Learn how to adopt and enforce social media policies that make sense for the mortgage industry, including:
-What elements should be included
-Best practices for developing a social media policy
-How to enforce a policy once it's made
3. Introduction
Today, we'll discuss why mortgage lenders and brokers should adopt and enforce
social media policies. Just a few years ago, we were talking about whether social
media was even needed in the mortgage industry...
The overwhelming sentiment now is that social media is essential for customer relationship
management, marketing and brand-building. But far more companies use social media than have
established policies for its use. In fact, a study cited on Smarsh's compliance blog reveals nearly half of
companies don't have social media policies!
3
4. • What are the risks of not having a social media policy?
• What elements should be included in the policy?
• Why are these elements important?
• Are there best practices for social media policies?
• How are social media policies enforced?
4
In this webinar we’ll consider…
5. One risk of having no social media
policy…Wild Wild West Syndrome
• Unconstrained expression can lead to problems, including expensive litigation and long-lasting
reputational harm.
• Harassment and online bullying are growing & social platform executives are taking notice.
• David Lat, founder of the Above the Law site, says user comments are "ruining the Internet," so he's
deleted them.
• Basic civility is being replaced with abuse and insults.
• Anyone and everyone can create content but lenders and brokers can be tarnished by employee
posts.
5
6. Remember Lindsay Stone?
In 2012 she visited Arlington Cemetery, flipped the bird at a gravesite and posted a
photo of this behavior on her Facebook page. Her employer, a provider of services for
special needs adults, took nationwide flack even though the photo was in a personal
post. Public outrage was so great it led to her firing. Lindsay lost her livelihood but the
company lost time, money, and its reputation for principled employees.
Lindsay's shameful photo gained immortality on the web.
6
7. As Taylor Swift's song Shake it Off says...
The haters gonna hate hate hate hate hate
But a mortgage company can't just respond to hateful social
messaging by saying they're gonna "shake it off."
They need a better plan to avoid reputational and financial harm...
7
8. Hertz learned its social media policy lesson the
hard way... in court
A Hertz employee made racist, homophobic and threatening comments
about a customer on Facebook -- these got back to the customer -- who
sued Hertz. Ultimately, Hertz wasn't found liable for the employee's rants
because the judge said they were unforeseeable, but Hertz might have
avoided the lawsuit by training its employees in responsible, appropriate
social media use.
[Howard v. Hertz Corp., 1/25/2016]
Moreover, some states (CA, FL) recognize an employer's legal duty to
train employees to avoid harm -- or allow legal claims for 'negligent
training' or 'negligent supervision'
There are plenty of law firms ready to help individuals bring lawsuits
claiming injury from a company's negligent hiring, retention, supervision
and training.
8
9. Another risk of no policy…
Sensitive or confidential data may be disclosed.
This is especially tricky if the company has no policy on what can be shared on social media.
Your most socially active employees are likely to pose the greatest risk because the more
people use social platforms, the more likely they are to rely on it, and share opinions on it
(including acting on shared opinions).
[Penn State Univ. research]
9
10. The FBI has identified the risk of disclosure of
confidential information on social media...
And recommends preventative measures.
A few examples:
• Establish policies about what company info can be shared on personal blogs or social sites...and enforce the policy
• Use multiple security layers in the computer network
• Continuously monitor data movement on the company's network
• Educate employees about how their social and online activity can affect the company
• Ask employees to lend their eyes and ears to social messages and report suspicious activity when they see it
• Avoid public Wi-Fi networks and hotspots unless sending info to encrypted sites
10
11. So you're ready to adopt a social media
policy...What are the "do's" and "don'ts"? The 10 Commandments don't work here. Flexibility is key.
You can't force employees to share their social media passwords and usernames to monitor what
they're doing. State laws limit an employer's ability to get this information via "coercive" requests.
In states including AR, CA, CT, DE, IL, ME, MD, MI, MT, NJ, NM, OR, UT & VA, an employer can't
require employees to change their social media privacy settings, or require the employee to add the
employer as a contact associated with the account (e.g., Facebook friending).
Other laws prohibit retaliation for what an employee says on a personal (not business) social
platform. This is called Facebook-fired protection.
[Might this kind of law have saved Lindsay Stone?]
11
12. Federal labor law also matters...
The National Labor Relations Board says employers can't fire or discipline employees
for some job-related posts, which may be considered protected concerted activity.
These usually have to do with job-related benefits or comments on working
conditions, which might otherwise fall into the "non-disparagement" category of a
social media policy.
12
13. Can we rely on best practices for our
policy?What are those best practices?
Mortgage companies can look across industries for best practices, and they should. Here are
some relevant principles:
• Traditional ethics rules still apply online.
• Assume every social message you post will become public.
• Engage with customers, but professionally.
• Break news on your website, not on social platforms.
• Authenticate anything found on social sites.
• Always identify yourself accurately.
