Over the years I’ve discussed social media strategy with quite a few executives from large organizations. It’s no wonder so many approach social media with caution. They’re well aware of worst case scenarios, and as a byproduct, the majority of executives today still hesitate to play a highly visible personal role in social media, despite the best efforts of evangelists such as myself to drag them kicking and screaming into the 21st century.
Nonetheless, every major brand now recognizes the opportunity and necessity of engaging in social media conversations. And none that I know of are still relying exclusively on interns or just-out-of-school new hires to manage their programs. Projecting a brand presence into social media is a serious undertaking that requires communication skills, a certain amount of finesse, and common sense. This is where training and coaching come in, which is a topic for a future blog post, along with crisis preparation, which is the topic of a post I wrote that was published today in the Trapit blog.
This incident yet again raises titillating, frustrating, hair-raising issues about how personal social media use can affect employment status. But let’s focus on just a couple of issues in this post to keep it down to a decent length.
Is it illegal in the US (note: the firing mentioned above happened in the UK) to fire employees for expressing an honest criticism of their employer? No, usually it’s not illegal. US employers can fire “at-will” employees for any reason except for their race or gender and certain other protected categories. Criticizing the boss for making too much money? That’s not protected. Walk right up to your boss and tell them to their face that they’re overpaid? Rent a billboard or buy a newspaper ad telling the world that your boss is overpaid? Post it to the Internet? Proclaim it loudly in a bar or lunch room where someone who might repeat it to your boss might hear it? No difference: no protection.
So if this is so obvious, then what happened here? If this was such a big mistake, why did the employee commit it? Why does this sort of thing happen, and keep happening daily, whereever there is social media? Unless you believe that CEOs everywhere will now seek to limit their own pay to avoid negative publicity, it’s pretty clear that there were no winners in this situation. Nobody gained from the combo of Facebook post and termination in this story. The CEO, Corporate Communications, and everyone else on down the line surely regret this ever happened–although probably not as much as the person who was fired.
Why did it happen? Because employed folks, even highly trained professionals, frequently don’t digest how these things work, even when there are workplace rules about social media. It’s not that employees aren’t capable of learning, there are just too many old habits for the “blah blah blah” of social media policies in the workplace to make much of a dent. Case in point for people working in the US: raise your hand if you’ve ever noticed the (mandatory) OSHA and FLSA posters that employers (even white collar employers) are required post where everyone can see them (often in a break room). OK, not many hands. Now, what topics are covered on those posters? OK, now put your hands down if you aren’t an employee relations specialist (from HR or Legal)? Don’t be shy, raise them high. Any hands still up? So here’s the point: legalese doesn’t click with people. It doesn’t change behavior. And without any reason not to, people just do what comes naturally. They’re used to conversations with friends being (mostly) consequence-free, so they assume their social media posts will be consequence-free also.
Letting your friends know over lunch what you think of the boss? Unlikely to lead to termination. There aren’t very many listeners at one time, and they are face to face, such that listeners feel personally responsible for how they handle the information. Meanwhile, listeners feel more inhibited about “telling” on their friends, because they sense that they are being trusted to keep silent, and/or they realize they might get caught.
Letting your friends know what you think of your boss on the Internet? On the talking end it feels the same to most people as if they are talking to their friends in person. But in fact it is much more likely to lead to consequences, up to and including termination. There are more listeners, sometimes hundreds, encouraging individual listeners to feel anonymous and unaccountable. And listeners feel less inhibited about passing on the information, if only because they’re less likely to get caught—it’s more like repeating something you read in a newspaper that’s available to everyone.
In addition, more and more companies are investing in progressively more detailed social media monitoring technology which makes it increasingly likely that companies will discover employee criticisms even without hearing about it from other employees.
Thus there is a gaping chasm between the tendency of people to share secrets in social media, as they would in person, and their lack of expectations of negative consequences.
Probably our children will grow up with a better understanding of this dynamic, but what’s the solution for the current workforce–on the Corporate side?
