Building a social media policy@EricSchwartzmanNew Comm ForumApril 21, 2010<br />Practices, Principles and Politics<br />
Session Overview<br />Business Case for Social Media Policy<br />Dovetailing with Existing Policies<br />Basics of Corp. P...
Do You Need a SM Policy?<br />Marco Belluci<br />
Scalability<br />
Discoverability<br />
Why Not Use Existing Policies?<br /><ul><li>Unique Requirements
Dilutes Focus
Confuses Ownership</li></ul>Marshall Astor<br />
Updating Existing Policies<br /><ul><li>Code of Conduct Updates
Update public disclosure definition
Loosen “personal gain” restrictions</li></li></ul><li>Updating Existing Policies<br /><ul><li>IT Policy Updates
Confidential vs. public information
Extend protection mandates to social media
Restrict “inappropriate solicitations”
Assign password management to IS
Add password security to IS policy
Permit personal links in emails</li></li></ul><li>Corporate Policymaking<br />Assembling the Stakeholders<br />Generation ...
Building a Stakeholder Coalition<br />
Sequencing<br />Consensus on objectives<br />Stakeholder assembly<br /><ul><li>Influence
Social media aptitude
Communication skills
Draft review order</li></ul>gregwestfall<br />
Ambiguity<br />kevinpoh<br />
Clarity<br />
SM Policy Anatomy<br />Policy Statement<br />Definitions<br />Objectives<br />Guiding Principles<br />Policy Elements<br /...
Policy Statement<br /><ul><li>That employees have the right to use social media
That social media is changing the way people communicate
 That existing policies apply to social media
That your company respects the legal rights of its employees
That this policy applies to activities outside of work as well, if those activities impact job performance or any other co...
Guiding Principles<br />EXAMPLES:<br /><ul><li>…trusts and expects employees to exercise personal responsibility…
…never use social media for covert advocacy…
Upcoming SlideShare
Loading in …5

Developing a Social Media Policy


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Unlike computers, our minds are finite.  There&apos;s only so much information we can process, and so many relationships we can realistically maintain.  Whether its 150 or 1,500, at some point, even the most ardent online social networker reaches their threshold, and becomes overwhelmed. As a result, our individual social networks are a fraction of the size of television or magazine audiences. So instead of reaching an audience of 12 million like conventional mainstream media channels, social media empowers organizationsto reach a million audiences of 12.But tasking your marketing department with managing a million relationships is unrealistic. A more scalable approach is encouraging as many people as possible to get involved and share on your company’s behalf. Internal communications becomes more important, because you’re working off of a model where the center of the organization informs it’s edge, and it’s edge inform the world. When everyone participates in educating the marketplace, policy becomes increasingly important, since employees with no formal public disclosure experience become brand ambassadors.
  • Social media makes it easier for people to share information, but it does so by allowing them to share in public forums. The byproduct of all that sharing is that it becomes discoverable. People Google your brand name and they find conversations people are having about your organization. The reason for a social media policy is to provide clear cut guidelines to everyone in the company about how to share publicly while keeping mindful of the risks and opportunities, and while protecting the company and its employees as well.
  • Rather than pass off the components of social media governance to existing policies, it is going to be easier to account for these details in a new policy. And the reason is because the guts of a social media policy are unique to social media. Layering them on top of existing policies as new requirements runs the risk of diluting the focus and confusing the ownership of those policies that are already in place.
  • But you’re still going to need to review your existing policies for loose language and obsolete definitions, and recommend some updates. Start with your company’s code of conduct policy, information technology policies and any ethics or compliance policies. Make sure any references to public disclosures, company information and information security are up to date. Pre-internet, public disclosures were limited to press releases, public filings, statements made to the news media and marketing brochures. Today, a Facebook status update or a Tweetqualifies. If your code of conduct discusses public disclosures, make sure the definition is current, and that the rules don’t conflict with your social media policy intentions.For example, if your code of conduct restricts employees from using company property for personal gain, and they wind up amassing Twitter followers by sharing public, company information, technically, they would be in violation of company policy, even though they’re actions are in support of your corporate objectives. So consider amending the existing policy to restrict employees from using company property “solely” or “exclusively” for personal gain.
