Tony DiResta is WOMMA’s General Counsel and a Partner at Winston & Strawn, LLP. He will present “Developing a Compliant Social Media Policy” at School of WOM, May 9-11, with James Dudukovich, Marketing Counsel for The Coca-Cola Company.
Tony blogs about word of mouth ethics and regulation for WOMMA at DiResta-the-Law.
What do legal departments need to consider when crafting a compliant social policy that still leaves enough room for marketers and community managers to still be creative?
It seems to me that a company or brand’s social media policy has to really reflect the culture and soul of the organization. So the way it’s put together; the stakeholders at the table; the way it’s implemented throughout the organization; the way it’s monitored to be sure its speakers comply with its guidelines; all of these cultural factors are very important because that soul of the organization needs to come through in the social media policy. It isn’t a legal document. It isn’t a compliance document. It’s one that requires the input of many stakeholders that reflects the core cultural values of the organization.
Having said that, there are also some core ingredients that are needed in any social media policy for it to be compliant. First of all, if there is a sponsored communication involved, there are required disclosures under the FTC Guides. The social media policy needs to be very clear as to what type of disclosures are needed in what circumstances and on what platforms. In addition, the core substance of a social media policy has to reflect the company’s commitments to transparency, accuracy, honesty, and respect in all of their communications either by their employees or by third parties such as bloggers or agencies.
It’s very important that those four core ingredients are identified in the contents of the social media policy. So in short, a social media policy has to reflect both the culture of an organization and the core content needed to comply with the FTC Guides.
Over the last year, what is the greatest change you have seen in the social media/WOM ethics realm?
I think there are two major issues that are being presented right now in the WOM space. The first is privacy. This is on the front burner. Earlier this month, the FTC’s announcement of its action against Google really tees this up. That is something that is going to be on the minds of everybody in the WOM or social media space. The question is how we appropriately respect the privacy of our customers and how do we be appropriately transparent in letting them know what we’re going to do with their personal identifiable information.
The second issue is the evolution of the FTC Guides. Social media policies are a dynamic process. Just because they were drafted after the FTC Guides came out, that doesn’t mean it’s the end of the story. The FTC would ask not only if you have an appropriate social media policy in place, but also if it has been appropriately and effectively implemented. So that requires training, education of employees and third parties. It requires monitoring and auditing of blogs and communications to be sure the social media policy has been honored.
It’s a very dynamic process. The company can’t just draft a policy and place it on the website, intranet or somebody’s bookshelf. It’s important that the company see this as an ongoing process that requires refinement by all stakeholders, not just the legal or marketing team. Everyone from senior executives to customer service need to be involved in that evolution.
What does the FTC’s recent ruling that requires Google to implement a comprehensive privacy program mean for other companies?
I think that this is the first announcement from the FTC that requires a company to bake privacy into the business practices of the company. The bottom line is that every company and brand that is going to receive any sensitive or personal identifiable information from consumers has got to adopt a framework of a program similar to what the FTC is asking Google to do.
You’ve got not only the FTC, but you have other governmental agencies like the Department of Commerce involved in this conversation. You also have the legislative interest. Up on Capitol Hill and in state legislatures, there are conversations about what needs to be done with respect to consumer privacy in this digital age. Then you also have the plaintiff class action attorneys who are going to see a ripe area for lawsuits because customers are going to be really unhappy if they find that companies are using their information in a way that they thought that they wouldn’t be doing. Also, from a PR perspective, you can have all this risk management and legal clouds in the sky, but you better believe that there can be a data breach. Or somewhere there is a group of complaints like at Google where customers were concerned with what they thought was going on with their Gmail accounts. That creates negative publicity.
Negative publicity about consumer privacy is going to affect the brand whether it’s financial, health or other sensitive information. That’s a huge issue for companies. So it’s not only good risk management, it’s also good prudent business policy to adopt a comprehensive privacy program that incorporates some of the elements of the FTC requirements for Google.
WOMMA is working on, through its legal affairs committee and privacy subcommittee, a template on guidance or best practices that we hope to announce shortly that will identify those principles that companies need to adhere to be sure they are moving in the right direction in designing their privacy policy.
