How To Protect Business Data through your Social Media Policy
As a business owner, your contacts database is likely to be something that you guard closely. Ownership of those contacts whose details are in some form of CRM is easy to determine.
But what about those contacts who are gathered through employee networking and stored on privately owned social media accounts? They are still very valuable to the business but how do you prevent them disappearing out of the door at the same time as the employee leaves?
1. Building Contacts
Businesses now actively encourage employees to build networks in all manner of ways. There’s the traditional networking event which sees the exchange of business cards but there’s also huge opportunity presented by social media and interest sites. Employees, particularly those in sales and business development positions, can now engage with a much broader audience through tweeting, blogging and contributing to forum discussions.
All of these activities see an employee gather more and more contacts but they can remain online rather than filtering through to your CRM system. Therefore, when the employee leaves they take all of the contacts with them to their next employer.
This is clearly not what you want to happen! You’ve paid the individual for the time it’s taken to build this list so they should belong to you, right?
2. Who Owns Contacts Stored on Social Media Sites?
As with every change in society and technology, it takes a while for cases to filter through the legal system which determine the position the law takes on new issues. Case law is yet to fully clarify the position but it seems that the law takes the following view:
- Contacts created and maintained on a company’s computer system, even where they are stored and accessed remotely, are the property of the company.
- Contacts created through employees undertaking networking activity on behalf of the company and then stored on social media sites are the property of the company.
- Employees who misuse social media contacts are likely to be in breach of the implied term of fidelity between employee and employer and could therefore be disciplined if still employed.
So it does look like the law would deem that contacts stored on social media sites do belong to the company. Whilst this is useful to know, it doesn’t really help much as the legal process associated with enforcing this would be extremely costly.
If you’re a regular reader, you’ll know by now that we like to give you some suggestions as to what you can do to protect your business and our ideas are set out below.
3. Managing Contacts Held in Social Media Sites
Here are some practical steps for managing contacts held in social media sites:
- Social Media Policy
- We’ve talked about the need for your HR policy to include a section about social media usage on a number of occasions now but our focus has primarily been on ensuring that you protect your business from reputational damage. We haven’t touched on the issue of contact ownership. You can include in your policy a section on ownership of contacts stored on social media sites so as to ensure that all employees are clear on your position here.
- Contact process
- You should create a process and policy which places a responsibility on employees to enter new contacts gained through social media sites into your CRM system. This way you’ll be confident that you’ll have access to the information should the employee leave or be absent.
- Employment contract
- Make sure you have a clause in your contract regarding the use of confidential information both during and after employment. Contacts, no matter how they are gathered or stored, would be covered by such a clause.