If your company doesn’t yet have a formal corporate policy on the use of online social media sites, you’re not alone. That said, there are at least three reasons why you should put one in place, pronto: Facebook, Twitter, and YouTube.
Most obvious are the publicity risks, made painfully clear by two Domino’s Pizza employees earlier this year when they posted a video to YouTube featuring themselves doing unsanitary acts on food allegedly then served to customers. But beyond that, experts say, online social media tools increasingly blur the line between on- and off-the-job behavior, with the results instantly available to huge audiences.
Cornelius
Doug Cornelius, chief compliance officer at Beacon Capital and a student of online media, notes the 200 million people now using Facebook—most of whom have joined only in the last 18 months or so. “Some of them are your employees,” says Cornelius. “If they list your company as their employer, what they say affects you.”
For that reason, every company ought to have a policy, says Charlene Li, founder of consulting firm Altimeter Group. “From a compliance point of view, it’s a big huge hole of risk.”
“The overarching reason to have a policy is the need to manage expectations,” says Jonathan Hyman, a partner in the law firm Kohrman Jackson & Krantz who blogs on Ohio employment law. “Employees need to know the ground rules on what’s appropriate and what’s not.”
Still, observers say few companies currently have such policies. The results of an online survey commissioned by Deloitte bear that out. Only 22 percent of 500 business executives polled say their company has formal policies that dictate how employees use social networking tools; just 17 percent say their companies have programs to monitor and mitigate potential reputational risks related to the use of social networks.
Similarly, among more than 2,000 American workers also surveyed by Deloitte, 23 percent say their organization doesn’t have a policy and another 24 percent don’t know if there’s a policy. Of the remainder, 26 percent say their company has specific guidelines about what they can or cannot say online about the company or client matters; 7 percent say the policy is to use discretion in posting comments and opinions online, and 11 percent say their company has a policy but they don’t know what it is.
Given how quickly information—or misinformation—can be spread via the Internet, “This is a big concern that requires attention at the top level in the board room,” says Sharon Allen, chairman of the board of Deloitte. “It’s important for executives and boards to understand the potential brand implications that could arise if employees post something inappropriate or use company information in an inappropriate way,” says Allen.
Cornelius says simply blocking access to social networking sites at the office doesn’t suffice.
“It’s not effective and it’s not addressing the issue, because employees don’t need to use the company’s system to access the Internet,” he says. A total ban on the sites also is not always practical, since many corporate marketing and human resources departments use social media tools to interact with customers or recruit prospective employees.
“The same concerns companies have with e-mail are just as true on Facebook, Twitter, or someone’s blog.”
—Doug Cornelius,
Chief Compliance Officer,
Beacon Capital
Hyman puts it more bluntly: “Your employees are going to use those sites anyway. You can mitigate the risks with a policy, or you leave yourself out there with no control.”
Where Good Policies Come From
The good news is that existing corporate policies on IT usage can be adapted to include issues related to social media. Existing policies on professional conduct, privacy, client confidentiality, intellectual property, and similar issues all can—and should—be extended to apply in the context of social media.
“The same concerns companies have with e-mail are just as true on Facebook, Twitter, or someone’s blog,” says Cornelius, who uses both Twitter and a blog frequently himself.
For example, Intel Corp.’s social media guidelines refer specifically to the company’s Code of Conduct and privacy policy. IBM’s social networking policies point employees to its Business Conduct Guidelines.
Christensen
“The old rules apply,” says Adam Christensen, IBM’s social media manager, but the social computing guidelines address nuances that are unique to social media, such as transparency.
IBM’s guidelines, published in 2008, were built on earlier blogging guidelines developed in 2005 by IBM employees. “We decided it was time to revisit them because a lot of popular social platforms have since became ubiquitous,” Christensen says.
Christensen says IBM’s policy was crafted largely by its employees, which has helped drive its acceptance among the workforce. IBM maintains 16,000 internal blogs, and has thousands of employees blogging externally and using sites like Twitter, Facebook, and LinkedIn.
