Directors and officers know that social media is a megaphone—but do they know who at the company is holding the megaphone? And are any guardrails in place? In this week’s D&O Notebook, my colleague Lenin Lopez provides timely insights on how to implement and update your company’s social media policy. –Priya Huskins
It’s hard to believe that the first tweet was sent over 15 years ago. Since that time, social media platforms have flourished, and companies have leveraged their reach to communicate with customers and investors, build brand awareness, drive traffic to their websites, and recruit new employees.
Whether you are a private company with 20 employees or a public company with 20,000 employees, a robust social media policy can be very helpful. One of the primary reasons for implementing a social media policy is to protect against unwanted and avoidable mishaps involving social media use by employees. Not having a comprehensive social media policy may result in guesswork by employees as to what is acceptable. In some cases, employees may not even be aware of how their online behavior is potentially problematic. Unfortunately, social media mishaps can result in serious consequences for your company’s reputation, balance sheet, stock price, and legal exposure.
Catching Up with Modern Times
In the early days, some companies reacted to the advent of social media by simply including a section covering the topic in their codes of conduct or employee handbooks. That didn’t always go well. In an interesting case from those early days, Costco had included an electronic communications and technology policy within its 2010 employment agreement, which read more like an employee handbook. The policy directed employees to ensure that they keep Costco-related information confidential and secure, and prohibited them from posting statements that could damage Costco’s reputation or that of any Costco employee. The latter caught the attention of the United Food and Commercial Workers. They filed charges against Costco for perceived violations of the National Labor Relations Act (the “Act”).
In its ruling against Costco, the National Labor Relations Board found that Costco’s policy was overly broad and could hinder Costco employees’ protected right to free speech under the Act. Chipotle learned a similar lesson in 2016, as described in a memo from Philip L. Gordon and Kwabena A. Appenteng, both from Littler Mendelson, P.C.
Almost a decade has passed since the decision in the Costco case. Social media policies, as well as approaches to developing them, have evolved. For instance, many companies have moved away from simply having their social media policy live within a broader policy, like an employment handbook or code of conduct, and instead moved to implementing a stand-alone social media policy.
FAQ: Social Media Policy Basics
What follows are a few FAQs that will help uninitiated readers and potentially even seasoned experts in the area.
Why does my company need a formal social media policy?
- Provides clear guidelines for employees as to how the company expects their online social media presence to reflect the company’s values.
- Helps to protect the company’s confidential information, brand, and reputation.
- Can empower employees to be brand ambassadors.
- Helps to prevent a social media crisis.
- Enhances and/or complements other company policies (e.g., code of conduct, pharmacovigilance, and Regulation FD1)
Whom at the company should develop and/or maintain your social media policy?
- This type of policy will (and should) have multiple stakeholders. A few to consider:
- Human Resources may have an interest from an employee experience and engagement perspective.
- Investor Relations/Communications may want to make specific reference to social media channels and how they would prefer that employees interact with those channels to help communicate the company story.
- Marketing may want to weave in guidelines around how employees should or should not engage with customers through social media.
- Regulatory may need to prohibit (or facilitate—remember Costco and Chipotle) certain types of behavior.
- Legal may want to list consequences associated with violations of the policy, as well as cross reference other company policies.
Should we involve an outside legal resource in the review process?
- Yes. The Costco case described above is a great example of why, at a minimum, you may want to ask outside employment counsel to review your social media policy to confirm that it doesn’t run afoul of applicable employment laws or regulations.
- Remember, too, that there are certain industries where state and federal regulators have officially opined on the use of social media. For example, the US Food and Drug Administration (FDA) has issued guidance regarding the use of social media in the case of life science and medical device companies. If you are in a regulated industry, check to see if your regulators have issued guidance on social media policies.
- Additionally, if your social media policy is expected to apply to employees in other countries, involving local counsel in that country is advisable. See GM’s social media policy for an example of how a company has approached country-specific nuances through an addendum section.
What ingredients make for a good social media policy?
- Purpose and scope: Set forth the company’s general guidelines for social media use and identify to whom the policy applies, which should generally be your board of directors, officers, and employees, as well as others that may act on behalf of the company. P&G’s Global Social Media Policy does a very good job of explaining both purpose and scope.
- Description of confidential information: Given that the protection of confidential information should be one of the primary goals of a social media policy, it is important to define what confidential information is and provide clear examples. A public company will want to leverage its insider trading policy, which likely includes the types of information that the company views as particularly sensitive. If applicable, this is also a good opportunity to remind individuals of any organization-wide non-disclosure agreements.
- Cross references other related policies: A social media policy typically draws upon principles from other company policies, like a code of conduct. When relevant, reference those other policies (e.g., information protection, anti-harassment, insider trading, Regulation FD, non-discrimination, privacy, and cybersecurity).
- Identify who is authorized to speak on behalf of the company: It is critical to make clear that there is a difference between speaking “on behalf of the company” and speaking “about the company.” Wolters Kluwer does a great job of this in their social media policy. Public companies typically have a Corporate Communications/Regulation FD policy that identifies the individuals who are authorized to speak on the company’s behalf. The social media policy is a great place to reference that Corporate Communications/Regulation FD policy and explain who is authorized to speak on behalf of the company. For more on authorized speakers and the use of social media to disclose material, non-public information, see this article from Woodruff Sawyer’s D&O Notebook.
- Acceptable and inappropriate conduct: There is a natural tendency to try to list all types of conduct that are not encouraged and not allowed. However, including specific examples of what is encouraged and allowed under a social media policy can be more effective in driving employee adoption. One “do” that is worthwhile to include is to use common sense when interacting online, whether it is for business or personal reasons. Some may remember the case of the PR director who posted a vile tweet before taking off on a flight to Africa and who, even before the plane landed, was effectively fired from her job as a result of the tweet. More recently, Estée Lauder acted swiftly by forcing out one of its senior executives in response to an offensive Instagram post. Perhaps more a warning for the unwary, it’s best for your social media policy to include a reminder that the internet doesn’t offer a recall and delete feature. See Edmunds’ Social Media Guidelines for an example of a clever approach to social media Dos and Don’ts.
- Contacts for questions: The number of contacts listed in a social media policy will likely depend on the length of the policy and/or how complex the business is, but there should be at least one primary contact to field questions regarding the policy. Points of contact should receive training on the policy and the legal framework underlying the policy. This will help to ensure that questions and potential policy violations are dealt with appropriately and timely.
How often should a company revisit its social media policy once implemented?
- At least annually. A company may want to also consider reviewing its social media policy earlier if facing certain changes (e.g., going public, acquisition, significant increase in employee headcount, or commercialization of a new drug) or as a result of a change in applicable laws or regulations.
1Regulation FD prohibits public companies from selectively disclosing material, non-public information. It addresses the complaint that, prior to 2000, some investors (like large institutions) had direct relationships with companies and were getting material, non-public information, such as a company’s expectations for its quarterly results, before the public.
Join Woodruff Sawyer experts as they get into the how and why, and what exactly the legislature did to make captives a more viable option to replace traditional D&O insurance.
Related Blog Posts
As the litigation environment for directors and officers gets more intense, in-house lawyers want to know: Do I need malpractice insurance?
Read our critical FAQ for D&O insurance buyers and beneficiaries to get up to speed on captives as an alternative.