Associate editor Jeff Kelly speaks with ePolicy Institute director Nancy Flynn about how businesses can get the most out of corporate blogging but stay safe at the same time.
Read the full transcript from this podcast below:
Jeff Kelly: Hello, and welcome. My name is Jeff Kelly, and I'm an associate editor for the CIO Decisions Media Group here at TechTarget. Today we're talking about blogs, which are turning up in just about every corner of cyberspace these days. They're even beginning to show up in the corporate world, as more and more companies are turning to blogs to communicate with their employees and customers. But like a new technology, blogging comes with its share of risks.
Joining us today to talk about corporate blogging and its associated hazards is Nancy Flynn. She's the founder and director of the ePolicy Institute, an organization that advises corporations on ways to mitigate what it calls e-risks. She's recently written a book on the subject of corporate blogs called "Blog Rules; a business guide to managing policy, public relations, and legal issues." Welcome Nancy.
Nancy Flynn: Thank you Jeff.
Jeff Kelly: So before we get some of the risks, let's talk about some of the benefits of corporate blogs. So just why would a company want to operate a corporate blog in the first place?
Nancy Flynn: And there are tremendous potential benefits inherit in blogging. In fact, in our most recent survey, which is the 2006 Workplace email, instant messaging, and blog survey that we conducted in concert with American Management Association, we found that 8% of organizations already are blogging, and of those that blog, 55% are using a blog to communicate with their customers and other third-party readers. And certainly, that's one of the prime benefits of blogging, it gives you that opportunity for two-way communication.
48% are using blogs for internal communication. And it's a great way for work teams to communicate, if you have an international operation. It's a good way for your employees on different continents, or in different countries to communicate with one another. And then, finally, we know that 16% of CEOs are now operating blogs. And what many companies have found is that, the blog is a tremendously effective way to put a human face, if you will, on the guy who typically sits behind a closed door in the corner officer. So those are just three of the many reasons why so many companies have started to take a serious look at blogging.
Jeff Kelly: So would you recommend that all companies publish a corporate blog, or they're right for some companies, but perhaps not right for others?
Nancy Flynn:Right. Well, actually I've devoted an entire chapter in book "Blog Rules" to how you should evaluate the blogosphere, and determine whether or not blogging is in fact right for your business. Because while it's true that a blog can be a terrific relationship building tool, it can help you, especially if you're an organization that has a real powerful message, you've got a lot of content you want to get out there, you want to educate and inform readers, a blog is the way to go.
On the other hand, you do not want to use a blog as a sales tool, or as a marketing tool, that's not what blogs are intended for, and the blogosphere will react negatively to that. And they may actually attack you essentially if you try to use it as a sales tool. But all of that said, companies really need to take a close look at, number one, what do we have to gain from blogging? How would we use this blog? Do we really have enough content to post on a blog on a daily basis, at minimum, on a weekly basis, because you have to keep your blog updated.
Secondly, do we have somebody on staff, in house, who's a strong enough writer to create compelling content that's going to keep readers coming back for more. There was an article in the Wall Street Journal not too long ago that said that more and more and more companies are now hiring writers who are specifically hired to write the company's blog. And when you write a blog, you want to write in the first person, in other words, it's the I voice. It is intended to be very personal, essentially, your opinions, your thoughts, your company's position on certain issues. So you really need to have a writer who's able to pull that off, otherwise you simply won't attract readers, or the readers you do attract won't come back for more.
Jeff Kelly: So what are some of the risks that companies open themselves up to when they decide to publish a corporate blog?
Nancy Flynn: Right. Well, the risks inherent in blogging are enormous. And, you know, part of the reason that the risks or blogging are so enormous is just because of the sheer size of the blogosphere, if you will. According to Technorati, the big blog search engine, there's one new blog going online every second. A lot of industry analysts believe that the blog will exceed email, and instant message, and the traditional website as the business communications tools of choice.
So, that said, there's a tremendous amount of content that is being posted on blogs, and that will be posted on blogs. And all of that content opens up both the organization and the individual employee to tremendous potential risk. Just to name a few, we've got the risk of lawsuit if employees were to post content that is defamatory, harassing, discriminatory, in any way offensive or inappropriate, it could trigger a lawsuit.
If you accept comments from third parties on your business
blog, and one of those customers, or other parties were to post a comment that violates somebody
else's copyright, let's say they pull some material from my book
"Blog Rules," or they pull other copyright protected material and post it in your comment section of your business blog, you could find yourself liable for third party copyright infringement. And that would carry with it, trouble damages, so it could be extremely expensive. On the employee end, we've seen hundreds, possibly thousands of employees who have been fired for blogging, and the official term for being terminated for blogging is "dooced", you've been dooced if you've fired for blogging. And our survey with American Management Association showed that half of the employees who have been fired for blogging were actually blogging at home, on their own computer, on their own time, but their content violated a company.
