Not that long ago, the delimiter between home and office communications was clear. But the line blurred as social media tools such as Facebook, LinkedIn and Twitter became more popular and companies began using them to promote their products. Now individuals have started to rely on them to raise their professional profile.
Since corporate data now sits on these sites, compliance questions arise. Should corporations begin
At the moment, ambiguity rather than clarity is found in the answers.
“Many companies are just starting to put new processes in place that outline how they will interact with social media content,” said Andy Beal, CEO at Trackur, which offers an online reputation management tool.
Corporations understand that they cannot ignore these information portals, but there is little to no consensus about what should and should not be done. Exacerbating the problem, industry and government regulatory bodies are a step or two behind the social media phenomenon. Eventually, clear guidelines will emerge. But at the moment, companies are flying blind when determining how to effectively engage in social network monitoring.
With Facebook reaching 500 million members and Twitter generating more than 200 million tweets daily, social media is a communication channel that cannot be ignored. Vendors have developed social network monitoring products that businesses can use to watch what is being said on these channels.
A few common compliance-related practices have emerged. Many corporations use social media information to evaluate potential hires. They will go to Facebook and see if a person has posted any inappropriate items and incorporate that information into their evaluations.
Potential hires need to be careful about what they post. In 2009, a woman tweeted: "Cisco just offered me a job! Now I have to weigh the utility of a fatty paycheck against the daily commute to San Jose and hating the work." A Cisco employee saw the tweet and contacted the hiring manager, who revoked the offer.
Similar issues arise once individuals become employees. In some cases, they are encouraged to use these social media channels to enhance the brand but simultaneously need to secure confidential data. Straddling that line can be difficult, and employees sometimes make bad decisions.
For example, an employee at one company tweeted before a big sales meeting that he and his boss were flying to Bentonville, Ark., for an all-day meeting.
“Bentonville just happens to be the headquarters for Wal-Mart,” noted Herbert H. Thompson, chief security strategist at People Security. Quickly, competitors -- as well as Wal-Mart -- learned about the disclosure. The world’s largest retailer became so incensed that it canceled the meeting.
Corporations would like to block such updates. Social network monitoring tools track what individuals are saying about a business on news sites, blogs, video displays, image sites and forums, then route those conversations back to the company. But how these tools are used raises some complex issues about the boundary between personal and business communication.
Currently, most compliance standards do not explicitly tell companies how to deal with social media. Perhaps the closest is Financial Industry Regulatory Advisory Regulatory Notice 10-06, which requires that all static company content be pre-approved prior to publishing. To follow these rules, companies would need to inform employees about their social media policies.
It would seem clear that ramifications would be felt if individuals badmouthed their employers or carelessly leaked confidential data, like in the Wal-Mart instance. Murkier issues arise once a person leaves a company. Employees often sign confidentially agreements that preclude them from publicly posting information about their employer’s inner workings. But how far can a company go to protect its assets? In some cases, businesses' social media policies stipulate that former employees unlink and de-friend their LinkedIn, Facebook and other social network contacts connected with the company.
In addition, corporations are monitoring former employees’ contacts and watching for inappropriate connections to former co-workers and clients. A potentially groundbreaking case will be heard in August: In November 2009, Brelyn Hammernik, a technical recruiter, left IT staffing firm TEKsystems Inc. but continued to send messages to members of her LinkedIn network who worked for the firm. One message read, "Tom -- Hey! Let me know if you are still looking for opportunities! I would love to have you come visit my new office and hear about some of the stuff we are working on! Let me know your thoughts! Brelyn."
In a lawsuit filed in U.S. District Court in Minneapolis against Hammernik and her employer, Horizontal Integration, TEKsystems contends that the communications violated a noncompete agreement barring her from contacting former clients and co-workers.
Due to cases such as this, clearer guidelines from the courts could loom. In addition, industry and government regulatory bodies are expected to provide companies with crisper compliance guidelines in terms of social media and social media policies. Eventually it will be easier for corporations to put suitable compliance policies in place. But at the moment, they must decide for themselves what is appropriate and what is not.
Paul Korzeniowski is a freelance writer who has been covering technology issues for two decades. He is based in Sudbury, Mass., and can be reached at firstname.lastname@example.org. Let us know what you think about the story; email Ben Cole, Associate Editor.
This was first published in July 2011