11. Legal Guidelines for Developing Social Media Policies and Governance Models

With the rapid business adoption of social media, a growing need exists for companies to establish corporate social media policies and governance models to guide and monitor employee and corporate social media activity. This chapter details a number of important legal issues businesses should consider when drafting (or updating) their social media policies and governance programs.

Businesses must tailor policies and programs not only to serve their unique strategic goals, but also to comply with the laws governing corporate and employee business use and monitoring of social networking activity. Businesses should have a general understanding of the laws and regulations implicated in the social media space so that their policies are not written overly broad and their governance does not overstep legal boundaries. These potential legal pitfalls are only increasing as we observe the adoption of social media for an expanding number of business applications which include not only marketing, public relations, and sales, but also research and development, product design, customer service, human resources, and others.

Developing a corporate social media policy, regardless of your company’s size, makes good business and legal sense. In addition to minimizing a company’s legal exposure, a social media policy also serves as an internal branding and communications guideline and empowers team members with the information they need in order to comfortably (and responsibly) use social media.

Developing a corporate social media policy, regardless of your company’s size, makes good business and legal sense.

Given the prevalence of social media in the workplace, it is becoming increasingly incumbent upon employers to establish a social medial policy to permit the effective monitoring of employee use of social media and guidelines for that use. Corporate social media policies should contain a hybrid mix of social media objectives, values, guidelines and best practices, rules on what is considered appropriate and inappropriate use of social media, and the governance procedures a company follows when the rules are broken (either by employees or by the enterprise). It is important to emphasize that each social media policy should be tailored to the specific needs, values, and objectives of the organization, and should be consistent with the company’s existing policies, strategic initiatives, and business objectives.

Vital Corporate Social Media Policy Provisions

No one-size-fits-all approach works, so at a minimum the social media policy should contain the following provisions:

Social Media Goals: A corporate social media policy should begin with its charter (a statement of desired goals which your company is working to achieve through the use of social networks and tools). These goals serve not only as a list of business objectives, but also as a guideline in establishing your key performance indicators for accountable social media programs.

Consistency: A corporate social media policy should embody the core values of the company itself, and should therefore be drafted in alignment with the company’s internal policies, including those contained in an employee handbook or company code of conduct. This section should include guidance on what types of behavior employees are expected to abide by in both their personal and professional social media engagement. A list of examples of unacceptable behavior, statements, and activities is helpful to delineate between conduct that embodies the values of the social media policy and those that do not.

Permission and Parameters: The policy should state whether the use of social media is permitted, and provide parameters for such use in the workplace (for example, business use only, limited personal use, quotas for timed access). The company should also provide a list of approved social networks sites made available to its employees for usage (delineating between approved personal and professional use while at work), and block (or limit) access to sites not on the list.

Monitoring: The policy should advise its employees that the company may monitor employee postings within the workplace and, subject to certain limitations, outside of the workplace as well. The policy should state that all use of the Internet via the company’s computer systems, networks, and related equipment is nonprivate, and by using the company’s computer systems, networks and related equipment, the employees consent to have the employer access, review, monitor, record, and restrict all such use. Note, however, that many states have enacted off-duty conduct laws that prohibit employers from basing employment decisions on legal activities of employees outside of work time. Employers should familiarize themselves with these laws in each jurisdiction where its employees carry out company business.

image Note

The legality of employer monitoring of employee online communications generally hinges on the reasonable expectation of privacy that the employee has in his/her electronic communications. This standard is interpreted objectively; that is, what is objectively reasonable given the operational realities of the workplace, such as policies disclosing that computers and social postings are subject to monitoring, and a history of enforcing such a policy even-handedly (for example, monitoring all employee’s Facebook pages, not only just select employees). To dispel any reasonable expectation of privacy that employees may otherwise have in their social media communications, employers should implement (and enforce) policies stating that all electronic communications on company computers, via company networks, are monitored, as are all employee public postings however posted.

Spokespersons: The policy should specify who within the organization has authority to represent the company as an official spokesperson across all media. Official spokespersons are employees authorized to participate in interviews with bloggers, analysts, journalists, and so on. The policy should be careful to explicitly state, however, that it does not prevent employees from speaking to the media about their own employment concerns.

