This week we had a member call on using social media in regulated industries with guests Mari Anne Snow, CEO of SophiaThink Consulting, and Edward McNicholas, a Partner with Sidley Austin LLP. It’s a topic that gets mentioned a lot but rarely gets to specifics so we were thrilled to hear about some of the very specific considerations and requirements for organizations in the health care, education, and financial sectors. Some of the best practices that hit home for me were the following:
- Don’t mandate what you cannot monitor. There is little reason to have rules if there is no way for you to see when they are being broken or enforce them and they become filler or distraction to the things you really can and should be watching.
- Governance structures and policies are under utilized as a method of demonstrating compliance and creating a way to audit situations. The closer this governance structure is to senior leadership, the better it will represent the risk tolerance of the organization as a whole.
- Legal, compliance, IT, and HR resources need to be part of the conversation and governance discussion early on – and while it is considerate regardless of your environment to do this, it is crucial in regulated arenas because once an issue bubbles up, there is no time to bring the organization up to speed – they should already be well versed in the social strategy and methodologies being used. The entire organization needs to be ready to respond in real time.
- Policies need to address four types of use: corporate use of corporate sites, personal use of corporate sites, corporate use of public sites, personal use of public sites.
- Much of the risk in the social media space comes from privacy and use of personal information.
- The international environment is extremely complex in this area right now and Europe, in particular, is much more stringent regarding personal privacy and date use.
TheCR members had a lot of questions about specific situations including pre-scripting messages (hard to do), their own members who reference their organization repeatedly and give the impression of a partnership even when none exists, issues around online recommendations, and how to stay clear of anti-discrimination law. We only scratched the surface in an hour but we’re looking forward to following up with more specific topics. For me, it was eye opening and gave me pause around a number of topics that our members are grappling with in regards to legal ramifications. For many organizations, the ‘Just Do It’ approach is not only bad advice, it’s reckless.
If you would like to hear more about this topic, Mari Anne and Ed are speaking at IAPP’s Privacy Academy 2010 happening at the end of September in Baltimore.
If you would like to discuss this issue with other social media and community management colleagues, membership at TheCR is a great way to do that. Find out more here.
