Legal worries can be one of the biggest roadblocks on the path to social-media success. Companies can run serious legal risks by wading into social media unprepared. But worrying too much about unspecified risks can keep a company from adopting the technology entirely — and then they risk being left behind.
To get better of idea of how companies can protect themselves from social-media risks, I asked Harriet Pearson, IBM’s vice president, security counsel and chief privacy officer, to explain what goes into a great social-media policy. Here’s what she had to say:
What are some of the biggest unnecessary risks you see companies taking in the social-media space?
One of the biggest unnecessary risks that companies take is not having a social-media policy. While social-media tools present opportunities and potential for productive, collaborative relationships, they also can raise issues related to information security, disclosure of intellectual property or confidential information, privacy and governance. Organizations should acknowledge that social-media tools exist (and that employees are actively using them) and establish policies that clarify the boundaries and guidelines of appropriate use for their employees.
Should companies build their social-media plans from scratch? If so, what should they bear in mind? If not, what would you recommend using as a template?
Organizations should assess their individual exposures and risks in the social-media space based on the industry that they’re in, the regulations they are subject to and the scope of their employees’ use. It would be beneficial to explore what others have done and learn from and/or model their progress, but companies need to tailor their policies to suit their needs. A policy clearly stating what a company’s employees should or should not do will be based on an understanding of which employees are using the tools and how they’re using it.
IBM’s published social-computing guidelines on its website are revised biennially with input from employees. How did the company originally develop these policies? How has this collaborative process developed between the legal team and actual users of these social platforms?
In 2005, IBM became one of the first corporations to establish guidelines for employee behavior in social-computing environments. These guidelines, initially known as the company’s blogging guidelines, were initiated and written by interested employees and ultimately endorsed by the company. They were expanded to cover social computing generally in 2008 and are now known as the IBM Social Computing Guidelines. Since then, we have taken a collaborative approach to developing and evolving the social-computing guidelines, getting employee input on revisions (using wiki technology); the guidelines were updated in 2008 and 2010.
From IBM’s policy-creation process, what best practices can you share? How detailed does a social-media policy need to be?
Organizations should have an understanding of how their employees will use social-media tools. The guidelines shouldn’t be created in a vacuum. Know your organization’s industry and what regulations you are under. It is imperative to establish social-media-conduct guidelines that set the ground rules for their participation. These guidelines would be, to a certain extent, common sense — don’t harass, don’t use obscene language, be respectful and so forth. But they would also cover corporate policy regarding such things as disclosure of confidential information and intellectual property, and they should open the communication channels between employees and management and legal in the event they have questions or concerns regarding whether something should or can be posted.
IBM also has an internal social network called Beehive. Have you created separate guidelines and policies for using this internal network? Do you and your team use Beehive?
There are generally no separate guidelines for Beehive (now known as SocialBlue) or other internal social-media tools used at IBM. The social-computing guidelines that we established cover both internal and external social- media applications, and build on the company’s foundational Business Conduct Guidelines, which apply to all employees regardless of medium.
Pearson will speaking at the upcoming Social Media Legal Risks and Strategy conference in Washington, D.C., from Jan. 12 to 14.
What does your company’s social-media policy look like? How has it evolved over time?
Image credit: peepo, via iStockPhoto