This article is written by Diganth Raj Sehgal, Student, School of Law, Christ University, Bangalore. The author in this article has discussed the need and importance of Social Media Policies for banks.

Introduction

Anything posted on an online platform today has a very wide reach, so much so that millions of people have access to information just by touching a screen. Such widespread community base is great for business and so even corporations want to be a part of the publicity and gain a bigger market. For this, several companies have brought their presence online on Youtube, Instagram, Linkedin and other platforms.

But social media networking can have its negatives. When information is so widely accessible to people, any wrong posts can reach a wide audience and impact the standing of a company. Therefore to maintain the public image it becomes very important for businesses to have a set of rules for what to do and what not to do.

Banking is an inherently volatile industry. There are pieces of information in a bank that are confidential, and if such information falls in the hands of a wrong person, it can have a devastating effect. Now let’s say, Kanak posted a picture of her withdrawing money from the ATM, and somebody zooms in, figures out certain details on her card. This could have a very adverse impact on the functioning of the banks and so protecting information within banks becomes even more important.  

So what is a Social Media Policy?

Social media is the collective of channels of online communications that are primarily dedicated to community-based input, interaction, content-sharing and collaboration. In the present age of internet usage, social media and social networking is a very important platform for public and private communications. Business houses use it not only to communicate with customers and services but also to create public relations and advertise their products.

A social media policy is a corporate policy or a code of conduct that provides guidelines for employees and other persons and stakeholders who correspond with the company on what content can be posted and who can post it both as a representative of the company or as a private person. Such policies are being developed by organizations across industries.

A social media policy outlines the corporate guidelines for communication in the online sphere. This policy involves identifying and training employees who are representing the company and have a public facing presence and ensure that the information made available online is secure, authentic and not negatively impacting the company’s image.

A social media policy would also include guidelines for when and how should an employee identify himself either on behalf of the company or as a representative of the company on social networking websites. It also includes what types of information can be shared. Further, almost all social media policies include restrictions on disclosing confidential or proprietary business secrets or anything that could influence stock prices. Social media policies can have specific i.e. restricting specific types of internet usage as well as general rules laying down generic terms or guidelines of use.

What is the Purpose of a Social Media Policy?

The purpose of a social media policy is to lay down the appropriate behaviour of employees and other stakeholders on an online platform. Corporates want to ensure that any of the posts of the employees will not expose the company to either legal problems or cause the company to lose its goodwill or reduce its brand value.

The primary purpose of the Bank’s social media activities is “community building.”  While the Bank from time-to-time promotes products and services, the primary focus is the creation of an online community where the Bank can share its history and mission and where stakeholders can maintain conversations with the Bank.

The Objectives of a Social Media Policy are:

1. To ensure the protection of confidential information
2. To ensure that employees’ social media presence does not negatively impact the organisation
3. To keep trade secrets, undisclosed pricing policies, costing policies private
4. To ensure that a good public image and public relation is maintained
5. To curb unauthorised usage of companies strategic plans
6. To prevent data leakage

Importance of a Social Media Policy

Illustration 1: Iqra is an employee of Intel film developing Ltd. She took a video in the company’s cafeteria and posted it on Instagram. The cafeteria was near the production room and in the background of her video, some clips of a yet to be released movie were shown. This led to several media reports of leaked footage and the movie was brought in a light for negative reasons. The company suffered some losses.

Illustration 2: Rana and Zeena are employees of Lara Ltd. and are married. They communicate work-related matters not only via the work email channels but also through WhatsApp and other social media messaging. One day Zeena’s Instagram account was hacked and the hacker not only got hold of her personal data but also the company’s confidential information.

The importance of a social media policy lies in its need. There is a need to have rules laying down the behaviour of the employees online and if not done it could increase the risk of harm to the corporation. It is not true that merely having a social media policy will completely eradicate the risk of data leaks or information loss, but having such a policy will reduce the possibility of leakage of confidential information.

Illustration 1 and 2 portray a very possible scenario in a company. Such usage of social media is unfavourable not only for the companies but also for the individual employees who are representatives of the company. When such unsanctioned information is uploaded on an online forum, it is likely to have a detrimental impact on the company’s reputation.

Banks recognize the importance of the Internet in the day-to-day operations of the Bank. From marketing to reputation management to recruitment of new employees, the Internet plays in a major role in the Bank’s overall strategy. With the use of social media comes the need to prevent harm from such usage.

This policy is important because it is intended to assist employees in making appropriate decisions about work-related social media interaction.  As the lines between work and personal life are becoming blurry, the activities done within working hours and post working hours have an intervening effect. Even if an employee posts something in his personal capacity and in his personal time, it could still affect the business interests of a bank which are the main focus of Bank policy.

