This is a 45 minute presentation I gave at a government liability conference when asked to deal with social media risk management and data breach management.
Call Girls In Panjim North Goa 9971646499 Genuine Service
Managing Social Media Risks
1. Managing Social Media Risks for Municipalities (and more) February 9, 2010 Dan Michaluk
2. Outline Harm from off-duty expression So you want to blog eh? Policy model for managing social media risks Current employees as targets Risk and control of corporate information Due diligence and employee malfeasance
3. Current Employees as Communicators Bob and Sue had a long day. They go to the Dirty Dog Pub after work and, over the course of four hours, take jabs at their supervisor, Phil.
4. Current Employees as Communicators Jack had a long day. He goes home, cracks open a beer, and boots up his home computer. Using a picture of his supervisor taken from the company intranet and some internet based software, he alters the picture so the manager looks ridiculous. Jack posts it to his Facebook page. He feels good.
5. Current Employees as Communicators Duty of fidelity applies when employee expression is likely to significantly affect a legitimate employer interest All other activity is “private” The kind of social interaction we engage in today is more likely to conflict with employer interests Duty of fidelity is the basis for conflict of interest and other restrictive policy
6. Current Employees as Communicators Employee speech can negatively… …affect an employer’s duty to other employees …affect an employee’s ability to do his/her job …affect public perception of employee performance …affect an employer’s reputation
7. So you want to blog eh? Tim is the CAO at an upper tier municipality who fancies himself a social media guru. He sends and e-mail to all that says, “We ought to be leaders in our field. Accordingly, I encourage all of you to use social media to advance our municipal interests.”
8. So you want to blog eh? Risks Tim could now be responsible for everything his employees do online The municipality may now be responsible for a large wage and overtime bill for “work” assigned by Tim
9. Policy Model for Managing Risk Municipalities should consider two policies One that guides all employees One that guides those who are licensed to speak on behalf of the municipality
10. Policy Model for Managing Risk Policy for all employees – theme You can do it if you want Here’s how you meet our expectations Be careful If you publish to “friends” you’re still accountable Identifying yourself as an employee comes with risks Identify special risks (e.g., relating to care and control of sensitive personal information)
11. Policy Model for Managing Risk Policy for all employees – content Start with a statement of principle Then rules that address Confidential information, personal information Respect for other employees, clients, citizens Conflict of interest, conflict with job duties Time theft Refer to other policies Offer support
12. Policy Model for Managing Risk License “deputized communicators” on special terms Establish clear objectives Identify forbidden topics - never Identify safe topics – go for it, no review Create a workable review process Measure time, effort and outcome Pay wages for work, reward performance
13. Employees as Targets Consider the expression, don’t react to it Show support for the employee If you take steps to facilitate “takedown,” make clear that you’re taking one step at a time Frame your engagement properly from the outset Tell the employee to get independent legal advice (Defamation claims are time-sensitive!)
14. Risk and Control of Corporate Information Factors reducing control The “cloud” Mobile storage media Mobile devices
15. Risk and Control of Corporate Information Implication for solicitors The acceptable use policy is not a sufficient administrative control New policies and protocol Internet publication policies Mobile media policy Personal device policy Departing employee protocol
16. Risk and Control of Corporate Information Implications for litigators The “get it back” engagement Rests on detinue (and breach of confidence) Must make a clear and specific demand for “return” Should reckon with privacy implications of inspecting a “mixed use” device Usually involves retaining a computer forensic specialist
17. Due Diligence and Employee Malfeasance New Ontario PHIPA order – HO-010 Unauthorized access by diagnostic imaging tech. Second similar breach at hospital (see HO-002) Limited role-based access restrictions on health care providers (access to systems and not within systems controlled) All systems not audited
18. Due Diligence and Employee Malfeasance Findings on duty to manage malfeasance Unreasonable to continue access without a written undertaking to abide by rules (ordered) Hospitals must report to regulatory college (ordered) Complainant has right to know what discipline was imposed Post-breach communiqué to employees called for (ordered)
19. Due Diligence and Employee Malfeasance Suggestion that identity of wrongdoer and penalty imposed should be published A suggestion at best… not backed by order or reasoning in text of order Not normative in employee and labour relations Seems mean-spirited Raises defamation issues
20. Managing Social Media Risks for Municipalities (and more) February 9, 2010 Dan Michaluk
Notes de l'éditeur
So that’s issue number oneIssue number two is about corporate use of social mediaHere’s a scenario that illustrates a danger of jumping on the corporate communications social media bandwagon without thinking through some important employment-related issuesHow many of you are concerned that Tim has just assigned work?
I amHere are the two legal risks flowing from that statement…And I think they are relatively self-explanatory to most of youSo as HR or legal, reach out to your communications prosWork with them, but make sure they understand these risks