Social media policies and procedures


Published on

How can you adequately mitigate risk and regulatory concerns while ensuring your employees understand the policy? What about outlining workflow and escalation processes that are understandable and thorough? What do the best in class companies do when multiple employees are using social media on behalf of the brand? Join us for some highlights, lowlights, brand examples and fantastic discussion around social media policies & procedures. We promise, it won’t be boring.

Published in: Business, Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • 1. Scott Bartosiewicz made an astoundingly bad decision when he tweeted “I find it ironic that Detroit is known as the #motorcity and yet no one here knows how to ******* drive” Ultimately the 28 year-old NMS employee is at fault. He showed poor judgment in tweeting what he did, even from his personal account. People know where he works. They know that NMS has a relationship with Chrysler and that Chrysler not only has a long-standing relationship with the city of Detroit, but that the city of Detroit is the backbone of the new brand strategy for Chrysler. Should he have really badmouthed the denizens of the Motor City when the connections can be made between him and Chrysler? “ Bartosiewicz, a University of Michigan MBA student, blamed the mistake on a mix-up using a program that aims to help users juggle multiple Twitter accounts. “I’ve tweeted and posted on Facebook thousands of time before,” he said.” Yeah, he screwed up using in how he used TweetDeck, but his mistake happened well before hitting send. 2. New Media Strategies showed a major lapse in judgment with the way they handled the operational aspect of serving a massive brand in social media. As Advertising Age pointed out, it ended up costing them a multi-million dollar contract. Was Chrysler in the right? Did the agency deserve a second chance? How can NMS and other social media practitioners learn from their mistake? My take, as a client, is that the biggest problem NMS has in not in their selection or training of employees. Their biggest problem is that they had no QA process. Sure, social media is a quick-fire channel. Things happen in real-time and as Ferris Bueller said “Life moves pretty fast. If you don’t stop and look around once in a while, you could miss it.” However, if you act too hastily, you may make a major mistake that can be easily avoided. So, QA in social. How can we solve the problem? 3. Why can ’t there be a QA process in place? No tweet or Facebook update or blog post should ever go out in real time. There are so many programs and platforms that offer the ability to schedule posts and have workflows set up so that posts can be approved prior to publishing. Establish a process so that every tweet is scheduled for a minimum of 15 or 30 minutes from now and another employee approves the post. That person doesn ’t even need to be involved in the social channel or an approved social practitioner, but there needs to be another set of eyes on every post. Think about it this way: Social media is no less or more important to your business as email, web copy, print or broadcast ads. Do you let emails, print ads, radio or TV ads go out without having at least two people look at them for typos, message and brand standards? No? Well then why would you think less of the impact social can have on your brand? As an agency, is 15-30 minutes worth keeping a multi-million dollar contract? To wrap up, there is no consensus on the Chrysler-NMS issue, but ultimately it doesn ’t matter, what’s done is done. However, we can all learn from and build on what happened to Scott Bartosiewicz, Chrysler and New Media Strategies to make sure it doesn’t happen to you and your company.
  • So are there any concerns associated with social media? Does the sun rise in the East and set in the West? If you ’ve read any articles about Facebook over the past few months, you know that privacy has become a hot topic surrounding social media.
  • In an effort to control employees' activities on Facebook and Twitter, some U.S. companies have instituted social media policies that run afoul of labor law and infringe on workers' rights, according to a  memo issued Wednesday  by the general counsel of the National Labor Relations Board. General Motors, one of the largest automakers in the world, has gone so far as to forbid employees from posting anything potentially "misleading" about the company online and even told employees to be careful about "friending" their co-workers on Facebook, the memo indicates. Other companies, including DISH Network and Target, have also maintained corporate policies that at least partially violated provisions of the  National Labor Relations Act , according to the memo. That federal law covers collective bargaining and employees' "protected activities" in the workplace.
  • We care about social media because it’s changing how marketing and communication works. It’s an affordable way to get results, it’s rapidly growing, and customers turn to you and their peers for answers. We’ve all seen social media clangers, where a company’s or individual’s reputation has been damaged by injudicious use of social media. Lack of awareness of privacy settings has also led to over-sharing of information.  In the most visible cases, individuals have been fired, arrested, sued or burgled and businesses have lost brand value, customers and revenue. This is why guidelines are so critical for any company or employee looking to engage in social media.  
