We continue to be entertained and perplexed by the faux pas of employees who contribute on social media. The truisms that “nothing goes away…ever” and “there’s no such thing as private” are often forgotten in the moment when fingers hit keys and some idea, rumor or piece of knowledge begs to be shared. Unfortunately, employers often bear the true cost of these employee missteps—whether it is a restaurant worker who posts a video showing us what he really does to your food, a manager who posts a racist comment or an HR professional who live tweets as layoffs are occurring.
The risk of legal or reputational damage via social media continues to grow. According to a 2013 study from the Ethics Resource Center, nearly 75% of employees use some form of social media, and all age groups are participating. In addition, “…[a]lmost three out of four social networkers (72 percent) spend at least some time of their workday on social networking sites, and 28 percent say such activity adds up to an hour or more of every workday.”
During the past decade the law has struggled to catch up with reality; the boundaries between what is and is not acceptable on social media isn’t always clear. And the challenge for employers is compounded by a legal environment that is in flux and generally favors an employee’s right to speak freely while online.
Organizations Mistakenly Rank Social Media Risks A Low Priority
Despite the ubiquitous nature of social media and the significant risks misuse presents to an organization (think reputational damage as much as legal risks) compliance professionals tend to place social media risk low on their list of concerns. In PwC’s 2014 State of Compliance Survey, social media ranked at the very bottom of the list of concerns of compliance officers.
In 2012, Simon Cole, the founding partner of the corporate reputation and branding consultancy Reputation Dividend, published a startling statistic in an article in World Economics. His analysis showed that tangible book value accounts for only half of the S&P 500’s total market capitalization. That means the intangibles—like reputation—make up the other half. And more than anything else in this post-millennial world, social media affects reputation more than any PR effort created by a highly-paid agency.
With both the risk of an incident occurring and the magnitude of potential damage to an organization should an incident occur at high risk, why are organizations ranking this risk so low?
Five Strategies For Successfully & Painlessly Integrating Social Media Compliance Into Your Compliance Program
With all the other critical compliance priorities in queue, social media has a hard time beating out pressing compliance risks like privacy, insider trading, conflicts of interest, and bribery and corruption. But ignoring the risk all-together is certainly not a wise decision. By taking five simple steps you can start to weave social media education into your compliance program—without taking a significant hit on seat time or your budget. Studies like the Ethics Resource Centers National Business Ethics Survey “Social Networkers: New Risks and Opportunities at Work” have found that teaching employees about your social media rules and policies actually helps drive desired compliance minded behaviors—like not posting about an employee’s job, projects or clients.
- Tell Employees That You Have A Policy: If you don’t have a social media policy, it’s a good time to create one. (See NAVEX Global’s social media policy in our Code of Conduct.) There are lots of options and approaches, but no matter what direction you head, have your policy reviewed by a lawyer. The National Labor Relations Board has a lot to say about what employers (even non-union employers) can expect of employees when it comes to social media use. And if you have a policy, make sure you revisit is at least every six to nine months; the law is still evolving and it’s best not to let this policy get stale. In the spirit of addressing social media risk as a holistic compliance challenge, review key policies (such as insider trading, harassment, and competition law) and update them to reference social media use as appropriate. And then of course, let your employees know that you have a policy. It seems simple but it’s surprising how many employees don’t even know that their organization has a policy.
- Be Positive. Most employers have largely come to the conclusion that cutting off social media use at work is virtually impossible; but they don’t need to give up completely. Many organizations are now approaching social media risk management from a more positive perspective. An important goal is to provide employees with tips and advice on how to use social media in a smart and responsible way; most employees don’t want to ruin their reputation or create legal liability, and some helpful tips could make the difference between a damaging post and a more compliance-minded decision not to post. The information is also likely to be well received by your employees.
- Deploy Microlearning. If you don’t have time for a 30-minute course on social media use this year or early next, add it to your learning plan for the next training cycle and opt to deploy a burst, also known as short-form or microlearning compliance training) on the topic. In five to seven minutes you can highlight your social media policy, help employees understand that there are rules in place to guide their behavior on social media—and ensure that they know they must take responsibility for what they post.
- Make All Training Social Media Relevant.In any training, make sure to reference social media and how misuse can create risk for that specific compliance area. Use examples or showcase real situations—giving employees context helps increase their understanding and awareness. For example, when you train on insider trading, use an example that highlights how easy it is to violate the law with a single post.
- Get Creative. Employers are just starting to think about how they can use social media (or social media concepts) to more effectively engage their own employees and get them talking about important compliance topics. And while the path is still being forged, organizations have a great opportunity to harness the power of social media. In 2015 consider how your organization can utilize crowd-sourcing, tools like Yammer, or get employees engaged through collaborative online competitions to enhance the compliance efforts you already have planned for the upcoming year. And if you do this, you may just help your employees become more social media aware and compliant.
Social Media Compliance Training Is Not A Stand Alone Topic or Risk; Don’t Treat it That Way
For most organizations, social media risk is a pervasive risk; it’s not a risk that is linked to a specific regulatory obligation (like bribery and corruption or harassment). Rather, social media is a method of communication and interacting that provides employees with new avenues to engage in old-school misconduct and make mistakes that can violate virtually all your organization’s policies. And today’s missteps have the potential to cause much more devastating and organization-wide harm than the same misconduct pre-social media.
Some organizations are still hoping that monitoring social media use by employees will be the answer. A report by Gartner on the use of digital surveillance in the workplace forecasts that by 2015, 60% of corporations will have formal programs for monitoring employee activity on social media, up from less than 10% in 2012. But while knowledge of surveillance can change employee behavior, it can also impact employee morale and trust. Surveillance is also limited to capturing transgressions after the fact. If you plan to continue with a surveillance program, know that it can raise many complicated and challenging legal issues, which outside of the U.S. can be particularly thorny. Employers should never embark on a surveillance program without having it thoroughly evaluated and reviewed by a lawyer. And employers should not rely on monitoring alone when in comes to creating a social media compliant and savvy workforce.
By taking a more conscious approach to managing social media and better integrating it into many of the existing compliance activities you can move social media risk from the bottom of the list, to a risk that is fully addressed in your organization.