Education and training. Posting an employee policy isn’t enough. Stimulating the exercise of good judgment is the solution. Companies need to send a steady, consistent stream of information about this. It’s about building a self-maintaining culture, not about legalese. A clear, concise policy is first. Training is second. An information campaign, including horror stories about what NOT to do, is next. Then, ideally, peers and even bosses give feedback to individual employees about what behavior is acceptable and what isn’t. By way of analogy, people don’t learn to play football by reading the rules of the game. They watch others, they practice, and they get coaching.
Proactive businesses won’t wait for widely publicized employee terminations, with collateral damage in the forms of negative publicity and massive internal distraction, to get the message about social media across to their employees.
What do you think? What’s the problem we’re facing, what solutions are best? What’s fair?
I had coffee this week with someone knowledgeable about guidelines for managing comments posted by customers of Amazon.com’s Marketplace program. For anyone not already familiar with Marketplace, it ‘s roughly Amazon’s version of eBay. Independent Sellers sell their goods (new as well as used) on Amazon.com alongside Amazon’s own items. Items offered by Marketplace Sellers come up in product search results and can be reviewed like other products. Payments are processed through Amazon’s usual checkout. And in many cases fulfillment (boxing, labeling, and shipping the goods) is handled by Amazon.
So here’s where community comes in: also akin to eBay, and roughly analogous to BizRate.com, Amazon allows customers to evaluate the performance of Sellers in the Marketplace via both a rating (1 to 5 stars) and comments. This level of transparency with respect to Sellers no doubt reassures customers uncertain about purchasing from someone they’ve never heard of before. And of course, it also enables Amazon to monitor Sellers and take appropriate action, like terminating Seller from the Marketplace program, when merited.
The part I want to focus on in this post is when Sellers receive customer comments they don’t like. Sellers don’t have the power to edit or delete comments, but they can complain to Amazon. At which point someone at Amazon has to decide whether or not to remove the comments being complained about. (Apparently comments are never edited, they are either left as-is or deleted.) So how is this decided?
This question hearkens back to my earlier post entitled When to delete posts to your company’s Facebook page in which I roughly outline the concept of maintaining a consistent editorial policy for a company’s Facebook community that reflects fans’ tastes as well as the company brand.
Not surprisingly, Marketplace comment guidelines are worked out in a way that can be applied consistently to a wide range of Sellers and situations by community management staff (this is too big a job for one person). As in any community, fairness, or at least a credible attempt to achieve fairness, is a precious commodity. If either Sellers or customers believed that problems were being covered up, or that community rules were being applied arbitrarily, it could not only damage the MarketPlace brand but Amazon’s core brand as well.
In essence, the guidelines seem like a good attempt to strike a balance between the interests of customers and Sellers in a way that naturally enough puts Amazon in the best possible light by shielding the community from inappropriate or irrelevant posts while exposing potentially legitimate customer concerns.
Examples of comments that qualify a comment for deletion:
Comments containing obscenities (I tend to euphemistically call this “inappropriate language”).
Comments containing personal attacks against the Seller.
Comments concerning the product being sold rather than the Seller who sold it.
Examples of elements that don’t qualify for deletion:
Comments claiming that a product didn’t match its online description (which could indicate a mistake or misrepresentation by the Seller).
Comments concerning the condition of the product — except when fulfillment was provided by Amazon. (This last I found a bit curious. Amazon allows criticism of Sellers but vetoes criticisms of itself? But I didn’t get any details about how complaints about Amazon’s fulfillment might be handled otherwise.)
When situations arise that don’t clearly fall within the guidelines, front line community management staff are instructed to escalate complaints to higher levels of authority. Ideally this helps both manitain consistency and set the right precedents. (By way of comparison, see my post concerning Coca Cola’s 3-tiered social media policy – Coke’s social media policy for 1 million associates: a good template – wherein level 2 “social media certified spokespersons“ are instructed to refer issues to level 3 “subject matter experts” whenever how to proceed isn’t clear.)
Kudos to Amazon. This setup isn’t earth-shatteringly innovative, but it just makes sense.
Full disclosure: I do not participate in Marketplace, and have no Amazon.com product links on this site as of this post date, but I am a member of Amazon’s affiliate program and receive a small fee when people click through and buy books I’ve reviewed on other sites.)
Coca Cola’s recently released social media principles are noteworthy as well as easy to grasp.