  • Critics of social media policies say “you can’t control what is uncontrollable!” Agreed. And that’s exactly why a social media policy is necessary. Contrary to critics’ beliefs, a social media policy is not intended to “control” anything. Its purpose is to give employees guidance, keep them from making severe errors in judgment and allow the organization to identify potential issues before they elevate to the status of a crisis. No policy, regardless how well written, can “control” the risks. The best a policy can do is mitigate the risks. Policies work for organizations that understand that risk happens. Businesses are not only in the business of making or servicing widgets. Businesses are also in the business of making and servicing the organization ’s brand. The stronger the brand, the greater the revenues. Organizations can enhance their brand and competitive advantage and potentially generate greater revenues and profits with a well crafted social media strategy. However, before unleashing a social media strategy, organizations should craft a social media policy that provides the necessary guidance to ensure that social media risks are properly mitigated. The social media policy is the key to ensuring that social media risks area kept under control and to acceptable levels. Those 10 magic words cover almost every situation of blog-related disclosure.  It protects the company from liability from off-the-cuff, real-time comments. It protects you from being seen as a corporate shill.  And it ’s just polite.
  • Most are finding that workplace use of social media has both benefits and risks…. Expanding access to and reach of experts serves to flatten the organization Enterprise efforts to deploy technology that enables social networking will typically encounter concerns regarding how such systems will align with the organizational imperatives listed below. Identity: Identity management and social networking efforts are naturally codependent strategies. Organizations must ensure that profiles are linked to directory and HR systems. Security: Security management efforts related to authorization, access controls, and permission models are topics that also will be presented to teams involved in social networking projects. Technologies that enable social networking must support an organization ’s existing mechanisms to protect corporate resources and satisfy confidentiality needs, or they must extend separation of duty constructs to social network participants. Compliance: Records management and related audit trail concerns are topics that social networking projects need to identify when they assess infrastructure impacts. Social networking systems may be required to provide mechanisms to support discovery requests or provide logging features based on the nature of the social networking system.
  • Regardless of where you land on weighing the risks vs. benefits of social media within your organization, the starting point is usually creating a Social Media Policy. "If you at all have any inclination of allowing Internet access in your company networks, you need a social media policy ” Today more than ever, smart institutions are looking for new ways to stand above the competition. And there's no better way to achieve that edge than by empowering employees with the tools they need to collaborate and communicate more effectively. Of course, the rise of social media websites and innovative communications technologies represent a great opportunity for any business. But with that opportunity, comes security risks and compliance challenges for IT.
  • So in addition to creating a Social Media policy document itself, there are several related items that need to be addressed…. Existing Policies might include: Acceptable Use, InfoSec, Doc Retention, E-Discovery, Copyright, Code of Conduct, HR policies such as employee background screening, monitoring, misconduct. New Policies- - e.g. display notice of standards upfront as well as in employee manual/intranet; develop procedures for purging “bad content” and disciplinary action associated with misuse Guidelines and best practices that are aligned with the existing policies and Social Media policy Evergreen process with cross-organizational involvement to ensure a periodic review of policies. Typically should include HR, PR, Marketing, Business, IT and Security. As technology and common usage norms evolve, policies need to be evaluated for relevance. Training —as we all know, merely creating a policy doesn ’t mean that behavior will change. Educate users to understand what is considered appropriate content. If you operate your own platform, consider “report abuse” buttons Oversight – This is all about monitoring and “Inspecting what you expect” Self-policing: Implement filters that can control the content posted to internal and external social media/networking sites Incident Response – Anticipate that sensitive customer or bank data could be exposed and create a plan for dealing with such an event.
  • Conduct a compliance risk assessment . specifically identify the compliance requirements that apply to the proposed activity and evaluate the compliance risks associated with those requirements. Risks can originate from the statutory liability and regulatory penalties that are specified by law, or from reputational damage that could result from publicity of noncompliance Establish policies and procedures . establish written policies and procedures for the activity that clearly outline the details of offering and ongoing servicing. Every facet of the activity, from beginning to end, should be covered. Establish controls to help address the risk identified in the compliance risk assessment . Controls may include a pre-publication review by compliance staff, assigning specific responsibility for specific functions associated with the activity, dual control, second review, and detailed checklists. One of the best controls is to include the compliance staff early in the planning process of the activity. The compliance staff can help build the process correctly from the beginning, rather than have to step in later to fix a compliance mess. Set up a monitoring process . Establish an ongoing monitoring process to identify and correct errors before the examiners or the customers do. Report to management . Management should be kept informed of compliance exceptions found through monitoring as well as regulatory developments affecting the activity. Vendor management . Even if there are third party vendors involved in the activity, the bank should still follow its compliance management process. Risk assessment, policies and procedures, controls, ongoing monitoring, and management reporting are still applicable and just as important, because the bank is ultimately responsible.
