Social Media Week Part II – Sharing in the Compliance Function

I continue my exploration of the use of social media as a tool of doing compliance by looking at some concepts around the sharing of information. In a recent podcast on Social Media Examiner, entitled “Sharing: The Art and Science of Social Sharing”, podcast host Michael Stelzner interviewed Bryan Kramer, a social strategist and author of the book “Shareology: How Sharing is Powering the Human Economy”. Kramer talked about several concepts that I found particularly useful for a Chief Compliance Officer (CCO) or compliance practitioner to think through when considering the use of a social media strategy in a best practices anti-corruption compliance program, under the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or some other compliance regime.

Kramer’s book Shareology is a study of how, what, where, when and why people and brands share. For this book, Kramer conducted more than 250 interviews with executives, marketers and social media people, as well as professors of linguistics, psychology, sociology and so on, with the question “why people share” in mind.

The answer came down to one thing: connection. He found that “People all have the desire to reach out and connect with other people, whether it’s through sharing content and having someone reply back or by sharing other people’s content and helping them out.” From this research, Kramer identified six types of people who share:

• Altruist: Someone who shares something specific about one topic all the time.
• Careerist: Someone who wants to become a thought leader in their own industry, so they can see their career grow.
• Hipster: Someone who likes to try things for the first time and share it faster than everyone else.
• Boomerang: Someone who asks a question so they can receive a comment only to reply.
• Connector: Someone who likes to connect one or more persons to each other.
• Selective: This is the observer.

I find all of these categories to be relevant to a CCO or compliance practitioner in considering the use of social media in their compliance program. All of these can describe not only the reasons to use social media but they can also help you to identify who in your organization might be inclined to use social media and how it can facilitate your compliance program going forward.

The Altruist, Hipster and Careerist speak to how a CCO or compliance practitioner can be seen in getting out the message of compliance throughout your organization. Whichever category you might fall into, it is still about the message or content going forward. I find nothing negative in being seen as one or the other if your message is useful. Even if you are my age, there is nothing wrong with incorporating a little Hipster into your communication skills. As my daughter often reminds me, Dad you are so uncool that you are retro, but that is cool too. Applying that maxim to your compliance regime, if you can communicate in a manner your workforce sees as interesting or even hip, it may well help facilitation incorporation of that message into their corporate DNA.

I found the Boomerang, Connector and Selective categories as good ways to think about how your customer base in compliance (i.e. your employees) might well use social media tools to communicate with the compliance function. The use of social media is certainly a two-way street and you, as the compliance practitioner, need to be ready to accept those communications back to you. Indeed some comments by your customer base could be the most important interactions that you have with employees as their comments or questions could lead you to uncovering issues which may have arisen before they become Code of Conduct or FCPA violations. More importantly, it could allow you to introduce a proscriptive solution which moves your program beyond even the prevent phase.

Kramer also has some insights about the substance of your social media message. Adapting his insights to the compliance field, I found a key message to be that the problem is that companies do not write the way they speak, and don’t speak the language of their employee base. In many ways, compliance is a brand and Kramer believes that “brands and the people representing those brands need to change their language. If they focus on the title and the quality of the content, among other things, it’ll resonate more with their audience.” He also advocates using the social media tools and apps available to you. He specifically mentions Meerkat and Periscope, Snapchat, memes and/or videos to raise the value of the content. He was quoted as saying, “If you have a blog and there are no visuals, you might as well shut it down.”

It would seem the thesis of Kramer’s work is that sharing is a primary method to communicate and connect. In any far-flung international corporation this is always a challenge, particularly for discipline which can be viewed as home office overhead at best; the Land of No populated by Dr. No at worst. Kramer says that you should work to hone your message through social media. Part of this is based on experimenting on what message to send and how to send it. Yet another aspect was based upon the Wave (of all things) where he discussed its development and coming to fruition in the early 1980s. It took some time for it to become popular but once it was communicated to enough disparate communications, it took off, literally. Kramer noted, “It’s the same thing with social media. On social media, we think something will go viral because the art is beautiful or the science is full of deep analytics, but at the end of the day it really takes time to build the community.”

