Social media, internet policy and procedure failure – what’s next? asks Ryan Rubin of Protiviti.
With the widespread adoption of social media by employees and within business operations, risk management professionals continue to establish a set of policies and procedures to guide social media usage. Companies are at various stages of establishing training awareness programs to ensure that employees understand what constitutes legitimate activities and what would be deemed as violations. With the evolution of more sophisticated monitoring toolsets, companies now have an opportunity to evaluate employee social media usage both inside and outside the confines of corporate networks and infrastructure. However, a recent settlement in a high-profile case has sent companies back to the drawing board to reevaluate their social media and internet policies and procedures.<br> <br>Issue<br>A US company fired an employee for posting negative feedback about a supervisor on her Facebook page. The language in the policy established by the company prohibited employees “from making disparaging, discriminatory, or defamatory comments when discussing the company or the employee’s superiors, co-workers, and/or competitors.” The National Labor Relations Board (NLRB) in the United States filed a complaint saying that the employee’s firing violated federal labor law because she was engaged in protected activity when she posted the comments, and that the employee was illegally denied union representation during an investigation. Based on the NLRB’s actions, the company agreed to revise its corporate policies, which has been deemed by the NLRB to restrict employee rights and also to prevent the employee from discussing other topics such as wages, hours and working conditions. <br> <br>Challenges and opportunities<br>Companies need to take a step back and re-evaluate what social media and internet policies mean for their specific and unique business operations and culture. Some companies, in the process of putting in place a firmly established set of policies, have researched examples of other company policies and elected to establish these as their own, without giving thought to employee use, ramifications and potentially without having necessary involvement from key company stake-holders such as corporate counsel, risk management and internal audit personnel. This is not a prudent approach. When seeking to establish effective, impactful and legal policies for social media and internet usage, the adage “one size does not fit all” is highly applicable.<br> <br>As organisations seek to fund the right balance of language and direction in their policies, they also need to be transparent in how they will be monitoring for compliance and what constitutes a violation and potential recourse when such instances occur.<br> <br>Finally, companies need to engage their employees in the process to better understand what social media capabilities may be used and reasons why these capabilities may be desirable not only from an individual employees perspective, but also for the company’s overall benefit. The implementation of social media and internet usage policies should be a managed lifecycle process that incorporates thoughtful use of key decision-makers within the company and ensures an on-going review of adoption and potential violation situations concerning implemented guidance. More specifically, companies should consider the following:<br> <br>· Determine the goals and objectives of the social media capabilities as linked to corporate objectives and key initiatives.<br><br>– Determine how employees may want to leverage social media to engage with customers and prospects.<br><br>– Understand how social media capabilities will supplement other marketing capabilities.<br><br>– Establish metrics for measuring the achievement of goals and objectives established for the social media capability.<br> <br>· Assess the risks of social media capabilities and ensure that this risk profile fits the corporate culture and overall control environment in place for the organisation.<br><br>– Review policies and procedures against existing labour laws and protected free speech rights.<br><br>– Refine training and awareness programs to enable employee understanding and obtain feedback on potential issues with the advent of new capabilities.<br><br>– Explore use of automated technologies to aid in monitoring employee and company activities, but make sure that such use if understood by employees.<br> <br>· Create a governance and support framework that enables ongoing evaluation of the social media lifecycle and adherence to the defined policies.<br><br>– Identify the policy custodians and empower them to implement changes quickly and as advised by company leaders.<br><br>– Analyse gathered metrics information and determine changes in approach and usage, as needed.