Whether it was the company's blog policy, the ethics policy, the harassment and discrimination guidelines, confidentiality policy, whatever, a policy is a policy. So it's real important for employee bloggers to remember, any time you post contents, whether it's on your personal blog or your company blog, make sure you're not violating a policy, make sure you're not writing anything that could offend your employer. Because if you work in an employment-at-will state, which just about everybody in the United States does, at the end of the day you could be fired for just about any reason, including your blog posts, and you don't want to end up getting fired for blogging.
Jeff Kelly: That's a great point, Nancy. So what can companies do to mitigate some of these risks?
Nancy Flynn: Well, what you need to do is, again, as an employer, you need to make sure that you put together a strategic blog risk management plan that addresses all of your legal risks. If you're in a regulated industry, whether it's financial services, or healthcare, or whatever, you have to make sure that you are in compliance with all the regulator's rules when it comes to content and usage. You want to make sure that your trade secrets and your confidential information is protected. And you want to make sure that your employees aren't posting any content that's in any way going to damage your business, either by triggering a lawsuit, or offending or turning off a customer, or a prospect, or supplier even.
So the first thing that I recommend is, and the real reason I wrote the book "Blog Rules," is that you put together a written blog policy that's based on best practices that lays out specific guidelines for employees blog use, and specific penalties if employees violate the policy. And, again, we found in 2006 Workplace, Email, IM, and Blog Survey that, already, we see 7% of companies that have already put into place a policy governing employees business blog use and content, and another 7% have put a policy in place governing the content employees may post on their personal home base blogs, and that's a very important point.
We've got 6% who have a policy that controls the personal postings employees can write on corporate blogs, and 9% with a policy that covers the operation of personal blogs on company time. And then, finally, there are 5% of companies that have simply put into place a strict anti-blog policy, they're banning blog use all together on company time. And what we found is that another 17% of employers are backing that anti-blog policy up with the use of technology that just prevents employees from even visiting blog urls, because they don't want employees writing on blogs, they don't want employees even taking time to read third-party blogs during the day.
Jeff Kelly: So who should be setting these policies? Does this responsibility fall on the CIO, or does it fall on the CEO, or other members of the organization?
Nancy Flynn: Right. What we always recommend here at the ePolicy Institute is that, ideally, if your organization has the human and financial resources to allow it, you want to put together a strategic blog management team, if you will, that would consist of your CIO, your legal counsel, and your records manager. And the reason you want those three parties involved, you certainly want your CIO, or your IT Director involved, because you want to make sure that, if you're using an enterprise system, if you've set up a company blog program, you want to make sure you're using the right technology.
You also want to be sure that you are, on a regular basis, monitoring the blogosphere to see what your employees, your competitors, your customers, your suppliers, the media, the general blogosphere, what are people writing about you. You want to make sure that your IT department is involved because, believe it or not, spam has already invaded the blogosphere. We've got two types of blog spam. One is called comment spam, and the other is called splog. And you want your IT personnel involved to try to keep your blog spam to a minimum.
And then you want your legal counsel involved, because, again, you want to make sure that your policy addresses every risk, every law, every regulatory rule, and you want to make sure you have developed a policy based on best practices. So if you end up on the wrong side of a workplace lawsuit, you can walk into that deposition, or that courtroom and say, hey listen, we've done our due diligence. We've put a policy into place, we've had that policy reviewed by legal counsel, we've educated all of our employees. We've done everything we can to prevent a blog related disaster from happening, we've done the best we could do.
Sometimes accident happen, sometimes a rogue employee will intentionally trigger a disaster. And the courts are going to look more favorably upon your company if you have done your due diligence upfront. And then the third party that you want involved in that policy team, as I mentioned, would be your records manager. And that's because blog posts and reader's comments do create electronic business records. And our survey shows that only three % of companies have already put into place a policy to govern the retention of those business records. That's a tremendous oversight, very dangerous oversight on the 97% of current corporate bloggers who have not put those retention policies in place. The most critical challenge facing all businesses that use email, that use blogs, that use IM, that use any kind of communications tool, the most critical challenge all business faces is, retaining and archiving electronic business records.