This means that you will need to work to hone your message but also continue to plug away to send that message out. I think the Morgan Stanley Declination will always be instructional as one of the stated reasons the Department of Justice (DOJ) did not prosecute the company as they sent out 35 compliance reminders to its workforce, over 7 years. Social media can be used in the same cost effective way, to not only get the message of compliance out but also to receive information and communications back from your customer base, the company employees.

Once again please remember that I am compiling a list of questions that you would like to be explored or answered on the use of social media in your compliance program. So if you have any questions email them to me, at tfox@tfoxlaw.com, and I will answer them within the next couple of weeks in my next Mailbag Episode on my podcast, The FCPA Compliance and Ethics Report.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Navigating Social Media And Legal Ethics[1]

Ed. Note-today we have a post from our colleague, Michelle Sherman, a frequent commentator on social media issues.

If you cannot do it offline, you probably cannot do it online.  This is a good way to think about social media and legal ethics. We know that attorneys are not allowed to communicate with a represented party on the other side of a legal action, so it should not be surprising that trying to “friend” a party on Facebook in order to see all of their Facebook activity is not allowed by the ABA or the assorted state bar rules of professional responsibility. Cal. Rules of Professional Conduct, Rule 2-100. It is also unethical to direct someone to “friend” the other party. Some state bars have also extended this rule to unrepresented parties and witnesses. Namely, it is fine to look at their public social media presence, but attorneys cannot “friend” them or arrange for it to be done on their behalf.

A. Maintain The Confidentiality Of Your Client Communications.

Another bright line is that attorneys cannot disclose confidential information about their clients on social media. Cal. Rules of Professional Conduct, Rule 3-100. In fact, many companies prefer for their outside counsel not to publicize their courtroom wins for their clients out of concern that it will invite similar actions to be filed against the company. Companies have media relations departments to tell their story for them so attorneys should coordinate any press releases of their own with their clients. This is something to keep in mind when an attorney writes her LinkedIn profile, or posts about her work day on Facebook or Twitter.

Preserving the confidentiality of attorney-client communications, and not waiving the attorney work product protection means attorneys need to think carefully about how they post status updates on LinkedIn, and the “conversations” they are having on LinkedIn discussion groups, or on listservs. Even if a listserv is treated as a private forum for qualifying members to confer about legal issues, it does not mean that a court will treat those discussions as privileged or confidential. A plaintiff’s attorney in an employment discrimination case learned this the hard way when he was trying to quash a document subpoena seeking his writings on a listserv. In Muniz v. United Parcel Service, Inc., CV 09-1987 (N.D. Cal.), the plaintiff’s attorney allegedly made posts on the listserv in which he accused the judge of being “defense-biased”, and described the defense counsel as aggressively defending the case to the point of absurdity. Professor Georgene M. Vairo, a professor at Loyola Law School, was reported in a January 18, 2011 Los Angeles Daily Journal article, as saying that the fact that the attorney’s writings appeared on a confidential listserv does not mean work product privilege applies to them. “Given the way social media is, even when you try to keep things private, can you really have an expectation of privacy?” Vairo said.

B. Make Social Media Part Of Your Litigation Strategy.

Yet, attorneys may fall short of their duty to zealously represent their clients if they ignore social media entirely. It is a rich resource for discovery about the other side, witnesses and even prospective jurors. In Johnson v. McCullough, the Missouri Supreme Court discussed how trial attorneys should take advantage of technological advances and research prospective jurors. Thereby, hopefully avoiding the need for a motion for new trial because it is discovered much later that a juror was deliberately concealing his bias on voir dire in order to remain on the jury.

However, this research and monitoring of jurors during the case comes with some bright line rules as well.

1. Do Not Have “Contact” With Jurors Through Social Media.

Again, offline rules provide a bright line for social media contact with jurors. A study done by Reuters Legal using data from Westlaw online found that tweets from people describing themselves as prospective or sitting jurors appeared at the rate of one nearly every three minutes. Increasingly, parties are filing motions for new trials or to overturn a verdict based on juror misconduct on the Internet. In a criminal case in Camarillo, California, a juror posted a cell phone picture of the murder weapon on the Internet, and invited people on his blog to ask him questions about the case.

