This is the first of a two-part series.  The second part is available here.

by James Hyatt

So your company hasn’t had an OMG moment over Facebook ethics?

As they say, Good Luck With That.

Social MediaiStock_OrigIt has been almost a decade since Congress passed the Sarbanes-Oxley Act in the wake of the Enron, Tyco and WorldCom scandals, seeking to put in place a variety of measures to protect investors and address standards of behavior. Over the years, once-controversial practices about disclosure and ethics have become generally accepted standards.

But the social media explosion – from email and Facebook to blogs and Twitter – is making a hash of once-resolved issues and creating all kinds of new dilemmas.

–Businesses have less and less control over how they communicate with the public, while 24-7 bloggers feel free to snipe away.

–Job seekers find their private lives may no longer be private and employees worry that the boss is electronically looking over their shoulders.

–Consumers can’t be sure their account information remains safe and have no way to tell whether favorable on-line comments about products and businesses are legitimate.

–Professionals of all sorts — psychiatrists, attorneys, school teachers, reporters, and even NFL players – are learning to live with new, often controversial, social media rules. A customer’s irate blog can undo months and years of corporate image work. A careless email can sabotage delicate contract talks or M&A negotiations. Failure to protect customer information can result in years of costly litigation. An old party-hearty photo may block a chance at a new job. Hitting “send” without thinking can torpedo an executive’s career.

In just one recent week:

–an email circulating among male employees at the PricewaterhouseCoopers Dublin offices – rating the ‘top 10’ new female recruits, with headshots – quickly went “viral” and drew widespread criticism. (Some tut-tutting newspapers, however, also saw fit to run the headshots as news.)

–an executive at Pacific Gas & Electric in California was put on paid leave after seeking to join, under an assumed name, an online discussion group critical of the utility’s plans to install “smart meters.”

–labor lawyers across the country warned clients that a  National Labor Relations Board (NLRB) office planned an unfair labor practice complaint against an ambulance company for firing an employee who posted negative Facebook comments about her supervisor.

–Britain’s financial regulator, seeking to address insider trading, ordered financial services firm to keep records of employee cellphone calls.

No wonder companies are rushing to build new defenses and adopt new policies to reinforce ethical behaviors and learning how to use social media to react to real-time problems. At the same time, individuals are rethinking their casual attitude about exposing personal information on the Web. And in Washington, government agencies are adopting new guidelines defining acceptable social media behavior.

Defining social media behavior is clearly a work in progress

A year ago, the Society of Corporate Compliance and Ethics and the Health Care Compliance Association looked at what organizations are doing about social media issues. Twenty-four percent of those surveyed said an employee had been disciplined in their organization for activities on Facebook, Twitter or LinkedIn, more often in the not-for-profit sector. But half of the respondents said their organization had no policy regarding employee online activity outside of work.

Technology search firm Robert Half in April asked chief information officers about social networking policies; 38% said their companies have tightened social networking policies, while 17% say the policies have eased. And 55% reported “no change”.

A recent survey by Deloitte of about 1,700 companies found that 26% said they had no social media policy which 34% answered “not applicable/don’t know” even though 84% thought every company should have a social media policy in place.

Your Social Media Profile Can Affect Your Job Prospects

A survey commissioned by Microsoft in December 2009 found that 79% of hiring managers and job recruiters reviewed online information about job applicants, and 70% of U.S. hiring managers surveyed said they’d rejected candidates based on what they found online. “Chances are you already have a reputation online, even if you don’t want one,” Microsoft says.  And three-fourths of the U.S. recruiters and HR professionals said their companies have formal policies requiring hiring personnel to research applicants online.

The survey firm declared that “Now, recruiters can easily and anonymously collect information that they would not be permitted to ask in an interview, and the survey found that recruiters are doing just that.”

Corporate and union attorneys went on alert early in November 2010 when word spread of the NLRB’s unfair labor practices complaint involving the Facebook posting. The NLRB said the company’s social media policies were “overly broad.”  The LegalTimes blog quoted the company as saying “although the NLRB’s press release made it sound as if the employee was discharged solely due to negative comments posted on Facebook, the termination decision was actually based on multiple, serious issues.”