Those are the messages, the blog post, the reader comments, that are related to your business. Those are the documents that will be subpoenaed if you end up involved in a lawsuit. And our survey shows that 24% of organizations last year had employee email subpoenaed. Another 15% of companies went to court to battle a lawsuit triggered by employee email. There is no reason to assume that blogs will not begin to play an equally prominent role in litigation. So you have to have those business records retained, and accessible in case of litigation. And the real reason you want to do this is because it can be so extremely expensive if you cannot produce electronic business records. In 2005 we saw one company hit with a jury award of $1.45 billion ... that's billion with B.
Jeff Kelly: Wow.
Nancy Flynn: ...in part because of their inability to produce employee email in the course of a lawsuit. We saw another company hit with a $29 million jury award. Million dollar and billion dollar legal settlements and regulatory fines have been common for many years now in regards to email. They will be common in regards to blogging, and companies really need to get prepared for that.
Jeff Kelly: What about businesses that may not have unlimited resources? I'm talking about small and mid-size business. What kind of advice would you have for them?
Nancy Flynn: Yeah, well, one thing that I would point out is that, regardless of the size of your business, whether you have one part-time employee, or ten thousand full-time professions, any time you give your employees access to an electronic communications tool, you must have rules, you must have policies. You have to give your employees some guidelines. And particularly when it comes to blogging, again, even if you only have a handful of employees, those employees still could be going home after work getting on their own computers at home, and posting comments about your company, you, your suppliers, your products, etc, that you simply don't want out there in the blogosphere.
So you have to, regardless of how many employees you have, again, you need to have those policies in place. And two things that I want to make sure I mention, and, again, doesn't matter how employees you have, what industry you're in, whether you're regulated or not, the first point I want to be sure I make is that, part of what makes blogging so dangerous is the fast that, the blog is all about linking. I mean, the name of the game with blogging is, how many links you can get coming into and out of your blog. Because the more links you have, the higher your ranking on the blog search engines. And there's something in blogosphere that doesn't exist elsewhere called the permalink. And what the permalink basically means is that readers can link to posts on your blog, move it over to their blog where it is permanently and forever accessible to readers. There's also something called RSS feeds, which is basically syndication.
So just a newspaper, you know, an old fashion print newspaper columnist can send syndicate columns, bloggers can syndicate their posts. And the danger inherent in permalinking and syndication is that these posts remain out there in the blogosphere forever where they can never be retrieved. So if you are an employer, again, small company or a large, and you have an employee who post contact that, let's say, defames a competitor, or violates a third party's copyright, and you get notified by a lawyer, "Hey, you have to take that defamatory comment off your blog," or, "You have to take that copyright protected copy off your blog, or we're going to sue you." Well, you can take it off your blog, but thanks to the permalink, and thanks to syndication, you're never getting it off everybody else's blogs. So it's always out there, it's always in the blogosphere, it can always come back to haunt you.
Jeff Kelly: Well, that's some great advice, Nancy. Do you have any last thoughts for our listeners?
Nancy Flynn: Yeah. One thing I would say is, as I mentioned earlier, be sure you monitor the blogosphere regularly. Again, whether you're a small business, a mid-size business, an international corporation, take advantage of those blog search engines that are out there and find out what is being written about your company. Secondly, remember the first amendment does not protect bloggers, so you're not free to write anything you want anytime you want on your blog at work or at home. You may end up fired if your employer is offended by your blog post. Also, once you start a blog, make an effort, a concerted organized effort to get to know the blogosphere.
Find out who's blogging about your company in a positive and negative light. Who's operating what are called brand blogs, the blogs that are dedicated to your company's products. You know, there are brand bloggers out there writing about Coca-Cola, and McDonald,'s, and Harley Davidson, and Weight Watchers, and on and on. And if you find out through your blog search engines that you've got some brand bloggers who are writing about your company, your products, get to know them. Encourage them to write favorably about you. You can use the blogosphere to your advantage, but it's all about building relationships, and you can't be passive about it, you got to get to know those folks.
And, again, the end of the day, what we tell our clients here at the ePolicy Institute is, electronic risk management really comes down to the three E's of email, internet, and blog behavior. And that is, number one, establish a written blog policy, number two, educate your workforce about the risks and the rules, and then, three, enforce your policy with a combination of technology tools and disciplinary action.
And my final comment would be, my book "Blog Rules," which, was published by AMACOM just a couple months ago, is just full of best practice tips. We've got sample policies in there, we spell out the legal risks, and really help employers put together a policy to insure that your company's blog use is as productive and risk free as possible. So I would encourage everybody to take a look at "Blog Rules," it's a good jumping off point, it's a good tool kit for anybody who just doesn't know where to begin when it comes to putting together a blog policy.
Jeff Kelly: Well, thank you so much for joining us today, Nancy, and thank you for listening.
This was first published in September 2006