Upload
smarsh
View
1.188
Download
0
Embed Size (px)
Citation preview
May 12, 2016
WEBINAR Social Media PolicyEssentials for MortgageLenders & Brokers
WEBINAR Social Media PolicyEssentials for MortgageLenders & Brokers
Andrea Lee Negroni, JD
May 12, 2016
Introduction
Today, we'll discuss why mortgage lenders and brokers should adopt and enforce social media policies. Just a few years ago, we were talking about
whether social media was even needed in the mortgage industry...
The overwhelming sentiment now is that social media is essential for customer relationship management, marketing and brand-building. But far more companies use social media than have established policies for its use. In fact, a study cited on Smarsh's compliance
blog reveals nearly half of companies don't have social media policies!
3
• What are the risks of not having a social media policy?• What elements should be included in the policy?• Why are these elements important?• Are there best practices for social media policies?• How are social media policies enforced?
4
In this webinar we’ll consider…
One risk of having no social media policy…Wild Wild West Syndrome
• Unconstrained expression can lead to problems, including expensive litigation and long-lasting reputational harm.
• Harassment and online bullying are growing & social platform executives are taking notice.
• David Lat, founder of the Above the Law site, says user comments are "ruining the Internet," so he's deleted them.
• Basic civility is being replaced with abuse and insults. • Anyone and everyone can create content but lenders and brokers can be tarnished by
employee posts.
5
Remember Lindsay Stone?
In 2012 she visited Arlington Cemetery, flipped the bird at a gravesite and posted a photo of this behavior on her Facebook page. Her employer, a provider of services for special needs adults, took nationwide flack even
though the photo was in a personal post. Public outrage was so great it led to her firing. Lindsay lost her livelihood but the company lost time, money,
and its reputation for principled employees. Lindsay's shameful photo gained immortality on the web.
6
As Taylor Swift's song Shake it Off says...
The haters gonna hate hate hate hate hate
But a mortgage company can't just respond to hateful social messaging by saying they're gonna "shake it off."
They need a better plan to avoid reputational and financial harm...
7
Hertz learned its social media policy lesson the hard way... in court
A Hertz employee made racist, homophobic and threatening comments about a customer on Facebook -- these got back to the customer -- who sued Hertz. Ultimately, Hertz wasn't found liable for the employee's rants because the judge said they were unforeseeable, but Hertz might have avoided the lawsuit by training its employees in responsible, appropriate social media use.[Howard v. Hertz Corp., 1/25/2016]
Moreover, some states (CA, FL) recognize an employer's legal duty to train employees to avoid harm -- or allow legal claims for 'negligent training' or 'negligent supervision'There are plenty of law firms ready to help individuals bring lawsuits claiming injury from a company's negligent hiring, retention, supervision and training.
8
Another risk of no policy…Sensitive or confidential data may be disclosed.
This is especially tricky if the company has no policy on what can be shared on social media.
Your most socially active employees are likely to pose the greatest risk because the more people use social platforms, the more likely they are to rely on it, and share opinions on it (including acting on shared opinions).[Penn State Univ. research]
9
The FBI has identified the risk of disclosure of confidential information on social
media...And recommends preventative measures.
A few examples:• Establish policies about what company info can be shared on personal blogs or social sites...and
enforce the policy• Use multiple security layers in the computer network• Continuously monitor data movement on the company's network• Educate employees about how their social and online activity can affect the company• Ask employees to lend their eyes and ears to social messages and report suspicious activity when
they see it• Avoid public Wi-Fi networks and hotspots unless sending info to encrypted sites
10
So you're ready to adopt a social media policy... What are the "do's" and "don'ts"? The 10 Commandments don't work here.
Flexibility is key.
You can't force employees to share their social media passwords and usernames to monitor what they're doing. State laws limit an employer's ability to get this information via "coercive" requests.In states including AR, CA, CT, DE, IL, ME, MD, MI, MT, NJ, NM, OR, UT & VA, an employer can't require employees to change their social media privacy settings, or require the employee to add the employer as a contact associated with the account (e.g., Facebook friending).
Other laws prohibit retaliation for what an employee says on a personal (not business) social platform. This is called Facebook-fired protection.
[Might this kind of law have saved Lindsay Stone?]11
Federal labor law also matters...
The National Labor Relations Board says employers can't fire or discipline employees for some job-related posts, which may be considered protected
concerted activity.
These usually have to do with job-related benefits or comments on working conditions, which might otherwise fall into the "non-disparagement"
category of a social media policy.
12
Can we rely on best practices for our policy? What are those best practices?
Mortgage companies can look across industries for best practices, and they should. Here are some relevant principles:
• Traditional ethics rules still apply online.• Assume every social message you post will become public.• Engage with customers, but professionally.• Break news on your website, not on social platforms.• Authenticate anything found on social sites. • Always identify yourself accurately.• Admit when you’re wrong online.
