This document discusses social media compliance considerations from regulatory bodies such as the FTC, FDA, and FINRA. It provides examples of violations these organizations have prosecuted related to inadequate disclosure of relationships, unsubstantiated claims, and employee social media use. The key points are that social media requires the same compliance as other communication channels, and that oversight of employee activities and adequate policies are important to mitigate risks to brands and avoid fines.
2. Amanda Vega 20 years online experience Service agencies and clients alike MBA, Columbia NY, Phoenix, Dallas, Shanghai PR, social media, compliance, web www.amandavega.com www.PRinaJar.com www.mommybloggerseminars.com Pink Porsche owner, pug lover, red bottom shoe zealot
6. Some Key Points No other agencies have internal compliance department Licensing requires sponsorship (Series 7, 63 needs a broker dealer) Very expensive to maintain internally Compliance spans social as well as print, etc. Everyone has some regulation – FTC at the least Crackdowns happening NOW
7. Regulatory Bodies FTC: all communication, advertising, marketing FDA: pharmaceuticals, nutraceuticals, some supplements, cosmetics, etc. FINRA: publicly traded companies, broker dealers, financial services companies AND individuals HIPAA: hospitals, physicians (and groups) GLBA UK Laws Internal risk controls (internal auditing, risk to data)
8. FTC October 2009 Changes Celebrity endorsements, testimonials, social media endorsements Must disclose relationship to product/client Must disclose if product was free Doesn’t have to be in each post Put in profile Celebs have to disclose they are paid Twitter wasn’t covered so no case on this YET Some employment considerations
9. FTC Continued No more safe harbor with “results not typical” Actual results have to be accessible Disclosing of material connections If blogger gets paid you have to disclose No false and misleading claims Disclosure of use of company sponsored research Liability for affiliates and other resellers is now on company
10. FTC Violations Banana Republic Internal “intern” was posting “ad heavy commentary” on fashion blogs Did not disclose she worked for BR Fine: $5,000 (pending)
11. FDA Disease claims Cannot say cure, treat, mitigate, or prevent Say “alleviate the symptoms of…” Adequate substantiation of structure/function claims If you say an ingredient does X, you have to have studies proving that Adequate substantiation of other statements If you say “few or no side effects” have proof If you say this online, you are open for product liability and personal injury claims
12. FDA Continued Use of Testimonials When you allow testimonials you accept liability of that person’s claims, period Link to third-party literature For anything you link to, you adopt all of the claims
13. FDA Violations First Juice and 3 other small juice companies asked to change all labels saying “half sugar” Big brands were not attacked – more lobbyists All brands had links to research/tests proving claims FJ fought back and won the claim Pharmaceutical company fined for fake testimonials posted in social media by their PR firm Use REAL people with disclosure instead
14. FINRA October 2010 changes – VERY SEVERE Record keeping and reporting You must archive/save all social/email for 3 years Communication online is considered same as in person Advertisement versus correspondence Tweets and blogposts on your blog are considered advertisements DM’s/email considered correspondence Ads need pre-approval, correspondence needs review
15. FINRA Continued Oversight into activities Compliance can regulate any offerings as part of oversight They cannot regulate your personal hobbies unles industry related Customer service Try not to handle full issues back and forth on Twitter – chain leads to harder protection Cannot help with account specifics online
16. FINRA Violations Coca-Cola Assistant posted to Twitter “it’s a great day. Boss in meeting with XYZ all day. Quiet.” XYZ = competitor COO Day traders went crazy thinking there was going to be a merger SEC came in and filed compliance violation Keep in mind – her actions were NOT in violation of their internal policy OR any regulation
17. HIPAA About 500 of 6,000 hospitals are using social Do not ever list a patients name or picture anywhere Friending patients on Facebook puts you into grey area – interaction can be confirmation of relationship which is violation You can help people, but make disclosure in profile and posts
18. HIPAA Violations Medical resident twitpic’d photo of his first set of stitches A part of a tattoo was showing – therefore showing identity which is a violation $10K fine to hospital Social media wasn’t included in their training
19.
20. 82% of social networking sites have an urgent, critical or high severity vulnerability - May 2009 WhiteHat Security“ It is not a risk that someone will do something dumb someday. Actually, it’s a certainty.”
22. It’s NOT Locked Down! 95% of companies have Anti-virus and 85% of companies have URL filters in place, but 30% of companies have bots on their networks and 40% still have viral infections Most financial institutions consider access “locked down” when it isn’t PCI data and monitoring is NOT enough There are too many sites created daily for the crawlers and enforcers to keep with
23.
24. 74% of employed Americans believe it is easy to damage a brand’s reputation via sites such as Facebook,Twitter, and YouTube.
25. Fifty-eight percent of executives agree that reputational risk and social networking should be a board room issue, but only 15% say it actually is.
26. Only 22% of companies have policies on how employees can use social networking tools
27. 53% of employees think their social networking pages are none of their employers business(Deloitte LLP 2009 Ethics & Workplace Survey results)
30. You MUST have a social media expert AND a compliance, IT, HR, and marketing person involved – the knowledge of each is imperative to be collectively used