Employee Participation: Social media practitioners within a company are not necessarily limited solely to spokepersons or the marketing and publicity team. Each employee should understand clearly what his or her level of participation and role is within social networks. This section should include a statement which alerts employees to the fact that even though they may not be official company spokespersons, they will be perceived as extensions of the company, and that the content published within their social media networks can (even if inadvertently) not only adversely impact an employer’s social media presence, but also expose the employer to legal violations. Employees should be reminded to avoid making defamatory or discriminatory statements about their employers, colleagues, customers, and competitors; and to refrain from all postings of a sexual, harassing, offensive, or violent nature.

Confidential/Proprietary Information: The policy should require employees to comply with all company policies concerning confidential information and trade secrets, and remind employees that even “private” messages between individuals may be accessed by third parties. The policy should forbid employees from disclosing any proprietary information (including unreleased product, sales, and market share information, financial forecasts, customer lists, client lists, research and development initiatives, and so on) on any social media site. In the event confidential, proprietary or trade secret information is disclosed, employers should take prompt action to limit the propagation of the information and to safeguard additional information from being released. These steps help ensure that the company is not subsequently found to have impliedly waived the protection afforded to such information by failing to reasonably protect it.

image Note

The inadvertent release of a company’s proprietary information by its employees on social media sites is a real risk, as Hewlett-Packard Co. learned all too well in 2011, after its Chief Technologist and interim Vice President of Engineering, allegedly disclosed details of his company’s plans for its new cloud services business on his public LinkedIn profile.1

Likewise, a company may also lose its trade secret protection in confidential customer lists or clients lists if such information is posted on social network sites. While no court has yet so ruled, permitting your employees to publicly disclose their (otherwise private) contacts on LinkedIn and Facebook may result in a loss of protection of such information, as such information was not properly designated (or maintained) as being private.

Use Privacy Settings: The policy should require its employees to learn the privacy settings of approved social media platforms and to update their privacy settings so that their company-related profiles, groups, and postings are protected.

Nondisparagement and Nondiscrimination: The policy should prohibit the use of racial or ethnic slurs, personal insults, pornography, obscenity, or derogatory, discriminatory and harassing postings or materials. The policy should make clear that employees are prohibited from using online social networks to harass, disparage, libel, or discriminate against others in the workplace, or the company’s competitors, vendors, customers, and so forth. Further, the policy should stress that any online communication (whether work related or not) may contribute to an unlawful hostile work environment and that all employees have an affirmative duty to inform management of any improper online conduct of which they may become aware.

Protected Activity: The policy should make explicit that it does not prohibit employees from discussing the terms and conditions of their employment (including employee criticisms of employers or supervisors). This does not mean, however, that employers cannot take action against employees for social media posts concerning the company and its management if:

• The employee is disparaging the company or management, and the statements clearly do not concern work conditions, benefits, wages, and other terms and conditions of employment;

• The employee is discussing privileged and confidential client communications or proprietary company information; or

• The employee is harassing, threatening, or making racist or other discriminatory statements directed at a co-worker.

Personal Versus Official Use: The policy should forbid employees from using the company’s name, trademarks, logos, or symbols when posting online, or making statements attributable to the company, without the company’s prior authorization. The policy should state that employees are not permitted to use the employer’s trademarks, logos or symbols on their own personal page (LinkedIn page, Facebook page, Twitter handle, and so forth) and that they are precluded from using the company’s name in any URL. Care should be taken, however, to remind employees that this and other policy provisions do not relate to activity otherwise protected by the National Labor Relations Act (NLRA) (see Chapter 4, “Monitoring, Regulating, and Disciplining Employees Using Social Media”).

Register Social Media Accounts in Company’s Name: To the fullest extent possible, companies should register social media accounts in their own names or through a senior marketing manager if the account needs to be in the name of a person. The policy should prohibit employees from conducting business through social media using individual accounts held in their own names.