• Admit when you’re wrong online.
13
14. More best practices…
• Include company bloggers in developing corporate blogging policies; publish the guidelines widely.
• Seek input from legal and corporate communications experts when developing blogging & social
media polices.
• Clearly define if social messages reflects employee opinions or the company’s.
• Allow constructive (civil) criticism: Employees may have different points of view than management.
Open communication builds a foundation for a successful social media program.
• Include mechanisms for responding to customer or employee comments.
• If information should be deleted (because it is confidential or was posted in error), delete it
promptly and explain why.
• Clearly communicate to employees what information is appropriate or inappropriate to disclose.
14
15. And a few more…
• Respect your audience’s privacy.
• Don't disparage competitors or your industry.
• Let customers know you listened when they post feedback, by responding.
• Cite material in your posts, linking to original sources when possible.
• Don't appropriate intellectual property of others.
[Many of these best practices are from the American Society of Newspaper Editors and SocialMediaBiz]
• Encourage employees to check (prior to publishing) with parties to potentially confidential
conversations, and with the subjects of photos before sharing the conversation, transaction or image.
• Understand that social media policies cannot be static. Revisit and revise them frequently.
15
16. Social policy essentials for employees...
Similar, but not exactly the same as for the company
• Always follow the laws & rules of the mortgage industry (including your license laws).
• Privacy is paramount in the financial industry. Protect customer privacy with a vengeance.
• Ethical, civil discourse is essential; be polite & respectful. Avoid anything that may be considered
harassment.
• Avoid disclosure of company confidential, proprietary, and trade-secret information.
• Don't comment on matters beyond your expertise.
• Don't SPAM anyone.
• Don't disparage your employer, customers, coworkers, or competitors.
• Don't use anyone else's content without their permission (including images of others) -- my
apologies to Taylor Swift, for this educational content
16
17. Social policy essentials for employees...
• Don't link to other websites without permission
• Don't use fake profiles, pseudonyms or anonymity when representing your employer
• Avoid blurring the lines between personal (Instagram, Facebook) and business social media
• Use the company's official logos and branding
• Don't engage in internal personnel, salary or related conversations in public social forums
• Don't misrepresent your professional credentials, education or certifications; include your license
information in mortgage transaction-related messages
• Keep separate emails for personal and business communications
• Don't speak on behalf of your employer without permission
• Keep your social profile pages current (don't keep an expired affiliation in your profile)
• When in doubt, ask a supervisor
17
18. Policies are not self-policing!
So...you've adopted a social media policy for the company, and a separate but
consistent policy for employees. Now what?
Don't file it away and forget about it. Every effective corporate policy requires
monitoring and enforcement.
Policy + monitoring & archiving + enforcement = risk mitigation
18
19. Monitoring social media
Even the best-intentioned companies and employees can't assume everything will go as
planned. That's why social messages should be monitored regularly for compliance with your
adopted policy standards.
There are various ways to do this -- internal teams dedicated to reviewing social messaging,
algorithmic key word searches of employee messages, specialized software with social
reporting capability, and use of vendors specializing in "social media listening."
Consider Smarsh solutions for constructive ways to monitor social messages by your people,
or pertinent to your company. For more information, contact Scott Ferguson,
sferguson@smarsh.com
19
20. Don't just identify it, archive it
Eventually, you may be called upon to not only identify but produce records of your (and your
employees') social media activity, in response to a regulatory demand, consumer lawsuit, or for other
business purposes.
This is where social media archiving comes in...
For example, if you have to show that an employee's posts were monitored, following which the
employee was retrained in company policy, a claim of "negligent training" might be answered.
Properly archived social media may also provide a shield, for example, in a customer's lawsuit
falsely claiming racist, sexist or other "-ist" language was used in messages during the transaction.
Smarsh is an industry-leading provider of social media archiving solutions.
20
21. What rings the monitoring bells...?
And then what?
Some types of information should trigger alerts and may necessitate retraining or enforcement activity.
Obviously, highly confidential information like SSNs, offensive language, links to providers of unlawful or
obscene content, and trade-protected data fall into this category. But every enterprise will have its own
standards.
The company should remove such information as soon as possible, but further action may be required.
A social media policy must be enforced. Consequences must attend breaches, whether deliberate or
inadvertent, should be impartial (e.g., similar infractions lead to similar penalties), proportionate, and involve
the measure of due process that applies to other aspects of noncompliance with company policies.
The HR department is a necessary participant in the enforcement element of a social media policy, but
should not be the driver of the enforcement activity. That responsibility should remain with top management,
which will demonstrate the company's high-level commitment to social media compliance.
21
22. For further information…
For more tips on social media policy development in the mortgage
business, see my blogpost on the Smarsh compliance blogs at:
http://www.smarsh.com/blog/adopting-social-media-policy-12-essentials-
mortgage-lenders-brokers/
22