13
More best practices…• Include company bloggers in developing corporate blogging policies; publish the
guidelines widely. • Seek input from legal and corporate communications experts when developing
blogging & social media polices.• Clearly define if social messages reflects employee opinions or the company’s.• Allow constructive (civil) criticism: Employees may have different points of view than
management. Open communication builds a foundation for a successful social media program.
• Include mechanisms for responding to customer or employee comments.• If information should be deleted (because it is confidential or was posted in error),
delete it promptly and explain why.• Clearly communicate to employees what information is appropriate or inappropriate to
disclose.
14
And a few more…• Respect your audience’s privacy.• Don't disparage competitors or your industry.• Let customers know you listened when they post feedback, by responding. • Cite material in your posts, linking to original sources when possible. • Don't appropriate intellectual property of others.
[Many of these best practices are from the American Society of Newspaper Editors and SocialMediaBiz]
• Encourage employees to check (prior to publishing) with parties to potentially confidential conversations, and with the subjects of photos before sharing the conversation, transaction or image.
• Understand that social media policies cannot be static. Revisit and revise them frequently.
15
Social policy essentials for employees...Similar, but not exactly the same as for the company
• Always follow the laws & rules of the mortgage industry (including your license laws).• Privacy is paramount in the financial industry. Protect customer privacy with a
vengeance.• Ethical, civil discourse is essential; be polite & respectful. Avoid anything that may be
considered harassment.• Avoid disclosure of company confidential, proprietary, and trade-secret information.• Don't comment on matters beyond your expertise.• Don't SPAM anyone.• Don't disparage your employer, customers, coworkers, or competitors.• Don't use anyone else's content without their permission (including images of others) --
my apologies to Taylor Swift, for this educational content
16
Social policy essentials for employees...• Don't link to other websites without permission
• Don't use fake profiles, pseudonyms or anonymity when representing your employer• Avoid blurring the lines between personal (Instagram, Facebook) and business social
media• Use the company's official logos and branding• Don't engage in internal personnel, salary or related conversations in public social
forums• Don't misrepresent your professional credentials, education or certifications; include
your license information in mortgage transaction-related messages• Keep separate emails for personal and business communications• Don't speak on behalf of your employer without permission• Keep your social profile pages current (don't keep an expired affiliation in your profile)• When in doubt, ask a supervisor
17
Policies are not self-policing!So...you've adopted a social media policy for the company, and a separate but consistent policy for employees. Now what?
Don't file it away and forget about it. Every effective corporate policy requires monitoring and enforcement.
Policy + monitoring & archiving + enforcement = risk mitigation
18
Monitoring social mediaEven the best-intentioned companies and employees can't assume everything will go as planned. That's why social messages should be monitored regularly for compliance with your adopted policy standards.
There are various ways to do this -- internal teams dedicated to reviewing social messaging, algorithmic key word searches of employee messages, specialized software with social reporting capability, and use of vendors specializing in "social media listening."
Consider Smarsh solutions for constructive ways to monitor social messages by your people, or pertinent to your company. For more information, contact Scott Ferguson, [email protected]
19
Don't just identify it, archive itEventually, you may be called upon to not only identify but produce records of your (and your employees') social media activity, in response to a regulatory demand, consumer lawsuit, or for other business purposes. This is where social media archiving comes in...
For example, if you have to show that an employee's posts were monitored, following which the employee was retrained in company policy, a claim of "negligent training" might be answered. Properly archived social media may also provide a shield, for example, in a customer's lawsuit falsely claiming racist, sexist or other "-ist" language was used in messages during the transaction.
Smarsh is an industry-leading provider of social media archiving solutions.
20
What rings the monitoring bells...?And then what?
Some types of information should trigger alerts and may necessitate retraining or enforcement activity. Obviously, highly confidential information like SSNs, offensive language, links to providers of unlawful or obscene content, and trade-protected data fall into this category. But every enterprise will have its own standards.The company should remove such information as soon as possible, but further action may be required.A social media policy must be enforced. Consequences must attend breaches, whether deliberate or inadvertent, should be impartial (e.g., similar infractions lead to similar penalties), proportionate, and involve the measure of due process that applies to other aspects of noncompliance with company policies.The HR department is a necessary participant in the enforcement element of a social media policy, but should not be the driver of the enforcement activity. That responsibility should remain with top management, which will demonstrate the company's high-level commitment to social media compliance.
21
For further information…
For more tips on social media policy development in the mortgage business, see my blogpost on the Smarsh compliance
blogs at: http://www.smarsh.com/blog/adopting-social-media-policy-12-essentials-mortgage-lenders-brokers/
22
Questions?
Thank you!