Establish Ownership of Social Media Accounts: All company business should be done only with company owned social media accounts, and employees should be required to use company-provided account logins and passwords. Further, companies should take proactive steps to ensure that they (and not their employees) “own” their social media accounts (and, perhaps more importantly, their followers) when the employment relationship is terminated. Ownership rights should be clearly set forth in a written agreement prior to the establishment of any employer-sponsored social media account.

image Note

With more and more businesses actively encouraging their employees to use social media as a marketing tool, litigation over the ownership of social media accounts is undoubtedly likely to increase. In one case,2 a tech website (PhoneDog) sued an ex-employee for his Twitter account (@PhoneDog_Noah), valuing his approximately 17,000 followers at $2.50 each. The company alleged that it provided its employees on a need-to-know basis confidential information, including passwords to all @PhoneDog_NAME Twitter accounts used by PhoneDog’s employees. The company further alleged that the followers are its business trade secrets; and that Kravitz’ actions were the equivalent of stealing a customer list. On November 8, 2011, in denying (in part) the former employee’s motion to dismiss, the District Court for the Northern District of California allowed PhoneDog’s claim for misappropriation of trade secrets and conversion (that is, civil theft) to proceed.3 Although the actual value of a Twitter follower will have to be decided by a jury, the case reminds employers to take preemptive steps to mitigate the risk of misappropriation, both by way of the social media policy and individual employment contracts delineating that whatever the employee “builds” on company time or with company resources belongs to the employer.

Eagle v. Morgan4 is another example of an employer-employee social media account ownership dispute, which could have been easily avoided had there been a contract in place. In this case, the employer, a financial services and training company, claimed it owned its former chief executive’s LinkedIn account because (i) its policy required its employees to create and maintain LinkedIn accounts (using a pre-approved template), (ii) its employees used the accounts to promote the employer’s business, (iii) the employer developed and maintained all connections and much of the content on its employees’ accounts, and (iv) the employer otherwise had substantial involvement in the creation, operation, and monitoring of the accounts. Although the terminated employee alleged that the LinkedIn account belonged to her as a matter of law (as the account contained her profile information, including honors and awards, recommendations, and connections), a federal court in Pennsylvania disagreed, and concluded that the employer’s policy and level of participation regarding its employees’ LinkedIn accounts was sufficient evidence to state a valid claim of misappropriation, leaving the question of ownership to a jury.5 How a jury will ultimately decide is unknown. But to avoid disputes over social media account ownership, employers are reminded to get it in writing!

Disclosures/Disclaimers: The policy should require employees to be transparent in their social media communications, to disclose their true identity, and to never use aliases or make anonymous posts. A disclaimer stating that “the views expressed herein are that of the individual and not of the company” should also be required on all postings, blogs, and the like whenever appropriate.

Endorsements: The policy should require employees to disclose their name and employment relationship with the company whenever the employee makes favorable statements regarding the company, or the company’s products and services. Employees should also be required to disclose whether they are making such statements on their own behalf or on behalf of the company. The company might want to limit or preclude altogether any employee endorsement in any online forum. Further, the company should have a separate policy for third-party bloggers, outside media agencies, and other independent contractors, whom should be required to disclose any material connections they have with the company in their endorsements (for example, that they were paid or received free products in connection with their endorsement). In all circumstances, companies should have procedures in place to monitor the online postings of its employees, bloggers, vendors, and others as it relates to product endorsements (or otherwise).

Respect Copyrights and Intellectual Property Rights of Others: The policy should forbid employees from infringing the copyrights, trademarks, and other intellectual property rights of third parties. The policy should remind employees that any form of original expression fixed in a tangible medium (including music, movies, graphics, text, photographs, and artwork) is subject to copyright, even if there is no copyright notice. To ensure that the copyright, trademark, and other intellectual property rights of others are respected, companies should monitor content that is posted to the organization’s social media sites, whether by employees or users of the site.

Disciplinary Action: The policy should clearly state what the consequences are for violations of the social media policy, and that employees may face disciplinary action, up to and including termination of employment. (Reminder: As discussed in Chapter 4, “Monitoring, Regulating, and Disciplining Employees Using Social Media,” the National Labor Relations Act (NLRA) prohibits disciplinary action if the employee is using a social media platform to initiate, induce, or prepare for group action regarding wages, benefits, performance, staffing levels, scheduling issues, or other terms and conditions of employment. The social media policy should be drafted so as not to run afoul of the NLRA or of federal and state whistleblower or retaliation statutes.)

Security: Social media in the workplace continues to represent a serious risk, particularly in the form of malware and data theft. Organizations should inform their employees of these risks and adopt the necessary security controls to mitigate or reduce them, such as antivirus/antimalware, endpoint security, and secure web gateways with real-time content analysis that analyzes online postings contemporaneously with their creation and consumption. Employees should be encouraged not to click on unknown links appearing on social media sites, particularly those whose signature block is unrecognized or which have a suspicious payload.

image Note

No company is immune from security threats, even the beloved Sesame Street. In October, 2011, Sesame Street’s YouTube channel was hacked and reprogrammed with pornographic videos, requiring it to briefly go offline.6 Online security vulnerabilities can have much more devastating consequences to a company, in terms of congressional investigations and enforcement actions, brand dilution, consumer erosion, and lost revenue.

