This article originally appeared in UPVOTE Magazine. You can download the magazine and the latest edition on iOS now.

Risk management in social media is a touchy subject. Many don’t want to take a too risk-averse approach, which could potentially alienate staff through too much stringent top-down control. But neither is a liberal approach appropriate given the ease with which things can go wrong.

So strategists and community managers are still in very murky waters when it comes to social media risk management. While we are certainly moving in the right direction toward further clarity from Australian regulators and legal bodies, there are still many problematic areas to navigate.

Soft and hard risk

There is ‘hard’ risk and ‘soft’ risk. Hard risk encompasses those that come immediately to mind and are usually legal in nature: copyright infringement, defamation, trademark and intellectual property issues. To mitigate these, many organisations large and small opt to limit staff access to social media using an Internet filter or similar software. Unfortunately, today this in no way reduces risk due to the ease of access via smartphones, personal computers or uses outside the workplace (which may still impact on work, for example an employee bullying another out of hours).

Dealing with demography

Natalie Hickey, Partner at King & Wood Mallesons legal firm based in Melbourne, considers one of the major issues facing organisations to be changing demographics.

“There are substantial differences between different ages and generations and their social media use,” Hickey says. “I think there is sometimes a disconnect between the board and senior management’s perspective of social media and what happens on the ground with employees and the public.”

Hickey’s comments come after a range of recent public gaffes, including the backlash suffered by Myer after comments from CEO Bernie Brooks about the potential impact of the National Disability Insurance Scheme on profits were shared across social platforms. The long-term impacts of such PR crises are yet to emerge.

“There seems to be lack of familiarity with the social media space from many boards of directors and executives,” Hickey continues. “It concerns me primarily as these people must grapple with the governance structure challenges social media brings, and determine how chains of communication should operate. Without an understanding of the space comes significant risks of under or over-estimating what might happen to an organisation online.”

Blurred lines

It’s indisputable that the lines between the ‘public’ and ‘private’ lives of employees (and customers) are shifting online. David Taylor, Director of Privacy Awareness at the Office of the Victorian Privacy Commissioner, says “When we add our colleagues on Facebook, follow them on Twitter or even connect with them on LinkedIn – we are moving from communicating purely in working hours to a different paradigm.”

In the context of the attitudinal differences in perspective and use of these platforms, his statement raises some concerning points. “Many staff don’t realise that posting work-related content, or using social media for work-related purposes, may put their employer at risk or even their employment.” Taylor continues. “The ‘think before you click’ adage is an old saying in ‘social media time’, but remains as important as ever. The audience for any social media post is infinite, regardless of a user’s privacy settings or their intent for who should see it.”

And what about employees who use personal accounts for professional purposes? In the United States, Noah Kravitz was sued by his ex-employer PhoneDog for taking his Twitter followers with him after leaving the company. While this case was perhaps quite obvious, with Kravitz renaming the account from @PhoneDog\_Noah (directly suggesting the link to the company) to @NoahKravitz, brands should be clear with high-profile staff as to what is considered a ‘personal’ digital asset compared to a ‘professional’ one. This is particularly the case for those working in areas such as human resources, where personal LinkedIn profiles are frequently used to engage with potential recruits, or staff who are highly visible and known to be associated with an organisation (such as C-suite executives, or media celebrities) who build up a following as a result of their professional role.

Legal guidance

In a 2012 case, Fair Work Australia upheld a decision that an employee was unfairly dismissed by Linfox after he made some derogatory comments about a company executive online.

The staff member in the case had made these comments on his private Facebook Profile (not via a public account) that were directed toward his superior and the company’s transport manager. The comments were made by both the staff member and some of his other Facebook friends, and named both the superior and transport manager. After its discovery, an investigation found that the comments amounted to discrimination of a sexual and racial nature and the employee’s contract was terminated.

Fair Work Australia Commissioner Michael Roberts commented:

The chains of comments have very much the flavour of a group of friends letting off steam and trying to outdo one another in being outrageous. Indeed it has much of the flavour of a conversation in a pub or cafe, although conducted in an electronic format. The fact that some of the material is not complimentary towards (the company’s) managers is unsurprising. This always has been, and always will be the fate of those holding managerial positions.

At another point Commissioner Roberts commented further:

The Applicant’s Facebook page was not a web blog, intended to be on public display. It was not a public forum.

Linfox ultimately lost the case as they had not clarified expectations of their employees through a social media policy or educational initiative, and their reliance on their employee Code of Conduct was insufficient.

That is why Natalie Hickey is keen for people to use social media to better mitigate against risk: “It might sound counterintuitive, but guarding against the pitfalls of social media can best be understood by having a go yourself. The learning process is iterative and hard to teach. I suggest showing the ‘best side of yourself’ on social media just as if you are getting to know a new client or customer. Changing your password the first time you’re hacked (after clicking on an ‘interesting’ link) also means you have definitely entered the social media space!”

Social media can also have significant impact on financial markets. One notable example was on 23 April 2013, when the Associated Press Twitter account was compromised and posted: ‘Breaking: Two Explosions in the White House and Barack Obama is injured’. This tweet immediately wiped around US$136 billion off the Dow Jones Industrial average, then recovering minutes later after it was discovered to be a hoax.