Banks also foresee the importance of involving their employees in helping to shape conversations regarding the Bank and the communities that they cater to. Therefore complete curbing of social media usage would obstruct the possibilities of advertisements (by word of mouth) or any sort of plausible benefits the bank could get out of employees usage. The bank also entertains supporting the employees’ desire to interact knowledgeably and socially on the Internet through social media. So, it becomes important to regulate such usage. The policy thus plays an important role in this.  

Disadvantages of not having such Policy

The major Disadvantages of not having a social media policy are:

1. Risk of information loss
2. Possibility of Harm to reputation
3. Leakage of confidential information
4. Unsanctioned and unauthorised use of the company’s information
5. Misuse of social media
6. Security threat
7. Limits of usage not defined
8. No regulation of employee social media usage

Social Media Employee Policy Code of Conduct

Every social media employee policy should include these basic sections: a code of conduct, do’s & donts and consequences. A code of conduct is necessary because it determines the behaviour of employees. In the social media sphere, it is very important to have such a code of conduct which regulates the behaviour of employees on an online platform and lay down the standard of what is allowed or disallowed by the bank. Such a code of conduct should be based on the following ideas:

1. Honesty or transparency — It is important for any person posting anything on social media to disclose his affiliation and position with the organization. Such disclosure should be honest and false information or misrepresentation must not be indulged in.
2. Diplomatic approach — Controversial topics which may polarise the audience in favour of or against the company should not be brought up on social media.
3. Tolerance—  Discriminatory behaviour should not be showcased, such behaviour shows the attitude of the company and creates a negative image of the organisation
4. Confidentiality — Employees must not disclose confidential or personal information. Any information to be posted must be verified by the  HR before posting. No information that is a trade secret of the organisation must be posted.

Social Media Employee Policy Do’s	Social Media Employee Policy Don’ts
Employees are allowed to be  active on social media but it must be a respectable minimum at work and there should not be any engagement with it in the presence of customers	Employees are not allowed to publish materials that are under copyright or are confidential
Employees must ask the management and get approval from HR before posting	Employees must not cite or refer to  customers, clients, or partners without their approval
The employees may mention the organisation but must put a disclaimer that all the opinions are their own	Employees are not supposed to prioritize social media over the quality of their work
Employees must familiarise themselves with the terms of service and privacy policy of all social media sites on which they participate	Employees must not comment on any mention of the organizations in the news unless they are authorized as a representative
Employees should understand both the policy as well as their rights as individuals.	Employees to not use official emails for personal accounts and vice versa.

Ensuring Employees are following Social Media Policy

Employees must be held accountable for ensuring that their interaction on social media is appropriate and consistent with this policy and other Bank guidance. To ensure that the Social media policy is followed, a responsibility is placed by the banks on its employees and other persons. The following are the ways by which the bank ensure that the policy is followed.

1. Appointment of a Social Media Manager who is responsible for managing the Bank’s social media strategy
2. Providing for training to the employees by the Social Media Manager, or an assignee. Such training must be provided on an annual basis. The training is intended to convert employees into social media evangelists while ensuring the safe and sound use of social media.  
3. Social media managers also monitor activity on an ongoing basis.
4. The Social Media Managers select individuals as Community Managers (persons who possess the requisite technical skills as well as understand the risks associated with social media)
5. Senior management has a special responsibility with their Internet presence by virtue of their high profile position within the Bank
6. Each Bank employee is personally responsible for the content he or she publishes on any form of social media.
7. The Bank’s social media activities must be audited as part of the Bank’s normal internal audit schedule. Auditors will audit the social media content as appropriate.  For example, audits related to IT, consumer compliance and fair lending may all contain a social media component.
8. In case employees violating the Social Media Policy, the employee may be given restrictive duty, put on any form of probation or may be in certain circumstances terminated from employment.

Essentials of a Social Media Policy

1. Getting Input from users or businesses- The policy should be one of personal responsibility. It is therefore important to go to the users and ask them how they want to leverage this medium to promote their business goals. Clear and specific expectations should be provided for in terms of employee behaviour. Such terms should include the time which may be spent and acceptable use of social media. The business should account for the best interest of the company and the user interest before the policy is created.
2. Set a General Code of Ethics – It is essential for the social media policy to make provisions defining the positive behaviour which is expected from all employees regardless of channel.
3. Establish Clear Rules of Engagement –The policy must include an evaluation process for authorized communicators to know when they should and should not engage in a public dialogue.
4. Monitor –The policy must also lay down the mechanism to be used to monitor the activities undertaken on social media and ensure it is in line with the banks’ objectives.
5. Provide Training –Companies should invest in adequate training programs to remind the users of their responsibilities and outline clearly what is acceptable and appropriate and what is. not.
6. Take Disciplinary Action – The policy must also lay down the necessary enforcement standards which are to be implemented against employees that do not follow social media policy effectively.
7. It is essential that the bank’s social media policy does not censor comments made by third parties and only removes comments if they are considered obscene or inappropriate.  