Thus, attorneys and courts have good reason to be concerned about what jurors are saying on social media. Courts are tackling the problem by instructing the jury not to discuss the case anywhere including on social media. However, just as jurors still talk about pending trials with their friends and family despite the court’s admonitions, jurors are sometimes ignoring (or forgetting) the court’s admonitions and posting on social media. Consequently, attorneys should have someone monitoring the jury during voir dire, trial and deliberations.

This monitoring needs to be done so it does not result in “contact” with the jurors. Cal. Rules of Professional Conduct, Rule 5-320. Friending jurors, or following them on Twitter, is taking it too far. On the other hand, attorneys can monitor the public posts of jurors on Facebook and Twitter without jurors realizing it.

2. Bring Jury Misconduct To The Court’s Attention.

Now assume the plaintiff’s attorney learns from social media that a juror intentionally failed to disclose she was prejudiced against the defendant manufacturer in the case, because the juror had been a victim of a similar industrial accident. The juror is someone that the attorney thought was sympathetic to his client’s case and the last thing he wants to do is lose the juror. This is the ethical question that is likely to come up for attorneys, and the answer is the same as other offline misconduct of jurors. As an officer of the court, the attorney is required to bring it to the attention of the court.

C. Avoid The Unintentional Creation Of An Attorney-Client Relationship.

Attorneys are using blogs and social media to try and develop business. A February 2012 survey by ALM Legal Intelligence, “Social Media ROI for Law Firms” found that of the law firms that are using social media and blogs – 85 percent and 70 percent respectively of the responding law firms – almost 50 percent of those firms are receiving leads from their efforts. In doing so, law firms are understandably concerned about not creating an inadvertent attorney-client relationship when someone comments on a blog or tries to engage one of their attorneys about the specifics of their particular legal issue.

These are legitimate legal concerns. In addressing an analogous situation, the State Bar of California issued a formal opinion for attorneys who have call in radio shows on legal issues. The State Bar recommended that the attorney radio host: (1) remind callers that they are speaking on a public forum so nothing they are saying is confidential; and (2) encourage callers to seek advice from an attorney about their specific problem. Formal Opinion No. 2003-164. It is also recommended that the law firm pre-screen comments before they are posted on the blog site to edit posts that may potentially create a problem. Also, do not answer fact specific questions – rephrase the question to a broader legal issue that may be of interest to the broader audience to whom you are writing or speaking. And, finally, keep your responses in the public forum so there is no expectation of a confidential attorney-client relationship.

[1] 4851-4734-3630, v.  1

———————————————————————————————————————————————————————-
Michelle Sherman practices at Slater Hersey & Lieberman LLP. She can be reached at Msherman@slaterhersey.com. Follow Michelle on Twitter: @MShermanEsq

———————————————————————————————————————————————————————-

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. 

Facebook’s Settlement With The FTC Is A Wake Up Call For Businesses To Review And Update Their Website Privacy Policy And Agreements

Ed. Note-there are many forms of compliance convergence. Today we have a guest post from Michelle Sherman, a frequent contributor on compliance and  social media issues. 

The Federal Trade Commission (“FTC”) is working hard to make sure consumers are not being misled about how websites and social networking sites are using their personal information.  Companies that do not follow their own privacy policies are finding themselves the subject of FTC complaints.  It is therefore even more important for businesses to review and update their “privacy policy,” “terms of use,” and other legal agreements on their websites.  This review should also include any company apps.

1.         When Businesses Do Not Comply With The Terms Of Their Website Privacy Policy, Then They May Be In Violation Of Section 5(a) Of The FTC Act

The recent consent decrees that the FTC entered into with Facebook, Google and online advertiser ScanScout highlight the need for businesses to make sure they are acting in accordance with their privacy policies.  Businesses are well advised to take the following actions:

(1) Ensure that the published policies on their websites for terms of use and privacy reflect what information the businesses are collecting from consumers, and that the disclosures are clearly stated without unnecessary and lengthy legalese;

(2) Examine how the businesses are using personal information or anticipate using it, and that these uses are being fully disclosed to consumers; and

(3) Take reasonable measures to safeguard consumer information.  Because of the risks of cyberhacking, it is also worthwhile to conduct an audit on how consumer information is being safeguarded, and what information is being stored and for how long a period.  The FTC settled a complaint against Twitter for its alleged failure to take reasonable safeguards to protect users’ accounts against hackers.

