Editor’s Note: This is the sixth post in an ongoing series on Codes of Conduct by Jason Lunday. Follow this link to view all of Mr. Lunday’s articles in his Codes of Conduct featured column series.
Online social media applications are quickly gaining the mindshare of company employees and changing just as rapidly. With all the benefits that social media is bringing to the corporate world, a company faces numerous risks in its use, from misuse of company resources, to conflicts of interest and disparagement of others.
Social media is a challenging topic because it crosses over so many ethics and compliance issues. But like any other ethics and compliance topic, it can and must be proactively managed for a company to safeguard its reputation and provide its employees with the tools to manage their own personal and business activities.
My colleague Greg Duffy tells of a recent experience while flying from Boston to Los Angeles. Early in the long flight he noticed the fellow in his early twenties in the window seat donning headphones to watch an in-flight movie. Greg then became aware that his seatmate employed the plane’s new in-flight networking technology to carry on a video chat with a friend in another seat. Added to this, the young man was simultaneously using the plane’s Internet connectivity to engage in somewhere around a dozen “chats” with friends on the ground – all the while sipping tequila – for the entire seven-hour flight. This is the new ‘wired’ world – and degree that young workers are embracing it. Always wired, always communicating, always multitasking.
New, emerging and not-even-developed social media applications and other tools not only consume more of our time, they are changing the business world. A recent online social media presentation claims that the medium is now the number one online activity, with its use accounting for 10 percent of all users’ time on the Internet. What’s more, it claims that social media use is growing three times faster than the Internet’s overall growth rate.1 For many companies, these tools can provide new ways of connecting with potential and current customers, employees, suppliers and other stakeholders. They offer companies the opportunity to speed up the pace of business, better establish the message that a company wants to convey, strengthen a company’s relationships with customers and others and further facilitate a continuous conversation about the business.
But social media when not well managed opens the door to numerous risks – breach of confidentiality, conflicts of interest, misuse of company resources, to name a few of the more obvious ones. Since social media can touch so many aspects of a company’s operations, its leadership needs to address it in context to its overall business operations. Unlike some risk areas, it cannot be successfully addressed largely as a stand-alone matter.
A company without an initiative to effectively identify, assess and manage its approach to social media and its various tools not only loses out on its many opportunities they offer but faces numerous risks to and improper business practices and activities that may damage the business. A program to harness these risks does not need to be onerous or intrusive, but it does need to be proportional to the company’s exposure. Further, a company should expect the social media arena to continue to change both in technologies, their uses, business providers and ways social media impacts the business landscape.
To begin assessing social media’s potential corporate impact, it is important to understand its various forms and tools. According to one of the most prolific social media sites, Wikipedia, social media’s predominant uses are for:
Company management may be familiar with some of the most prevalent applications – Facebook, Twitter, LinkedIn, YouTube, and Myspace – but how many know about Open Diary, Tumblr, BigTent, Wetpaint, Mixx, Vimeo, meetup.com, ccMixter, MouthShut.com, or Forterra? Chances are that a company’s younger employees know about many of these applications and more – and are actively using them. Further, as smartphones become more ubiquitous in the workplace, employees’ access to the Internet and its social media applications will speed up the media’s adoption – and create more difficulty for a company to monitor workplace use.
Companies are early in understanding the application of legal and regulatory standards to social media. Currently, a number of U.S. laws and regulations are being applied to the media’s applications. Regulation FD responds to the communication of company financial or other key operational information outside of the company. Employee privacy is covered by FCPA and HIPAA. Intellectual property laws address how employees may communicate a company’s IP across social media. FINRA, the securities self-regulatory organization, recently adopted a regulatory notice on use of blogs and social networking sites. But companies should expect the legal and regulatory environment to continue to broaden around social media as its impact on the business world becomes better understood.
Each company needs to consider three ways in which social media can impact it. First, it needs to address how employees use social media for their personal, non-company use. Second, it should consider how it and its employees use social media for the company’s business objectives. Another issue of social media involves where a company needs to set rights and responsibilities for the non-employees it invites to engage in its social media activities. This article addresses the first two uses of social media.
Companies and their employees have related, though not always complementary, interests in social media. Employees – whether for business or personal use – look to social media to stay in touch with family and friends; for amusement during the day, such as during lunch, or after hours, if they have a laptop computer they bring home; and to build and maintain a professional network and for professional education. Companies want to learn about the marketplace and needs and desires of potential customers; to stay in front of current and potential customers; to find and establish a positive face for potential employees; and to reinforce the company’s value to current employees.
A review of numerous companies’ social media policies3 indicates numerous risks that a company may face with employees’ use – whether for their personal or business purposes – of social media.
