Compliance officers have complicated jobs. They need to manage expectations of government regulators, top-level executives and the rank and file employees. At the same time, a large number of different concerns — from privacy to corruption and more — fall under their purview. As a result, compliance officers must be aware of what is happening in their organizations and in the world, and be agile enough to adjust policies and programs to meet these disparate demands.
“The main job of a compliance officer is to put him or herself in the shoes of employees and understand what their jobs and their lives are like, to have the radar tuned for changes in the company and in the world,” explains Ted Banks, founder and partner at Scharf Banks Marmor.
This adage holds especially true when considering modern technology. As social media sites like Facebook and LinkedIn have taken off, more and more people have used these sites for various personal and professional reasons. Now, says Banks, compliance professionals have to think about a number of topics, such as, “Is this a way that an employee can get the company or themselves into trouble, perhaps by revealing confidential information that will hurt the company? Or, can these tools be used as a way to implement a more effective compliance program, getting to the target audience and not making them come to you?”
The first of these questions is likely the one that immediately springs into the mind of the typical compliance professional. After all, many people use social media without a filter, and sometimes people can post things about a company that can be embarrassing, deceptive or even illegal.
“People are willing to be open about their personal lives, and often there is no dividing line between personal and professional,” Banks explains. “In this case, there has to be some sort of protection in place so that social media does not hurt people or the business. There needs to be communication to employees to say, ‘We understand that you want to participate in social media, but understand that you are not speaking for the company, understand that what you say online should be accurate and should not reveal confidential information about the company.’”
Education is essential, but Banks cautions that a simplistic program is not enough. For example, he points out that the National Labor Relations Board (NLRB) has weighed in on the topic of social media, making it clear that employers cannot restrict what employees say about the terms and conditions of their jobs. “An overly restrictive policy could violate federal labor laws by restricting employees’ rights to discuss matters that are protected,” he explains. “The policy your company creates has to be carefully drafted so as not to violate federal law.”
To elucidate, Banks uses the example of salaries and terms of employment. He’s seen some policies that state that these matters are confidential, but in reality, forbidding the discussion of these is illegal. The NLRB has taken a strong position on social media policies, and compliance professionals need to be familiar with it. “The NLRB position is overly permissive about what they think people can talk about, and their examples are not realistic. Companies should be aware of this and create policies that are aware of what labor laws might interfere with their ability to restrict employees,” Banks says.
While social media can provide a number of risks for employers, it can also provide opportunities — if handled correctly. “If you know that your employees are communicating on social media, you can communicate information about the company to them in their preferred format,” he says. “You want to make it as easy as possible for employees to get information, but sometimes, people are nervous about this and think it may not be appropriate — but it is. Employees should be able to get information about the company as easily as possible.” If this means using Facebook or an internal company social network, or sending out podcasts or tweets, it can be worth trying to help reach employees who have different communication preferences.
In Part 2 of this series, Banks will discuss the risks of bring-your-own-device programs and major privacy concerns.
To learn more about how social media relate to e-discovery, check out the "Social Media, BYOC and BYOD: The Future in eDiscovery" panel at the 15th annual SuperConference, May 11-13 in Chicago, Ill. To learn more about the event or to register (pre-registration ends on March 11), click here.