The social media policy is made in consonance with the RBI Guidelines. Under the governorship of Raghuram Rajan, RBI has taken a small step into social media. Reserve Bank of India started using social media as a means of giving information as also for the purpose of connecting people with the works of the RBI. Further, in August 2013, IDRBT i.e. Institute for Development and Research in Banking Technology (Established by Reserve Bank of India) released a Social Media Framework for Indian Banking Sector deliberating on the role of social media in business and the approach that banks can take without violating RBI guidelines.

Prevention of leakage of confidential information

The social media policy also plays a key role in the furtherance of Data Leakage Prevention (DLP). DLP is a strategy for making sure that sensitive information does not leave the corporate network. It enforces policies to prevent unauthorised or accidental disclosure. As social media provides a significant unprotected channel for data leaks, it allows for misrepresentation, misinformation and impersonation.

Today, employees use personal electronic devices to discuss all sorts of work-related topics on social media. Not only during the course of work hours but also outside of work hours and locations. This makes the risk for the leakage of data very high for example, people share internal email addresses, information about technologies in use at work, or details about the upcoming product and this information can easily be accessed by a lot of people.

One of the security concerns about social media is False content and phoney profiles. Such tricks can cause misrepresentation of information and can be used to manipulate stock prices or harm personal or business reputations.

To prevent such leakage, businesses (especially banks) could:

1. Control email content:  As users often send confidential information and documents via email, it has a high potential for a data leak. Filtering the content of the emails allows for a scan for potential threats. Content filtering can also alert administrators of insider threats. Informing them if users try to send restricted material outside the business.
2. Control devices: All employees nowadays have a smartphone with them. This means it’s much easier for employees to take away confidential data. To limit this the banks need to have security policies in place governing the use of devices.
3. Educate users: Banks must not assume that their employees are aware of what information is confidential and what isn’t and so employees must be educated about what Information is restricted and should be kept confidential.
4. Assess security permissions: Banks must not give all employees full access to their servers and confidential Information. They must indulge in a Zero-trust approach and allow access to employees as per what they need on a day-to-day basis. The access should also be restricted as per the position of the employees in the company.

Hurdles in implementing Social Media Policy in a Bank

It must be ensured that the implementation of the social media policy is in accordance with the law and must not be violative of the Right to freedom of Speech of the employees and other persons as provided for under Article 19 (1) (a) of the constitution of India. In a State Bank of India policy dated June 27, 2014, the employees alleged that their freedom of speech was being violated.

1. Bringing several parties on the same page is very important for proper implementation of the social media policy, but such common consensus is very difficult and requires balancing of the interest of several parties and this, therefore, acts as a hurdle.
2. Updating the entire code of conduct policy with the current involvement of social media elements is a very tedious and long process.
3. The task of educating all the employees and training them in order to implement social media policy efficiently is very tiresome.
4. It is also very difficult to change the cultural structure of the organisation. Further, ensuring that the employees are implementing the change appropriately is another task which causes a hurdle to the policy.

Landmark Judgments on Social Media Policies

1. In Lougheed Imports Ltd. (West Coast Mazda) v. United Food and Commercial Workers International Union, two employees were terminated as a result of a series of Facebook postings which were described as “offensive, insulting and disrespectful.” The employer conducted an investigation but both employees denied making the postings. The union filed unfair labour practice complaints with the British Columbia Labour Relations Board, alleging the employer did not have just cause for the terminations. The Vice-Chair relied on the Ontario decision in case of Leduc v. Roman, and held that the employees could not have an expectation of privacy as postings made online on platforms such as Facebook were same as the comments made on the shop floor. Lastly, the Board dismissed the complaints, stating that

“The fact that the complainants had no previous discipline and the employer knew they were key supporters of the union does not outweigh the fact that the employer had never encountered similar conduct, and the work offence was serious insubordination and conduct damaging to the employer’s reputation.”

2. In the case of Alberta v. Alberta Union of Provincial Employees, similar issues were dealt with. In this case, an administrative employee of the Alberta Public Service was dismissed after her employer saw the contents of her personal blog which has some unflattering comments about her co-workers as well as the management. The employee also defended her freedom of expression and did not remove the blogs The arbitration board ruled that the conduct of the employee was serious enough to undermine the employment relationship beyond repair and this justified the discharge.

Conclusion

The Social Media Policy of a Bank is very essential as it ensures that the ever-increasing usage of social media should not affect the working of the bank. When the employees of a bank post anything online, it becomes very important for them to follow a set of guidelines so that a standard of uniformity is maintained. Further, making sure that confidential information, intellectual properties, trade secrets are not exposed, it becomes imperative for the banks to protect the information.

A bank has more responsibility than other industries as not only is it accountable for its own repute and profits but also it is responsible for the money deposited by the public at large. In practicality, enforcing the policy is very difficult as tracking who has accessed what and posted what on the wide online sphere is very difficult. But the banks, as well as other organisations, must ensure that personal and corporate information is sent through different accounts and the employees don’t use social media without keeping in mind the interest of the Bank.