In my experience few people, whether upper level managers or entry level employees, will pay much attention to long, complicated, legalistic rules. Thus it is well that Coke’s principles are short and simple because they are meant to guide more than a million employees associated with its extended business empire across 206 countries.
Coca Cola’s new online social media principles define three hierarchical levels of responsibility for its workforce: designated subject matter experts; social media certified spokespersons; and everyone else. Those not certified as spokespersons may not speak on behalf of the company. Certified spokespeople may speak in the company’s name but must refer difficult situations to subject matter experts. The principles apply to all employees but only appear to provide complete guidance to non-certified employees.
You can see Andy Sernowitz’s recent interview with Coke’s Adam Brown about the policy via this two-and-a-half minute YouTube video (highly recommended – short and sweet: nice work Andy). My analysis of the policy and Adam Brown’s commentary is below.
Features of Coke’s policy include:
it’s short–only 3 pages long, single spaced–which means everyone in the company can reasonably be expected to read it and take a shot at understanding how it applies to them;
it pushes responsibility for using good sense down to the individual employees, whether acting personally or on behalf of the company;
it mandates completion of standard (“certified”) training for employees designated as “spokespeople” who are empowered to post to social media on behalf of Coke; and
it represents the extended cooperative effort of marketing, HR, ethics and compliance, and legal departments at Coke.
The policy also:
bans fake posts and sites, and mandates disclosure of any compensation associated with reviews by bloggers;
mandates protection for consumers’ private, personally identifiable information;
requires recognition and respect for others’ intellectual property;
bans partnering with online scammers;
requires the same standards for employee behavior when online as when appearing in public with respect to words and actions that might violate laws (like insider trading) or tarnish the company reputation;
invites employees to forward negative online references to the proper department at Coke, while prohibiting them from responding personally unless they have been properly designated; and
delicately reminds employees not to share company secrets with friends and family online.
In addition, company representatives “certified” for social media, who are empowered to post on behalf of company online, are required:
to disclose their affiliation with Coke (they can’t pretend to be unaffiliated – see “fake posts / sites” above);
to keep a record of their posts;
to step back from matters they have doubts about and refer them to the “online relations” department; and
not to take credit for others’ ideas (related to intellectual property protection, above).
I give Coke’s policy an “A-” for comprehensiveness, simplicity, and clarity, with a point off for relying on additional policies and processes that are outside of this document, namely, Coke’s “Code of Business Conduct” that is applicable to personal behavior whether or not employees are online, plus of course the whole certification (training) process, whatever that entails.
The only fluff in the three pages was a single bullet point exhorting the benefits of utilizing best practices, listening to the online community, and following regulations, a vague catchall. This document is meant to be the unified source of guidance for all employees. The majority of the employees who will be asked to abide by these principles can’t reasonably be expected to research, draw conclusions from, and act independently based on their understanding of industry best practices, online community chatter, and government regulations. It’s just too much of a departure from their day to day jobs. That level of responsibility is better left to the relatively few certified spokespeople and ultimately the subject matter experts in their online relations department, who have accepted or even sought out this responsibility as part of their jobs.
If anyone knows of other examples of cutting edge social media principles, particularly near my home base (Pacific NW), please let me know!
I recently attended an interesting presentation by Veronica Belmont, a.k.a. @veronica (yes, she’s a Twitter early adopter) who is a celebrity in the online gaming sphere and has over 1.5 million followers on Twitter.
Her presentation was wonderfully succinct. Her (surprisingly) short slide presentation was useful while concise. Which left plenty of time for Q&A, where again she was succinct. For example, despite being on stage with a microphone and license to babble on, she answered several questions with a single word. Words like “yes,” “no,” and “hyper” (the latter being the quality needed for an effective online community manager).
Even so, @veronica says it takes her 4 or 5 hours a day to manage her social media. Of course, this is a major part of her job, and she’s a new media superstar to boot. The average individual doesn’t need to spend so much time on social media (more in a future blog entry). But for customer-centric companies it makes sense to have someone whose job it is to spend plenty of time engaging with customers.
