Biglaw, Blogging, Free Speech, General Counsel, In-House Counsel, Social Networking Websites, Technology

Inside Straight: Social Media Policies

Ed. note: This is the latest installment of Inside Straight, Above the Law’s column for in-house counsel, written by Mark Herrmann.

Social media: They’re all the rage.

And they should be. At a firm, if you could convince half of your lawyers to write intelligent, substantive blog posts twice a week in their areas of expertise, you could stop paying the public relations folks. You’d dominate the web, and reporters from traditional media would beat a path to your url, seeking ideas for stories and comments on hot topics.

(The same holds for many corporations, although it would be the business folks (who are responsible for generating business) and not the in-house lawyers (who are not) who should be hitting the keyboards.)

But firms and corporations don’t do this, for many reasons. First, firms are skeptical; they’re not sure this would work. Second, this requires a large, non-billable commitment of time; many firms (or individual lawyers) aren’t willing to put in the effort. Third, firms are legitimately nervous. What happens when we urge our lawyers or employees to go forth unto the web, and those folks go forth and write embarrassing or crazy stuff, which they inevitably will?

In fact, even if you don’t encourage folks to participate in online discussions, they’ll do it anyway. So social media policies have necessarily become the next rage: How do law firms and corporations protect their institutional interests without unduly interfering with their employees’ right to express themselves online?

The social media bandwagon.

Like Gaul, this subject can be divided into three parts: Control over social media sponsored by the firm or company and designed for internal consumption only; control over social media sponsored by the company for an external audience; and control over use of social media by employees in their own names for their own purposes.

The first two categories don’t interest me too much. Perhaps that’s because I’ve never participated in those types of activities. Perhaps it’s because those activities are unlikely to succeed or to generate business, so they don’t grab my attention. Or perhaps it’s because employers legitimately have powerful control over what employees can (and should) say when the employees are speaking on company-sponsored media.

If you’re posting information to be read only by other employees on an internal company blog, no one doubts that corporate policies govern what you’re saying. Start typing crazy stuff or spewing venom, and you’re likely to get in a heap of trouble. (Frankly, I’d be curious to learn about internal blogs that actually work. From what I’ve seen and heard, those blogs typically sport few posts and fewer readers, but perhaps some firm or corporation has managed to make them work. I wonder what it takes to create a successful internal blog.)

The second category isn’t very different from the first. If you’re posting information on a firm- or corporate-sponsored social medium, such as a firm-sponsored blog, you probably still realize that you’re in a relatively formal and regulated environment, and you should be careful about what you say. In fact, some law firms and corporations insist on editorial review before posts are published on those types of sites. That may well guarantee that the posts sound pompous and bureaucratic, but editorial review surely minimizes the risk of creating trouble. In any event, responsible firms and corporations should surely have policies governing these types of activities, and no one should be too surprised by what the policies say.

The more interesting question (to me, at least) is how to regulate employees who are speaking on their own time about their own issues. In other words, how do you regulate a nutcase like me?

I’ve now done this personal blogging bit twice in my life. When I was a partner at a big firm, I published (along with a guy at another, competitive big firm) the Drug and Device Law Blog. We were pretty careful. We included on the website the world’s most ridiculous disclaimer, explaining that we were posting only our own opinions, were not speaking for our firms, weren’t giving legal advice, and basically were fools who couldn’t be trusted at all. At the same time, we naturally identified our law firms and linked to our online firm profiles, because we hoped that blogging might generate business. In that environment, what restrictions should a firm place on personal activity?

My firm, at least, imposed no formal restrictions. I was the only lawyer at the firm hosting a blog, the blog was not affiliated with the firm, and I tried not to write crazy stuff too often. That worked reasonably well. I caught occasional flak when I wrote something that struck me as funny, but struck one of my (dour) partners differently. Overall, however, the firm realized that other lawyers were not swarming to launch their own blogs, and the blog I was hosting was yielding real institutional benefits (raising the firm’s profile in the field and generating opportunities that wouldn’t otherwise have been available). I suspect that the firm would quickly have adopted a formal social media policy if scores of lawyers had started hosting personal blogs on law-related issues or if I (or someone else) had been less restrained when putting fingers to keyboard.

What about now, when I inhabit an in-house lawyer’s office at a corporation and write this column about things that have essentially nothing to do with the company’s primary business? What can (and should) the company do to regulate my conduct?

To my eye, the most important restriction on my little frolic and detour is common sense: Just as I did when I was at a law firm, I still try not to write crazy stuff too often. I haven’t typed a word here about my company’s business or the legal issues that we face, and I naturally wouldn’t disclose corporate confidences to the world. I hope it’s obvious that I’m publishing only my own personal opinions here. I’ve never included a disclaimer that I’m not writing on behalf of the company, although maybe I should: In case you couldn’t tell, I’m not writing on behalf of my employer here. You’re getting my own thoughts, pure and simple (often very simple). I try not to say anything that would violate the law, infringe a copyright or trademark, constitute defamation, or the like. I try to say only responsible, ethical stuff, and not to misstate the facts. (That’s probably why this column is uniquely boring.)

How does that match up to corporate social media policies? I looked at a few to see. First, I checked my own company’s policy. (It’s about time, I suppose.) Now that I’ve read the policy, it turns out that, even when I’m typing on my own time about my own issues, I’m supposed to (1) follow our corporate code of business conduct, (2) respect all copyrights and trademarks, (3) maintain confidentiality, (4) give only personal references (I suppose this is to avoid providing employment references that could expose the company to liability), (5) not attribute content to my employer unless the employer has given permission, and (6) respect others.

Fortunately, I can’t say that any of that surprises me.

As I was writing this column, I also flipped through a few other corporate social media policies. Best Buy has a cute one. It’s broken down into “what you should do” and “what you shouldn’t do,” and includes a few short, plain English rules in each category. What you “should do” includes disclosing your affiliation with the company, stating that your comments constitute your own opinions, protecting yourself by not disclosing personal information, acting responsibly and ethically, honoring “our differences” (which is the bit about not disparaging people on the basis of age, sex, race, and so on), and following the rules if you’re going to make any online offers (which is a restriction that makes sense in the context of a retail company).

Oracle’s policy covers most of the same stuff, although it’s not nearly as engaging. It’s written in more formal language and contains more warnings about not disclosing future product offerings and corporate M&A activities. Oracle also expressly tells employees not to advocate on behalf of the company anonymously by, for example, anonymously praising Oracle’s products in online discussions.

I’m not linking to the three corporate policies that I just described to be sure that I don’t accidentally overstep any boundaries here. (When I read all those rules, all of a sudden I made myself nervous.) But, if you’re interested in seeing samples of policies, here’s a link to the Social Media Governance website, which collects north of 150 corporate, law firm, and other organizational social media policies. If you’re looking to draft a social media policy for your corporation (or for a client), don’t strain your eyes — plagiarize!

(Please note: The preceding sentence does not recommend that you engage in unethical or illegal conduct. Rather, it’s a joke. The sentence refers to Tom Lehrer’s wonderful song, “Lobachevsky.” Here’s a link to the lyrics. Here’s a link to a recording of Lehrer performing the song. To eliminate any possible doubt: Lehrer wrote the song, not me. He sang it, not me. And he, not I, holds the copyright. Have I spooked myself, or what?)

Mark Herrmann is the Vice President and Chief Counsel – Litigation at Aon, the world’s leading provider of risk management services, insurance and reinsurance brokerage, and human capital and management consulting. He is the author of The Curmudgeon’s Guide to Practicing Law (affiliate link).

You can reach him by email at

(hidden for your protection)

comments sponsored by

Show all comments