In all of these complaints, the FTC alleged that the respondents made false or misleading representations about their privacy policies in violation of Section 5(a) of the FTC Act.  The FTC Act prohibits unfair or deceptive acts or practices.  15 U.S.C. § 45(a).

The consent decrees entered into by Facebook, Google and ScanScout in order to avoid more costly litigation and possibly stiffer penalties are similar in some key respects, and include some terms that will increase their costs of doing business.  As is sometimes the case with the FTC, the FTC conditioned the settlements on these businesses agreeing to change their business practices in ways that may place them at a competitive disadvantage to their competitors because some of the additional privacy measures they must now take are not required under current law.

2.         Lessons To Be Learned From The FTC Settlements With Facebook And Others

It is instructive to know how these businesses allegedly violated the terms of their privacy policies with users because the same may be true for many companies.

(a)  Facebook Complaint

In its complaint against Facebook, the FTC alleged:

(1) Facebook told its users that third-party apps that users installed – such as Farmville by Zynga– would have access only to user information that they needed to operate.  In fact, the apps could access nearly all of the users’ personal data.

(2) Facebook told users that they could restrict sharing of data to limited audiences – for example, with “Friends Only.”  In fact, selecting “Friends Only” did not prevent their information from being shared with the third-party applications their friends used.

(3) Facebook promised users it would not share their personal information with advertisers.  Facebook did according to the FTC.

(4) Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible, when in fact Facebook allowed access to the content according to the FTC.

(5) Facebook also claimed that it complied with the U.S. – EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union, but it did not.

(b)        Google Complaint

Google is also faulted for making use of its users’ data in ways that was contrary to what Google was telling users about the launching of Google’s Buzz social network through its Gmail web-based email product.  The FTC alleged that “Google led Gmail users to believe that they could choose whether or not they wanted to join the [Buzz] network, [but] the options for declining or leaving the social network were ineffective.”  Google was apparently trying to immediately ramp up its social network in order to compete with Facebook.  The Buzz launch ended up being a public relations nightmare for Google with thousands of consumers reportedly complaining that they were concerned about public disclosures of their email contacts from which Google tried to create immediate Buzz connections for users.  In some cases, use of the emails disclosed ex-spouses, therapists, employers or competitors.

According to the FTC, Google breached its privacy policy when it launched Buzz, its social networking site, because Google’s policy told Gmail users that “[w]hen you sign up for a particular service that requires registration, we ask you to provide personal information.  If we use this information in a manner different than the purpose for which it was collected, then we will ask for your consent prior to such use.”  According to the FTC, Google used Gmail users’ information for a different purpose without telling them by starting a social networking site with the information.

            (c)  Online Advertiser ScanScout Complaint

The FTC is not just pursuing these actions against social media behemoths such as Facebook and Google.  In November 2011, the FTC reached a settlement with an online advertiser ScanScout.  ScanScout is an advertising network that places video ads on websites for advertisers.  ScanScout collects information about consumers’ online activities (aka behavioral advertising) in order to post video ads targeted to the people visiting the website.  In ScanScout, the FTC alleged that there was a discrepancy between the online service and their website privacy policy:

“[F]rom at least April 2007 to September 2009, ScanScout’s website privacy policy discussed how it used cookies to track users’ behavior.  The privacy policy stated, ‘You can opt out of receiving a cookie by changing your browser settings to prevent the receipt of cookies.’  However, changing browser settings did not remove or block the Flash cookies used by ScanScout….  The claims by ScanScout were deceptive and violated Section 5(a) of the FTC Act.”

In the ScanScout action, the company Tremor Video, Inc. is also subject to the settlement order because ScanScout merged with Tremor Video.  This settlement also highlights the importance of doing an audit of a target company’s social media activity before acquiring or merging with it so your company will have more information concerning the legal risks of the deal.