Although an administrative law judge will have to rule in the case, Philadelphia-based law firm Morgan, Lewis & Bockius LLP declared that “all private sector employers should take note of this issue, regardless of whether their workforce is represented by a union.”

You Need a Social Media Policy

Social media behavior “can have real legal and economic consequences for businesses,” writes attorney Michelle Sherman in a Social Media Law Update Blog for law firm Sheppard Mullin Richter & Hampton LLP.

“A post may seem as innocent as an employee expressing a personal opinion.  However, if the person describes herself as working for a particular company, and then speaks on a highly controversial subject, her post could damage the ‘good will’ of the company. Or, the poster may be recommending a product to all of her Facebook friends without sharing that she happens to work for the product manufacturer in violation of fair advertising practices.”

Sherman says adopting a social media policy can show compliance with Federal Trade Commission guidelines about endorsements, and can better protect brand value “by ensuring that employees do not post unflattering material in association with the business.”

One of the most remarkable studies is the 130-plus-page Social Media White Paper, now in its second edition, prepared by Reed Smith LLP.  The paper review 13 areas where social media is impacting business – from advertising and marketing to trademarks – and declares “the key lesson is that rather trying to control, companies must adopt an altered set of rules of engagement.” Well worth a visit.

It has become increasingly common for major companies to issue specific directives on social media behavior.  While most encourage employee efforts to put companies in a positive light, they also spell out acceptable conduct. For example:

(Wells Fargo): “By posting content on this Blog, you expressly grant Wells Fargo (and its affiliates) the right to use or distribute the posted content in any form, worldwide, and in perpetuity.”

(Kaiser Permanente): “Be mindful of the world’s longer memory – Everything you say is likely to be indexed and stored forever, either via search engines or through bloggers that reference your posts.”

(FedEx): By posting to the FexEx Citizenship Blog “you agree not to post or transmit anything unlawful, threatening, libelous, defamatory, obscene, inflammatory or pornographic, or anything that infringes upon the copyright, trademark, publicity rights or other rights of a third party.”

(Mayo Clinic): “Where your connection to Mayo Clinic is apparent, make it clear that you are speaking for yourself and not on behalf of Mayo Clinic. In those circumstances, you may want to include this disclaimer: ‘The views expressed on this [blog; website] are my own and do not reflect the views of my employer.”

(Microsoft): “As a general rule, Microsoft does not review, edit, censor, or, obviously, endorse individual posts. You should ‘be smart’ and, as an employee of the company, you should not only think about how your blog reflects on you as an individual, but also about how your blog affects Microsoft as a whole.”

Concerns go well beyond defining proper behavior and move into legal areas. FINRA, the successor to the National Association of Securities Dealers Inc., stresses that social media postings can violate industry rules about promoting investments and soliciting customers. FINRA says securities firms should take steps to be sure that employees using social media sites for business are “appropriately supervised” and “do not present undue risks to investors.”

The Social Media Business Council, a group of large companies that explore social media issues, posts a free “Disclosure Best Practices Toolkit” online suggesting checklists to help companies and employees “learn the appropriate and transparent ways to interact with blogs, bloggers, and the people who interact with them.”

It makes recommendations on how to deal with bloggers, on how employees should handle personal and unofficial blogging, on how to be transparent in providing rewards or incentives to bloggers, on best practices for third parties acting on behalf of a company, and on best practices for “artistic/entertainment situations where temporarily obscuring the sponsor of a site is necessary and appropriate.” For instance, it is okay to use a pretend blog where someone writes that they may have discovered aliens in their house to promote a science fiction movie. But it is not okay to create “a fake customer blog where the ‘author’ writes: ‘I’d love to go see this movie.’ “

This is the first of a two-part series.   The second part is available here.

James Hyatt, a retired reporter and editor for The Wall Street Journal, has been writing about business ethics and social responsibility issues since 2005.