For example, someone recently asked me how Zappos.com can afford to allow its customer service reps to spend virtually unlimited time with each customer (in one instance apparently someone spent 90 minutes just chit chatting with an elderly customer). I laughed and said: Zappos can’t afford not to. Customers will pick up on the vibe customer service reps are giving off. Customer service reps will give off the vibe they are given by their managers…who give off the vibe set by corporate management. Zappos’ vibe is to love the customer, for real.
Let’s face it, customer service reps aren’t professional actors. And even if they were, let’s consider method acting for a minute. I’ve read that Jim Carrey drives people around him crazy by being “in character” for weeks at a time when shooting a film. In other words, its hard to turn good, emotionally genuine acting on and off.
So as I see it, Zappos had a choice. Amazing customer experience: “on” or “off”. They’ve chosen “on,” and their customers have chosen Zappos. Which is part of why Amazon.com bought Zappos a few months back for close to a billion dollars.
The FTC has announced new guidelines which concern “endorsements” by bloggers (21 of the document’s 81 pages have some direct reference to blogs or bloggers). If I understand correctly, under the guidelines which become effective December 1, 2009, a blogger can be fined for failing to reveal that they received payment or kept an object they were given to review–even a book–if they publish a review of the item or the company that made it.
Three points:
First, we all (not just bloggers, but everyone) should just do this anyway. Your credibility will suffer if you endorse something to me and I find out later that you received something of value from the folks you endorsed, whether or not YOU think it influenced you! So FTC or no FTC, this is a good reminder about minimum ethical standards for communicating about products and services.
Second, there is a lot of confusion about the power the FTC is packing behind these new guidelines. To vastly oversimplify the US regulatory system: this thing that we’re talking about isn’t part of the Constitution (obviously), Federal Statutes (passed by Congress) or Federal Regulations (passed by individual Federal Agencies). It’s more of an announcement by an agency, the FTC, clarifying how they intend to interpret and enforce the laws and regulations that already exist in this realm. Keep in mind that until the FTC actually goes after someone citing this guideline, and their enforcement action challenged in Court, its implications are murky. And in the mean time the FTC can simply change its interpretation or otherwise enforce this (and related) principles in a wide variety of ways.
So I’m predicting that these guidelines won’t be featured in any enforcement actions any time soon. But I’m hoping that any bloggers (and non-bloggers) who aren’t disclosing their relationships with the products and companies they review take the hint and begin doing so!
(By the way, these guidelines are by the FTC, the Federal Trade Commission, who are responsible for consumer protection, not to be confused with the FCC, the Federal Communications commission, who are responsible for regulating communication via radio, television, wire, satellite and cable, and are central to the “net neutrality” debate.)
As an enthusiastic user of SaaS (“Software as a Service”) applications, I’ve increased my own productivity via the cloud. But while wearing my Information Governance hat I see companies becoming sensitized to information control and risk management issues arising from SaaS use. In particular:
Company intellectual property (“IP”) frequently leaks out through employees’ SaaS use, often when subject matter experts within a company naively collaborate with “colleagues” outside the company; and
Company information may be preserved indefinitely rather than being deleted at the end of its useful life, thus remaining available for eDiscovery when it shouldn’t be.
Productivity versus control over IP and information lifecycle management
To illustrate these concepts, I’ll describe a bleeding edge cloud service I recently ran across that could cut both ways, producing both impressive productivity gains and control threats. It’s the as-yet-unreleased Pi Corp “Smart Desktop” project from EMC’s Decho unit, based here in Seattle. Decho is best known for its Mozy online backup solution, but it also provides a home for Pi Corp which ex-Microsoft executive Paul Maritz founded and lead for six years before it was purchased by EMC and added to Decho in 2008. (Maritz was since tapped to take over the CEO position at EMC’s VMware subsidiary.)
Pi Corp’s Smart Desktop project is described by EMC’s CTO Jeff Nick in this video taken at EMC World last year. In a nutshell, Smart Desktop is meant to:
provide a central portal for all of an individual’s information collected from all of the information sources they use;
index and classify that information so it can be used more productively, for example, when a user begins performing a particular task the user will be prompted with a “view” (dashboard) of all of the information the system expects they will want, based on the user’s past performance and the system’s predictive intelligence algorithms;
“untether” information so that it is available to the user from any of the user’s devices, including mobile devices, and interchangeable across different sources; and
enable secure sharing such that people can share just the information they wish to share with those they want to share it with.
