Companies increasingly are expanding their social media presence as a quick and efficient way to reach out to their target audiences. But a flurry of government regulations and guidelines accompanies the growth of social media. The existing and proposed regulatory standards primarily focus on protecting consumers from misleading and abusive practices; however, companies need to understand the regulatory landscape in order to avoid rules, which not only can create legal difficulties but also can end up ruining their hard-won reputations.
A number of regulatory bodies, including the Federal Trade Commission, which is charged with assuring consumer protection, have issued regulations and “best practice” guidelines that impact social media use. The latest intelligencecomes in the form of proposed guidelines from the Federal Financial Institutions Examination Council, or FFIEC, an organization that includes heavyweights from the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, and other agencies. Put simply, FFIEC’s proposal advises institutions to implement and maintain a risk management program that addresses compliance, technology, information security, legal, human resources and marketing issues, so the program can “identify, measure, monitor, and control the risks related to social media.”
While the proposed FFIEC rules may be targeted to the financial industry, they provide solid guidance for any type of business already employing social media or considering making the leap into that world for marketing and other endeavors. Further, as these rules are put into practice, it is likely that they will become de facto standards that are adopted in whole or in part by other industry regulatory bodies and consumer protection agencies such as the FTC. To that end, forward-looking companies should review their risk management programs now. For starters, here are seven major issues to consider:
• Do you have a governance structure with clear roles and responsibilities, where the Board of Directors or senior management are directing your social media efforts in a way advances the company’s strategic goals?
• Have you reviewed, implemented and updated policies and procedures to ensure that the way you use and monitor social media meets all applicable laws, regulations and guidance — especially when it comes to privacy, prohibitions against unfair, deceptive or abusive practices; and rules on advertising?
• Do you have a due diligence process to select and manage outside service providers or vendors, especially if they are responsible for developing or placing content on your behalf? If you develop and place content in-house, have you made it clear that social media efforts intended to promote the company belong to the company, even if the employee who starts or maintains the online presence leaves the firm?
• Do you have an employee training program that reflects your company’s policies and procedures for official, work-related use of social media, and does it define what is and what isn’t permissible?
• Have you put oversight processes in place so you can monitor blogs and other activity before they’re posted to social media sites — this can mean assigning someone to review content before it’s posted, who can also post it, and who knows how to respond properly to any complaints about the content?
• Have you developed audit and compliance procedures that ensure your actions match your internal policies and all applicable laws, regulations and guidance?
• Finally, do you have processes and procedures to measure and objectively report to the Board of Directors or senior management on whether your social media efforts are effective and whether they’re achieving the desired objectives?
Some companies are sure to look for loopholes in these and other guidelines. However, even a perception that consumer protection rules, privacy or other rights have been breached creates exposure to legal and public relations consequences of varying degrees. Just as in the ‘offline world,’ companies utilizing social media need to do everything to protect their reputation. The best insurance could very well be a carefully crafted risk compliance program.
Leslie F. Spasser is a shareholder and co-leader of the Media, Internet and E-Commerce industry team at LeClairRyan, based in the firm’s Norfolk, Va. office. She can be reached at: firstname.lastname@example.org.
Leslie Paul Machado is a partner and co-leader of the Media, Internet and E-Commerce industry team at LeClairRyan, based in the national law firm's Alexandria, Va. office. He can be contacted at: email@example.com.
This column first appeared in Inside Business.