With the new year come new laws. Most organizations have focused recent attention on the risks associated with the outcome of the Congressional negotiations on the “fiscal cliff,” and understandably so. However, the new year also brought with it new laws that further complicate the discourse on the balance of privacy between employee and employer. As of January 1, 2013, six states (California, New Jersey, Maryland, Illinois, Michigan, and Delaware) had enacted laws making it illegal for employers to require employees to provide them with passwords to their social media accounts.
Corporate best practices dictate that a strong compliance culture should be proactive and consistent and have a mechanism to ensure its effectiveness over time. A reasonable first step of reputational risk prevention for organizations occurs at the initial point of introduction of a potential employee. It has become routine and generally accepted practice that a background check of some sort be conducted on a prospective employee. Conducting such a check is an excellent way for an employer to identify any issues that could be deemed risks for the organization. As employees’ lives increasingly transcend the brick and mortar into the digital, it presents challenges for traditional due diligence methods.
Organizations have quickly realized the global reach of one’s online social profile. Current and prospective employees’ life activities are available for the world to see with little more than a quick online search. Organizations are often judged by the actions of their employees. The basic fact that future hires, customers, partners, competitors, and fellow employees can conduct a basic search on an individual associated with the organization leaves the organization extremely vulnerable. Additionally, comments made by current employees have the ability to “go viral,” which adds potential for organizational reputational damage. What was a limited audience has now grown exponentially.
Further complicating a compliance approach for organizations is that no federal rule provides for commonality. Congress tried but failed to pass the Password Protection Act of 2012. Individual states have taken up the cause. As with any complicated compliance issue that can be scrutinized by multiple jurisdictions or governments (i.e., the FCPA), implementation of a comprehensive policy with strong tone from top management and ongoing monitoring and training can be effective in mitigating risk.
We live in an age where it has become commonplace for the any employee to take to popular social media forums to share opinions, likes, or dislikes; it is increasingly feasible that internal corporate discontent, dealings, and feelings can be made public for the world to see. Furthermore, once the “send,” “post,” or “tweet” button is hit, even if the digital message is removed or recalled, it has the ability to live on forever.
What can an organization do to protect itself while at the same time not promote an Orwellian culture for employees?
As the global community continues to gravitate to digital forums, management will need to be vigilant, proactive, and creative. Organizations will need to constantly adapt to what is sure to be a slippery slope of social media outlets, rules, laws, and regulations.
Sign up for our free weekly e-newsletter for more GRC articles, job postings, GRC events, white papers & more…..click here
About the Author
David Martin is a Principal with Berkeley Research Group (BRG). David Martin has more than 15 years of experience in the financial industry as a consultant, executive, and entrepreneur. Mr. Martin advises clients that include alternative investment funds (AIF), broker-dealers, mutual funds, registered investment advisers (RIA), real estate investment trusts, and public and private enterprises on business strategy, valuation, operational and regulatory risk, supervisory controls, best practices, project management, and litigation support.