Getting control of social media compliance

February 6, 2017

It can safely be said that years of work building and promoting a company’s reputation and values can quickly be undone by a hasty announcement via social media. The press is frequently awash with incidents of staff posting inappropriate messages on a firm’s Twitter account, someone making damaging remarks in a public online forum, or sensitive information being leaked inadvertently through a personal website. Such incidents often cause public relations frenzies as the interests of a number of parties – not just the company responsible for the incident – are jeopardised.

Facebook, Twitter, LinkedIn, Instagram, Yammer and the myriad other social media sites all serve legitimate purposes with significant benefits for your business. But they can also lead to substantial problems for a company if they are abused. Whilst there is little you can control in terms of what people outside your organisation post and publish online, there are number of measures that should be taken internally to minimise the risk of your company’s image or reputation being tarnished through social media.

Depending on the size of an organisation, it can be quite difficult to effectively monitor and track everyone’s use of social media sites. In light of this, a degree of trust must be instilled in employees to do the right thing. As such, messaging and communication of expectations and standards becomes a substantial tool in protecting your company against the potential risks posed by social media.

Four key things to remember when communicating social media compliance

Clearly define the relevant social media

It is important to be clear on the scope of social media for which your company’s standards apply. In the broadest sense, there are effectively two main forums which need to be targeted: internal social media and external social media.

Internal social media includes any sites which can be accessed via a company account (for example, the company’s LinkedIn, Twitter and Facebook accounts), as well as company intranets or exchange forums. The privilege of having access to these accounts comes with great power as it can effectively give one person the tools to broadcast a company’s thoughts, positions or actions to a conceivably very large audience.

External social media includes employees’ personal accounts that they use outside of their work duties. Whilst clearly-defined rules can be set in relation to internal social media, it can be more difficult to provide guidance and set standards when it comes to personal use of social media and protecting the company’s interests.

Be reasonable

It is an undeniable fact that the vast majority of the people your company employs will have Facebook, LinkedIn, Twitter and other social media accounts. One of the great difficulties of any company is where to draw the line with how much to permit use of these sites, at least on company property.

Whilst you can prohibit employees from accessing personal social media accounts through work IT systems, the reality is that you cannot prevent people from using these sites on their own devices and in their own time. Conceivably, this still poses a risk, as even outside work hours there is the potential for an employee to post something slanderous, confidential or sensitive, which, in an online forum, could easily escalate. Most will have heard of familiar cases of an employee going onto their Facebook or Twitter account, making defamatory remarks about their boss, someone at their organisation or the organisation itself. The repercussions in such circumstances are usually pretty swift and justifiable – there should be no room in an organisation for someone to project to the world a complaint which is insulting or offensive. Whilst it may seem obvious, staff should be frequently reminded that what they post online through one of these platforms not only reaches a potentially huge audience, it is not easily forgotten.

Taking this into account, a draconian approach to restricting access to social media sites may not only be unfeasible but may also be illegal in some territories. Thus, it is of even more importance to help individuals understand the full ramifications of inappropriate activity in the personal social media sphere. In most cases, if someone feels the need to announce to the world a workplace grievance which should perhaps only be told to a friend in confidence, there will often no longer be a place for them at that particular organisation.

Focus on educating and providing context

Educating staff is fundamental to preventing potential damage to the company through personal social media use. People need to know and understand the repercussions of such behaviour – not just for the company, but for themselves.

It needs to be demonstrated how seemingly-innocent conduct can be perceived by the broader community. Providing context of the risks associated with sharing information through an online forum should be drawn in parallel with any other obligations expected of employees when it comes to dealing with firm matters.

Just as it is expected staff will not discuss confidential or sensitive company information with friends at a social event, so too they must not discuss this through a social media platform. Divulging gossip or confidential information through social media has the propensity to spiral out of control and reach a broader audience much quicker than it would if the information had been verbally communicated.

The key message is that information that is sensitive to your organisation and its stakeholders remains sensitive even after office hours. Staff should treat this message with the respect it deserves.

Set parameters and maintain control

Your organisation’s social media sites must be used with great care as anything posted on these sites is a direct reflection on your company. Accordingly, clearly-defined parameters and approval routes should be provided to employees.

If your company is to make a Twitter post about a current news event or post about company activities on LinkedIn, the most senior level of approval should be sought before such actions are made. Clearly, there is potential backlash if the Twitter or LinkedIn post is inaccurate, defamatory or in breach of confidentiality obligations. Any social media platform utilising a company account should always have senior approval.

Similarly, posts on professional blogs or in chat rooms should be restricted to those who can be trusted to state facts correctly and in a manner which does not detract from the interests of a company. Make sure there is always a process of review amongst colleagues to ensure all employees are saying the right thing at all times.

Clarity on who is authorised to speak on behalf of the company, communication of expected standards, and accurately conveying the potentially-disastrous consequences of social media abuse in the professional sphere are just some of the core elements in minimising risk. It is important to outline the benefits of such tools when communicating a position on social media, but employees need to have a complete grasp of the risks, not only for the company, but also for themselves. An often-used method to communicate this point is to ask employees how they would react if someone were to utilise social media to project something harmful or damaging about them. Such a method helps generate a better understanding of the consequences of insulting or offensive remarks by creating empathy. Making an employee put themselves in another person’s shoes is an effective method of forcing them to think before acting.

Staff should be guided on what is considered proprietary and confidential, but what might be considered damaging or inappropriate might not always be easy to convey. Great lengths should be taken to provide clarity on what is inappropriate in the public sphere – anything harassing, derogatory, racist, sexist or discriminatory will obviously be inappropriate, but it must go further than that. Levels of appropriateness need to be decided by a broad group within your organisation so that a general consensus on what is and what is not acceptable can be reached.

Once these parameters have been set, frequency of communication and training is paramount. Just as your business expands its opportunities through new and innovative social media tools, so too must you expand education on acceptable use.


Social media is changing the way businesses operate, with many positive outcomes. Even from a compliance perspective, the notion of embracing social media encourages openness and transparency, and assists with increasing communication and awareness, both internal to an organisation and external. Social media is an enabler to enhance existing processes and communication strategies. But, like all tools of this nature, if it is abused, the consequences can be significant. A key prerogative of any organisation is to make sure their employees know the parameters within which they must use social media. Through persistent training and awareness programmes your organisation can help staff contextualise the circumstances of when and where they should be using social media, as well as refining the manner of how it should be used. Messaging must become an integral part of setting the boundaries and helping people believe that a key purpose of social media is to add value.

Previous Article
If repeating due diligence is obvious, why don’t more companies do it?
If repeating due diligence is obvious, why don’t more companies do it?

Your third parties and their business integrity are constantly fluctuating. One moment they look totally fi...

Next Article
The one thing compliance officers should be focused on
The one thing compliance officers should be focused on

Compliance is not separate from the business and compliance should not be a road block to growth. Many comp...

Want to receive exclusive updates?