Social media is a powerful digital marketing tool for businesses. There are rules around what can be published. Those rules can sometimes feel like a labyrinth.
Read on for 16 bits of social media compliance your business should know.
What is social media compliance?
Simply put, to be compliant is to obey the rules. There are laws that apply to social media content posted by your business.
Free to use image sourced from Pixabay
The consequences of running afoul of these laws can be severe. Penalties imposed for breaching the rules can be costly.
Fines could cost your company millions. On top of that, legal costs mount up and time spent dealing with these issues is time not used on your core business. Another consequence could be that your business suffers reputational damage.
Laws and regulations that govern social media content can be complex. They can vary by jurisdiction and by industry.
This article is designed to help your business navigate the social media minefield. You need to have a social media strategy to succeed in today’s business world. Read on to discover how social media compliance protects your company.
What are the risks?
There are a number of risks for businesses using social media. They mostly revolve around two main areas: data security & the veracity of claims that you make.
Let’s examine the risks in more detail.
Your business collects lots of data in order to do what you do best. Social media is a major source of information for many companies. Customer data, employee data, or data from your suppliers must all be secure.
Victims of cybercrime can find themselves saddled with a fine if they are found to have lax security. For example, in 2016, a UK bank suffered a cyber attack. They had to pay a £16.4m ($18.5m) penalty for failures in protecting personal information.
The rise of social media, and other online activity, has prompted regulators to draw up rules for businesses. You should make it a priority to become familiar with these rules.
You must know what bodies have jurisdiction over your data security arrangements and social media activity. Furthermore, what legislation, if any, applies to your specific industry. Some are listed below.
In the US:
- Federal Trade Commission (FTC)
- Securities and Exchange Commission (SEC)
- Health Insurance Portability and Accountability Act (HIPAA)
- Food and Drug Administration (FDA)
In the EU:
- European Data Protection Supervisor (EDPS)
- General Data Protection Regulation (GDPR, enforced by the 27 individual member states)
In the UK:
- Information Commissioner’s Office (ICO)
- UK General Data Protection Regulation (UK GDPR)
- Advertising Standards Authority (ASA)
- Office of the Australian Information Commissioner (OAIC)
- Privacy Act 1988
- Australian Privacy Principles (APPs)
This list is by no means exhaustive. Every nation in the world will have some form of data protection laws. Moreover, in the case of the US, regulations can vary from state to state.
Social media platforms provide a space for businesses and individuals to share information. You must ensure the information you share does contravene your legal responsibilities.
As previously mentioned, your business holds a lot of confidential information. By sharing any of that data through social media channels, you risk damage to your business.
Breaches of confidentiality don’t need to be malicious to attract the ire of regulators. A careless tweet or Instagram post that reveals too much may lead to punitive actions.
You should be aware of who has access to confidential data. Make your expectations around confidentiality clear using a simple NDA template free of charge.
If you operate in US healthcare, pay special attention to HIPAA rules. The privacy rule covers any individually identifiable health information. In other words, health data that could be traced to a single individual.
Social media is a powerful promotional tool. It’s used to show your products/services in the best possible light. However, that’s as far as you can go with it.
You cannot use social media to make false claims about your business’ offerings. You must also act to remove posts from your social media pages that could be seen as deceptive. That’s even if you didn’t post it yourself.
Many businesses form lucrative relationships with popular social media influencers. This gives the company access to an established following. Influencers are paid to promote products through their social media content.
There are strict rules about how influencers can endorse products. Their audiences put a lot of stock in what their favorite influencers tell them. Without proper protections, audiences risk being manipulated or deceived.
In a famous recent case, Kim Kardashian was fined $1.26 million for promoting a crypto asset. She published an Instagram post touting EthereumMax’s EMAX tokens. The SEC took issue with the fact that she did not disclose she had been paid $250,000.
Free to use image sourced from Pexels
In the US, the FTC requires that influencers inform their audience when they are being paid to promote a product. In the UK, influencers must also declare if they’ve been paid, given, or loaned something by the company whose products they promote.
If you’re using this kind of arrangement, get a contract signed. You can achieve this digitally using e-signature software. We won’t go into the DocuSign vs Adobe Sign debate here, but plenty of good solutions are available.
Social media compliance by the industry
Some industries face closer scrutiny of their social media activity. Let’s take a closer look at three of them.
There are many rules around marketing for financial institutions. Those rules apply to social media content too. The Financial Industry Regulatory Authority (FINRA) has specific regulations around social media.
The following are some key points.
- Supervision & review: Someone at the institution must be responsible for ensuring content is compliant before publishing.
- Records: Institutions must keep records of their communications, including social media.
- Fair communications: Everything must be transparent. Important information can’t be
buried in the small print. They can’t mislead or deceive.
Image sourced from Deloitte
Consider the sensitive information healthcare companies have access to. It should come as no surprise that this industry has strict rules around information sharing. The HIPAA regulations clearly spell out what information must be protected.
Following are some pieces of information that are covered by HIPAA.
- Birth date
- Social media profile
- Individually identifiable numbers (phone, social security, etc.)
Anything that can identify an individual patient must never be shared without consent. Even if a patient has posted information on their own social media, consent must be attained.
