What Should I Put in My Company’s Social Media Policy?

Privacy & Data Security

It seems like someone is in the news for getting into trouble on social media almost daily. Many companies have adopted social media policies as part of their employment policies to help guide their employees’ behavior and prevent embarrassing mishaps. If you are considering a social media policy, here are some things to think over and include.

Trust your employees. You wouldn’t have hired them if you didn’t think they were reasonably intelligent adults. Don’t over-do your social media policy, particularly if you go into detail about rules for external communications elsewhere. One of my favorite social media policies is Best Buy’s: short, sweet, and to the point. You don’t want to anger or alienate your employees.

FTC regulations. There are a lot of them, but the ones most relevant to social media policies have to do with privacy (don’t disclose information that doesn’t belong to you) and disclosure of relationships (do disclose a relationship when you could have something to gain from your comments).

NLRB rulings. The National Labor Relations Board has been extremely active in regulating social media policies for the past few years, all on the theory that certain provisions might discourage protected activity. Make sure your policy doesn’t run afoul of any of these rulings.

Public companies. Social media is a must for public companies these days, but public companies are subject to special rules about what they can tell people and when. Remind your employees to think about those rules when posting on social media sites. A single thoughtless comment about what an engineer is working on at work can reveal a great deal more than s/he intended.

Regulated industries. If you are in a regulated industry, social media is not exempt from the requirements for your company’s communications. Remind your employees of this fact and make sure that you have the technology in place to support any documentation requirements.

Use during working hours. Companies approach this one in many different ways. Employees can use social networking as a valuable tool for creating and maintaining working relationships; or they can dither away time watching videos of cats. There can be some overlap there, too; finding that one has a shared love of cat videos with an important customer can solidify a working relationship. You need to take a look at your own company’s culture in deciding whether to restrict use of social media during working hours and on company equipment. Some common approaches are 1) the outright ban, blocking access from work computers (though you cannot physically/technologically prevent people from using mobile devices, without blocking all mobile signals); 2) the partial ban, allowing access only to selected sites or by selected employees who use social media as part of their jobs; or 3) the “use responsibly” policy, allowing employees to choose whether and when to use social media during working hours and on work machines, within reasonable limits.

Intellectual property. One area that your average employee likely does not have to deal with extensively in the normal course of business is intellectual property. Furthermore, the ways in which photos, videos, and so on, are shared on sites like Facebook, Twitter, and Pinterest has eroded the public sense of what is or is not acceptable practice under the law. Your policy may need to spell out the intellectual property practices of your organization, depending upon how and how often your employees have reason to come into contact with them.

Special concerns. You know your company. You know your industry. There are very likely one or two things that should be in your policy that are unique. You know what they are.

What does your company have in its policy? What else do you think a company should include in its policies?

7 Things You Must Know Before You Text Your Customers

Texting has become a more and more popular mode of communicating with business customers and potential customers. Texts are fast, easy, convenient, and your customers may even initiate the conversation. But there are many traps for the unwary lurking in the texting relationship. Here are seven things to consider before the next time you text with your customers.

You may have to have permission. The Federal Communications Commission has rules prohibiting unsolicited commercial text messages by auto-dialer. That’s quite a lot of jargon, so in translation: you cannot send text messages automatically to many people (let’s call those “mass texts”) that each customer did not give you permission to send. If you are trying to convince the people you are texting to purchase something (e.g., notifying them of a sale), that permission has to be in writing. If you are not trying to convince them to purchase something (e.g., notifying them that you have shipped their order), that permission may be either oral or in writing. The exception is emergency situations, when you may send mass texts without permission.

Emails sent to cell phones as texts are subject to CAN-SPAM. The Federal Trade Commission has rules governing commercial email messages that are sent to cell phones as text messages. You may not have even known that this was possible, but it is, and there are rules about how to do it right. You have probably already heard of the CAN-SPAM regulations. They say that if you send an email that is commercial (as opposed to informational or transactional), you must:

  • Not use false or misleading information about who sent the email.
  • Use subject lines that accurately reflect the content of the email.
  • Identify the message as an ad.
  • Provide a valid physical postal address.
  • Provide information about how to opt out of receiving future emails from you.
  • Honor opt-out requests within 10 business days.
  • Monitor what others are doing on your behalf—you are responsible for your vendors.

Emails sent as text messages must comply with both the FTC’s rules about content and the FCC’s rules about permission. Importantly, CAN-SPAM applies no matter how many email messages you send. Even a single email you send directly to an existing customer as a text message would be subject to the CAN-SPAM rule.

You have to include certain information. For plain old mass texts of the non-email variety, you should provide information about who is sending mass text messages and about how to stop receiving them. For emails sent as texts, all of the elements of CAN-SPAM compliance have to be included.

Direct texting is less complicated, legally speaking. If you are sending a text to a specific customer with information about something you are doing for the customer, the regulations discussed above do not apply, at least for now. Texting is a communication tool, and you can generally use it as a communication tool. This is true whether your customers are other businesses or individual consumers. That said, you may want to let your customers make the first move when it comes to texting; not everyone appreciates this mode of communication.

Texts can be saved forever. As with all written communication, consider that texts can be saved forever. Be conscious about what you put in writing.

Consider your timing. There are the obvious courtesies of not sending texts to your customers outside business hours unless they have initiated the conversation. Beyond that, make sure you do not send text messages at a time when you know your customers might be doing something where texting could be dangerous, such as driving. Bad timing could cause a tragedy.

Charges to your customers. Although cellular plans with unlimited texting have become ubiquitous, not everyone has this feature. Make sure you aren’t sending so many texts that you could cause a problem for customers who still use older plans. You don’t want to annoy or alienate them.

