Social business policy (social media policy) engagements are some of the most interesting, revealing and critical engagements CSRA has done. Of course, organizations’ main motivation for creating social business policies is protecting themselves against possible legal threats caused by employee interactions online; however, a far greater threat is overemphasizing the legal threat and sabotaging employee engagement online. Well researched and crafted social business policy increases trust between the employer and employees—and among employees, leading to more appropriate online interactions, which burnish the firm’s reputation. Here, I’ll outline how you can use the process of creating the policy to manage legal exposure while increasing employees’ trust and productive social business activity.
Social Business Policy: Hidden Gold
Two crucial things that organizations don’t realize about social business policy:
- It’s all about trust—Creating a social business policy is an activity that most organizations have done poorly and unwittingly sabotaged their employees’ natural curiosity and enthusiasm for interacting online. Policies broadcast how much the organization trusts employees; they give employees a message for how trusted they are. This is unconscious but readily visible when you know what to look for.
- Managing policy is an opportunity—Managing and updating social business policy is an opportunity to review how employees and the organization feel about social business activity and evolving trust.
Part of CSRA’s process for creating social business policy is analyzing policies of other organizations that resonate in some dimension (business structure, geography, culture, client/customer types, relationship to profit are a few of the dimensions we consider). When you analyze policies in this way, they are incredibly revealing.
Social Business Policy: Why and What
Why—Social “media” puts organizations into a quandary because platforms and applications are free and offer access to the world instantly. “Media” access used to be closely controlled and guarded, and now it no longer is. Employees, partners, spouses and friends of the organizations’ employees and proxies are constantly interacting online. Depending on the context of such interactions, who the people are and what is communicated, the organization might be liable for legal damages. Depending on the organization, this might be a very real threat. In most cases, the probability of legal exposure is very low, but it definitely exists for every organization.
What—Social business policy is a (usually) public online document that lays out the rules of interacting online to employees. It discloses types of “things to not say.” For example, if an account executive discloses proprietary information about one of the firm’s channel partner’s products that’s in pre-release, it could be highly damaging. Another scenario; someone in Finance talks about a competitor’s system upgrade that reflects to those who know the industry preparation for a merger. The employer could be sued in each case.
Social business policy lays out the rules to employees and to other people with whom the firm has relationships. This helps in court because it shows that the organization has made a good faith effort to communicate threats and guide appropriate online behavior to employees. Courts generally recognize that employees interact, in social venues and elsewhere, on their own volition and are responsible for their own conduct. However, courts often regard firms that do not have a social business policy as negligent.
The legal risk is obvious, but the degree of risk the organization faces varies widely with the business it’s in; in most cases, the risk is very low.
What (more)—Most organizations miss the opportunity to offer guidance to employees in addition to laying out the rules. Very few employees understand exactly what happens when they interact online, so the firm has the chance to address ignorance. In this case, it can help employees to be more appropriate and look good online, which reflects favorably on the firm.
The trust risk is hidden and many firms fail this test; their policies come across as paternalistic and heavy handed. Virtually all firms fail to take the opportunity to develop a productive “social business attitude.”
Social Business Policy: How
Creating a social business policy is often a relatively short and straightforward process, but this can vary with the organization, its culture, its legal profile and myriad other factors. In most cases, CSRA recommends engaging employees in creating the policy itself, so it’s an opportunity to communicate that the policy is not a big brotherish effort to stifle employees’ ability to interact—but rather it’s an effort that aims to increase trust—both between the firm and employees and among employees. Here are some of the things we usually do:
- Be inclusive by giving the heads-up to Legal, Human Resources, Sales, Marketing, PR and other relevant functions that you are doing this. Depending on the culture, it may be best to get a good draft before bringing others into the loop.
- Identify risk: what are we afraid of or concerned about? CSRA often surveys employees, which is revealing because they are aware of types of risk that the corporate office doesn’t see. It’s helpful to have the risks laid out on the table; they are less scary once identified. Include the corporate functions above in the survey if appropriate.
- What kind of behavior or disclosure could activate the risks? That goes into the policy.
- Review other organizations’ policies as referenced above.
- Draft the policy, focusing first on addressing perceived risks; on subsequent drafts, focus on attitude and tone. Part of the rules is specifying consequences if the rules aren’t followed. It is dismaying that many social business policies come across as punitive and paranoid. such policies have usually been prepared by law firms or legal departments, which are largely ignorant of real behavior in digital social venues and don’t understand the risk they are invoking: broadcasting to employees that they are not trusted. CSRA usually leads a process to assuage Legal while preserving the potential of social business.
- Take the opportunity to give employees some pointers on platforms, types of interactions, how they can best manage their “work” and “private” identities online, etc. Position these suggestions as a “guide” and give useful specifics.
- Use social business roles heavily to define responsibilities and privileges of each. Two examples are “regular employee” and “social business specialist,” part of whose job it is to interact on behalf of the firm.
- Address conduct on your organization’s venues as well as behavior on major platforms, blogs and mainstream media sites.
- Once you are comfortable with the draft, share it with Legal, H.R. and other relevant areas. Depending on your culture, share with a group of employees as well to get their reactions.
- Create a process and virtual team to review the policy periodically, and include other groups in the review. Identify people within each function that wants input to gather some data about the policy and employee activity. Set the expectation that the policy will evolve continuously. Each team member tracks social activity and notes exceptions, when the policy had to be invoked, etc. Depending on the organization’s level of activity, reviews could be quarterly, biannually or annually.
- We have found that employees are very protective of their employer in most cases, which surprises many executive sponsors. Including them on the policy creation and management is very healthy and productive.
- Employees are representative of their clients and employers and other organizational affiliations. By creating a collaborative relationship with them, you create an opportunity. They are your brand.
- Overly restrictive policies are often written by people with little direct knowledge of digital social venues. Law firms and legal departments lag significantly in online adoption. There are enlightened attorneys, to be sure, but they are in the minority.
- I can’t say it plainly enough: the biggest risk related to social business policy is creating and communicating a negative attitude toward social business. Since it’s the spear of a communications and societal transformation, broadcasting to the organization’s community that the organization is afraid and uncomfortable is a major risk. That’s why our approach is grounded in getting all the risks on the table and evaluating how prevalent they are.
- The policy affects employees’ trust of each other, too. Many executives tell me that their policies are so restrictive, employees just go around them. And employees seek guidance for how to use social technologies.
- CSRA case study: Social Business Governance Program for Local Government
- Chris Boudreaux had the first/most comprehensive collections of enterprise social business policies, a fantastic trove I highly recommend.
- My colleagues at Socialmedia.biz have a great collection of social media policies.
- My links on social business policy and social media policy include resources and useful posts.