When is a social media policy not enough?

As more and more companies race to adopt social technologies they inevitably ask the question, “what should our policy be?” Depending on the industry and the company you will find a wide range of policies. Some are a few paragraphs and some are literally pages long. If you are looking for some examples here is a great list of policies across a number of industries.  Additionally, here is a more specific list of government related social media policies.

I will be the first to say that policies are important when it comes to opening up the social web to your employees. But a word of caution, don’t stop after pressing the save button.  In a recent report from Deloitte they posed the question to employees “what is your company’s policy when it comes to use of social networking channels”? Here were the responses:

• 26% – There are specific guidelines as to what you can and cannot say online in relations to the company and/or client matter
• 7% – The policy is to use your discretion when it comes to posting comments and opinions on the world wide web and social networking sites
• 11% – There is a policy, but I don’t know what it is
• 23% – There is no policy
• 24% – Don’t know if there is a policy

Note that 58% either don’t have a policy or don’t know what it is. This should be concerning. After all if your company believes it’s important enough to create a policy isn’t it just as critical to ensure the policy is followed? On that topic how will you monitor it to ensure compliance? In regulated industries like financial services and government this is even more critical as regulators require that certain activity be captured and archived.

The Independent Insurance Agents & Brokers of America (IIABA) recently published a great resource titled “Creating a Social Web Policy for Your Independent Agency”.  The report offers some very good recommendations and detailed steps on how to go about creating a social media policy. However, there are two recommendations that I would like to expand on.

The first is related to “compliance with federal and state discovery, document retention and other laws and agency procedures.” In the guide they state “employees should copy and paste any client specific social media communication into the agency management system and record an activity in the same manner they would in using other media.”  While that is one way to capture and retain the data it is enormously unproductive and it also raises questions around completeness of the archive.

What happens if someone forgets to take these steps or decides they simply don’t want to? A better approach would be to leverage automated solutions, like our Risk Manager product as an example, that sits between the end user and the social networks to automatically capture and retain the content. Not only will this eliminate the manual work around data capture and retention but it also guarantees completeness.

The second is around advertising statutes and regulations. They correctly state that “social media posts are communications subject to various federal and state laws/regulations, including characterization as advertising under some state laws, so employees should make sure they are complying with all such laws in using social media.” This is correct. The detail that is missing though is how you will comply in this new environment. Again I’ll go back to our Risk Manager product as a mechanism to help ensure compliance on this point and many others.

I encourage you to download the IIABA report if you have not created your social media policy. If you are looking for more information on how the FINRA/SEC rules impact social network use you should take a look at this summary as well. Last be sure you have the tools in place to make it as easy as possible for your employees to meet the policy and compliance guidelines as they start to use these powerful sites.