3.         Business Costs Of Not Updating Your Privacy Policy And Following It

In each of these cases, the FTC is making the settling party do some things that are more than they would have been required to do in the normal course of business, thereby, making it more challenging and expensive for them to do business.

These consent decrees require the settling party to do the following:

(1) Tell users what information is being collected and for what purpose, with the right to “opt out” of the targeted advertising (ScanScout);

(2) Obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences (Facebook; Google);

(3) Establish and maintain a comprehensive privacy program to address privacy risks associated with new and existing products and service, and protect the privacy and confidentiality of consumers’ information (Facebook; Google); and

(4) Every two years, for the next 20 years, obtain independent, third party audits certifying that the privacy program meets or exceeds the requirements of the FTC order (Facebook; Google).

4.         Conclusion

Considering that the vast majority of consumers simply click through the legal agreements to get to the applications on a website, there is no real downside to companies spending a little time and money to ensure that their privacy policy, terms of use and other legal agreements reflect their current practices.  Similarly, updating these agreements should be a routine part of changing how the company is collecting and using information from its users.  It should be coordinated between marketing, IT and legal with each checking off on the updates being accurate.  And, finally, the website should clearly indicate that the privacy policy and/or agreements have been updated so users have the option to review any changes.  If experience is any indicator, virtually all users will continue to visit the website notwithstanding the updated policy or agreements.

 Michelle Sherman is special counsel at Sheppard Mullin Richter & Hampton where she practices business litigation and consults with businesses on legal and regulatory compliance issues relating to social media and the Internet.  Michelle is the editor and contributing author to the law firm’s Social Media Law Update blog.

LEGAL ISSUES SURROUNDING SOCIAL MEDIA BACKGROUND CHECKS

Ed. Note-we are pleased to host a posting today from Michelle Sherman.

Agatha Christie had a novel take on invention being the mother of necessity.  She disagreed and said, “[I]nvention, in my opinion, arises directly from idleness, possibly also from laziness.  To save oneself trouble.”  She may have been onto something when you think about businesses that are turning to outside vendors to research employees and job candidates for them.  Whether or not these outside vendors are the best solution, however, remains to be seen.

1.  Companies Should Have An Internal Procedure For Researching Job Candidates And Employees On The Internet

We recommended in a January 2011 blog post, that businesses establish an internal procedure for making employment decisions based on Internet research, so they would not run afoul of state and federal laws that prohibit job discrimination based on protected factors.  See http://www.socialmedialawupdate.com, Social Media Research + Employment Decisions: May Be A Recipe For Litigation.  The protected factors include, for example:  (1) Race, color, national origin, religion and gender under Title VII of the Civil Rights Act of 1964; and (2) Sexual orientation, marital status, pregnancy, cancer, political affiliation, genetic characteristics, and gender identity under California law.  Most states have their own list of protected factors, which should be considered depending on where your company has employees.

Not surprisingly, the legal risks of making employment decisions using the Internet have become a real concern for businesses, especially when you consider that 54% of employers surveyed in 2011 acknowledged using the Internet to research job candidates.  The actual number of employers using the Internet is probably higher, and sometimes companies may not even be aware that their employees are researching job candidates and factoring that information into their evaluations.  This is yet another reason to establish an internal procedure for researching job candidates, and communicating your procedure to employees who are participating in the employment process.

There is nothing wrong with researching people on the Internet so long as it is done properly.  The Internet has a wealth of useful information, some of it intentionally posted by job applicants for employers to consider such as LinkedIn profiles.

With this “necessity” to do Internet searches properly, some businesses have turned to outside vendors to do the research for them, and, thereby, try to reduce their legal exposure and the administrative inconvenience of doing it themselves.  At least one of these vendors has received letters concerning its business practices from the Federal Trade Commission (“FTC”) and, more recently, two U.S. Senators.

