Following this morning's New Media Breakfast in Edinburgh it was suggested to me a relevant addition to the presentation would be some advice around the ownership of your social media channels. This is is a great observation and sound advice from Scott Brymer, Brymer Legal.
We have mentioned this in previous breakfasts, and to be honest, it's a topic that wouldn't really be out of place at any social media presentation. Unfortunately, time doesn't always allow us to mention all we would like to. But, we thought this is worth a blog post, especially since Blogging was the topic of this morning's presentation.
Scott rightly points out the potential problems that can arise if you don't give full consideration to who has access to your social media channels. Here is an example that Scott kindly sent to me.
An individual had the details for online accounts (e.g. google account for analytics and blog) and then left the business as a “bad leaver”. The business owner then submitted a new password request for the Google account, not appreciating that the employee in question had been using the Google account for personal Gmail as well. As we know, everything Google does is linked, but the employer didn’t appreciate this. Cue the employee making hacking claims etc which got quite messy/heated.
It's not an uncommon scenario, we've seen similar things happen in other businesses.
Something else we've seen is the chaos caused when the only employee with access to the social media channel leaves the business. This becomes especially challenging if the employee has left under a cloud.
There is also the question of ownership of contact lists such as those on an employee's personal LinkedIn Page. We did discuss this precise point on Social Media Podcast No.55, and the main point made then was the need to plan these things in advance.
This is certainly our advice to all businesses when allowing employees access to social media channels: think ahead and put procedures in place that minimise the risk to your online presence. Here are 12 tips that will help you avoid disruption and disputes if you find yourself in a similar situation.
- Ensure someone senior in the business has access to all platforms. This would preferably be the business owner, director, or a long serving and trusted employee.
- Access needs to be 'Manager' level rather than 'Admin', or 'Editor' level. The terminology will vary on the platforms, however it should be top level access otherwise you may not be able to take full control in the future.
- If someone with access is leaving the business under a cloud, revoke their access to all channels before they are informed about their future. Remember, it only takes seconds to change a password - they could even do it from a mobile device while they are being dismissed!
- If someone with access resigns, revoke their access immediately.
- Set out your policy for business contacts acquired in the course of their work whilst employed by you. The business does have the right to these, even if it's on the employee's personal profile. However, unless you plan this in advance you have no way of knowing the contacts acquired during the period of their employment.
- Publish guidelines for the use of social media. It is extremely difficult to censure someone if you haven't set out what is expected in the first place.
- Don't assume the traditional Contract of Employment will cover all of the things a disgruntled employee could inflict on you. There is a tendency to assume the employment contract will prevent disclosure of information, or enable the smooth handover of access details, but this may not always be the case. Even if it does, actually getting them may prove problematic.
- If you are using an agency for social media management, keep them fully appraised if an employee with access is being dismissed. We have had an experience when an employee was dismissed late on a Friday and by the time we were notified on the Monday morning the Twitter account had been deleted. Social media is 24/7, your agency should respond to something like this no matter when it happens.
- Make sure there is more than one person with 'Manager' level access on each platform.
- Even when an employee with access does leave with your blessing, change the passwords, it's as much for their protection as yours.
- Appreciate the full extent of the access you are allowing. Eg. James's example where a Gmail account could be for personal use but also attached to business accounts.
- If in doubt, seek professional legal advice.
I hope these points have been helpful and that you don't find yourself in any of the situations we've mentioned here. If you follow these tips, you will minimise the risk of disruption in the future.
If you have found this post interesting please share it with your online community using the share buttons below, there's a good chance they will find it interesting too. Thank You.