Updated to add Bonus #8: Beware misdirection. As with email, be very careful not to send a message to the wrong person.

What do you think? Do you text with customers? Has it been a good experience?

Updating Your Outdated Terms of Use

You just looked at your business website’s Terms of Use and Privacy Policy (I’ll use the word Terms to refer to both of them together) for the first time in ages and realized that they have been in place since the (first?) Clinton Administration. It’s time for an update. What do you need to consider?

Don’t copy and paste. Terms should be tailored to your website. Your site will need different terms depending on whether you accept posts from users, how you want users to be able to use the site, what kinds of information you collect from users, whether you wish to allow sharing, and more. If you merely find a website similar to your own and copy its Terms, you risk creating Terms that you do not wish to bind your users, let alone your business.

Follow any requirements for your industry. If you are in an industry that is subject to regulations, you should make sure that your site’s Terms allow you to follow those regulations. For example, some industries are required to keep certain records about customer interactions for a certain amount of time. Make sure that your Terms disclose that you are keeping those records, and for how long.

The FTC regulates privacy policies. The Federal Trade Commission has been very aggressive about enforcement of privacy policies for the past few years, and it updates its regulations fairly regularly. Make sure your attorney looks at the latest regulations in drafting your Privacy Policy.

State laws. If your website is aimed at residents of more than one state, make sure you are complying with the laws of every state you are doing business in. California has generally been the most aggressive state in terms of legal regulation of website Terms.

Consider your timing. Pinterest has recently become a very popular site. If you want to, for example, update your Terms to allow you to share your users’ content via Pinterest, you will have to choose your timing carefully. If your current Terms do not grant the license needed for such sharing, you will need to make sure that your users are bound by your updated Terms before you add a “Pin It!” button or other means of sharing to your site. Otherwise, you may be risking a law suit for facilitating the violation of your users’ copyrights.

Inform your users of the update—email them if you can. It has become more and more common for websites to provide some notice before changes to their Terms go into effect. One might even say it is swiftly becoming a standard practice in the industry, especially for social sites. Facebook has a Site Governance Page where users can learn about and weigh in on changes before they are made. Pinterest gave its users more than two weeks’ notice, both by email and by notice on the Pinterest website, that it was going to make changes to its Terms of Service (and still makes the old terms available on the site in case users want to know how they have changed). Google gave users more than a month to review the changes it made to the Terms for its many services, informing them via pop-up when they visited a Google site as well as via email. If at all possible, you should take similar steps to inform your users of your changes. You don’t want your business to be left behind, if for no other reason than your users will expect this level of service.

Updating your Terms requires some consideration, but can be a painless process with the proper planning.

Introducing the Socratic Guide

Today, I’d like to share a project I have been working on for a while: the Socratic Guide. It is a blog that provides basic information about legal concepts. It is designed to give you the background information you need before you talk to your lawyer. There is no reason for you to spend hundreds of dollars getting basic background information before you can even get into the meat of your specific legal issue; it is a waste of your time and your money. The Socratic Guide aims to provide that basic background information so you can walk into a conversation with your lawyer and go straight to getting advice about your specific situation.

The Socratic Guide is starting out with Intellectual Property and moving on from there. Please check it out and let me know what you think. If you have suggestions for topics the Socratic Guide should cover, please let me know. I’d love to get your feedback either by commenting here or by sending me an email.

Congress Gets Serious About Defending Trade Secrets

The Defend Trade Secrets Act (DTSA) has been slowly wending its way through Congress, and it is looking as though it has a good chance of becoming a law at this point. It has bipartisan support and has now passed the Senate 87-0. It is now being considered by the House of Representatives.

Currently, there are two levels of laws governing trade secrets, and they have very different benefits for trade secret owners. The federal law is a criminal law that focuses on preventing international espionage. At the state level, the Uniform Trade Secrets Act (PDF), which has been adopted by most of the states, is a civil law. It focuses on providing monetary and injunctive remedies for trade secret owners who have experienced or may soon experience trade secret theft, regardless of the source. Some states also provide for criminal penalties. The end result is that most companies that are not operating in either agriculture or high technology (two areas particularly susceptible to international espionage) rely on a patchwork of state laws to help them protect their trade secrets.

What does the DTSA do, exactly? It creates, for the first time, a private cause of action for misappropriation of trade secrets at the federal level. This means that trade secret owners will be able to sue for trade secret violations in federal court rather than in state court, which will in turn create a more uniform treatment of trade secrets nationwide.

This bill will benefit most, but not all, trade secret owners by opening up a federal forum for litigation. This is because the federal law applies only to trade secrets that are currently used, or intended to be used, in interstate or foreign commerce. (Congress has the authority to regulate interstate, but not intrastate, commerce under the Constitution.) If your business is small enough that it operates only within one state, and you cannot make a showing that you have some effect on interstate commerce, you are stuck with whatever body of law your state has in place about trade secrets. The states generally have broadly diverging case law despite the near-uniformity of the statutes. And if you are in one of the states that hasn’t adopted the Uniform Trade Secrets Act, you might not like the outcome; older laws tended to be very skeptical of trade secrets as a form of intellectual property. All that said, at least you know what you have to do to protect your trade secret because the laws of only one state apply; the federal bill, if it becomes law, offers that kind of reassurance to businesses that operate in more than one state.

If the bill becomes law, it will create a more stable atmosphere in which to do business, as it will be clearer what constitutes a “reasonable” level of protection for a particular type of business or type of trade secret. If your business relies heavily on trade secrets and you like the idea of uniformity, this is a good time to contact your House of Representatives delegation and let them know that you support the Defend Trade Secrets Act.

What do you think? Would you rather be able to sue in federal court for trade secret violations, or are you happy with the current “50 ways of doing things” setup?