The Dos, Don’ts and Maybes of Social Media

Social mediaIt takes one second to send a Tweet or Instagram post onto the internet for all to see. But for companies active on social media, the legal ramifications of those 140 characters or that one photo can last a whole lot longer.

At a recent seminar in New York, lawyers and communications professionals representing some of the world’s most famous brands learned a lot about the dos and don’ts of social media for companies, specifically companies interested in pushing boundaries but avoiding lawsuits. Perhaps more importantly, they learned a lot about the maybe dos and maybe don’ts through several real-world examples.

“When you get it wrong, it comes with a lot of implications,” said Maggie O’Neill, managing director and partner at strategic communications firm Peppercomm, which recently co-hosted the event with Davis & Gilbert LLP.

Sue Me, Maybe?

O’Neill and her counterpart, Davis & Gilbert marketing and promotions partner Allison Fitzpatrick, brought up one of the more famous “maybe don’ts” in recent memory: Peyton Manning’s proclamation after Super Bowl 50 that his first order of business was to “drink a lot of Budweiser,” setting off a social media firestorm.

“This had the potential to really blow up into something legal,” O’Neill said. After all, Manning isn’t a spokesman for Budweiser, but he does own several Budweiser distributors. The appearance of “free” advertising if, say, an implicit agreement between the two parties was in place, would have been a no-no, and the fact that it’s not common knowledge that Manning owns those distributors makes it a “maybe no-no.” Adeptly, a Budweiser communications pro tweeted that, while the brewer was “surprised and delighted” at Manning’s off-the-cuff endorsement, “Budweiser did not pay Peyton Manning” for it. While that tweet doesn’t guarantee Budweiser’s immunity from a government lawsuit, it certainly represents a skillful handling of the situation.

Know Your Subject

Not all companies have been as adept, O’Neill and Fitzpatrick pointed out. The Duane Reade chain famously got sued by Katherine Heigl after tweeting an unflattering photo of the actress coming out of one of its pharmacies carrying bags. Heigl sued for $6 million, claiming the company violated New York State and federal laws that protect the use of a person’s likeness for trade purposes. She eventually dropped the suit, but it made the kind of headlines Duane Reade – and most companies – never want.

Fast-food chain Arby’s, on the other hand, got universal kudos for its tweet about the hat worn by rapper Pharrell Williams at the 2014 Grammy’s, which looked similar to the one on the Arby’s logo. “Hey @Pharrell, can we have our hat back,” Arby’s tweeted, with the hashtag #GRAMMYs. Pharrell was a good sport about it, and when he eventually put the hat up for charity auction on eBay, Arby’s announced via Twitter that it was the party responsible for the $44,100 winning bid.

“The best part is, Pharrell did not sue,” Fitzpatrick said at the panel. But, she added, “it doesn’t mean there’s no risk.” One quick and easy first step, according to Fitzpatrick, is to do a quick Google search to “see if they’re litigious or not.”

Copyright Law in the 21st Century

For brands active on social media, copyright law is another consideration. Being mindful of trademarks like “Super Bowl” and “NCAA” while tweeting about events can save companies a lot of money from potential legal woes.

For instance, when TGI Friday’s pushed boundaries by petitioning the International Olympic Committee to make bartending an official sport, lawyers were kept in the loop to make sure the campaign garnered media and public interest on traditional and social media but didn’t cross any copyright law lines.

What’s next?

With technology constantly changing and regulators scrambling to adapt to those changes, Fitzpatrick said the next frontier could be regulatory action against celebrity spokespeople. It’s generally known around the world that Nike endorses Tiger Woods, but what if a celebrity whose endorsement deal is lesser-known doesn’t disclose the relationship in a tweet? This could be the next major question the Federal Trade Commission starts asking.

Key Guidelines

Fitzpatrick offered a few general guidelines that companies can follow.