2.  The Business Practices Of Outside Vendors That Provide Social Media Background Checks Are Being Examined For Compliance With Privacy And Intellectual Property Laws

On May 9, 2011, the staff of the FTC’s Division of Privacy and Identity Protection sent a “no action” letter to Social Intelligence Corporation (“Social Intelligence”), “an Internet and social media background screening service used by employers in pre-employment background screening.”  The FTC treated Social Intelligence as a consumer reporting agency “because it assembles or evaluates consumer report information that is furnished to third parties that use such information as a factor in establishing a consumer’s eligibility for employment.”  The FTC stated that the same rules that apply to consumer reporting agencies (such as the Fair Credit Reporting Act (“FCRA”)) apply equally in the social networking context.  These rules include the obligation to provide employees or applicants with notice of any adverse action taken on the basis of these reports.  Businesses should also be mindful of similar state consumer protection laws that may be applicable and may afford additional rights to employees and applicants (e.g. California Investigative Consumer Reporting Agencies Act).

The FTC concluded by stating that information provided by Social Intelligence about its policies and procedures for compliance with the FCRA appears not to warrant further action, but that its action “is not to be construed as a determination that a violation may not have occurred,” and that the FTC “reserves the right to take further action as the public interest may require.”  This FTC “no action” letter was reported fairly widely, and probably increased the comfort level of businesses that wanted to use an outside service for Internet background checks.

On September 19, 2011, Senators Richard Blumenthal (D-Conn) and Al Franken (D-Minn) sent a letter to Social Intelligence with 13 questions regarding whether the company is taking steps to ensure that the information it is gathering from social networks is accurate, whether the company is respecting the guidelines for how the websites and their users want the content used, and whether the company is protecting consumers’ right to online privacy.  The letter raises some legitimate concerns, and requests a prompt response from Social Intelligence to the questions presented.

3.  Legal Assurances That Your Company May Want To Seek If Using An Outside Vendor

Some of the questions also warrant due consideration on the part of businesses receiving reports from outside vendors about how much weight they want to give the information provided.  Further, what the business may want in the form of legal assurances from the outside vendor that no laws (e.g. FCRA, privacy, copyright, or other intellectual property laws) have been violated in gathering the information or providing screenshot copies of pages from social networking sites.

Some of the questions from the Senators which raise these concerns include, for example:

1.  “How does your company determine the accuracy of the information it provides to employers?”  [Social Intelligence is reportedly collecting social networking activity dating back 7 years, and, therefore, may capture something that was later removed, or was a “tag” post through a picture that the job candidate was not responsible for making public, and may have removed once it came to his attention.]

2.  “Is your company able to differentiate among applicants with common names?  How?”  [e.g. Have they researched the correct “Jane Smith” of the hundreds on Facebook since social security numbers or other specific identifying information is not useful on social networking sites as it is with the standard background check.]

3.  “Is the information that your company collects from social media websites like Facebook limited to information that can be seen by everyone, or does your company endeavor to access restricted information.”

4.  “The reports that your company prepares for employers contain screenshots of the sources of the information your company compiles…These websites are typically governed by terms of service agreements that prohibit the collection, dissemination, or sale of users’ content without the consent of the user and/or the website….. Your company’s business model seems to necessitate violating these agreements.  does your company operate in compliance with the agreements found on sites whose content your company compiles and sells?”

5.  There appears “to be significant violations of user’s intellectual property rights to control the use of the content that your company collects and sells.  …. These pictures [of the users], taken from sites like Flickr and Picasa, are often licensed by the owner for a narrow set of uses, such as noncommercial use only or a prohibition on derivative works.  Does your company obtain permission from the owners of these pictures to use, sell, or modify them?”

4.  Conclusion

Establishing an internal procedure for using the Internet to make employment decisions is one more piece of a sound ethics and compliance program that addresses how your company is using social media.  If using an outside vendor to perform social media background checks is part of that policy, you should assure yourself that the company is acting in compliance with the relevant laws.  Further, if your company does decide to use an outside vendor, the company should not assume that employees will forego their own Internet searches of job candidates unless they are specifically instructed to follow the company’s procedure.

Michelle Sherman is special counsel at Sheppard Mullin Richter & Hampton where she practices business litigation and consults with businesses on legal and regulatory compliance issues relating to social media and the Internet.  Michelle is the editor and contributing author to the law firm’s Social Media Law Update blog.

