Managing Risk in the Digital Era: Checklist Guidance for HR Professionals

Managing Riskin the Digital Era: Checklist Guidance

Courtney Shelton Hunt, PhDJune 25, 2014

Copyright © 2014, Courtney Shelton Hunt - all rights reserved2

About the SpeakerCourtney Shelton Hunt, PhDCourtney is the Founder and Principal of The Denovati Group and an international consultant, speaker, teacher, and writer. Her background in business development, communications, human capital management, information technology, and academia, combined with her business acumen, enables her to provide a unique holistic perspective and strategic leadership to organizations.

The Denovati Group enhances the success of individuals and organizations in the Digital Era through thought leadership and guidance, research, consulting and training services, and by facilitating a professional community that fosters the sharing of information and best practices. These objectives are accomplished primarily through:• SMART Resources (including the SMART Blog)• Denovati Solutions• SMART Courses

2

http://www.linkedin.com/in/cshunt312


From the ProgramWorkplace Application: This session will help you manage Digital Era risks over the long term beyond simply creating and implementing a social media policy.

Summary: You need to be prepared to manage the risks associated with operating in the Digital Era regardless of whether social media and other digital technologies are part of your organization’s strategic agenda. It is critical that you ensure your policies reflect Digital Era realities and that employees and managers understand not just the “new” rules, but also how “old” rules apply. Balancing legal, business, and relationship perspectives, this session provides an overview of general legal considerations and offers specific guidance to evaluate and update your policies, communicate changes and provide necessary training.

Disclaimer: I am not an attorney

Before and After…


MANAGING RISK IN THE DIGITAL ERA

http://www.wikipedia.org/

http://www.blogger.com/

http://delicious.com/

http://www.digg.com/

http://www.facebook.com/

http://www.flickr.com/

http://www.linkedin.com/

http://www.myspace.com/

http://www.ning.com/

http://www.reddit.com/

http://www.stumbleupon.com/

http://twitter.com/

http://www.wordpress.org/

http://www.youtube.com/

http://www.ebay.com/








No One is Exempt Every organization needs to think about and be

prepared to manage the risks associated with operating in the Digital Era

It doesn’t matter:– Whether social media is part of the organization’s strategic

agenda

– If the organization itself has any deliberate digital presence

– How large the organization is, whether it’s for-profit, BtoB or BtoC, or which industry or sector it operates in

– How the organization’s leaders feel about social media and other digital tools



Current Realities

But…– There is no simple solution or

“one size fits all” approach– A “fix-it-and-forget-it” strategy is

one few organizations can afford

Managing Digital Era risks is part of the cost of doing business, and managing them well can be a competitive differentiator, in both the economic marketplace and the war for talent


Current Best Practices Include… Recognizing that policies and guidelines

have to be customized to match the culture and operating characteristics of the organization

Involving representatives from multiple functional areas to develop those policies and guidelines

Providing interactive training for employees to ensure they understand their rights and responsibilities

Reviewing policies and guidelines at least annually to ensure they’re current


However, … Most organizations – even those that are highly

engaged with social media and other digital technologies – are not addressing Digital Era risks as comprehensively or deeply as they could or should

They are effectively “uninsured” or “underinsured”


Social media is “just” a communications toollike

A nuclear power plant is “just” a way to turn on the lights

The “Obvious” Risk: Social Media


Social Media Policies:Necessary but not Sufficient

An organization’s employment policies reflect Digital Era realities

Both employees and managers understand not just the “new” rules, but also how “old” rules apply in the new era

External stakeholder engagement is well managed

Drafting and implementing a social media policy should be considered part of a larger effort to ensure that

OUTCOMES:HOLISTIC, SYSTEMIC, INTEGRATIVE


What’s Your Strategy? Determine your overall strategic approach to

leveraging digital technology for both internal and external purposes– Email and the internet– Social media– Mobile devices (phones and tablets)

This strategy lays a foundation for understanding the necessary changes to existing policies, guidelines, and agreements


Covering the Basics I Develop a social media policy for

all employees Review/revise all operational and

employment policies to reflect Digital Era technologies (both hardware and software) and realities

Some experts suggest that employers separate their digital media policies from other employment policies


Covering the Basics II Update your organization’s Code of Conduct

and/or Ethical Guidelines Craft social media guidelines for employees

who interact with outsiders and/or represent the organization via social media channels


Commercial Law Considerations Regulations regarding– The protection of trade secrets– Proprietary and confidential information

Copyright, trademark and intellectual property protections

Laws of agency

Regulatory Requirements Security and Exchange Commission

(SEC) regulations Financial Industry Regulatory

Authority (FINRA) guidance on social networking websites and business communications

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules

Federal Trade Commission (FTC) rules regarding identity and affiliation disclosures, disclaimers, and endorsements


Labor & Employment Law

Non-solicitation and non-compete laws

Distracted driving rules Anti-discrimination laws Anti-harassment laws Defamation laws Fair Labor Standards Act

(FLSA)Copyright © 2014, Courtney Shelton Hunt - all rights reserved18


The NLRA and NLRB


Policies vs. Guidelines Policies– Well-defined rules about what individuals can and

cannot do, many of which can be linked to federal or state laws

– Generally apply to ALL employees, regardless of whether they interact with the public using social media as part of their job responsibilities

Guidelines– Expectations for behavior that may not be as easy to

define or enforce– Generally created to guide the behavior of employees

who interact with outsiders using social media as part of their job responsibilities


Policy & Guideline Examples IBM– Respect copyright, fair use and financial disclosure

laws (P)– Don't provide IBM's or a client's, partner's or

supplier's confidential or other proprietary information (P)

