Companies are increasingly navigating potential legal and reputational risks from their employees’ use of Twitter, Facebook and other social media. Adam Cohen, a principal in Ernst & Young LLP’s Forensic Technology & Discovery Services, joins Main Justice Editor-in-Chief Mary Jacoby for a podcast interview about managing the risks.
Cohen is a lawyer and author of the forthcoming book, “Social Media and Managing Risk through Corporate Policy.” He is also the author of the primary legal treatise on e-discovery, “Electronic Discovery Law and Practice.”
The following is a transcript of the podcast.
Jacoby: Adam, what risk are you talking about exactly?
Cohen: Well, there are so many risks that are new to companies because of the explosion of social media and its ability to transmit any information globally at the push of a button. The capability to spread information quickly did exist with the Internet in general. But what social media has done is involve so many people in this practice and provided the tools to facilitate it much more quickly.
Jacoby: We’re talking about blogs, Twitter and Facebook?
Cohen: All of the above. People have defined “social media” vaguely and broadly but this kind of unmonitored, unvetted forum for user communication is really what creates the main risks.
Jacoby: To be specific, what are those risks to companies exactly? That somebody is going to say something off the reservation?
Cohen: Right. Well, I think one of the primary risks is in people who identify themselves as affiliated with the company and then other users assuming that what that person says represents the viewpoint or the opinions of that company. This is a major type of risk. Another type of risk would be when employees or members of a company do not represent or do not state their affiliation with the company and proceed to make comments in a deceptive fashion. For example, providing positive product reviews of their company’s products or bashing the products of a competitor.
There are issues around the identity of the user and how easily this can be anonymized by use of the Internet. There’s a saying that on the Internet no one knows you’re a dog. These can support business practices that are problematic to the companies in various ways. There are other risks that have to do with revealing confidential information with the use of intellectual property and a lot of these risks really have to do with a level of carelessness in posting information that surpasses even what people have classically done with email and text messaging. We’re all familiar with how casually people write emails and texts and how little consideration they give to the fact that these contents might be exposed. With social media this has been multiplied a hundred-fold. Even though businesses have policies — like employee conduct policies and computer use policies — that would broadly cover this kind of activity, it’s critical that they develop a specific social media policy that identifies all of this behavior and guides the employees in how the company will treat it, monitor it, discipline it and enforce it in general.
Jacoby: What kind of issues exactly need to be addressed in these corporate policies?
Cohen: One of the big decisions that a company has to make is whether they will permit employees to post business information of any nature on personal social media pages. And that’s really a gatekeeping kind of issue. Another kind of issue is to allow posting of business information but only with the authorization of some type of management. Users often need guidance about the use of intellectually protected information, privacy rights of co-workers and others, things like posting videos of corporate activities. I mean, we’ve already had cases stemming from videos of corporate parties — holiday parties — that were posted on personal Facebook pages. They need guidance on a lot of things that may seem kind of obvious once you consider it but that need to be top of mind with the users as they use social media because, as I said, with this new forum we don’t really have rules of the road and people tend to be cavalier about it. There’s a whole raft of issues that should be addressed in the corporate policy and the users, also, or the employees — they need to know what the company is doing in terms of monitoring and enforcement. So it’s very important just as it is with computer use policies in general to outline those mechanisms of monitoring. You don’t want the users to claim that they had an expectation of privacy. And, also, what type of disciplinary measures will result from violations of the policy.
Jacoby: How many companies today do you think have these policies in place right now?
Cohen: Many companies do have them in place. I think many companies recognize that there was an enhanced risk with social media and have done a good job to try to address the matter proactively but these corporate policies are not necessarily comprehensive. They represent sort of a good first try. Many of these companies have actually posted their policies publicly on the Internet and people can take a look at those and have access to them. I think it’s fair to say a much larger majority has not put in place social media policies. Many companies are paralyzed in terms of not knowing how to deal with this and feeling overwhelmed by it. Many companies have not figured out a social media strategy for themselves yet and they may feel that their general computer use policies are sufficient to cover this kind of activity because they’re not aware of many of these unique, specific risk areas.
Jacoby: Thank you, Adam, very much for speaking with us today. Adam Cohen is a principal in Ernst & Young LLP’s Forensic Technology & Discovery Services.
Cohen: Thank you, Mary.