1. Misuse of Work Time
2. Misuse of Company Resources
3. Risk to Company Computer Systems, Network or Data
4. Disclosure of Confidential or Other Non-Public Information
5. Disparagement or Harassment
6. Conflicts of Interest
Conflicts of interest can take many forms and can cross with other forms of misconduct, from use of company resources, use of one’s work position and other personal interests that conflict with one’s duty to the company.
7. Advertising and Marketing and Fair Competition
8. Records Maintenance
9. Espionage or Fraud
11. Personal Reputation Damage
Because of the many ways in which social media can be misused and thus lead to ethics and compliance problems, companies that plan to use this media for business purposes should consider setting standards and other expectations that address:
Among the more significant errors that companies can make is setting standards and expectations that are impractical and so easily set aside. A company needs to consider practical expectations in use of social media. For instance, a company that bans all employee personal use of social media in the workplace – and even institutes technological lockdowns to prohibit its use on company technology systems – may do more harm than good when employees pull out their personal smartphones and tap into Facebook or Twitter at work.
Other considerations include:
An issue taxing many company leaders is the degree to allow the younger generation, many of whom are highly adept at Internet technology and are frequently ‘connected’, to ‘stay connected’ during work. On one hand is the argument that the ‘wired’ worker is a smarter, more technologically-savvy worker; on the other hand is the clear risk to work getting done or inappropriate conduct on the job.
A more robust ethics and compliance initiative is appropriate for those companies where social media is more pertinent to its business environment. Some considerations for a company determining the depth and breadth of its social media ethics and compliance initiative include:
The U.S. Organizational Sentencing Guidelines’ recommendations for an effective compliance and ethics program have served as an important framework for overall corporate programs and can be effectively applied to a social media initiative. This is not to suggest that effective management of social media requires its own stand-alone program as we have seen with privacy, safety, anti-corruption or other key risk areas. To the contrary, because social media is so much a part of other ethics and compliance topics, it should be well integrated in and part of a company’s overall ethics and compliance program. (That being said, some companies where social media is a significant part of the business – like entertainment or other media companies – may consider assigning a social media compliance officer.) Still, as with any ethics and compliance risk area, the overall framework should be fit to address social media’s specific characteristics.
Communications and Education
Monitoring & Auditing
As many companies are now experiencing, social media’s use in the workplace poses numerous risks because it crosses so many different ethics and compliance topics and because its applications and use are rapidly and constantly changing. But as with all business topics, a company can successfully manage its own and its employees’ personal use of it by employing a common framework applied to most other ethics and compliance topics, albeit with some modifications specific to social media. The sooner that a company gets its arms around use of social media the better it will fare as the fast rate of change in social media going forward is expected; a delinquent company will have further to catch up the later it responds to the challenge.
Social media was used in preparation of this article.
1 “What the Hell is Social Media? – in 2 Minutes,” compiled and edited by Peter Kerwood, Merlin Entertainments Group., created by Kama Glober & Tim Fogg, ApartmenTwo Creative/4reel Films.
2 “Social Media,” Wikipedia, the free encyclopedia (www.wikipedia.com).
3 Including, among others, Cisco Systems, Dell, Entergy, ESPN, Fedex, Ford, Gartner, HP, IBM, Intel and Microsoft.
Sign up for our free weekly e-newsletter for more GRC articles, job postings, GRC events, white papers & more…..click here
Jason Lunday is principal consultant with The Ethical ElementTM, a professional services firm based in Washington, DC.
Jason has worked in the ethics and compliance field for over twenty years, both inside companies and as a consultant to them. His work has involved supporting corporate values initiatives, developing and revising codes of conduct and related policies, conducting organizational risk, culture and program assessments, developing and delivering live training, building monitoring systems and auditing compliance systems and activities.
He has worked in or consulted with companies in a broad range of industries, including banking and insurance, manufacturing, industrial and consumer products, utilities and energy, healthcare and telecommunications.
Noteworthy experience includes:
Jason’s past experience includes director of ethics and compliance at Premier, Inc., consultant in Arthur Andersen’s Ethics and Responsible Business Practices Consulting group, compliance analyst at Goldman, Sachs & Co., senior consultant in the Ethics Resource Center’s Advisory Services group and knowledge leader at LRN Corp. In addition, he has authored/co-authored numerous articles and papers on business ethics issues.
Jason holds an MBA from the University of Virginia’s Darden Graduate Business School, with a focus in business ethics and organizational behavior, a BA also from the University of Virginia and additional business coursework at the New York Institute of Finance.
Jason can be contacted via email at: jason.lunday [at] ethicalelement [dot] com. Follow the link to view Jason’s Code of Conduct featured column on CCI.