
    Likes, retweets, etc.
    Content guidelines
  • 30. Access to personal accounts using organizational resources (time, computers, network, etc.)
    Access to sites using personal devices (iPhone, tablet, etc.)
    Personal access and usage
  • 31. Affiliation
    Acceptable and unacceptable groups
    Perception of approval
  • 32. Offensive content
    Disparagement of the organization – or of competitors or others
    Slander or libel
    Sexual content
    Solicitations of commerce
    Illegal activity
    Violation of copyright
    Inappropriate usage
  • 33. Personnel-related information
    Financial information
    Confidential information
    Health information
    If you wouldn’t post it to your website or send via email, don’t post to FB or send via Twitter.
    Sensitive materials
  • 34. Whether comments are allowed
    And monitored
  • 35. Official response to third-party sites
    Response to comments
  • 36. Monitoring and reviewing comments
  • 37. Public records act notices
    Public safety monitoring considerations
    Other considerations
  • 38. Whether the account is monitored for actionable content (screenshot)
    Public records
    Monitoring for public safety
  • 39. Managing social content as records
  • 40. Is the information unique and not available anywhere else?
    Does it contain evidence of an agency’s policies, business, mission, etc.?
    Is the tool being used in relation to an agency’s work?
    Is there a business need for the information?
    Does it document a transaction or decision?
    Is it a record?
  • 41. Check the service level agreement
  • 42. Blog post
    Individual Tweet
    Links and shortened URLS?
    Wiki article
    The article?
    Its changes over time?
    It depends….
    What’s the record?
    Prepare for production
  • 43. Address in policies
  • 44. Save content locally
    Most sites store information outside the firewall
    Little control over how it is stored
    Little control over how long it is stored
    Geographic and jurisdictional issues
    First step is to save content locally
  • 45. Take a snapshot of record content
  • 46. Archive entire stream locally
  • 47. Archive selected items locally
    Use search queries and monitoring
    Records management in brief
    Store selected items locally using search queries or RSS
  • 48. Use the native backup to store locally
    Store locally using built-in tools
  • 49. Use a third-party service to store locally
    Store locally using third-party service
  • 50. Store locally using API
    Store locally using APIs
  • 51. Use Word or Notepad to draft content updates and save *that* as a record
    Draft content locally
  • 52. Implement enterprise versions
  • 53. Implement a compliance solution
    • And many others
  • Questions?
  • 54. Web 2.0 is here
    Prohibition is not a realistic option
    Web 2.0 tools can add significant value to the organization
    Lead your organization to use them effectively
  • 55. Jesse Wilkins, CRM, CDIA+, ermm
    Director, Systems of Engagement
    AIIM International
    +1 (303) 574-0749 direct
    For more information
  • 56. On September 8, 2011, AIIM will bring together leading industry experts in a Social Business Virtual Conference.
    Attend this 1-day event to learn how your organization can use social technologies to engage staff or customers with the appropriate control and governance.
    Running from 11am – 5pm EDT we have a packed program of 30 sessions, delivered in 3 tracks.
    Social Business Virtual Conference
  • 57. Workshop Attendees:
    Attend the Social Business Virtual Event for $50 – a savings of $45!
    Register for the conference by July 31, 2011
    Enter code FOSEATT85 at checkout
    Social Business Virtual Event
  • 58. Covers best practices in governance
    Policy development
    Governance processes for social media
    Roles and responsibilities
    Broadly applicable strategies – and solutions for specific tools and processes
    Records management for social media
    Currently in development
    Some courses available now
    Total of 30 courses available by end of September
    Social Media Governance Training