Five Social Media Legal Mistakes That Your Business Is Making

Image representing Facebook as depicted in Cru...
Image via CrunchBase

Seemingly overnight, Social media has moved from a business curiosity to an invaluable tool for customer engagement, brand positioning and employee empowerment. For example, social media use for 18-29 year olds has grown from 16% in 2005 to 89% in 2010. A recent survey, now in its third year, found that Social Media is imperative and effective to stand out in a crowded market: 88% of all marketers found that it helped increase exposure and 76% found that it increased traffic and subscriptions.

Faced with the rapid adoption of social media services and platforms, companies find themselves in a dilemma: move quickly to adapt to new technologies, or put policies in place that support marketing goals. Finding the right balance between taking appropriate business risks and minimizing legal ones is a dilemma shared by all businesses, and it can be particularly tricky in the rapidly changing realm of social media. A social media snafu could pull a business into a range of legal imbroglios, involving employment law, intellectual property rights, advertising, defamation, libel, antitrust, and privacy protection.  What follows is a list of five common social media legal mistakes that businesses are making.

1. Your Company does not have a social media policy.

Social media is going through an evolution from social media to social business. Yet In the rush to avoid being left behind, some 79% of companies do not have social media policies in place. Companies and employees are becoming deep users of Twitter, LinkedIn, Facebook, blogs, private-label platforms, and the like. Absence of a policy has led to lawsuits over basic issues such as ownership of LinkedIn profiles and Twitter followers. Lack of a policy could also lead to awkward situations that require a response, but may not rise to the level of a legal quandary such as public criticism by a volunteer or advisor.

Having a social media policy cannot prevent the occurrence of unintended consequences. However, it can address most risks that businesses will face and provide an informal framework for addressing issues that will inevitably arise before they become full-fledged emergencies that require a legal solution.

2. Your Company’s social media policy is unenforceable.

Not surprisingly, one of the most active legal areas of social media for business has been in the context of Employer-Employee relations. In 2011, the U.S. Chamber of Commerce released a report stating that the National Labor Relations Board (NLRB) had received 129 cases involving social media. The majority of claims concerned overly-restrictive employer social media policies or employee discipline and even termination based on use of social media.

More recently, the NLRB released updated guidance discussing 14 such cases in particular. Significantly, the NLRB criticized five employers’ social media policies, as  “unlawfully overly broad” (e.g., too restrictive). In four cases, an employee’s use of Facebook to complain about their employer was held to be “protected concerted activity.” The benefit for employers is that the report frames the discussion for the appropriate scope of an enforceable social media policy.

3. Your employees don’t understand your social media policy.

For companies who have drafted a social media policy, another risk is that the employees who are engaged in social media on behalf of the company or brand do not understand the policies. Training employees about what it is, how it works and what’s expected is just the beginning.

For example, Australian telecomm company Telstra is an excellent example of social media transparency. This 40,000+ employee company mandates social media training built around a manageable policy focused on “3Rs” – responsibility, respect and representation. To promote awareness and understanding, the comic book-styled policy answers simple questions like “what is Facebook?” and more complex issues like employer criticism on personal blogs. Taking it a step further, the company published their entire social media training guide online for others to study and critique.

4. Your privacy policy is out of date.

Back in the early days of the Internet “Gold Rush,” companies raced to create an online presence complete with ecommerce storefronts. Partly due to the length of time it took to get a web site up and partly due to the fear of risks associated with ecommerce, companies made sure to implement comprehensive Terms of Use and Privacy Policies. Many have not revisited those policies since.

The risks of an outdated privacy policy are twofold. First, it may be unenforceable for any number of reasons. For example, the company has changed the way it gathers and stores information about site visitors, has changed the platforms from which it gathers such data and potentially with whom it shares such data, even unwittingly.

More importantly, the dynamics of online usage and marketing have changed. The availability of GPS data and commonly used technologies for targeted advertising and related services pose new privacy risks such as leaking personally identifiable information including usernames, email addresses, first names, last names, physical addresses, phone numbers, and birthdays. A recent series of articles by the Wall Street Journal analyzed the tracking files installed on people’s computers by the 50 most popular U.S. websites, plus WSJ.com and found that some sites like dictionary.com had over 200 such tracking cookies.

Second, an outdated privacy policy may subject a business to scrutiny and even penalties from the Federal Trade Commission (FTC). On October 12, 2011 the FTC announced a settlement with a file-sharing application developer over allegations that it used deceptive default privacy settings, which would lead consumers to unintentionally and unknowingly share personal files from their mobile device or computer with the public.

