by clicking the arrows at the side of the page, or by using the toolbar.
by clicking anywhere on the page.
by dragging the page around when zoomed in.
by clicking anywhere on the page when zoomed in.
web sites or send emails by clicking on hyperlinks.
Email this page to a friend
Search this issue
Index - jump to page or section
Archive - view past issues
GRC Professional : GRC Spring 2011
22 grc professional • Spring 2011 22 grc professional • Spring 2011 PRoBlem solving sCenARio FACeBook RAnt Over the weekend, one of your organisation's staff has put a rant on their Facebook status. They have used offensive language about your managers and suggested that they are greedy liars who have overstated the organisation's profits. BoB emeRY head of Risk and Compliance, Bupa Australia (trading as hBA, mBF & mutual Community) 1 Policies breached may include: Internal Code of Practice – with regard to breaches of a) managing Confidentiality and Proprietary Information; b) Organisation values e.g . respectful and ethical concerns; c) Method of raising concerns • Confidentially in terms of Employment Contract conditions; • Social Media policy (if in place); • Potential civil penalties resulting from ‘defamation and slander’ by the manager(s) that were vilified; and • Basic common decency. 2 how would you handle it? Firstly, investigate the incident to determine the veracity of the allegation and the extent of the “blog”; • Secondly, and if proven, interview the employee to ascertain why he/she issued the rant; • Thirdly, bring to their attention the correct venues available for staff to raise such matters e.g. whistleblower program, HR representative, line manager; • Fourthly, provide training, coaching and, if needed, counselling; and • Lastly, issue formal warning depending on the exact severity and nature of the rant. 3 Preventative measures? • Send out a message to all staff (as they may have heard about it) of the need for adherence to organisational policies and reiterate the message that non-adherence will not be tolerated. In this regard, it would help to provide ‘live’ examples of what has occurred and example of what should have been done; • Consider rolling out re-training on relevant internal policies re: per those in 1 above; • NB – important to remember that the rant was on his/her ‘personal’ Facebook page and not an internal email. mARiA dAlton Chief Compliance officer, mercer Australia/new zealand 1 Potential policy issues Most entities would have a media policy and a social media policy. The aim of these policies is to clearly articulate who is authorised to speak to ‘the public’ on behalf of the entity. • Social media policies are a subset of that as using social media tools has the same effect as speaking to ‘the public’ about an organisation only it is not technically done ‘on behalf of’ the organisation. • In order to be able to take appropriate action against employees who defame their employer or who intentionally or unintentionally publish commercially sensitive information, the employment contract should clearly state the employer's tolerance using the company name in any social media circumstances. 2 Reaction to the rant? • Assuming the employment contract is robust, the employee should be immediately asked to remove the posting without further mention of the company name. I would expect that the contract would also pave the way for termination of employment. As a manager, I would also like to know the rationale for the rant just in case there is some action needed to be taken other than with the individual concerned. 3 Risk management Following the incident I would also take any opportunity to reinforce the message in the media and social media policies as well as a generic statement on the entity's tolerance for non-compliance with the policy. • At the end of the day, there is very little an organisation can do to prevent this type of incident recurring, other than to make sure the contracts are robust, the zero tolerance approach is clearly and frequently articulated to all staff and the consequences are visible, when the situation warrants it.••• What Would you do? Questions What are the potential breaches of your organisation's policies from this rant? How would you handle the situation? What preventative measures could you put in place to avoid it happening again?
GRC Summer 2012