When One Tweet Can Equal a Million Emails: Tips for Developing a Corporate Social Media Policy

Social media continues to become increasingly integrated into our daily lives, and its use in and out of the workplace has become a huge concern for compliance officers. The growing prevalence of social media has increased the risk of compliance violations occurring more broadly and quickly than ever before.  The risks include disclosure of confidential information, libel, loss of Intellectual Property, harassment and many others. All organizations face the risks that social media can bring to a company, but many are in very different stages of establishing clearly defined social media guidelines and ensuring all employees understand the policies.

With the risks changing and growing every day, what are some steps companies can take to establish an effective social media compliance policy?

  • Figure out restrictions: Just determining what restrictions to place on employees can take anywhere from nine months to a year, because it can be a complicated process. Companies need to be realistic about employee access to social media. The days of locking down internal systems are over, and it’s highly likely that employees will find that their access to company data and information overlaps with their personal use of technology, whether on their work computer, home computer or mobile device. It’s also important to take the company’s industry into consideration. A business in a highly-regulated industry like pharmaceuticals will have more restrictions around claims employees can make about products, where a media company likely will not. Pharmaceutical company employees touting the benefits of a certain drug on Facebook will have different implications than employees at a media company posting about the quality of a new TV show, and policies should include these industry-specific restrictions.
  • Understand employee access: The groups of employees active on social media during the workday are changing for many companies. In the past, companies mainly had to be concerned about employees sitting in offices with computer access. With the proliferation of smartphones, now those in manufacturing or distribution have access to these platforms during the workday as well. For example, if manufacturing employees at a government contractor post pictures of themselves at work in a factory on Instagram, they may not realize that what may appear in the background of a picture could cause risks when distributed publicly.
  • Identify concepts to include in the policy: Each company must determine which concepts they want employees to understand as part of its social media policies, including an explanation of what it means to speak for the company. What an organization does not want is an employee making comments about the company without making it clear that they work there, because this could appear deceitful, but at the same time the employee should not make it sound like they are authorized to speak for the business unless they have been specifically authorized to do so. This is a delicate balance that employees must understand. Another concept to tackle is professional courtesy, and the idea that people should not go online to vent about personal conflicts in a way that is likely to become permanent and searchable.
  • Discuss how to talk about the company: In the past, many companies simply told employees not to talk about the firm on social media. Employees were welcome to have social media accounts to discuss their personal lives, but not their professional lives. Recently the National Labor Relations Board has said that policies including this mandate are not fair, as employees need to be able to freely discuss working conditions. Now the conversation has transitioned into the determination of whether a negative company mention on social media qualifies as discussing working conditions, or not, which makes corporate social media monitoring and policy even more complicated.
  • Communicate the policy: Companies can’t just train employees once and assume they got it right. A subject like social media, which is not critical to the majority of employee’s jobs and therefore not top of mind, needs to be taught in stages. Many organizations now share foundational knowledge with employees and then follow up. The key here is to avoid very detailed training that covers a set list of “dos and don’ts.” Since social media is changing frequently, these lists will never be able to keep up. Instead, employees should be taught about social media principles, including how a single post is like sending an email to a million people and these messages may never go away, and the public nature and risk of posting about certain topics.

While these are some of the foundations for creating and communicating a corporate social media policy, these must be highly customized for each profession. For example, a worker in a factory may pose a very low risk to the company when they post information about when and where they are travelling. But, if an executive at an M&A firm makes similar travel updates, even if discussing travel outside of work, this can cause speculation about possible acquisitions and other business activities. Each industry and employee must understand the risks unique to them, and how they can be avoided.

No matter the size of the business or its industry, the most important aspect of a social media policy is making sure employees know that the company takes it seriously. While an employee might not take much notice of a mass email from the company’s legal department outlining policies, this same employee will likely take it much more seriously if the policy is communicated by their direct manager. Social media must be integrated into the company culture so employees not only understand what they should do and avoid, but also internalize these fundamentals to keep the best interest of the business in mind.

About the Author

Kirsten Liston

About the Author
Kirsten Liston joined SAI Global's Advisory Services team after leading the Company's content development department for two years, and now consults with clients to evaluate and draft Codes of Conduct and other policies, based on quantitative benchmarking against peer companies and evolving compliance and ethics standards and best practices. Ms. Liston has extensive subject matter experience in a wide variety of ethics and compliance topics, including industry-specific concerns in the healthcare, automotive, consumer products, and oil and gas businesses, as well as general corporate compliance areas, such as competition law, anti-bribery and anti-corruption legislation, and the like. Ms. Liston is a magna cum laude graduate of Carleton College and a former journalist, writing for Minnesota Law & Politics and the Super Lawyers family of publications. Several of her articles have been published in Compliance & Ethics Magazine, Compliance & Ethics Professional, Compliance Week and Directors and Boards. Most recently, Focus, a publication of the North Florida Chapter of the Association of Corporate Counsel, published her co-authored article, "Ten Years After Enron: The Future and Effectiveness of Whistleblower Programs."