Seemingly overnight, Social media has moved from a business curiosity to an invaluable tool for customer engagement, brand positioning and employee empowerment. For example, social media use for 18-29 year olds has grown from 16% in 2005 to 89% in 2010. A recent survey, now in its third year, found that Social Media is imperative and effective to stand out in a crowded market: 88% of all marketers found that it helped increase exposure and 76% found that it increased traffic and subscriptions.
Faced with the rapid adoption of social media services and platforms, companies find themselves in a dilemma: move quickly to adapt to new technologies, or put policies in place that support marketing goals. Finding the right balance between taking appropriate business risks and minimizing legal ones is a dilemma shared by all businesses, and it can be particularly tricky in the rapidly changing realm of social media. A social media snafu could pull a business into a range of legal imbroglios, involving employment law, intellectual property rights, advertising, defamation, libel, antitrust, and privacy protection. What follows is a list of five common social media legal mistakes that businesses are making.
1. Your Company does not have a social media policy.
Social media is going through an evolution from social media to social business. Yet In the rush to avoid being left behind, some 79% of companies do not have social media policies in place. Companies and employees are becoming deep users of Twitter, LinkedIn, Facebook, blogs, private-label platforms, and the like. Absence of a policy has led to lawsuits over basic issues such as ownership of LinkedIn profiles and Twitter followers. Lack of a policy could also lead to awkward situations that require a response, but may not rise to the level of a legal quandary such as public criticism by a volunteer or advisor.
Having a social media policy cannot prevent the occurrence of unintended consequences. However, it can address most risks that businesses will face and provide an informal framework for addressing issues that will inevitably arise before they become full-fledged emergencies that require a legal solution.
2. Your Company’s social media policy is unenforceable.
Not surprisingly, one of the most active legal areas of social media for business has been in the context of Employer-Employee relations. In 2011, the U.S. Chamber of Commerce released a report stating that the National Labor Relations Board (NLRB) had received 129 cases involving social media. The majority of claims concerned overly-restrictive employer social media policies or employee discipline and even termination based on use of social media.
More recently, the NLRB released updated guidance discussing 14 such cases in particular. Significantly, the NLRB criticized five employers’ social media policies, as “unlawfully overly broad” (e.g., too restrictive). In four cases, an employee’s use of Facebook to complain about their employer was held to be “protected concerted activity.” The benefit for employers is that the report frames the discussion for the appropriate scope of an enforceable social media policy.
3. Your employees don’t understand your social media policy.
For companies who have drafted a social media policy, another risk is that the employees who are engaged in social media on behalf of the company or brand do not understand the policies. Training employees about what it is, how it works and what’s expected is just the beginning.
For example, Australian telecomm company Telstra is an excellent example of social media transparency. This 40,000+ employee company mandates social media training built around a manageable policy focused on “3Rs” – responsibility, respect and representation. To promote awareness and understanding, the comic book-styled policy answers simple questions like “what is Facebook?” and more complex issues like employer criticism on personal blogs. Taking it a step further, the company published their entire social media training guide online for others to study and critique.
4. Your privacy policy is out of date.
Back in the early days of the Internet “Gold Rush,” companies raced to create an online presence complete with ecommerce storefronts. Partly due to the length of time it took to get a web site up and partly due to the fear of risks associated with ecommerce, companies made sure to implement comprehensive Terms of Use and Privacy Policies. Many have not revisited those policies since.
The risks of an outdated privacy policy are twofold. First, it may be unenforceable for any number of reasons. For example, the company has changed the way it gathers and stores information about site visitors, has changed the platforms from which it gathers such data and potentially with whom it shares such data, even unwittingly.
More importantly, the dynamics of online usage and marketing have changed. The availability of GPS data and commonly used technologies for targeted advertising and related services pose new privacy risks such as leaking personally identifiable information including usernames, email addresses, first names, last names, physical addresses, phone numbers, and birthdays. A recent series of articles by the Wall Street Journal analyzed the tracking files installed on people’s computers by the 50 most popular U.S. websites, plus WSJ.com and found that some sites like dictionary.com had over 200 such tracking cookies.
Second, an outdated privacy policy may subject a business to scrutiny and even penalties from the Federal Trade Commission (FTC). On October 12, 2011 the FTC announced a settlement with a file-sharing application developer over allegations that it used deceptive default privacy settings, which would lead consumers to unintentionally and unknowingly share personal files from their mobile device or computer with the public.
5. Your Company is Not Engaging In The Conversation.
Lastly, social media enables instantaneous, ubiquitous, electronic social interaction using highly accessible and scalable publishing techniques. The platforms and services that enable this interaction also provide an unfettered medium for defamatory statements about individuals, disparaging remarks about a companies’ products and services and inaccurate or misleading remarks by over-enthusiastic employees.
The legal risk is that a company often does not control such conversations which can quickly spiral out of control. Many web sites and blogs allow comments and invite participation by unrelated third parties. Having a strategy for when, how, and why to engage is critical to mitigate the legal risks since this area of law is notoriously fact and circumstances dependent and varies by jurisdiction.
Contact Us For a Consultation.
Is your business making one of the mistakes described above? Do you want to learn how to use social media to market and communicate with existing and prospective clients and do so in a way that minimizes potential risks and pitfalls? Hopefully, the guidance outlined above can serve as a good starting point for discussions about how best to use social media as well as suggestions regarding factors that firms may wish to consider in strengthening their compliance and risk management programs. We invite you to contact us with comments and requests about how we can help you educate your employees, prevent fraud, monitor risk, and promote compliance. We can be reached at lsglegal.com, 866-734-256, @adlerlaw and dadler@lsglegal.com.