To prevent information leaks and other liabilities, companies are drafting guidelines for social media interaction. A rule of thumb: Don't be stupid
During a recent tour of interactive ad agency Tocquigny's Austin (Tex.) headquarters, Chief Executive Yvonne Tocquigny was confronted by her guest, an executive from a large energy company who was a potential client. The visitor had recently learned that Tocquigny was wooing one of his company's competitors—by seeing a message that one of Tocquigny's employees had posted to Twitter "It took me by surprise," says Tocquigny. "I realized that we needed to be more cautious about what we throw out there in to the universe."
Twitter can be a great business tool. But as use of the Web site for 140-character messages spreads to workplaces around the world, companies are also discovering the risks. Now, instead of just worrying about a dubious blog post or an embarrassing photo of the boss being posted to Facebook, employers have to contend with staffers shooting off frequent blasts of personal insight into a public and traceable sphere. "The concept of [workers] posting inappropriate material that could be harmful has been around for a while, but Twitter accelerates the problem because of its immediacy and volume," says Mark Rasch, a former head of the U.S. Justice Dept.'s computer crime unit who now consults with companies on creating policies to address employees' use of technology.
To prevent sensitive information leaks, blemishes on a reputation, and other potential liabilities of a Twittering workforce, companies are drafting new employee codes of conduct and educating workers about what they should and shouldn't say on the site. The basic rule: Don't be stupid.
Room for Interpretation
Tocquigny didn't lose its deal as a result of the embarrassing leak, but the company moved swiftly to prevent it from happening again. Instead of having multiple staffers contributing to Tocquigny's official Twitter feed, the company assigned one person to be accountable for every message posted to the account. And managers rewrote the company's "social media guidelines"—created in 2007 as a result of damaging photos posted to blogs. Now, they include a list of what should be kept off sites like Twitter. One line now reads: "Respect our confidentiality and proprietary information."
Still, the new guidelines leave room for interpretation, according to Tocquigny. There are times when the agency's reputation is clearly helped by an employee sharing valuable industry insights, even information that might have once been considered a trade secret. Such posts could help establish the agency as a thought leader in new areas of marketing and communication. "There is a grey area," admits Tocquigny. If people aren't sure, she now says to her team, they should ask a manager for guidance.
Drafting corporate policies to deal with social media can be a difficult process. Many companies understand the marketing power and other benefits of encouraging key executives to be active on Twitter. And many understand that drafting a policy that's too draconian can undermine morale, or send the most media-savvy players elsewhere. In a large bureaucratic organization, it can also take months to draft and approve a policy that pleases everyone. And that's hardly a recipe for marshalling the power of social media. The reality, says Rasch, is that "these things tend to create a row in the office."
Blurring of Public and Private Lives
So what is the right way to monitor Twitter use in the workplace? First, understand that it's essentially impossible to prevent employees from signing up for the service. But employees need to understand that it's equally hard for them to separate themselves from their place of employment in the eyes of the public. What they do online is inevitably going to reflect on the company. The rules that govern other behavior in the workplace, from how company-owned computers are to be used to how company time should be spent—implicitly cover Twitter. What staffers post during the work day, and what they say about the company, is something they should know they'll be held accountable for.
For a sense of how to manage the process, take a look at IBM (IBM). The global giant maintains a wiki on its Web site, which includes a section about suitable behavior on social media sites. Created in 2005 to cope with the hundreds of bloggers that were emerging in the company, the wiki has grown to cover employee activity on other sites like Twitter and Facebook. The document, which employees must certify they have read and sign each year, asks IBM workers to be up front about their identity and position at the company. And, notes Gina Poole, vice-president of social software, it tells them to "stay away from controversial topics that aren't related to your IBM role."
Such advice can't be repeated too often. Two years ago, when an employee of Melbourne-based online media firm Sitepoint used Twitter to break the news about a new hire before the other candidates could be informed, co-founder Matt Mickiewicz used the incident to send a message to other workers. He asked the Twitter culprit to write a memo about the incident and send it to everyone in the company. "We haven't had it happen again," Mickiewicz says.
The Mom Litmus Test
Of course, airtight policies are often less effective than common-sense advice. Brad McCormick, executive vice president of digital communications at PR agency Porter Novelli (OMC) likes to make it easy for his staff to use their own judgment. When in doubt, he tells employees using Twitter, "don't say anything you wouldn't say to your mom."