Note: Nothing in this post is legal advice and should not be construed as such.
As of March 2018, there are more than 3 billion social media users worldwide. It’s a certainty that at least some of those users work for your organization. These users, and all your employees, need to know the rules of engagement. That’s where your social media policy comes in. If you don’t have a social media policy, it’s time to write one. If you have a social media policy, it’s time to review it.
There is no shortage of advice on how to write a social media policy (including 4.5 billion online search results). Unfortunately, that also means that there is no shortage of bad advice on how to write one either. Benchmarking and best practices are a good start, but there’s more to consider, including guidance from several federal agencies like the National Labor Relations Board (NLRB), Equal Employment Opportunity Commission (EEOC), Securities and Exchange Commission (SEC), Federal Trade Commission (FTC), Federal Drug Administration (FDA), and the Financial Industry Regulatory Authority (FINRA). Additionally, the Federal Financial Institution Examination Council (FFIEC) has provided official guidance on how entities under their scope should create policies and procedures regarding social media. When you add it all up, it can be overwhelming. The purpose of this post is to sum up the necessary steps to take when building a social media policy.
Let’s start with the hard part – the rules. As social media expands and changes, lawmakers and regulators have had to adapt. This includes issuing guidance and notices, and passing additional regulations to account for social media uses no one may have anticipated five years ago. No single blog post could be inclusive enough to adequately explain the plethora of guidance coming from regulatory agencies regarding social media – and I’m not going to try. The best advice is to implore financial institutions to check with regulators regularly to ensure their social media policies align to the most recent guidance.
In addition to specific financial institution guidance, there are general requirements and best practices to consider when writing and implementing a social media policy. I’ve consolidated those into four steps.
The four steps to an effective social media policy are:
- Determine Your Policy Objectives;
- Draft the Policy;
- Educate and Train on Your Policy; and
- Monitor and Enforce Your Policy.
Step One: Determine Policy Objectives
Evaluate what works best for your organization and company culture. When building a policy, ask the following questions:
- What do we want to accomplish with this policy?
- What do we want to accomplish by using social media?
- How are employees personally using social media?
- Are employees using social media to assist in work-related tasks?
- Does your organization use social media for its advertising and marketing?
Step Two: Draft the Policy
When crafting a social media policy, consider consulting or including your Compliance, Privacy, Risk Management, Legal, IT, Governance, Marketing, and Communications departments in your conversations.
At a minimum, your policy should cover the following areas:
- Define social media.
- List your guidelines for conduct on social media sites.
- Identify where to seek help and get questions answered.
- Explain enforcement rules and procedures.
- Make it clear that the policy is not intended to interfere with any rights of employees recognized under the law.
Best practices when creating your policy:
- Use plain language. Everyone should be able to read and immediately understand the policy.
- Provide specific examples and be clear on what the policy covers. Ensure your policy specifically outlines which types of posts are prohibited. Vague or overly broad statements are likely to be unenforceable.
- Make the policy accessible—post it everywhere that is practical.
- Make it easy to seek advice and ask questions.
The key messages in your social media policy should advise your employees to:
- Be authentic and transparent.
- Use good judgment.
- Respect everyone and be polite.
- Protect confidential and private information.
- Respect intellectual property.
- Follow the rules.
- Be accountable for your actions.
Don’t feel like you need to recreate the wheel. The internet is a rich source of sample social media policies; but know that one size does not fit all and every policy should be specifically tailored to your organization.
Step Three: Educate and Train
Spreading the word about your policy:
- Spread your policy far and wide.
- In addition to the text version, consider creating an app, video, or slide show for employees to reference.
- Inform the entire organization of policy updates. Social media evolves quickly; make sure to update your policy as often as necessary to keep it relevant.
- Training is an imperative step toward social media compliance. Be sure to include social media in your annual compliance training.
Step Four: Monitor and Enforce
Monitoring Social Media
You can monitor your content by utilizing search engines for relevant keywords or phrases. You may also consider monitoring changes made to company social media pages to ensure compliance policies are being enforced effectively.
Enforcing the Policy
Include an enforcement statement in your policy. A typical statement states that policy violations will be subject to disciplinary action, up to and including termination.
Social media is an ever-evolving tool for both individuals and businesses. When thoughtfully written and consistently enforced, a social media policy will empower everyone in your organization to act with awareness and accountability.