  • Make sure your information security policy distinguishes between confidential company information, and public company information, the latter of which can be defined as content publicly accessible on your company’s website. This makes it easy for employees to know what they can and can’t share. The rule would be, if you can link to it, you can share it.Extend whatever responsibilities employees have to protect confidential company information and information systems to internal and external social media services as well. For example, if your security controls policy restricts employees from using company communications or information systems to make solicitations, whether they’re associated with non-company business activities or not, restrict employees from making “inappropriate solicitations” instead, since a primary use of social media is soliciting information. And you can’t expect your online social network to give you back useful information, unless you’re out there giving them information as well, whether it’s pertinent to your employer’s immediate business objectives or not. Limiting an employee’s ability to participate in online conversations is antithetical to procuring value from social media.Also, consider extending user ID and password control parameters with language such as “user names and passwords used to establish a social networking account on behalf of the company, and a direct URL to all company branded social media accounts must be registered with information security management.” That way, instead of starting from scratch when the employee managing that account transitions to another position or company, a new community manager can pick up where they left off.If you choose to add guidance on effective password management, this too probably belongs in the security controls policy, rather than the social media policy.Check out your company policy on email use as well. It is not uncommon to find a clause restricting employees from including any personal information in their signature block, another counterproductive rule, since the people we exchange emails with are often different from our social networking contacts, and signature block links to one’s Facebook, MySpace, Linkedin or Twitter profile page can be a great way to cement those relationships in the social sphere as well.
  • In the case of social media policy, assembling the stakeholders is probably going to be one of most challenging aspects of the process, because you’re going to have to cross the generation gap of social media, and you’re probably not going to have as much time as you’d like to do it. According to Forrester’s Consumer Profile Tool, 30 percent of men and women over 55 in the U.S. use no social media at all, only 26 percent are members of social networks and only 26 percent comment on blogs. So it is likely that many of the stakeholders you’ll need in your coalition maynot be up to speed on social media. If they’re approaching retirement, they may not have the time or inclination to learn it. I’m not going to address winning support or getting buy-in for social media initiatives in this session, but the takeaway is, don’t under estimate the amount of effortit’s going to engage your stakeholders and get them to a point where they have enough of an understanding of social media, to make the right decisions about governance.
  • Your policy needs to provide clear cut guidelines to everyone in the company about how to share publicly while keeping mindful of the risks and opportunities. When you’re ready to start approaching potential stakeholders, you’re going to need to be able to focus your appeal on how social media impacts their corner of the company.When you’re deciding who to approach in a given department, look for the most influential person who’s going to require the least amount of education. But you also want a single point of contact that has the ability to relay the rationale for developing the policy to the others in their department, so they need to be a good communicator. Don’t assume that because they’re active on Facebook or Twitter for personal use, that they’re necessarily the best candidate.  Make sure your stakeholder is unlikely to transfer to another department or company. Try and at least get a verbal commitment from them not to pass the buck to anyone else in their department. An unexpected change in stakeholders can have debilitating effect, particularly if you have to start from scratch with a new stakeholder, and they have a bias against the initiative.
  • Be strategic about the order in which you solicit your stakeholders, and the order in which you circulate drafts for review. Nab the most influential stakeholders first. If you bring unpopular stakeholders on early,it may deter others from participating. Similarly, pay attention to the order in which you circulate your policy draft for review. Send them first to whoever is most influential and educated about social media. As you progress through the review sequence, make it known who’s signed off already, as an implied endorsement to those just receiving it.Inadvertent sequencingcan derail a policy development initiative. If your initial draft winds up getting sent to someone in legal who is not a stakeholder, and who has not been briefed on the initiative prior to reviewing the draft, your policy could be gutted on any useful guidance. And if it doesn’t provide useful, practical guidance, how will employees know what the boundaries are?
  • Even though things cost so much less in China, there is a certain amount of risk associated with doing business there, based on the belief that Chinese laws are intentionally written ambiguously to give regulators an uneven advantage over free enterprise.Ambiguous social media policies that give employers an obvious upper hand may also deter employees from sharing company information with their online social networks. After all, if you are not entirely confident about what is and is not permissible, and if you feel your employer has given you no real protections or guarantees, why would you jeopardize your livelihood by passing their news or information on to your Facebook friends or twitter followers?
