There is a storm brewing in social media. The number of issues arising from employee mistakes is growing. And the primary risk management tool around these issues is the social media policy.
I have been doing some research on social media policies for an upcoming report I am doing and have been speaking to companies about what kind of social media policy they have, but more interestingly why they even have one. What is interesting is why they have one.
I have found that most companies establish a social media policy for the wrong reasons. Some of the responses I have heard include:
“Because we should.”
“The regulatory policy/agency said we should have one.”
“Because we needed to remove all of the risk from social media.”
“Our consultant said we needed one. And since we are paying him a lot of money he must know what we need.”
“After the twitter crisis this summer, our CEO demanded we get a social media policy so this never happens again.”
“Company ABC didn’t have one and look what happened to them.”
“Our corporate counsel said we needed to have one but didn’t know what needed to be in it.”
“We hired a 20-something to establish our social media presence and he said we should probably have one.”
These are all fine and good reasons, well most of them are. But they are not the primary reasons for having a social media policy.
There are really only three purposes or reasons to have a social media policy. And your social media policy should be constructed around these three purposes. The three purposes are:
Establish an acceptable pattern of behavior. Social media policies should first establish what are acceptable patterns of behavior (or PoB’s) for employees and even customers on social media. These acceptable PoB’s can be as broad as saying do no harm to being highly restrictive around content, platform, who gets to participate, and how social communications are cleared. Some of the best companies at this actually include examples and cases that give employees and others some context around the acceptable PoB.
Protect the company and the employees. Secondly, social media policies should protect both the company and employee. By outlining what is acceptable, the company can then identify who and what the company will allow and won’t, and if an employee should step past that line or outside that pattern, the company is somewhat protected legally. At the same time the policy should protect employees in that if they are following the policy and something goes wrong, they are covered. But check that with your legal counsel.
Provide an enforcement framework. If and when something goes wrong, the policy should provide a process to address the issue. For example, if someone continues to post inappropriate content on the corporate Facebook page, then there is a level handed process in place to address the issue.
A good social media policy won’t erase all of the risk of having a social media presence, but it will outline what is considered acceptable, and if and when things go wrong, a process for addressing the issue.