How Companies Are Addressing Social Media Risk

Social media, including Facebook, Twitter, YouTube, etc., is an evolving and growing means of communication. According to some reports, people have been spending more time using social media sites than e-mail since February 2009. See “A World of Connections,” The Economist, Jan. 28, 2010. For companies, social media presents both opportunities and risks. These risks include reputational, brand, legal, regulatory and security concerns. This article outlines some approaches that companies are taking to manage the risks, including: 1) reviewing existing company compliance policies and preparing social media policies as warranted; 2) restricting workplace access to social media; 3) utilizing social media monitoring tools; 4) taking into account actual social media business issues; and 5) reviewing insurance coverage.

Company Compliance Policies and Social Media Policies

According to a recent survey by Manpower, 29% of companies in the Americas and 20% of companies worldwide have a social media policy. See “Social Networks vs. Management? Harness the Power of Social Media, Manpower, January 2010. Companies that do not have social media policies likely are preparing them or at least considering them. While there are social media policies, other company compliance policies (e.g., codes of conduct, codes of ethics, confidentiality obligations, privacy policies, intellectual property policies, etc.) often cover aspects of social media use. The starting point is for a company to review existing policies, determine whether they cover aspects of social media and revise or update them as necessary or appropriate and prepare a social media policy as warranted. A new social media policy should be drafted to be consistent and integrated with other company compliance policies.

By way of example, a company record retention policy and legal hold could be implicated by social media use. Information on a company's social networking site is considered to be electronically stored information. As soon as a company is reasonably aware of the possibility of litigation, audit or investigation, it must take steps to preserve all records that may be relevant to the matter, including electronically stored information. If information on the social networking site may be relevant, the company must take appropriate steps to preserve it. Accordingly, a company's record retention policy and legal hold should be reviewed regarding social media and revised and updated if necessary or appropriate. Any new social media policy should be drafted to work together with the record retention policy and legal hold.

Social media policies typically are tailored to a particular company's circumstances, including the many different ways that companies use social media. Many social media policies are not publicly available. Based on a review of the social media policies of Sun (which was acquired by Oracle in early 2010), Yahoo, IBM, Edelman, Cisco and Dell, following are some of the common elements of these policies:

• Identify yourself and make it clear when you are speaking on behalf of or about the company;
• Use common sense and judgment;
• Know that there is personally liability for content;
• Understand that disclaimers are advisable, but not a shield from liability;
• Realize that disclosed information should be accurate;
• Seek advice from the legal department or management when necessary (e.g., when unsure about posting or for permission to comment on work-related legal matters);
• Do not disclose confidential or financial information or material, non-public information about the company; and
• Follow established company guidelines, policies and codes.

Social media policies often involve different areas of a company (e.g., human resources, marketing, legal, communications, etc.). A number of different laws could potentially apply, including without limitation employment, intellectual property, privacy and securities law. In some cases, there may be additional regulation (e.g., Federal Trade Commission, Financial Industry Regulatory Authority, Food and Drug Administration, etc.). As a result, a multi-disciplinary business and legal team frequently is assembled to prepare a social media policy. As with other company compliance policies, a social media policy needs to be implemented and enforced consistently.

Restricting Workplace Access to Social Media

According to a survey by Robert Half, 54% of U.S. workplaces completely block access to social networks, whereas 19% permit access solely for business purposes, 16% permit limited personal use and 10% permit any personal use of social networks. See “Whistle ' But Don't Tweet ' While You Work,” Robert Half, October 2009.

Social Media Monitoring Tools

Social media monitoring tools encompass analytics software for tracking and analysis (e.g., traffic, keywords, trends, etc.), including Web software tools like Webtrends, Omniture and Google Analytics. In addition, there are URL shorteners, including Bit.ly and Ow.ly, which track information like clicks from different traffic sources. There also are tools that collect metrics on Twitter ' Twittersearch, Twitrratr, Twinfluence and Tweetstats. Company employees could engage in monitoring on behalf of the company. Moreover, there are third-party paid monitoring options, which can be domestic or global in scope. These include Radian6 (owned by Webtrends), Sysomos and Buzzlogic. These tools track the activity of a brand in social media and provide insights about the tone of the dialogue (i.e., “sentiment analysis”).

Considering Actual Social Media Business Issues

Certain business issues are arising through the use of social media. Examples of these include an impostor establishing an impostor site, pretending to be another person (e.g., Twitter impostors in the case of celebrities and executives) and whether Facebook's terms of use can be modified. Once aware of these issues, a company can work to devise protections and solutions (e.g., how to deter impostor sites and how to shut them down).

Reviewing Insurance Coverage

A company should review the particular terms of its existing insurance coverage and determine whether any social media use or aspects are covered.

Conclusion

Addressing the risks of social media should not necessarily outweigh realizing the opportunities. Companies also must recognize and encourage the opportunities offered by social media for communication, relationship-building and reputation and brand enhancement, among other things.

Melissa J. Krasnow is a partner in the Minneapolis office of Dorsey & Whitney LLP whose practice focuses on privacy, social media, corporate and securities law. For additional information please visit www.dorsey.com/krasnow_melissa/. She may be reached at [email protected].