Once I’ve had a chance to evaluate Smart Desktop I’ll take a harder look at its Information Governance implications. Problems could arise for employers — albeit through no fault of Decho — if Smart Desktop (or Mozy, or another file sharing service, for that matter) is used by employees to share their employers’ IP with people outside of the company, or people within their company who have not been properly trained and cautioned about maintaining IP security. Similarly, if Smart Desktop (or Mozy, or another SaaS) enables employees to preserve company documents beyond their deletion dates, or to access company documents after they are no longer employees, this could prove difficult in eDiscovery or IP secrecy scenarios, where such information could become a costly surprise late in the game.
But for now I’ll presume that because Decho’s parent EMC has a strong Information Governance focus, Decho will ultimately provide not only the access controls that they currently envision, which will enable secure sharing across devices and users, but also group administration features that make it possible for companies to retain control over IP and information lifecycle management. In particular, I predict Decho will provide dynamic global indexing of information which enters any user account within a company’s user group, thereby making company information easy to find, place holds on, and collect for eDiscovery. I also predict Decho will offer document lifecycle management functionality, including automatically enforced retention and deletion policies.
And while I’m making a Decho wish list, two more items:
In sum, companies concerned about information control and risk management issues arising from SaaS use should consider:
What cloud backup, synchronization and collaboration services are employees using, and how are they using them?
What obligations has the company clearly spelled out for employees, in employee manuals or individual employment contracts, regarding their use of these services?
What network management options does the company have, or could it obtain, for logging, monitoring, controlling, or blocking transfer of company information to such services?
If the way employees are using these services now poses an unacceptable risk, how can employees be moved to safer services?
From a business perspective, information should be handled like property. Like assets or supplies, information needs management.
Companies set policies to govern use, storage, and disposal of assets and office supplies. Companies also need to make and enforce rules governing electronically stored information, including how it is organized (who has access and how), stored (where and at what cost), retained (including backups and archives), and destroyed (deletion and non-deletion both have significant legal and cost consequences). These policies must balance the business, legal and technical needs of the company. Without them, a company opens itself up to losses from missed opportunities, employee theft, lawsuits, and numerous other risks.
An asset management policy is in place. Roles and responsibilities have been assigned for maintaining the value of the asset.
Some information is analogous to company ASSETS. For example, let’s suppose a certain sales proposal took someone a week to write and required approval and edits from four other people plus 6 hours of graphics production time. An accountant isn’t going to list that proposal on the company books. But it is an asset. It can be edited and resubmitted to other potential customers in a fraction of the time it took to create the original. Like the machinery, furniture, or hand tools used to operate a business, company money was spent obtaining this information and it will retain some value for some time. It should be managed like an asset.
Some information is analogous to OFFICE SUPPLIES. For example, a manager spends a number of hours customizing a laptop with email account settings, browser bookmarks and passwords, ribbon and plugin preferences, nested document folders, security settings, etc. That customization information is crucial for the manager’s productivity in much the same way as having pens in the drawer, paper in the printer, staples in the stapler, and water in the water-cooler can be important for productivity. Productivity will be lost if it is lost. That information needs to be managed just as much as office supplies need to be manged.
From a business perspective, when company information is lost or damaged, or when users are under or over supplied, it is no different from mismanagement of company assets and office supplies.
Setting an information policy means:
identifying information use and control needs;
making choices and tradeoffs about how to meet those needs; and
taking responsibility for results and an ongoing process (setting goals / taking action / measuring progress / adjusting).
Information governance policy is an on-going process for managing valuable company information. All of the stakeholders – in particular, business units, IT, and Legal – must collaborate in order to draw a bullseye on company information management needs. The right people in the organization must be charged with responsibility for getting results or for making changes needed to get results.
Without a doubt, it takes time and money, and requires collaboration, to develop a “policy.” But we’re all accustomed to this type of preparation already. Let’s look at simple, familiar professional standards for just a moment:
Software developers test software on actual users and correct bugs and (hopefully) mistaken assumptions before releasing it. Avoiding these steps will undoubtedly lead to loss and possibly bankruptcy.