  • In any contract that you enter into, you have to understand what your obligations and rights are under the terms of that contract.  If your company institutes a social media policy in such a way that its employees think they understand what their obligations are, but in reality don&apos;t, they would be agreeing to something they didn&apos;t understood, and ultimately couldn’t fulfill.  According to American linguist William Lutz, an attorney who authored the SEC Plain English Handbook, doublespeak is undemocratic. “In a democracy, we decide what policies and candidates to back by listening to the public discourse.  If the discussion is carried out in doublespeak, organizations deliberately mislead the people so theydon&apos;t really know what&apos;s going on, and we wind up making decisions of social importance on the wrong basis.” This same danger applies to companies who release policies in gobbledygook, becausethey’re giving their employees mixed messages about what they expect.The language you employ and the prevailing sense of fairness your social media policy communicates will also have an impact on your corporate reputation. An easy to understand, reasonable social media policy posted publicly on your website is a public demonstration of your company’s sense of trust and respect for its employees. Online communications are now an integral part of our social fabric. Recognizing this and offering proactive guidance that’s easy for everyone to understand is a demonstration of goodwill.Source:
  • Begin your social media policy with an official policy statement.  This is the place to manage your company’s reputation. You may want to involve your marketing or PR dept. in drafting this language. If the policy is going to be publicly available, this is the section that will get read most. This is the place to manage expectations so try and match the flavor of your policy statement to your company’s management style. Here are some of points you’re probably going to want to make in this section:
  • Before you circulate a draft for review, make sure you have consensus among the stakeholders on the objective of the policy. Negotiating edits among your stakeholders is pointless unless everyone is on the same page. Here are three broadobjectives to consider.
  • Before we get down into the weeds, and start parsing through practical, situational guidance, it may be a useful to establish the overarching principles on which your organization&apos;s social media policy is founded. Coca-Cola lists their corporate values upfront in their policy, a reflection of the way they manage their brand. But this approach requires a delicate balance, lest employees see this as preachy. At SCE, the policy we are developing is more situational than it is aspirational. Here are examples of a more situational approach to guiding principles:
  • Obvious: Acknowledge conflicts of interest Avoid anonymity Avoid ambiguity No sock puppetting (getting multiple accounts and having conversations with yourself) or aliases Use special care with minorsNot Obvious: Ask others to acknowledge conflicts of interest as well Maintain consistency Monitor feedback Don’t start conversations you can’t finishExample: In this screen shot, you can see how Toyota use a branded Twitter account, but not at the expense of transparency.
  • You may also wish to consider extending the policy to your company&apos;s contractors, vendors and agencies as well.  In September 2009, Fleishmann-Hillard SVP Seth Bloom appeared in a YouTube video to level criticism about agency client AT&amp;T’s delayed MMS service deployment for iPhone. The video, which was not all that social, actual does a pretty good job explaining the reasons for the delay. But Bloom ambiguously identified himself as “the blogger guy with AT&amp;T.” In fact, he was the blogger relations point person on the account at Fleischmann-Hillard. But he presented himself as an AT&amp;T employee, when he was not. The issue here was one of false attribution. The incident prompted coverage in Ad Age and was an embarrassment to AT&amp;T. If they had a social media policy in place that precluded this behavior and extended to outside services providers, perhaps this incident could have been avoided. But in any case, AT&amp;T bore the brunt of the resulting ill will.PR Newser,
  • Employees who do not serve as official company spokespersons can be required to include a disclaimer in social media disclosures referencing their employer, or the business category in which their employer competes. Disclaimers belong on employee profile pages. A disclaimer inside a blog post or status update that gets buried in the account’s archives is not, by itself, satisfactory. However, in addition to the profile page disclaimer, it may be a good idea to include a second disclaimer in the specific update or comment, if it could be easily misunderstood as an official company statement. Keep in mind that disclaimers on profile pages don’t get syndicated, so employees should make sure that any social networking service they’re syndicating their content, carry the disclaimer as well.For managers and supervisors, disclaimers may not be enough. By virtue of their position, higher level employees may be seen as speaking on behalf of a company, whether or not they have been designated official spokespersons. Out of fairness, it should also be said that social media disclosures which do not mention the company, or company-related topics, do not to include a disclaimer.