Social media, including Facebook, Twitter, YouTube, etc., is an evolving and growing means of communication. According to some reports, people have been spending more time using social media sites than e-mail since February 2009. See “A World of Connections,” The Economist, Jan. 28, 2010. For companies, social media presents both opportunities and risks. These risks include reputational, brand, legal, regulatory and security concerns. This article outlines some approaches that companies are taking to manage the risks, including: 1) reviewing existing company compliance policies and preparing social media policies as warranted; 2) restricting workplace access to social media; 3) utilizing social media monitoring tools; 4) taking into account actual social media business issues; and 5) reviewing insurance coverage.

Company Compliance Policies and Social Media Policies

According to a recent survey by Manpower, 29% of companies in the Americas and 20% of companies worldwide have a social media policy. See “Social Networks vs. Management? Harness the Power of Social Media, Manpower, January 2010. Companies that do not have social media policies likely are preparing them or at least considering them. While there are social media policies, other company compliance policies (e.g., codes of conduct, codes of ethics, confidentiality obligations, privacy policies, intellectual property policies, etc.) often cover aspects of social media use. The starting point is for a company to review existing policies, determine whether they cover aspects of social media and revise or update them as necessary or appropriate and prepare a social media policy as warranted. A new social media policy should be drafted to be consistent and integrated with other company compliance policies.

By way of example, a company record retention policy and legal hold could be implicated by social media use. Information on a company's social networking site is considered to be electronically stored information. As soon as a company is reasonably aware of the possibility of litigation, audit or investigation, it must take steps to preserve all records that may be relevant to the matter, including electronically stored information. If information on the social networking site may be relevant, the company must take appropriate steps to preserve it. Accordingly, a company's record retention policy and legal hold should be reviewed regarding social media and revised and updated if necessary or appropriate. Any new social media policy should be drafted to work together with the record retention policy and legal hold.

Social media policies typically are tailored to a particular company's circumstances, including the many different ways that companies use social media. Many social media policies are not publicly available. Based on a review of the social media policies of Sun (which was acquired by Oracle in early 2010), Yahoo, IBM, Edelman, Cisco and Dell, following are some of the common elements of these policies:

• Identify yourself and make it clear when you are speaking on behalf of or about the company;
• Use common sense and judgment;
• Know that there is personally liability for content;
• Understand that disclaimers are advisable, but not a shield from liability;
• Realize that disclosed information should be accurate;
• Seek advice from the legal department or management when necessary (e.g., when unsure about posting or for permission to comment on work-related legal matters);
• Do not disclose confidential or financial information or material, non-public information about the company; and
• Follow established company guidelines, policies and codes.

Social media policies often involve different areas of a company (e.g., human resources, marketing, legal, communications, etc.). A number of different laws could potentially apply, including without limitation employment, intellectual property, privacy and securities law. In some cases, there may be additional regulation (e.g., Federal Trade Commission, Financial Industry Regulatory Authority, Food and Drug Administration, etc.). As a result, a multi-disciplinary business and legal team frequently is assembled to prepare a social media policy. As with other company compliance policies, a social media policy needs to be implemented and enforced consistently.

Restricting Workplace Access to Social Media

According to a survey by Robert Half, 54% of U.S. workplaces completely block access to social networks, whereas 19% permit access solely for business purposes, 16% permit limited personal use and 10% permit any personal use of social networks. See “Whistle ' But Don't Tweet ' While You Work,” Robert Half, October 2009.

Social Media Monitoring Tools

Social media monitoring tools encompass analytics software for tracking and analysis (e.g., traffic, keywords, trends, etc.), including Web software tools like Webtrends, Omniture and Google Analytics. In addition, there are URL shorteners, including Bit.ly and Ow.ly, which track information like clicks from different traffic sources. There also are tools that collect metrics on Twitter ' Twittersearch, Twitrratr, Twinfluence and Tweetstats. Company employees could engage in monitoring on behalf of the company. Moreover, there are third-party paid monitoring options, which can be domestic or global in scope. These include Radian6 (owned by Webtrends), Sysomos and Buzzlogic. These tools track the activity of a brand in social media and provide insights about the tone of the dialogue (i.e., “sentiment analysis”).

Considering Actual Social Media Business Issues

Certain business issues are arising through the use of social media. Examples of these include an impostor establishing an impostor site, pretending to be another person (e.g., Twitter impostors in the case of celebrities and executives) and whether Facebook's terms of use can be modified. Once aware of these issues, a company can work to devise protections and solutions (e.g., how to deter impostor sites and how to shut them down).

Reviewing Insurance Coverage

A company should review the particular terms of its existing insurance coverage and determine whether any social media use or aspects are covered.

Conclusion

Addressing the risks of social media should not necessarily outweigh realizing the opportunities. Companies also must recognize and encourage the opportunities offered by social media for communication, relationship-building and reputation and brand enhancement, among other things.

Melissa J. Krasnow is a partner in the Minneapolis office of Dorsey & Whitney LLP whose practice focuses on privacy, social media, corporate and securities law. For additional information please visit www.dorsey.com/krasnow_melissa/. She may be reached at [email protected].