5. Your Company is Not Engaging In The Conversation.

Lastly, social media enables instantaneous, ubiquitous, electronic social interaction using highly accessible and scalable publishing techniques. The platforms and services that enable this interaction also provide an unfettered medium for defamatory statements about individuals, disparaging remarks about a companies’ products and services and inaccurate or misleading remarks by over-enthusiastic employees.

The legal risk is that a company often does not control such conversations which can quickly spiral out of control. Many web sites and blogs allow comments and invite participation by unrelated third parties. Having a strategy for when, how, and why to engage is critical to mitigate the legal risks since this area of law is notoriously fact and circumstances dependent and varies by jurisdiction.

Contact Us For a Consultation.

Is your business making one of the mistakes described above? Do you want to learn how to use social media to market and communicate with existing and prospective clients and do so in a way that minimizes potential risks and pitfalls? Hopefully, the guidance outlined above can serve as a good starting point for discussions about how best to use social media as well as suggestions regarding factors that firms may wish to consider in strengthening their compliance and risk management programs. We invite you to contact us with comments and requests about how we can help you educate your employees, prevent fraud, monitor risk, and promote compliance. We can be reached at lsglegal.com, 866-734-256, @adlerlaw and dadler@lsglegal.com.

Regulated Industries – Social Media Legal & Regulatory Compliance

Seal of the United States Federal Trade Commis...
Image via Wikipedia

For the past year and a half, I have been traveling to various conferences around the country to speak on Legal and Regulatory compliance in social media. In the beginning, case law and regulatory guidance was scarce and little information was available to provide businesses engaged in social media with a roadmap for Social Media Legal and Regulatory compliance. However, a lot has changed over the last year and a clear trend is emerging. Industry regulators are aware of the use – and abuse – of social media by their members. This article examines recent guidance provided by the Federal Trade Commission (FTC), the Food & Drug Administration (FDA), the National Labor Relations Board (NLRB), the Financial Industry Regulatory Authority (FINRA) and the Securities Exchange Commission (SEC).

Social Media in Marketing, Advertising & Commerce.

The FTC has a prime directive to protect consumers. In the social media sphere, the FTC has pursued this mandate by enforcing companies’ Terms of Use and privacy policies. In addition, the FTC has recently issued updated guidance for companies and individuals that review, promote, advertise or otherwise write about various products and services. In 2009, the FTC tackled its first social media case, an investigation involving Twitter. The focus of the FTC action was Twitter’s privacy policy that asserted A concern about safeguarding confidentiality of personally identifiable information and privacy settings designed to designate tweets as private.

The settlement, first announced in June 2010, resolved charges that Twitter deceived consumers and put their privacy at risk by failing to safeguard their personal information. Lapses in the Twitter’s data security allowed hackers to obtain unauthorized administrative control of Twitter, including both access to non-public user information and tweets that consumers had designated as private, and the ability to send out phony tweets from any account. Under the terms of the settlement, Twitter has hit ended and ongoing obligations concerning consumers and the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers.

In a similar action, the FTC settled and investigation into Facebook,the leading social media platform/service. The social networking service agreed to settle Federal Trade Commission charges that it deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public. The settlement requires Facebook to take several steps to make sure it lives up to its promises in the future, including giving consumers clear and prominent notice and obtaining consumers’ express consent before their information is shared beyond the privacy settings they have established.

Read the FTC update here.

As recently as January 10, 2012, the FTC reached a settlement with UPromise, Inc., stemming from charges that the company – a membership reward service – allegedly used a web-browser toolbar to collect consumers’ personal information, without adequately disclosing the extent of personal information collected. The FTC found that the toolbar was collecting the names of all websites visited by its users as well as information entered into web pages by those users, including user names, passwords, credit card numbers, social security numbers and other financial and/or sensitive data. Furthermore, this data was transmitted in unencrypted, clear text that could be intercepted or viewed by third parties in a WiFi environment. The result? UPromise had to destroy all data it collected under the “Personalized Offers” feature of its “TurboSaver” toolbar in addition to other obligations related to data collection practices and consent to collection of personal information.

Other Industry Guidance.

In October 2009, the Federal Trade Commission released it’s updated “FTC’s Guides Concerning the Use of Endorsements and Testimonials in Advertising.” The updated Guides contain two notable areas of concern for marketers. First, the Guides removed the safe harbor for advertisements featuring a consumer’s experience with a product or service, the so-called “results not typical” disclosure. Second, the FTC Guides underscored the longstanding principle of disclosing “material connections” between advertisers and the consumers, experts, organizations, and celebrities providing reviews and endorsements of products and services.

For concise guidance on when, how and what to disclose, see my article here.

Social Media in the Healthcare & Pharmaceutical Industries.