  • The Federal Trade Commission recently enacted laws that make it illegal to pay a blogger, or anyone else outside of an organization for that matter, to write testimonials, product endorsements or other social media disclosures without publicly disclosing the receipt of payment or free products.  This is a good thing. Paying bloggers or individuals to write reviews or endorsements is a form of bribery, considered unethical, and is to be avoided.  Nevertheless, in some cases it may be necessary to provide bloggers with accommodations, products for review or other promotional materials so they can evaluate and opine on your products or services.  In those instances, cap the value, and require it be disclosed on the company’s website if that value is exceeded.Your policy should also protect your organization&apos;s search rank by restricting employees from paying for inbound links, to protect your organization from winding up on illicit link farms, that are devoid of any useful content, and exist exclusively for the purpose of gaming Google’s citation index. 
  • Your code of conduct will handle the obvious aspects of this component, such as religion, political affiliations or sexual orientation. Use the social media policy to address the issue of respectfulness by encouraging employees to honor the attention of their friends and followers by striving to advance conversations in a constructive, meaningful way. For example, if I respond to a question someone has asked via social media with a solicitous product pitch that doesn’t answer their question, I’m being disrespectful of their time and attention. If I tweet links to landing pages for no apparent reason or use hashtagssimply to gain reach, that too is disrespectful.Require that employees always strive to add value to online conversations. By adding value, employees can effectively demonstrate respect for those they engage.
  • Don’t use social media to hang out your dirty laundry in public.If you’re the type of company that generally takes the high road, discourage employees from releasing antagonistic social media disclosures referencing competitors, and restrict them from referencing competitors entirely unlesstheir claims can be attributed to a neutral, third-party source by meansof a hyperlink.
  • In addition to posting photos of co-workers without their permission, employees should be restricted from referencing project details or customers, partners or suppliers by name in all external social media channels without approval.External social media channels should never be used to conduct internal company business, resolve internal disputes or to discuss confidential business dealings with outside contacts. When in doubt, leave it out.
  • If you work at a company or organization whose facilities are a possible target for acts of terrorism or armed robbery, prohibit the use of cameras or other visual recording devices. Social media communications are never private. Employees should never share any information that could compromise the security of any employee or company-owned or operated.Conduct on the Pentagon Reservation, Title 32, Code of Federal Regulations, Part 234 [PDF]
  • If an employee who is not authorized to speak on behalf of your company has valuable information that could benefit those affected by a crisis, disaster or emergency, they should be at liberty to share that information via social media channels, so long as they include a disclaimer and do so in accordance with the guidelines of your policy. Encourage all employees to share official company information via social media channels, particularly during a crisis, disaster or emergency, so as long they take the time to verify that the information they are sharing is, in fact, official company information. For example, before sharing a link, employees should always verify that (1) the source of the information is legitimate and (2) that the link they are sharing transits to information hosted at a company-owned or reputable internet domain.  If an employee decides to endorse or republish someone else’s social media disclosure about your company, or a company-related topic, make sure they verify that the social media disclosure they are republishing was, in fact, distributed by the attributed source. For example, before retweeting someone else’s tweet, verify that the Twitter user cited did, in fact, distribute that tweet by visiting their Twitter page to check the origin. There have been cases ( where false tweets attributed to news sources were distributed by counter operatives to promote misinformation and confusion.
  • To protect your company and employees from infringing on the copyright claims of others, you need to establish guidelines for exactly how and how not to share.These guidelines, inspired by the Associated Press Stylebook “Briefing on Media Law,” are designed to help shed light on how you might structure the parameters for sharing in a social media policy.In circumstances like disasters or emergencies, where the public’s right to know outweighs the financial objectives of the rightful copyright owner, employees may share copyrighted works without the permission of the copyright owner. This might be information or images about a rapidly advancing wildfire, a natural disaster or an act of terrorism.To circumvent acts of libel, employees should be restricted from using social media to evaluate the performance of their co-workers, vendors or partners or to criticize or complain about the behavior of customers.Employees should also be restricted from using social media to discuss their employer’s financial performance (a critical factor at public companies), as well as legal matters and litigation.
  • Purpose. This memorandum establishes DoD policy and assigns responsibilities for responsible and effective use of Internet-based capabilities, including social networking services (SNS). Policy. The NIPRNET shall be configured to provide access to Internet-based capabilities across all DoD Components.
