Legal Issues and Social Media Use in Organizations

We talked a little bit today at SMB15 about getting over legal hurdles within a company in order to use social media, and how to convince decision-makers - the legal department - that it’s worth it.

A lot of great points were made, however there’s one piece of the conversation they left out, and one that I feel is really important (and should be considered first) when approaching this process internally.

You first have to have a legal structure that has considered social media before you talk about jumping over hurdles.

We work with a few clients in the higher ed space, which, in case you didn’t know, has legal walls and red tape up the wazoo.  We’re often confronted with the “legal department” problem, and if it doesn’t completely stop the process, it’s a cause for major hesitation.

What I continually say to these clients and anyone in this position is:

  1. Your current legal system has not considered social media as part of the business, therefore, it hasn’t considered it as something that needs stipulations.
  2. The first reaction to something that is not currently built into the legal framework of an organization is to say no to it.
  3. It usually follows that the way it is handled is on a case-by-case basis with the attempt to fit it somewhere into this system that was not built to support it.
  4. Therefore, your first order of business is to sit down as a team to decide on how social media fits into your organization, and what legal framework needs to put into place to support that effort.

Blog posts should not have a 2-week approval process just because legal is trying to determine how those blog posts should be considered with a system that has, until then, only support traditional pieces of marketing content or media.  It should have a 2-week approval process (which, by the way, makes your blog posting obsolete, but that’s another issue) only after legal has set out rules and regulations that govern the use of social media within the organization.

Social media needs to be accepted as a business process, and built into the legal system before you can begin to have the right conversations about what’s legally working and what’s not.

Don’t just try to cram a social media program into your existing legal structure.  Push legal to update that legal structure to support your social media program.  If it means making a separate argument for social media just for legal, so be it.

The important thing is to make legal an important part of the social media integration process of your organization from the get-go. Don’t wait until you reach your first hurdle.

Tags: , , , , , , ,

  • douglasdavidson
    Great points and good advice when working with legal.

    I wanted to share a point a point on working with the legal department and identify two close relatives of legal that may present similar constraints as legal offers.

    First, don't forget our legal system is built on precedent. While legal departments may act like Luddites regarding new technologies they are following training and practice. You have to be patient enough to wait for case law to begin to provide them guidelines to work within. Most corporate or institutional counselors don't relish being in that cutting edge that defines case law. That in my non-legal professional opinion is a great reason much of the innovation in this country comes out of small business who don't have legal departments in the first place.

    Second, if legal departments are an obstacle you'll find compliance officers and security officers/departments will quickly follow. The technology is here to build the social networks but our ability to implement within a regulated framework is not. For instance, we haven't entirely solved the problem of managing access to accounts. And we haven't adopted tools yet that prevent protected information types (health care, student records, etc.) from exposure in the networking stream.

    I recommend that when you are dealing with a regulated business in areas that touch on protected data take some time to understand the issues. For higher ed that is going to include an alphabet soup including FERPA, HIPAA, HITECH, NACAA, Payment Card Industry's DSS, each state's data notification law (you MA folks have one of the toughest) and so on.

    Failure on the part of a school to follow correctly this alphabet soup can result in fines (HIPPA = $25K per individual exposed) or criminal penalities (HITECH which is an addendum to HIPPA).

    You don't need to KNOW the regulations just be familiar with the pressures they create and how it might impact your projects.

    Coaches can not text with prospective athletic recruits. Can they twitter?

    FERPA protects student records which includes communications with the school. But a record isn't a "student" record until a class is taken. When does Admissions consider a record to be a student record?

    With that knowledge pick projects as pilots that are high impact without the risk of leaking or mishandling protected data or crossing compliance boundaries. If you can show low risk to the legal, compliance, security triangle your path to success might be a whole lot easier to travel.

    Doug
  • Doug, these comments and advice are fantastic and a really great addition to this discussion, especially for those who are in some of the more "formal" industries that have to deal with several levels of legal structures, some of which have been in place for some time.
blog comments powered by Disqus

Bad Behavior has blocked 393 access attempts in the last 7 days.