SOCIAL GUIDELINES
Below are some of the principles IBM uses in its 'Social Computing Guidelines' (taken from the executive summary).
1. Know and follow IBM’s Business Conduct Guidelines.
2. IBMers are personally responsible for the content they publish on blogs, wikis or any other form of user-generated media. Be mindful that what you publish will be public for a long time—protect your privacy.
3. Identify yourself—name and, when relevant, role at IBM—when you discuss IBM or IBM-related matters. And write in the first person. You must make it clear that you are speaking for yourself and not on behalf of IBM.
4. If you publish content to any website outside of IBM and it has something to do with work you do or subjects associated with IBM, use a disclaimer such as this: “The postings on this site are my own and don’t necessarily represent IBM’s positions, strategies or opinions.”
5. Respect copyright, fair use and financial disclosure laws.
6. Don’t provide IBM’s or another’s confidential or other proprietary information. Ask permission to publish or report on conversations that are meant to be private or internal to IBM.
7. Don’t cite or reference clients, partners or suppliers without their approval. When you do make a reference, where possible link back to the source.
8. Respect your audience. Don’t use ethnic slurs, personal insults, obscenity, or engage in any conduct that would not be acceptable in IBM’s workplace. You should also show proper consideration for others’ privacy and for topics that may be considered objectionable or inflammatory—such as politics and religion.
9. Find out who else is blogging or publishing on the topic, and cite them.
10. Be aware of your association with IBM in online social networks. If you identify yourself as an IBMer, ensure your profile and related content is consistent with how you wish to present yourself with colleagues and clients.
11. Don’t pick fights, be the first to correct your own mistakes, and don’t alter previous posts without indicating that you have done so.
12. Try to add value. Provide worthwhile information and perspective. IBM’s brand is best represented by its people and what you publish may reflect on IBM’s brand.
Source
IBM’s Social Computing Guidelines.
“We believe that by giving employees that access and having guidelines they agree with, they will do the right thing,” he says. “In virtually every circumstance, that’s been the case.”
Price
Similarly, Jane Price, director of social media at Intel, says that so far, she seen more angst than actual problems stemming from employees’ use of social media. Like IBM (and many other tech companies), Intel encourages its employees to engage in social media. Price says the company monitors social media use through the same channels it already uses to monitor external media generally. Intel also requires employees who want to engage in social media on the company’s behalf to clear it with their managers and to take online training.
Christensen says IBM’s social media users are largely self-policing. “We don’t actively police for compliance sake … but we have a process to follow if something is flagged as inappropriate,” he says.
Hyman says monitoring can be a challenge. Software to do so does exist, he says, but it can be expensive. Alternatively, companies can monitor some activities using Google alerts and subscribing to employee Twitter feeds.
“You may only find out about something when a problem is brought to your attention,” Hyman says. In that case, “investigate and then discipline as appropriate.”
A policy should be tailored to a company’s needs and concerns, Li says, and should address confidentiality and transparency, as well as include examples of acceptable and unacceptable behaviors. Employers may also want to require employees who identify themselves as such publicly to include a disclaimer in any online postings that their opinions are their own and not those of the company.
She says the biggest mistake companies make is “letting the legal department agonize too long … The only worse thing than not having one is having one that’s in limbo.”
Another major mistake: focusing only on the “Don’ts.” “Most people think of social media policies as the ‘Don’ts,’ but they should also be thinking about the kind of good behaviors you want to encourage,” Li says.
Hyman says a social media policy boils down to two words: Be professional.
“Remind employees that everything they do is reflection on the company and they should behave accordingly,” he says. “You also need to make it clear that if they do something that can reflect on the business, you can discipline or terminate their employment accordingly.”
Allen
Allen adds a policy alone isn’t enough. She notes that half of the employees polled by Deloitte said company guidelines won’t change how they behave in cyberspace, and one-third say they don’t consider what the boss would think before posting materials online.
“While policies are important, you have to create a solid values-based culture … that encourages employees to make good decisions about how they act inside the company and externally,” she says.
No comments yet