Employee Training: A social media policy is not enough. Education, resources, and training for employee social media practitioners are essential, and the actual social media policy document should merely be a supplement and a reference during mandatory employee training. Companies may want to appoint a compliance officer for monitoring and accepting complaints regarding employee use of social media.

A social media policy is not enough. Education, resources, and training for employee social media practitioners are essential.

Acknowledgment/Signature: The social media policy should be signed by each employee to acknowledge that the employee has read and understood it and agrees to abide by its terms. Moreover, employees should initial the section disclosing that the company has the right to monitor all company equipment and employee postings and that it has the employee’s authorization to do so.

Social media undoubtedly represents both a great opportunity and tremendous challenge for business. With this new digital era of unprecedented connectivity, communication, and collaboration come significant legal risks that responsible companies must identify and properly navigate. What’s more, the laws triggered by social media and networking continue to evolve in the wake of rapid technological innovation. Businesses need to be extra vigilant in light of this ever-changing legal landscape.

Recommended Social Media Marketing Policies

Social media policies and governance models are not silver bullets. For marketing practitioners, whether they are on the client side, or the agency side, there is also merit to establishing a clearly written Social Marketing Policy to serve as a framework for best-practices and guidelines for the drafting of social media campaigns, especially as it relates to the creation of social media content and targeting.

At a minimum, social media marketing policies should include the following provisions:

Social Media Content-Creation Guidelines: By definition, social media engagement strategies are content driven, whether the content takes on the form of text, links, images, audio, video, podcasts, games/quizzes, eBooks, or rich media. It is incumbent upon organizations using social media programs to include a policy provision outlining best practice guidelines for the creation of the content. The content guidelines should address substantive, stylistic, and tonal approaches to the development of content. For example, you might want to include guidance outlining a preference for social content to be educational, info-training, or informational rather than hard-hitting advertorial or promotional. You might also want to include recommendations on the frequency of publication within each social platform, on the recommended timeline for response to user messages within each platform, and so on.

Targeted Social Media Audience: An effective social media policy outlines precisely the audience segments your social media efforts are aimed at, your target audiences, how they align to your company’s business objectives, what social platforms each audiences utilizes, and what the recommended types of engagement are for each.. For social media initiatives designed for, or that would reasonably attract children under 13 years of age, the requirements of the Children’s Online Privacy Protection Act (COPPA) need to be observed (see Chapter 7, “The Law of Social Advertising”).

A social media policy should serve to protect the considerable investment companies make in their brand and reputation, while promoting its online presence in a legally compliant way. A well-drafted and consistently enforced social media policy (see Figure 11.1), together with ongoing employee training, is perhaps the greatest protection an employer can have to avoid liability from the use of social media.

image
image

Figure 11.1 Social media policy drafting legal tips

Chapter 11 Endnotes

1 http://www.channelregister.co.uk/2011/05/03/hp_vp_leaks_company_cloud_plans/

2 PhoneDog, LLC v. Noah Kravitz, Case No. 3:11-CV-03474-MEJ (N.D. Cal. Jul. 15, 2011)

3 See Order on Defendant’s Motion to Dismiss (Document No. 28) (Nov. 8, 2011), in PhoneDog, LLC v. Noah Kravitz, Case No. 3:11-CV-03474-MEJ (N.D. Cal. Jul. 15, 2011).

4 Eagle v. Morgan et al., Case No. 2:11-CV-4303-RB (E.D. Pa.) (Jul. 1, 2011)

5 See Memorandum/Order on Plaintiff’s Motion to Dismiss Counterclaims (Document No. 43) (Dec. 22, 2011), in Eagle v. Morgan et al., Case No. 2:11-CV-4303-RB (E.D. Pa.) (Jul. 1, 2011).

6 http://articles.cnn.com/2011-10-16/tech/tech_sesame-street-hacking_1_youtube-users-video-website-youtube-s-community-guidelines?_s=PM:TECH

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.15.188.27