Mitigating a Multitude of Social Media Risks
Employees using business-oriented social media sites could be inadvertently exposing the company to a host of risks, whether by disclosing proprietary information, using a photo that captures details potentially helpful to competitors or just communicating an off-brand message. Michael Schmidt and Art Samansky provide suggestions corporations can implement to guard against myriad legal, competitive and regulatory woes.
with co-author Art Samansky
Personal profile posts on business-oriented internet sites pose potential problems for organizations regardless of whether they are publicly traded.
Proliferation of employee social media use continues unabated, as does organizations’ desire to rely on that employee use to make certain employment-related decisions. Employee use of social media, including on professional business sites such as LinkedIn, generally presents many sensitive and difficult legal issues for organizations. The comments and other posts are intertwined with freedom of speech guarantees in the nation’s Constitution (at least for public employers), employee rights under the National Labor Relations Act and other federal and state laws and regulations. As a result, these posts aren’t as easily “managed” as those for purely company-related materials.
Moreover, unless an errantly worded post is spotted by company management or the social media monitoring team or gets broad social media or mainstream/trade media attention — including going viral – many posts stay under the “corporate” radar.
One of those under-the-radar items is a profile posting on a business-focused online site. As a result, potential problems might sit unnoticed, ready to suddenly cause legal, regulatory or competitive woes for an organization. While similar problem-creating profile-wording might appear in a paper-based resume, that problematic information is likely to be seen by only a few. But online, the information is potentially exposed to many millions of eyeballs and the risk of potential damage is exponentially worse.
For example, a staff member might post her/his responsibilities at the company in a way which inadvertently includes proprietary or confidential information about finances, strategies, product developments or regulatory issues. Or the social media post might be done in a more targeted way by a separated employee violating a non-solicitation agreement the individual has with the former employer.
Likewise, the posting may have incorporated information about clients or types of clients — even if not specifically named, but identifiable — which might be useful to competitors or touch a regulatory hot-spot.
Similarly, of special concern to the information technology team, the post might include a nonpublic email address or other contact information which could enable a cyber-thief to gain access to the broader corporate computer system.
From a corporate communications perspective, the post might use phrasing which hasn’t been (and might not be) approved by an in-house marketing or public relations team, resulting in a post that is inconsistent with the company’s approved strategic messaging plans for clients, prospective clients and others, including regulators.
Among other issues, too, is the associated business-oriented photo; the individual might post her/his photo taken in an office setting, inadvertently showing something in the background which might compromise company information — a map, signage or codes.
An employee isn’t likely to upload any of this information with nefarious intent, but missteps can and do occur; companies should help themselves by taking a variety of steps, including:
- Developing a social media policy that is consistent with the current state of the law and that appropriately balances employee rights and the rights of the employer to establish and maintain certain workplace expectations — written jointly by corporate communications, internal/external legal counsel and human resources – with specific reference to corporate-related personal profile issues.
- Disseminating the policy to all employees (full-time and part-time), vendors and consultants.
- Adding the policy to all contracts.
- Providing the policy document to all new hires on day one, citing it specifically during orientation and including it in the employee handbook.
- Setting up a process for employees, vendors and consultants to voluntarily submit these types of profiles for review to a specific corporate unit, such as communications, which, beyond spotting and discussing potential issues, may also help offer suggestions to improve the post.
- Arranging for professional-looking profile photos to be taken free by the company.
- Setting up a social media monitoring program that includes business-oriented sites, using internal or external staffing.
These steps won’t eliminate all problems, but they likely will avoid many.
Arthur Samansky is a Principal of The Samansky Group, an Old Bethpage, N.Y.-based corporate communications consulting firm.