  • While you can use policy to set forth the rules of the road from a situational standpoint, Brian Solis says you may need a social media style guide as well. “In branding and marketing there are branding style guides that show you can’t use this logo or this particular message in a certain context, and the same has to be done for social media,” according to Brian Solis, author of the book “Engage.” “There has to be a guide to what the voice is, what the persona is, what the personality of the brand is,” Brian says. A social media style guide is one way to solve that purpose.Source: Getting Buy-In and Resources for Social Media,
  • There’s something syrupy sweet about those generic motivational posters you find in the workplace. They reek of cynicism because the idea of reducing value to live by to a poster on the wall begs the question, “If you have to put up a poster to promote honesty, things must be pretty bad around here.” Putting values in a social media policy runs a similar risk.At the United States Marine Corps Boot Camp, the drill instructors spend as much time on character development and teaching core values as they do on physical and mental training. But values aren’t taught by drills. They are taught through example.And social media policy is no exception.
  • Different policies for different areas inside the organization. According to Jeremiah, social media policy is a key component of effective online organizational communications, and he says there are actually three different policies that organizations need to consider developing. The first is a corporate policy, which would address how to deal with the social Web, and in particular, during a crisis.  The second is an employee disclosure policy, which would tell employees what they can say and what they can say in public spaces online.  And the third one, which he says most companies don&apos;t have in place and which might have kept Nestle out of trouble, is a community policy, which would dictate how community members should behave and describe to do&apos;s and don&apos;t.. A community Chris Boudreaux says companies need at least 2 policies.
  • Policy alone is not enough. People need hands on training too. Conferences offer opportunities to learn at a higher level, but employees may need real world practical training as well.
  • Developing a Social Media Policy

    1. 1. Building a social media policy@EricSchwartzmanNew Comm ForumApril 21, 2010<br />Practices, Principles and Politics<br />
    2. 2. Session Overview<br />Business Case for Social Media Policy<br />Dovetailing with Existing Policies<br />Basics of Corp. Policymaking<br />Policy Anatomy<br />DoD Case Study<br />Other Considerations<br />Follow Up Resources<br />
    3. 3. Do You Need a SM Policy?<br />Marco Belluci<br />
    4. 4. Scalability<br />
    5. 5. Discoverability<br />
    6. 6. Why Not Use Existing Policies?<br /><ul><li>Unique Requirements
    7. 7. Transparency
    8. 8. Confidentiality
    9. 9. Security
    10. 10. Risks
    11. 11. Dilutes Focus
    12. 12. Confuses Ownership</li></ul>Marshall Astor<br />
    13. 13. Updating Existing Policies<br /><ul><li>Code of Conduct Updates
    14. 14. Update public disclosure definition
    15. 15. Loosen “personal gain” restrictions</li></li></ul><li>Updating Existing Policies<br /><ul><li>IT Policy Updates
    16. 16. Confidential vs. public information
    17. 17. Extend protection mandates to social media
    18. 18. Restrict “inappropriate solicitations”
    19. 19. Assign password management to IS
    20. 20. Add password security to IS policy
    21. 21. Permit personal links in emails</li></li></ul><li>Corporate Policymaking<br />Assembling the Stakeholders<br />Generation Gap<br />
    22. 22. Building a Stakeholder Coalition<br />
    23. 23. Sequencing<br />Consensus on objectives<br />Stakeholder assembly<br /><ul><li>Influence
    24. 24. Social media aptitude
    25. 25. Communication skills
    26. 26. Draft review order</li></ul>gregwestfall<br />
    27. 27. Ambiguity<br />kevinpoh<br />
    28. 28. Clarity<br />
    29. 29. SM Policy Anatomy<br />Policy Statement<br />Definitions<br />Objectives<br />Guiding Principles<br />Policy Elements<br />Penalties<br />
    30. 30. Policy Statement<br /><ul><li>That employees have the right to use social media
    31. 31. That social media is changing the way people communicate
    32. 32. That existing policies apply to social media
    33. 33. That your company respects the legal rights of its employees
    34. 34. That this policy applies to activities outside of work as well, if those activities impact job performance or any other corporate business interests</li></li></ul><li>Objectives<br />Establish practical, reasonable and enforceable guidelines by which employees can conduct responsible, constructive social media engagement in official and unofficial capacities.<br />Prepare the organization and its employees to utilize social media channels to help each other and the communities it serves, particularly during a crisis, disaster or emergency.<br />Protect the organization and its employees from violating Municipal, State or Federal rules, regulations or laws through social media channels.<br />
    35. 35. Guiding Principles<br />EXAMPLES:<br /><ul><li>…trusts and expects employees to exercise personal responsibility…
    36. 36. …never use social media for covert advocacy…
    37. 37. …clearly identify themselves as employees when communicating on behalf of the organization…</li></ul>Source: IBM Social Computing Guidelines<br />
    38. 38. Disclosure & Transparency<br />
    39. 39. Transparency for Agencies?<br />
    40. 40. Disclaimers<br />SAMPLE DISCLAIMERS:<br /><ul><li>"I work for <ORGANIZATION NAME HERE> and this is my personal opinion."