  • Keep in mind…  There’s really no such thing as “delete”  on the Internet, so please—think before you post.  Some subjects can invite a flame war.  Be careful discussing things where emotions run high (e.g. politics and religion) and show respect for others’ opinions.  It’s a small world and we’re a global company.  Remember that what you say can be seen by customers and employees all over the world and something you say in one country might be inaccurate or offensive in another.  Respect other people’s stuff.  Just because something’s online doesn’t mean it’s OK to copy it.  Your job comes first.  Unless you are an authorized Social Media Manager, don’t let social media affect your job performance.  How to be the best …  Play nice.  Be respectful and considerate, no trolling, troll baiting, or flaming anybody, even our competitors.  Be yourself.  Be the first to out that you are a Gap Inc. employee – and make it clear that you are not a company spokesperson.  If you #!%#@# up?  Correct it immediately and be clear about what you’ve done to fix it. Contact the social media team if it’s a real doozy.  Add value.  Make sure your posts really add to the conversation. If it promotes Gap Inc.’s goals and values, supports our customers, improves or helps us sell products, or helps us do our jobs better, then you are adding value.  Don’t even think about it…  Talking about financial information, sales trends, strategies, forecasts, legal issues, future promotional activities.  Giving out personal information about customers or employees.  Posting confidential or non-public information.  Responding to an offensive or negative post by a customer. There’s no winner in that game. 
  • Increasingly, social media is where people go to for information in times of crisis. From a crisis management point of view, it’s easy to update that information. Social media means you can speak naturally with other people in the so-called “human voice.” Two-way communication is transparent and credible. And importantly, keeping a record of conversations is easy to do with social media. Crisis can take many forms. And sometimes, what appears to be a crisis turns out to be an issue that requires management. Conversely, an issue can rapidly develop into a genuine crisis especially in this interconnected age of 24/7 online.
  • Social media policies and procedures

    1. 1. Social Media in the Workplace:Policies and Procedures6/8/12 1
    2. 2. Common sense
    3. 3. You can avoid this situations by crafting a policy Right? 6
    4. 4. 7
    5. 5. Why should we care about social media?• Social media enables us to engage in dialogue, provide and exchange information, and build understandin• We believe that social media, when used properly, can be an effective business tool• Our clients leverage and experiment with social media to build relationships and better connect with consumers and key influencers• But there are responsibilities to consider and practices we all must follow 8
    6. 6. 9
    7. 7. Why does this matter?• Policies & Compliance – Can you control what is uncontrollable? – Sample of over 100 companies - – Another good one -• Disclosure – – 10 Magic words: “I’m a [company] employee and this is my personal opinion”• Response planning & Crisis management – Plan your work and work your plan 10
    8. 8. Workplace Use: Benefits• Real-time communication• Knowledge repository• Expands access to and reach of experts• Demonstrates progressive, collaborative culture• Enhances recruitment of young “tech-savvy” talent• Provides additional path for customer relationships 11
    9. 9. Workplace Use: Risks• Social network privacy & security standards/practices• “I hate my boss” confessionals• Unauthorized exposure of personal or financial data• Blurred boundaries between personal and work space• Productivity drain• Fraud (e.g. phishing) 12
    10. 10. A policy is just the startCreating a Social Media Policy is just the start, but should include at a minimum what is and is not permitted – Disclaimer that employee comments do not represent company opinion – No use of company or customer info, logo, trademarks without written permission – No discussion of plans, policies, financials or non-public info – Personal responsibility for social media posts. Violation of policy has consequences. 13
    11. 11. Comprehensive strategy• Existing policies/procedures• New policies/procedures (Social Media Policy, HR)• Guidelines and recommendations• Training• Oversight• Incident Response 14
    12. 12. Compliance tips• Conduct a compliance risk assessment• Establish policies and procedures• Establish controls to help address the risk identified in the compliance risk assessment.• Set up a monitoring process• Report to management• Vendor management 15
    13. 13. Gap• Keep in mind… – There’s really no such thing as “delete”  – Some subjects can invite a flame war – It’s a small world and we’re a global company – Respect other people’s stuff – Your job comes first• How to be the best …  – Play nice – Be yourself – If you #!%#@# up? – Add value• Don’t even think about it… – Financials – Personal info – Confidential info – Responding to flames or negative posts 16
    14. 14. 17
    15. 15. 18
    16. 16. 19
    17. 17. 20
    18. 18. Crisis Management 21
    19. 19. For follow up / next stepsNathan EideAssociate Director – Emerging