Attorneys meet with clients before going to trial to prepare both the client and the attorneys. If they don’t they risk losing their clients millions, or getting them locked up.
Advance preparation is as essential in information management as it is in software development and trial practice. Simply ignoring the issue, or dumping it on one person or a single department (like IT or Legal) can be very costly. Avoiding the planning component of information management is like putting in only 80% of the time and effort needed for the company to succeed. Avoiding 20% of the time and effort doesn’t yield a “savings” when the outcome is failure, as when an employee steals documents, essential information is lost when a building with no computer back-ups burns down, or old documents which would have been deleted under a proper information governance policy turn up in a lawsuit and cost millions.
Information policy does NOT flow from any of the following all-to-common realities:
The first meeting between the Legal Department and the new eDiscovery vendor is also the first meeting between Legal and IT (true story);
Ever since a certain person from the General Counsel’s office was made the head of corporate records management, no one in IT will talk to that person (true story);
Thousands of backup tapes are preserved indefinitely – kept on “litigation hold” — because some of the information on some of the tapes must be preserved, and no one has worked out whether to save or delete the rest of the information (true story) (see also Sean Regan’s comments to the previous post https://bruce2b.com/2009/04/20/tape-indexing-breathes-life-into-tape-storage/#comment-11).
Information management technology alone, without a company-specific understanding of the problems that the technology is meant to solve, is not a recipe for success. A recent article by Carol Sliwa, published by SearchStorage.com (April 22, 2009), offers a detailed look at issues surrounding efforts to reduce storage costs by assessing how information is being used and moving it to the least expensive storage tier possible.
The article has some powerful suggestions on developing information policy. First, Karthik Kannan, vice president of marketing and business development at Kazeon Systems Inc.:
“What we discovered over time is that customers need to be able to take some action on the data, not just find it…. Nobody wants to do data classification just for the sake of it. It has to be coupled with a strong business reason.”
“In order to really realize and get the benefit of data and storage classification, you have to start with a business process…. And it has to start from conversations with the business units and understanding the needs and requirements of the business. Only at the end, once you actually have everything in place, should you be looking at technology because then you’ll have a better set of requirements for that technology.”
It takes time, money and cooperation between departments that may have never worked together before to develop a working information governance policy. But that is not a reason to skip — or skimp on — the process. Companies need to protect their assets and productivity, and information governance has become an essential area for doing just that.
A good topic for a future blog post will be a review of the technology that might prevent this from happening: a recent study revealed
“Of about 950 people who said they had lost or left their jobs during the last 12 months, nearly 60 percent admitted to taking confidential company information with them, including customer contact lists and other data that could potentially end up in the hands of a competitor for the employee’s next job stint.
….
“Most of the data takers (53 percent) said they downloaded the information onto a CD or DVD, while 42 percent put it on a USB drive and 38 percent sent it as attachments via e-mail….”
Symantec, who commissioned this study (and which through a string of acquisitions has become a major vendor in the information management realm), just happens to be one of a number of software vendors who provide DLP (“data loss/leak prevention/protection”) solutions that can inhibit this sort of thing.
I’m not an advocate for “big brother” work environments because I think there can be a strong relationship between genuine trust and employee productivity and creativity. Nonetheless, I have to admit that employees who are convinced that they will be held accountable for what they do with company information will be more conscientious about how they handle it.
Yet another topic for a future post will be examining how important information is misplaced when employees shift to new projects, positions, or companies.
Nonetheless, every major brand now recognizes the opportunity and necessity of engaging in social media conversations. And none that I know of are still relying exclusively on interns or just-out-of-school new hires to manage their programs. Projecting a brand presence into social media is a serious undertaking that requires communication skills, a certain amount of finesse, and common sense. This is where training and coaching come in, which is a topic for a future blog post, along with crisis preparation, which is the topic of a post I wrote that was published today in the Trapit blog.
Symantec, who commissioned this study (and which through a string of acquisitions has become a major vendor in the information management realm), just happens to be one of a number of software vendors who provide DLP (“data loss/leak prevention/protection”) solutions that can inhibit this sort of thing.
bruce2b 