Locally, the Australian Stock Exchange (ASX) in Australia has recently revised their Guidance Note 8 requirements for publicly listed companies as part of continuous disclosure requirements. Listed companies are required to use the ASX as the sole body to disclose market-sensitive information (i.e. information that may impact stock price) to avoid operating in a ‘false market’, where only some traders are aware of the information. In May 2013, several sections were added to Guidance Note 8 to clarify that companies should be monitoring social media in addition to traditional news sources, journalist enquiries and other outlets.

For other bodies, different regulations become important. David Taylor from the Office of the Victorian Privacy Commissioner highlights that public sector staff have additional requirements. For example, Victorian Public Sector staff must abide by Codes of Conduct published by the Public Sector Standards Commissioner. The Codes set out the standards of behaviour expected of public sector employees, based around a framework of values from the Public Administration Act 2004.

Regulatory bodies

The connection between regulatory bodies and legal requirements is a complex but an important part of understanding the risk landscape.

Many regulatory bodies have provided a perspective on brands’ social media use, including the ASB, IAB and AANA. These regulatory bodies generally provide guidance or regulation for their members only, and as a result, there is disagreement between some of the published guidelines. The IAB and the AANA notably differ in defining whether a user-generated comment (such as a Facebook Post) constitute ‘advertisements’ or not (http://mumbrella.com.au/aana-iabs-new-social-media-advice-is-irrelevant-167800). The AANA went to the point of claiming that the IAB guidelines were ‘irrelevant’ to those who operate under their (and the ASB’s) self-regulatory guidelines.

As a result of the unclear legal scenario, we will no doubt continue to have differing views published by commentators, regulators and brands themselves. Natalie Hickey observes that “Over the next 12 months, we’re likely to see more commentary from regulators, and then inevitably a test case will occur, at which point all hell will break loose.”

The ethics of it all

But it’s not all about legal, regulatory or even reputational risk. Axel Bruns, Associate Professor at Queensland University of Technology, says that one of the challenges he faces is the question of whether content is public or private. “For example, tweets on Twitter are considered public (unless the user has a protected account), and users are aware of this fact,” Bruns explains. “By comparison, Facebook content is usually not public, and it’s uncertain whether the content that is public is intentionally or unintentionally public: we cannot assume that users understood their Facebook privacy settings and made an informed choice about how public they wanted their content to be. This is perhaps less of an issue in the commercial sector, who don’t go through formal ethics assessments for their studies.”

And yet companies can get into significant ethical tangles. One such high-profile case in 2012 was when Target used its knowledge of consumer buying habits to provide targeted marketing material to women who were pregnant. This started with a question to an analyst: ‘If we wanted to figure out if a customer is pregnant, even if she didn’t want us to know, can you do that?’ The New York Times article discusses the subsequent analytic efforts and cites an example where a man become irate after a series of coupons was sent to his daughter for discounted baby products. After leaving the store, he subsequently discovered that his daughter was indeed pregnant and he was unaware of the fact. Andrew Pole, one of the data analysts working with Target, summarised the situation perfectly: “But even if you’re following the law, you can do things where people get queasy.”

Another challenge is in how social media information is analysed and presented. Bruns explains: “It’s important that anyone analyzing or reporting on an analysis of social media data really understands the provenance of the data. There is a significant risk of (deliberately or not) misleading conclusions, primarily through not really understanding the ‘black box’ that the data is going through.” Bruns points to the Australian Open 2013 Most popular players on social media tally, which found Victoria Azarenka to be the most popular player overall – but perhaps neglected to acknowledge the significant controversy around a brief court departure, which generated a great volume of negative mentions for Azarenka.

Truth In Advertising

The issue of ethical and truthful analysis is something that plagues many. For companies working with external bodies or marketing agencies (and even internal teams reporting to other parts of the organization), the appropriate reporting of social media data is key to ensuring that the value of social media is appropriately represented. One significant risk often not discussed is whether social media is providing return or value to an organization – unless it is providing value, the business case for social media is heavily diminished.

This isn’t to say that unless social media can be directly tied back to sales that it is a failure – instead, those reporting on social media need to work to ensure that their reporting methods provide information that is both factually sound and relates back to the objectives for why social media is being used, including the overall business objectives in place. Social media return on investment and measuring this value is complex.

But Bruns also suggests that the question of social media ROI is no longer the only driver of social media take-up for businesses. “Whether social media provides value for money or not, the real question is: What’s the cost of not developing a social media presence? We’ve seen this in a number of high-profile cases – if your company doesn’t have a Twitter account or a Facebook page, it has no way to address misinformation, respond to criticism, or deal with impersonators and fakes. Social media abstinence isn’t a viable strategy.”

Where to from here

All roads seem to lead to the need for organisations to better educate staff about what is expected of their use of social media, whether for professional (public) or personal (private) purposes. David Taylor elaborates, stating, “As access in workplaces becomes more commonplace, the lines between personal and professional will continue to blur.”

There will no doubt be more regulation in the sector. Natalie Hickey from King & Wood Mallesons has noticed a shift in the legal industry’s interest in social media, from something that was ‘interesting’ 18 months ago to now being an area of specialty after regulators in Australia and the US began to move into the space. No doubt her prediction of “all hell breaking loose” after a test case is tried will prove to be true.

Certainly there are no simple solutions to how you can encourage employees to behave appropriately online, or to manage social media risk in its entirety. In many ways, existing policy, training and guidelines (including around copyright, disclosure and codes of conduct) simply need to be translated into the new social media world.

As David Taylor concludes: “It’s very much the case of the same old messages, but people are using new tools.”