  • When using hashtags, be careful not to suggest an endorsement or association between your brand and the event, unless there actually is one.
  • The more the merrier. See if other brands are tweeting about the event. If they are, chances are your legal risks are lower.
  • There are a lot of work-related reasons to follow, a brand, on social media, so most experts think a simple follow is probably okay. A “like” or a “share” could be a little dicier.
  • When in doubt, research, confirm, and speak to legal.

Dealing with Reputation Risk

reputation risk and social media

Properly assessing risk is critical to any business. Successful businesspeople understand that every decision they make must be weighed against the potential risk to the company. This risk assessment must not be limited solely to situations directly related to the business itself, however. They must also consider reputation risk, or the risk events will have a negative impact on one’s personal reputation and, by extension, the business.

Whether fair or not, the decisions made in someone’s personal life can have a substantial impact on the company they are connected to. This risk extends beyond just the owner or executives of a company; employees caught doing unscrupulous things can cause a public relations nightmare for the business, ultimately resulting in massive losses for the company itself.

Assessing Reputation Risk

Unlike business transactions, where there are countless models and historical examples of the likely risk and reward of most given situations, reputation risk is far harder to quantify and prepare for. It is nearly impossible to predict, for example, whether or not an executive will get belligerently intoxicated and assault a police officer. The executive can bring unwelcome attention to the company, which in turn can cause investors, advertisers, and partners to shy away in the short or even long-term.

Exacerbated in the Social Media Generation

Social media platforms such as Facebook and Twitter have dramatically intensified reputation risks. In the past, it was possible for a relatively minor incident to be swept under the rug or forgotten relatively quickly. If not, chances were good that a story would stay relatively local, perhaps reported in an area newspaper once or twice before fading from memory.

Today, however, even a single story in a local newspaper (or, worse, an online blog) can be shared and re-shared thousands of times in a matter of hours. “Viral” stories can spread across an industry and the country within only a day or two. By the same token, an ill-advised Facebook or Twitter post on a controversial topic can be shared just as quickly.

Mitigating the Danger

Unfortunately, there is only so much one can do when trying to guard against reputational risk problems. It is impossible to control every human being’s actions, and even harder to control them every second of every day. The only viable solution is offering guidelines to employees and executives to try and minimize the problem as much as possible. It is also worth calculating risk factors among employees. For example, an employee with a history of public intoxication or domestic abuse issues may not be someone you want representing your company.

At the end of the day, there is only so much one can do to reduce reputation risk. It is important, however, to have a public relations strategy on hand for if and when a troublesome situation arises—and it almost certainly will at some point.

Twitter’s Data Mining Profits Show Lesser-Known Social Media Risk

Data Mining

In an interview for this month’s issue of Risk Management magazine, lawyer and social media specialist Adam Cohen cautioned businesses that the risks of social networking sites extend beyond explosive posting faux pas.

“In most cases, corporations don’t realize that what they put on these social media services is all subject to the privacy policies and terms and conditions of the services,” said the eDiscovery expert and author of Social Media: Legal Risk and Corporate Policy. “Those provide a shocking amount of access by the social media services where they may take your data.”

As Twitter prepares for its much-anticipated IPO, the social media giant has released a torrent of information on its financial standing and practices. One of the most important tidbits for users concerns the site’s lesser-known side-business: data mining. In the first half of 2013, Twitter made $32 million by selling its data—namely, tweets—to other companies, a 53% increase from the year before.

So far this year, the company has raked in $47.5 million from selling user data to companies that analyze the social media posts for insights into news events and trends. Because of its real-time nature, Twitter is the primary contributor to data mining, though other social networks are frequently used in professional analysis.

