The Real Risk of Employees Going Rogue on Social Media


Employee advocacy is a great strategy for driving brand growth — but it poses real risks.

Brands can run into trouble if their employees share posts that are not compliant within their field. Industries that have access to extremely personal data and can influence people in powerful ways — like finance and health — need to be particularly careful when it comes to social media.

The Financial Industry Regulatory Authority (FINRA) and the U.S Secretary Exchange Commission (SEC) monitor social media within the finance sector to make sure financial companies are not taking advantage of investors.

Likewise, the health sector is strictly regulated. Even though the Health Insurance Portability and Accountability Act (HIPAA) was put into effect in 1996, long before social media was a reality, its regulations still apply to modern forms of communication.

Companies within regulated industries can face steep penalties if their employees violate the law. But with the right strategy, these risks can be mitigated.

The first step is to gain awareness of what laws apply to your industry.

Social Sharing in the Financial Services Industry

FINRA Twitter post

Financial service professionals are held to a high standard when it comes to social media. Their words can highly influence how people spend, save and invest their money.

FINRA has put rules in place to protect investors from misinformation, misleading claims or exaggerated statements.

Financial companies need to be aware of the type of original and third-party content they are sharing. If content or communication with potential clients is misleading or manipulative, the company may face fines.

FINRA guidelines cover the specifics of:

  • Recordkeeping of business communications.
  • The validity of information on a hyperlinked site.
  • Endorsements and testimonials of products or statements.
  • Native advertising

FINRA rules can be very detailed, but as a general rule of thumb: Companies should only share fair and sound information, keep records of all communication and protect customer data.

If these laws are not met, financial firms can face heavy fines. The SEC charged two Robo-Advisers with spreading false information and for a failure to properly keep communication records. The penalties were more than $330,000.

FINRA offers continued training to make sure companies can meet regulatory standards.

FINRA Twitter post

Social Sharing in the Healthcare Industry

Health professionals also have to be careful when it comes to social media.

HIPAA prohibits the disclosure of protected health information. Any information shared without consent that could identify patients violates HIPAA.

A few stand-out examples of HIPAA violations to be aware of include:

  • Posting images and videos of patients without their written consent.
  • Posting information or gossip about patients that can lead to their identification.
  • Posting photos from a facility where any protected health information is visible.
  • Sharing text, videos, or images that identify a patient or showcase protected health information within a private group on social media.

Health companies and workers can face penalties if they are caught violating this policy.

In 2018, a nurse was fired for sharing a story of a young patient who had measles. An anti-vaxxer, she explained how the disease was much worse than she had imagined.

Nurse Twitter post

Though she did not reveal the child’s name, her profile revealed the hospital where she worked. Because measles is such a rare disease, it could have been enough information to identify the patient.

Does this mean that health practitioners should avoid social media altogether just to play it safe?

Not at all.

Doctors, nurses and other health professionals use social media to share information, network and learn from each other just like any other profession. They even have their own social apps that are designed specifically for medical practitioners. Figure 1 is one such platform. On this platform, however, clients always give consent and identifying information (like tattoos, names, faces, etc) is never revealed.

Figure 1 Tweet

The difference is that personal information on clients is not shared. Instead, doctors are theoretically connecting and learning from each other by sharing cases within a medical community.

Adopting a Formal Employee Advocacy Program to Ensure Compliance

How do you ensure your company is getting employees to share posts while remaining compliant? There are several steps you can take.

1. Familiarize Yourself With The Regulations

Finance and health are not the only regulated industries on social media. The SEC monitors social media closely and enforces fines when a business crosses the line. To set your team up for success, you need to understand the laws that apply to your company. Speak with lawyers to create guidelines for your company’s social media compliance plan.

2. Create Internal Guidelines For Social Media

Using your knowledge of HIPAA, FINRA or other SEC laws, create a social media policy guide for employees when it comes to what is great, acceptable, and prohibited, to post on social media. Here are 5 terrific examples of social media policies for employees.

3. Provide Continued Training

Social media is always changing, as are its laws. Make sure that everybody on your team, from your social media manager up to C-suite execs, is aware of the best social media practice. Compliance and prohibited sharing can be discussed in conjunction with ongoing employee advocacy training and support.

4. Use Employee Advocacy Software for a Pre-approved Content Library

Reduce your risk and encourage employees to share great, risk-free content by creating a content library. You will feel more at peace when employees are sharing content that you know has been pre-approved.

5. Build your regulatory affairs team and software stack as you scale

Start-ups, independent contractors or small businesses can operate for some time without hiring a lawyer, but as teams scale, it is necessary to build a regulatory affairs team. You will need to budget for the right team of people and the right software to ensure you protect customer privacy and keep the necessary communication records. As your enterprise grows across states and nations, you will need to pay attention to laws in different regions. Choose the software that can make scaling your social media efforts as simple as possible.

Risks should not get in the way of your social sharing. Interested in learning more about what policies employees should follow when posting on social media? Check out our Social Media Guidelines for Employees.

social media guidelines for employees

Ready to get started with employee advocacy?

Request Demo