General Thoughts on Drafting Your Company’s Social Media Policy:
There is no “one size fits all.” Social media policies are as much a reflection of corporate culture as they are a reflection of legal requirements. To draft an effective social media policy, you must understand your company’s brand and your tolerance for dissent, and risk and balance these with what the law allows.
Social Media is a dialogue, not a monologue. If your company intends to actively participate in the social media space you need to understand the differences between social media and traditional advertising and marketing. Traditional channels of advertising are typically a one-way channel. They are billboards in which you impart information to others. Social media is a conversation. While you can talk, the expectation is that others will talk back to you and that you will listen. As lawyers, our natural reaction is to control everything, and remove anything which we or our clients don’t like or has risk. If your company intends to participate in this space and tries to adopt that attitude, they will not be successful. While this does not mean that you need to tolerate defamatory or unlawful material posted about your client, you do need to be willing to live accept valid criticism. The community of users expects that you will react to such criticism by communicating, and attempting to make the situation better, not by removing any negative information, or other activities which smack of “censorship.” If your company is uncomfortable with accepting and responding to criticism in a public forum, this may not be for you. The catch 22 of social media, however, is that opting out really isn’t an option. Even if you choose not to participate in social media others will still be talking about you.
You cannot control Social Media, but you can effectively manage it. The unique aspects of social media noted above (speed, reach, etc.) means that you cannot control social media in the way you can traditional media. Even if your company elects to block all social media, you cannot completely control what your employees do in their off hours, and you cannot control what other people say about your facility (although you may have some recourse if people make untruthful or defamatory comments about you). What you can do is effectively manage social media by crafting clear and reasonable polices, communicate them to your employees, and make reasonable efforts to monitor what is said about you in the online community.
Education and awareness are crucial. The best policy in the world is useless if your employees are not aware of it, or do not really understand how it applies to their actions. Once you have drafted your policy, make sure it is communicated to your employees, and easily accessible to them. Consider making it available online, and publicly available so that your employees can access it in their off hours or at home, when they are most likely to be accessing social media and wondering: “is it really OK to say that on Facebook?” Even more importantly, make efforts to educate your employees about the policy, and how it applies in specific situations. Translating privacy and practice of medicine issues into the online space isn’t always intuitive, so giving people concrete examples and training about what is and isn’t permissible is crucial.
Expect -- and plan for -- a crisis. No matter how well-drafted your policy, and how well-educated your work-force, there is always the potential for a crisis. Because of the issues discussed above (speed, reach, etc) these issues can become very large public relations disasters in almost no time. The recent social media crisis experienced by Domino's Pizza (YouTube video posted by employees showing employees tainting the food) is a prime example. Identify your crisis management team ahead of time and, even more importantly, have a plan for how you will manage a crisis (privacy breach, irate patient spewing venom, etc.) before it happens. Time is of the essence in dealing with a social media crisis. If you do not react quickly, the troublesome material may be seen by thousands—or even millions—of people before you have a chance to react.
Plagiarize from others in developing your policy. There’s no need to start from scratch. Lots of companies have given this issue a lot of thought. Look through these policies and it will help you ferret out the issues that are important to your company and give you some good ideas about how to handle the challenging issues. Particularly good examples are those from Intel, Sun Microsystems and IBM. Here are our Mayo Clinic guidelines for employees, and Ed Bennett's Hospital Social Networking List has a compilation of other policies from healthcare organizations.
In the fourth installment in this series, Dan will offer guidance on specific issues to address in social media policies for employees.