Image sourced from Koda Digital
Government agencies deal with the widest possible variety of issues. They collect and use vast quantities of data to be able to govern. They also must engage with the public where they are—on social media.
While doing this, they must comply with the same regulations as everybody else. Additionally, they must ensure information is accessible to the public because of the Freedom of Information Act (FOIA). This means they must pull off something of a balancing act.
When responding to a FOIA request, the government must anonymize data when appropriate. This avoids breaching privacy laws whilst still fulfilling their FOIA responsibilities.
When private business interacts with government agencies, there are sometimes FOIA considerations. If your company works with the government, keep this in mind when posting to social media.
How to mitigate social media compliance risks
Understanding the risks around social media is crucial. Now you can put things in place to avoid such risks. The following section provides tips for social media compliance.
Hire an expert social media manager
Your business needs a competent person or organization to fulfill this role. They need to manage the creation of engaging social media content to boost your brand. Furthermore, they must be responsible for ensuring content is legally compliant.
Good candidates will present you with a proposal to show how they can move your business forward. This PandaDoc social media marketing proposal example shows what that might look like. Look out for how they plan to monitor their social media content strategy.
Understand which rules apply to your business
With your social media manager, you and your legal department can work out which rules apply. This will depend on the industry in which you work. It also depends on what kind of content you will be posting.
For example, imagine you’re a pharmaceutical company. You have a great product that has benefited patients, and you want to tell the world through social media. You need explicit permission before sharing patients’ stories to avoid breaching HIPAA regulations.
Conduct a risk assessment
Understanding what rules apply to your industry is the first step in a risk assessment. You’ll need to determine how your social media activity risks breaching those rules. Answering the following questions will help you understand your risk exposure.
- What kind of content are you planning on posting?
- Do you need to post some sensitive information?
- Is there a process for posting sensitive information with compliance in mind?
- Who is responsible for monitoring content?
- Which team members are posting on social media?
The purpose of this process isn’t just about risk avoidance. It’s also about finding opportunities to build an effective social media strategy. You’ll discover your strengths and weaknesses and be able to respond appropriately.
Craft robust policies
Once you’re fully aware of the risks, you’ll be able to craft social media compliance policies. These will dictate how your social media marketers conduct their activities. They ensure social media content is compliant with the law.
You will likely need to create several policies covering social media, as well as other aspects of your business. Let’s look at some examples.
- Social media policy: This will be the central policy for your social media output. It lays out the rules for your teams to follow. Additionally, it will spell out the process for approving and posting content.
The policy should illustrate the consequences of non-compliance for your personnel. Also, it should spell out how it could affect your business. It must define the roles people play within your social media strategy.
- Influencer policy: If you’re working with influencers, you’ll need to ensure they understand their responsibilities. Experienced influencers will already know how this works. Make it clear that non-compliance will have consequences for your business relationship.
The purpose of this policy is to explain how your business will use this information. It also lays out your responsibility for securing the data. It should be made available for customers whenever they hand over data to your business.
Free to use image sourced from Pexels
Familiarize your personnel with your policies around social media. Integrate them into your employees’ contracts. This will ensure they understand how vital it is to be compliant.
It may mean updating many contracts, but it is necessary. Managers can look at some of the best contract management software reviews to find tools to help with this process.
Constantly monitor your social media activity
Your social media manager must constantly monitor content posted on your business’s social media channels. This is to ensure compliance but also to assess how successful a given campaign is.
Remember that social media platforms often allow public comments. These must also be monitored to ensure that non-compliant content is removed. If a customer is promoting a false or unsafe use of your product, their comment should be removed.
Understand who has access to your accounts
Access to your accounts must be strictly controlled. Only allow access to personnel responsible for publishing or monitoring content. Also, keep the numbers who have access as low as is practical.
Set up a regime of regularly changing passwords for accessing social media. This will prevent former employees from having the opportunity to meddle in your accounts.
Train your teams to create engaging content that contributes to effective marketing campaigns. Moreover, ensure they are familiar with your social media and privacy policies. This will help avoid a non-compliance social media crisis.
When onboarding new social media contributors, make this training a priority. They may have experience with a previous employer, but they need to understand your expectations. This is especially important if your industry has specific compliance requirements, such as in finance.
Your social media manager and legal department should be on the lookout for changes in legislation. This may require your teams to be retrained to account for new guidelines.
Training is more effective if your employees find it fun. Games, like the example below, help people connect with training materials.
Image sourced from Social Media Training
Introduce a content approval process
Prior to publishing a piece of content, have someone review it. Make someone in your social media team accountable for approvals. It doesn’t have to be your social media manager, especially if they’re not in-house personnel.
A content approval process is the best way to avoid breaching compliance. Just ensure whoever is responsible is an expert in the relevant regulations.
Create an archive
This is a legal requirement in some industries. In the financial sector, communications must be preserved for up to six years. This is so regulators can access it in the event of an investigation.
Social media content for any industry should be archived for a minimum of two years. This is to assist with any legal issues that may arise.
Comply to succeed
Social media compliance is about operating your business in a fair and honest way. Failure to do so can result in punishing fines and reputational damage. Use what you’ve learned here to create compliant social media campaigns that will help your business stand out.