This analysis is then sold to businesses for a slew of uses. “The types of ways that businesses are using Twitter data has gone deeper and deeper,” Chris Moody, the CEO of original Twitter data mining company Gnip, told Time. “We’re seeing it in supply chain and inventory management. It’s not just consumer brands that are engaging on Twitter.”The United Nations uses Twitter algorithms to pinpoint areas of social unrest. Burger chain Five Guys used “social intelligence technology” from New Brand Analytics to monitor quality in restaurants across the country and evaluate the appeal of a new fry size offering. Wall Street subscribers to one service, Dataminr, got a leg up on the S&P Index drop following the Navy Yard shooting. Five minutes before the news broke, users received an alert to take action after the company’s algorithms picked up on eyewitness reports and deduced from their timing, influence, and location that something urgent was taking place.

Clearly, there’s money to be made on both sides. According to the Wall Street Journal, the “social listening” business is booming, partially funded by millions of dollars in venture capital. Research firm IDC estimates that the entire “big data” market has grown seven times as quickly as the information technology sector as a whole, and may be valued at $16.9 billion in two years.

Data is mined for a variety of purposes – ones your company may even want to explore – but while there are benefits to the ends, the means translate into cyber exposures of which you may never know the details or depth. While the reputational risk of social media garners a lot of the attention – and rightfully so – there are increasingly tremendous exposures that lay in the forms just to sign up. With Twitter going public, there will only be further incentive to maximize revenue by selling user data, and more reason to approach corporate social media with caution.

A Breach a Day…Or More


More and more we are hearing of the increased frequency with which data breaches are occurring. You read about it the newspaper, see it on the news and sometimes you get notices in your inbox in real-time, like I do. What used to be a once-a-week data breach email alert from, an open security foundation, now comes as multiple emails, several times a day.

Quite frightening.

Here are some of the most recent data breach events:

February 27, 2013: TEKsystems, a company affiliated with Bank of America, was charged with monitoring hacker activity from groups targeting the bank — most likely, the collective hacking group known as Anonymous. Not liking the sound of that, a group affiliated with Anonymous released what it claims is “14GB of data belonging to the bank and other organizations, including Thomson Reuters, Bloomberg and TEKsystems.”

February 27, 2013: I thought the first email I received with the title “Laptop of Head of Israel’s Atomic Energy Commission Stolen” was bad, but then I received one the very next day that was even worse. According to various news reports, a second laptop belonging to Shaul Horev was stolen from his home in just one week. It might be time for tighter security.

February 26, 2013: Though this only counts as a potential data breach, it’s still quite alarming. According to the same open security foundation (OSF) from which I receive data breach email alerts, a hospital has left sensitive data belonging to patients and staff exposed on the internet. The worst part is, OSF has made “multiple phone calls, filled out a formal (outsourced) service desk ticket addressed to the hospital’s sysadmin and technical analyst, and sent a direct email to the hospital’s CEO.” Still, they’ve received no response.

February 25, 2013: We’ll head to Canada for this one. According to news reports from the great white north, the loss of a thumb drive has prompted an investigation that has widened to include the Justice Department. The drive contained information regarding Canada Pension Plan disability benefits related to more than 5,000 individuals.

February 21, 2013: Even peacocks are not immune. Last week, NBC announced it was the victim of an attack. Hackers added links to malware on the site, using the Citadel Trojan worm, the same one that plagued the websites of U.S. banks recently.

February 21, 2013: Zendesk, a customer service software provider, announced a security breach that allowed hackers into its system, where they had access to information from three customers — Twitter, Pinterest and Tumblr.

February 5, 2013: The U.S. government seems to be no match for sophisticated system spies. Earlier this month, The U.S. Department of Energy revealed that hackers breached 14 of its servers and 20 of its workstations, making off with personal information belonging to several hundred employees. “It’s a continuing story of negligence,” Ed McCallum, former director of the department’s office of safeguards and security, told the Free Beacon. “[The department] is on the cutting edge of some of the most sophisticated military and intelligence technology the country owns and it is being treated frivolously by the Department of Energy and its political masters.”

These are just a few of the many, many data breach alerts I’ve received in the month of February alone. It leaves one questioning whether we will ever win the war against hackers.