Social media policies, regulations and now insurance

It seems there is a new article a day on the increase of social media usage and the need to create corporate policies, train employees on the proper usage and ensure that the brand is not being harmed in the process. Unfortunately, companies are realizing policies are not enough. A report by Deloitte found that “49% of employees say a company policy won’t change how they behave online”.

To compound the problem, new regulations are being issued from FINRA, the FDA, the FTC and many others. Even without these new regulations most companies agree that traditional regulations around communications apply in the new world of social media. For example, SEC’s Rule 17a-4 requires broker-dealers to preserve communications relating to their business and NASD Rule 3110 requires that all electronic communications pertaining to a firm’s business be retained, in a format that cannot be overwritten, for three years.

FINRA CEO, Rick Ketchum, points out that these social networking tools will “challenge your ability to ensure compliance with regulatory requirements”. Translation, regulated companies must start tracking social media participation just like they are tracking and retaining other forms of business communication. This was made very clear in an interview on CNBC where he calls for companies to open up and use social media tools but also points out that there must be an “audit trail” to ensure compliance.

And now today The Hartford announced the availability of social media liability insurance. Here is how they describe the offering: “The Hartford now offers broader coverage for data privacy breaches and social media liability exposures, such as online defamation, advertising, libel and slander”. What’s interesting about this move is The Hartford recognized the problem isn’t going away, or getting any smaller and traditional approaches to dealing with monitoring, protection and enforcement, like web filtering or content monitoring, simply fall short.

So what is a company to do that is concerned about their exposure yet understand that they have to open up access to these tools because the business impact is too great to ignore? We recommend following these steps:

1. Create your policy: define the social media policy that is appropriate for your business and industry (here is a great list of corporate policies from a variety of industries to help get you started).
2. Educate the company: train your employees on the proper use of these tools and how to stay compliant with company and industry policies.
3. Implement and enforce: deploy technology that allows you to control access at the feature level, monitor and moderate content as necessary, retain and archive data and make it easy to produce any social post on demand.
4. Monitor and learn: watch how groups take advantage of these tools across the organization, highlight best practices and retrain on policies if needed.
5. Iterate and expand: modify policies if appropriate, encourage broader adoption by employees and expand on the business processes that take advantage of these tools.

And optionally you may want to look at insurance offerings from companies like The Hartford. Liability in the social space has always been a concern and it will be interesting to see how this sector of the industry evolves. In fact, it may be that companies that follow the recommendations above might even qualify for a reduced rate. Time will tell.