– Be the first to correct your own mistakes (G) Dell– Be transparent and disclose (P)– Be nice, have fun and connect (G)


Policy & Guideline Examples Walmart– Do not say you speak for the Company without

express written authorization from the Company to do so (P)

– Stay on topic (G) Nordstrom– Do not post any merchandise pricing information

or comparisons (P)– Be a good listener (G)


Policy & Guideline Examples Vanderbilt University– [Staff may not use] Vanderbilt-owned data or work

product for personal gain (P)– Separate personal from professional (G)

Mayo Clinic– You must maintain patient privacy (P)– Ensure that your social media activity does not

interfere with your work commitments (G)


Other Legal Considerations Update legal documents to reflect

Digital Era technologies and realities– Employment agreements (e.g., non-

compete agreements)

– Other legal documents (e.g., non-disclosure agreements)

Address “ownership questions”– Related to social media accounts,

content, and digital networks

– Particularly with key agents (e.g., officers, development professionals, marketing and sales folks)

Mama and Papa Snay won the case

against Gulliver. Gulliver is now

officially paying for my vacation to

Europe this summer. SUCK IT.


Don’t Forget To… Determine a fair and consistent

(and realistic) approach to monitoring, enforcement, and discipline

Create and/or update user agreements and guidelines for the intranet and other internal systems – especially those that include 2.0 features and functions


Remember Outsiders Too

Incorporate social media and digital technologies into your general crisis management plans and develop a specific crisis management plan for your digital properties

Create posting guidelines and moderation rules for outsiders who may engage with your organization via one of its social media channels

PROCESS


Guiding Principles Be proactive in managing Digital Era risks rather

than waiting for a threat or crisis to force you to reactively develop and implement a hasty solution

Thoughtfulness and thoroughness are important, but time is also of the essence

Proceed with “mindful flexibility,” which requires– Being both strategic and goal focused, as well as

adaptable– Emphasizing procedural efficiency as well as

effectiveness


Process Steps Create a policy team Develop a project plan and

guidelines Review, refine, and create

policies, guidelines, legal agreements, etc.

Provide training and ongoing communication

Lather, rinse, repeat


Create a Policy Team I

Involve multiple stakeholders from relevant functional areas:– Externally-oriented groups: marketing, sales,

public relations, customer service– Internally-oriented groups: human resources,

knowledge management, IT, organizational development, learning & development

– Both: in-house counsel


Create a Policy Team II

Employ outside experts who can provide sophisticated guidance from various perspectives:– Social media and other digital

technologies– Federal and state laws and issues (and

perhaps global too)– Business development– Human capital management


Project Plan and Guidelines I Set clear deadlines so you don’t get bogged

down by bureaucracy and semantic arguments

Coordinate the policy/guidelines initiative with other social media development and implementation initiatives


Project Plan and Guidelines IIIdentify overarching principles, goals and objectives that will provide a framework for revision efforts and reflect:– Industry and nature of the business– Strategic priorities (both in general and in relation to social

media)– Guiding values (including ethics)– Cultural context and workforce characteristics– A balance between legal and business perspectives– A balance between employer and employee perspectives


Policies, etc. I Identify the best approach to specifically

addressing the use of social media– Develop something new (i.e., a single, multi-

faceted policy, or multiple policies)– Update existing polic(ies)– Some combination of the two

It’s okay to leverage benchmarked resources to create both policies and guidelines, but ensure they’re properly vetted and customized as needed


Policies, etc. IITry to build as much durability into the policies/guidelines/agreements as possible:– Balance broad, general wording with specificity– Recognize that the digital engagement of both

individuals and the organization are going to increase over time

– Allow for flexibility as new case law and regulations develop

– Prepare for technologies, platforms, and devices that could be used in the future


Training…

Prepare and provide training for– Community managers and other “official” social

media users (including crisis management)– Non-managerial employees– Managerial employees

Think beyond social media to digital media awareness and risk management– Device management and safety– Cybersecurity (hacking, cybertheft)– Phishing, viruses, data protection– Email usage


… and More

Include training focused on digital risk management in new employee orientation and supervisors’ training

Think about opportunities to educate the public too

Communicate the final policy/ies, guidelines, and agreements and establish a method for providing regular reminders using a multimedia, tiered approach

Where necessary, have all employees sign updated agreements


Stay Current Plan for regular

reviews/revisions to policies, guidelines, and agreements to reflect new technologies, legal/regulatory changes, and case law

Offer updated training for employees and supervisors at least once annually


Quick Recap Developing and implementing a social media policy is a

necessary first step, but a single policy alone is not sufficient

Focus on both outcomes (the “what”) and processes (the “how”)

Review and update all policies and procedures to reflect Digital Era risks, as well as employment agreements and other legal documents

Develop and implement appropriate training for both employees and managers

Create and implement an ongoing communication plan Be prepared to review and update everything at least

once a year


Discussion

ABOUT THE DENOVATI GROUP


The Denovati… Pronunciation guide: day-no-VAH-tee Deconstructing the term:– DE = Digital Era– NOV = short for novani, Latin for colonists, immigrants,

new residents– ATI = those who seek knowledge and/or are in the know

The Denovati areDigital Era explorers, pathfinders and pioneers

who seek to understand and effectively leverage social and digital technologies


Denovati Digital Network

Visit denovati.comto learn more about who we are, what

we do, and what we offer

http://denovati.com/

Managing Risk in the Digital Era: Checklist Guidance for HR Professionals

Recruiting & HR

Transcript of Managing Risk in the Digital Era: Checklist Guidance for HR Professionals