Developing corporate social media policies is an ongoing experiment akin to the struggle enterprises endured when the Internet and email were introduced as business tools. Enterprises should not assume, however, that the policies they developed over many years for Internet and email use are a perfect fit for social media.
"Companies are making a mistake when they say social media is the same as email and chat," said Julie E. LeMoine, a collaboration expert who recently codeveloped a large financial services firm's social media policies. "There's enough that is different about social media that you need to be blunt and state the [rules of behavior] again, even if they're the same words [used for older e-communications polices] -- which I doubt they will be."
For starters, e-discovery polices will change, given the free-for-all nature of social networking, according to Stew Sutton, principal scientist for knowledge management at The Aerospace Corp., a federally funded research and development center in El Segundo, Calif. His organization has no limits on email retention, but with "social conversations, wikis, blogs and tweet streams, the mass of data sitting out there becomes a problem," he said. The issues can make e-discovery "extremely costly."
LeMoine and Sutton spoke during a session titled "Social Media & Social Networking: Some Cautionary Tales" at last week's Enterprise 2.0 conference in Boston. Also on the panel was Suzanne McGann, social media program manager for global interactive strategy at Medtronic Inc. in Minneapolis.
Views from industry sectors including financial services, aerospace and medicine make it clear that social media policies vary widely by sector, and depend on the regulations companies must comply with.
For Medtronic, a maker of such biomedical device implants as heart pacemakers, developing social media policies is an arduous process that is watched closely by the U.S. Food and Drug Administration (FDA), McGann explained. Because the company operates under strict FDA and Health Insurance Portability and Accountability Act guidelines, she was informed by the company's executive committee that there "will be no social media in the organization" until she figured out how to do it safely.
Establishing policies safely involved 10 meetings just to sort out how contractors and employees could use marketing materials publicly. The FDA watches external marketing messages closely to make sure their content is fairly balanced and truthful and does not impinge on HIPAA regulations in terms of patient privacy, McGann said.
"We have hundreds of lawyers who protect us from the FDA, so what we do in social media is to really make sure we understand how to handle complaints [from regulatory bodies], understand what can and cannot be said and educate the heck out of [our policies to employees across the organization], then create policies and systems to keep us safe," McGann said.
Medtronic's social media marketing communications, for example, have to follow strict documentation guidelines. Policy development was led by the director of information risk and co-written by McGann with help from experts in the company's global branding, intellectual property, human resources, legal corporate, legal regulatory, and FDA legal and regulatory departments. "We had at least 20 people who weighed in on the document to even get a good, vague meaning [for our social media policies] by all the right people that can stand on a global basis," she said.
A horse of a different color
Financial services and medical companies are subject to strict regulations, and they tend to want to dispose of information quickly that shows up in the social media stratosphere. Collaboration expert LeMoine, for one, was directed to not have "anything" that is discoverable after a certain date, whether on a wiki or a blog.
There's enough that is different about social media that you need to be blunt and state the [rules of behavior] again.
Julie E. LeMoine, independent collaboration expert
The Aerospace Corp.'s Sutton and his team, however, have to follow defense regulations but balance those with the needs of engineers, who rely on being able to use information that dates back several years.
"[Social media] is increasingly a problem from an enterprise risk standpoint and the chances of national security leaking out," Sutton said. He was quick to add, however, that that the benefits of social media outweigh the risks.
"Look at what you can produce, and then the burden may be outweighed by the value propositions," Sutton advised.
The cost of social media oversight
Don't expect to get a pot of money to pay for developing social media policies. Medtronic's McGann had to fight for funds to back her social-media policies project, as well as fight for head count. "We have thousands of posts a day mentioning our product, and we have to figure out how to package that clearly and identify for our managers and executives the value coming out of that. That is an integral part of our program," she said.
McCann suggests buying a "listening tool" to enforce social media policies. She uses the social-media monitoring tool Radian6, from a vendor acquired in March by Salesforce.com Inc. If a problem arises, the incident is tagged and sent to the manager in charge of the employee communication in question; or a cease-and-desist order is sent to the social networking site (Facebook or Twitter, for example) where it appeared.
LeMoine has found that social media oversight costs were not as much of a burden when an "evangelist" was put in charge of the effort, such as herself. Other costs have weighed heavily on the legal department, which did not add staff despite the extra burden beyond traditional e-discovery, she said. The social media platform cost about $75,000 and requires two people to run it. Two "thought people" were hired to monitor social media policies as well as two operational employees, she said.
In the end, it's hard to quantify what the cost of social media policies oversight will be, the panel said. It depends heavily on a company's industry and corporate policies for one, as well as on whether oversight is for internal or external social media purposes.
It's a misconception that it is more difficult to establish external policies for dealing with customers, LeMoine said. In reality, you have a much larger mix of users and needs inside the organization that should prepare you well for external social media polices, should that time come.
Let us know what you think about the story; email Christina Torode, News Director.