Jonathan Marks Tweets and Why You Should Be On Twitter

Yesterday my Fraud Examiner colleague Tracy Coenen posted a blog entitled, “Why I’m quitting Twitter (and you should too)”. My blog today will set forth the reasons why the compliance practitioner should refrain from quitting Twitter, actively participate and why the greater compliance world benefits from participation from experts like Tracy Coenen. So Tracy, do not quit!

Twitter is an excellent resource for anyone in the compliance community. It provides real time reporting and more importantly excellent resources for the compliance practitioner. AND BEST OF ALL IT IS FREE!

Why should you participate on Twitter? My experience is that it is one of the most efficient ways to get your name out in the field you practice. Whether it is law, forensic accounting, finance or selling flowers, it does not matter. The key is to stay focused on your area of specialty. If you tweet about where you are or that you are the Mayor of some such place it will not assist you professionally.

What did I do? I began my social media journey focusing on Twitter. Beginning in January, 2010, I reposted every tweet I could find on the Foreign Corrupt Practices Act (FCPA). I did not post original content because I was learning the Twitter ropes and was not sure what to do. I stayed focused on the area of the FCPA which led to me being named in February as one of the Top 15 “Must Follows” in the area of Securities Law (FCPA) by Bruce Carton, author of the Securities Docket Blog and his list was posted in Compliance Week.

I then decided to see if I could begin to send articles to different blogs and websites for posting. I always send an email introducing myself and they all come back with something along the lines of the following, “We know who are and thanks for re-tweeting our tweets.” To date they have all said yes to me sending in a contribution for consideration. So I was able to make a name for myself through Twitter. Of course I had to follow up with substantive content and perhaps I could have sent blind submissions but Twitter was the tool which introduced me to the wider compliance world.

How else can one use Twitter to meet and develop substantive business? In December 2010, I noticed a tweet by Jonathan Marks where he mentioned that he had developed a 13-step action plan for FCPA compliance programs. I thought that this was an interesting item but there was no link to the document or information, so I took the direct approach and Direct Messaged Jonathan, on Twitter, to ask if he would be willing to share with us the 13-step action plan, which he was willing to do.

I met Jonathan (virtually) through LinkedIn and his hosting of the LinkedIn group ‘Fraud Pentagon.’ Through his profile I was able to discover Jonathan’s interesting professional journey, he is the Partner In-Charge of the Fraud, Ethics and Anti-Corruption practice at Crowe Horwath and has worked with the US Attorney’s office, the FBI, the IRS Criminal Investigation Division and US Customs officials during his career. Jonathan has also served as the Chief Audit Executive at several public companies and is a Certified Public Accountant, Certified Fraud Examiner and is certified in financial forensics.

I spoke to Jonathan to find out how he developed this plan and he told me that from his meetings with clients, on the issue of compliance over the years, he wanted to develop a non-legalistic approach that he could easily convey to clients. After the interview and his sharing of his 13-step program I wrote a blog about the program by which a company could review its FCPA compliance program, assess where the program is in terms of best practices, and then use the same action plan as a guide for implementing some or all of the best practices.

The response to the blog posting was so great that Jonathan wrote a White Paper on his 13-step program which I assisted him with some of the drafting. All of this happened because he tweeted about his 13-step program. In other words, one little tweet led to all of the above.

How does all of this relate to Ms. Coenen and her pronouncement? I say to Tracy, do not stop tweeting – WE NEED YOU. One other reason to continue to participate in Twitter is the absolute wealth of information that is available to any chosen profession. However, I can speak only to the compliance world and in that world there is significant information available to all AT NO COST. If you are in a company on a budget, and who is not, you can obtain the best practices of FCPA compliance, Bribery Act compliance, fraud and forensic accounting compliance by participating on Twitter. Tracy’s tweets are substantive and if she retweets someone else’s tweets, I am confident that it is substantive as well.

Twitter is but one tool and to any professionals a quiver of tools it is a significant and useful tool (did I mention that it is FREE?) for both marketing and research. I do agree with Tracy that I cannot point to one client I have obtained exclusively from Twitter. It is always some combination of Twitter/LinkedIn/Blogging/Speaking/White Papers and word of mouth. But it is a significant tool and, in my opinion, a tool that you should not forsake.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011