    41. 41. "I am not an official <ORGANIZATION NAME HERE> spokesperson but my personal opinion is..."
    42. 42. "The postings on this site are my own and don't necessarily represent <ORGANIZATION NAME HERE>’s positions, strategies or opinions.“</li></ul>sources: Social Media Business Council and IBM<br />
    43. 43. Compensation & Incentives<br />The revised Guides also add new examples to illustrate the long standing principle that “material connections” (sometimes payments or free products) between advertisers and endorsers – connections that consumers would not expect – must be disclosed.<br />Source: FTC<br />
    44. 44. Respectfulness<br />bjornmeansbear<br />
    45. 45. Diplomacy<br />kmoney56<br />
    46. 46. Confidentiality<br />CarbonNYC<br />
    47. 47. Security<br />Mr Wabu<br />
    48. 48. During Emergencies<br />mashleymorgan<br />
    49. 49. Legal Matters<br />mecredis<br /><ul><li>Employees may share links that transit users to works hosted by rightful copyright owners or their resellers without obtaining permission first, and include an original text description of that link.
    50. 50. Employees may share an excerpt of up to 140 characters with spaces without obtaining the copyright holder’s permission, so long as the work being shared is publicly available on a rightful copyright holder’s website and provided the sharing is not being done to blatantly undermine the financial objectives of the copyright owner.
    51. 51. Employees may embed copyrighted content in social media channels without obtaining the permission of the copyright owner, so long as the embed code has been provided by a rightful copyright owner.</li></li></ul><li>Case Study: DoD<br />Challenges:<br /><ul><li>Competing Agendas
    52. 52. Disengaged Command
    53. 53. Operational Security
    54. 54. Blocking Access</li></ul>U.S. Navy Adm. Mike Mullen, chairman of the Joint Chiefs of Staff<br />
    55. 55. Case Study: DoD<br />Approach:<br /><ul><li>Stop Blocking
    56. 56. Initiate a Thawing Effect
    57. 57. Self Educate DoD via Access
    58. 58. Follow Up with Additional Policy Development</li></ul>Source: DoD Social Media Policy [PDF]<br />
    59. 59. Case Study: DoD<br />Irony:<br /><ul><li>Trust and Confidence
    60. 60. No More Wars on Abstract Concepts
    61. 61. Every Service Member a Spokesperson</li></li></ul><li>Other Issues: Policing the Brand<br />raincoaster<br />
    62. 62. Other Issues: Instituting Values<br />kkimpel<br />
    63. 63. Other Issues: Multiple Policies<br />Marketing/PR<br />CustomerRelations<br />Investor Relations<br />Public Affairs<br />Labor Relations<br />Stakeholder Relations<br />Community Relations<br />Industry Relations<br />Analyst Relations<br />
    64. 64. Other Issues: Training<br />
    65. 65. Follow Up Resources<br /><ul><li>    Social Media Policy Podcast
    66. 66. Index of Social Media Policies
    67. 67. Social Media Boot Camp
    68. 68. Social Media Master Class</li></li></ul><li>Eric Schwartzman<br />(310) 455-4000 Phoneeric[at]ericschwartzman[dot]com Emailericschwartzman.comWebsite<br /> Training Blog@ericschwartzman Linkedin<br />