Like other consumer-oriented industries, Pharmaceutical and Biotech firms are rapidly expanding their presence online. This growth over the past several years has not gone unnoticed as evidenced by FDA Warning Letters targeting marketing campaigns “broadcast” via websites and social media platforms. The FDA also provides more general guidance for the industry. Policy and guidance development for promotion of FDA-regulated medical products using the Internet and social media tools are available in the FDA’s Consumer-Directed Broadcast Advertisements Questions and Answers. While this document provides clear direction for traditional media broadcasting , it only skims the surface regarding web content.

Social Media in the Workplace.

Probably no other federal agency has been as active as the NLRB in recent months. The NLRB has a mandate to protect employees rights to organize and discuss working conditions without fear of reprisals from employers. On August 8, 2011, the Associate General Counsel for the NLRB released a memo entitled “Report of the Acting General Counsel Concerning Social Media Cases.The report began by analyzing a case of first impression: whether an Employer unlawfully discharged five employees who had posted comments on Facebook relating to allegations of poor job performance previously expressed by one of their coworkers.

On January 25, 2012, the NLRB released a second report describing social media cases handled by the NLRB. The “Operations Management Memo” available here, covers 14 cases, half of which involve questions about employer social media policies. Five of those policies were found to be unlawfully broad, one was lawful, and one was found to be lawful after it was revised.

The remaining cases involved discharges of employees after they posted comments to Facebook. Several discharges were found to be unlawful because they flowed from unlawful policies. But in one case, the discharge was upheld despite an unlawful policy because the employee’s posting was not work-related. The report underscores two main points made in an earlier compilation of cases: 1) policies should not sweep so broadly that they prohibit the kinds of activity protected by federal labor law, such as the discussion of wages or working conditions among employees; and 2) an employee’s comments on social media are generally not protected if they are mere gripes not made in relation to group activity among employees.

Social Media and the Financial Services Industry.

From the Madoff scandal, to the Occupy Wall Street Movement, to Mitt Romney’s tax returns, the financial services sector is accustomed to the scrutiny and ire of the public and government regulators. Therefore it is no surprise that on January 4, 2012, the SEC’s Office of Compliance Inspections and Examinations, in coordination with other SEC staff, including in the Division of Enforcement’s Asset Management Unit and the Division of Investment Management, issued its “Investment Adviser Use of Social Media” paper. The paper begins by observing that although “many firms have policies and procedures within their compliance programs” governing use of social media” there is wide “variation in the form and substance of the policies and procedures.” The staff noted that many firms have multiple overlapping procedures that apply to advertisements, client communications or electronic communications generally, which may or may not specifically include social media use. Such lack of specificity may cause confusion as to what procedures or standards apply to social media use.

The SEC paper suggests that the following factors are relevant to determining the effectiveness of a Social Media compliance program:

  • Usage Guidelines
  • Content Standards
  • Monitoring
  • Frequency of Monitoring
  • Approval of Content
  • Firm Resources
  • Criteria for Approving Participation
  • Training
  • Certification
  • Functionality of web sites and updates thereto
  • Personal/Professional sites
  • Information security
  • Enterprise-wide web site content cross collateralization

Similarly, the Financial Industry Regulatory Authority (FINRA) has issued guidance for secutires brokerage firms. According to its web site, FINRA “is the largest independent regulator for all securities firms doing business in the United States.” FINRA protects American investors by ensuring fairness and honesty in the securities industry. In January 2010, FINRA issued Regulatory Notice 10-06, providing guidance on the application of FINRA rules governing communications with the public to social media sites and reminding firms of the recordkeeping, suitability, supervision and content requirements for such communications. Since its publication, firms have raised additional questions regarding the application of the rules. Key take aways from FINRA’s guidance include the flowing:

  • Brokerages have supervisory and record keeping obligations based on the content of the communications – whether it is business related – and not the media
  • Broker-dealers must track and supervise messages that deal with business
  • Firms must have systems in place to supervise and retain interactions with customers, if they are made through personal mobile devices
  • A broker must get approval from the firm if she mentions her employer on a social media site
  • Pre-approval for instant messages, also known as “unscripted interactions’ in legalese, is not necessary as long as supervisors are informed after the fact

Conclusion.

Many professionals in regulated industries are eager to leverage social media to market and communicate with existing and prospective clients and to increase their visibility. However, participants must ensure compliance with all of the regulatory requirements and awareness of the risks associated with using various forms of social media. Hopefully, the guidance outlined above can serve as a good starting point for discussions about how best to use of social media as well as suggestions regarding factors that firms may wish to consider is helpful to firms in strengthening their compliance and risk management programs. We invite you to contact us with comments and requests about how we can help you educate your employees, prevent fraud, monitor risk, and promote compliance. We can be reached at lsglegal.com866-734-256, @adlerlaw and dadler@lsglegal.com.