Muchas empresas tienen presencia en las redes sociales y desconocen las consecuencias y repercusión que puede tener en su imagen y reputación online una mala gestión de una crisis de comunicación, por la actuación del Community Manager o de su personal.

Many companies have presence on social networks and do not know the consequences and repercussions that their online reputation and image could receive as a result of badly managing a communications crisis by the Community Manager or his/her staff.

Many companies have presence on social networks and do not know the consequences and repercussions that their online reputation and image could receive as a result of badly managing a communications crisis by the Community Manager or his/her staff.

Therefore, it is necessary to know the regulations applicable for the use of social networks which includes the regulations and policies of personal use of social networks (privacy policies, advertising regulations, conditions for use, rules, etc.), as well as the regulations in force, such as that related to personal data protection. These guarantee privacy, confidentiality, a proper use of the users data and of their rights; protection of the rights of the author of the online content, the right to honour, intimacy and personal image of the users is also guaranteed, disloyal competition practices are avoided, the right to trademarks are respected, regulations for promotional competitions are complied with, as well as the obligations of the LSSI (Law of Information Society Services and E-commerce).

The incompliance of these could cause civil and administrative liability of substantial amounts, and criminal liability of the company that could result in fines, prison sentences and even the dissolving of the company and ceasing of activity, for crimes committed online in the name or on behalf of a legal person, and for their benefit, by legal representatives and de facto or de jure administrators, or by internal or external staff (such as publicity or marketing agencies or community managers) when demonstrated that “the events have taken place without having exercised the due control concerned with the specific circumstances of the case.” (art. 31 bis of Spanish Criminal Code).

Consequently, the company must confirm that adequate monitoring has been exercised by the person in charge of the social media presence, through possible instruments as indicated (Marina Roig Altozano, 2012), of prevention, such as codes of conduct, programmes for compliance with legality, etc., where the company analyses the criminal risks that could arise in light of its activity, defines the ethical principles and regulations which should be employed for the behaviour of all agents of the company, and expressly prohibits those behaviours that could be considered as criminal, and all agents of the company must assume its values and cultures, which respect legality. Instruments of control (internal and external supervision), and Displinary instruments (sanctions) that guarantee compliance.

Said instruments must form part of a good social media compliance strategy that: (i) helps the company to avoid liabilities, to comply with the regulations in force and to prevent fines, sanctions or claims that could damage the online reputation, prestige and image of the company (brand), (ii) regulates the rules of behaviour for staff and community managers for the use of social networks (important when managing a communications crisis), and (iii) provides a uniform policy for conduct, with clear rules known by all staff, which improves the coordination and management of activities carried out, gains trust and security and protects a consistent image of the company in an online setting.

If you would like to implement a Social Media Compliance strategy, we recommend that you take the following into account:

  1. As a first step, it is necessary to do a “preliminary study and analysis”, of staff, the size of the company, the objectives for having a social media presence, the strategy you will implement, etc.
  2. Identification and prioritization of the risks that could affect the company regarding the Social Media strategy, and an evaluation of these risks.
  3. To create an “Internal social media policy” which the staff must comply with, which clearly and precisely specifies the measures needed to follow and lines of action for the use of social networks (hours, messages within the networks, downloads, rolls, planning, enquiries and messages in general). This internal policy may be based on clear and simple principles, for example the company Dell has 5 principles that could be used as a guide: protect information; be transparent and disclose; follow the law; follow the codes of conduct; be responsible, be nice, have fun and connect (and remember that the social media account ownership is from Dell).
  4. It is necessary to “prepare and train” staff, directors and employees on the regulations that need to be complied with, rules to be followed and the importance of the use of social networks, but also that they know its limitations and consequences of related actions.
  5. It is recommended that a uniform policy exists of “creation of content of third parties” published on the internet, and that it is also monitored, given that this could cause damage to the reputation and image of the company.
  6. Likewise, it should be clear to employees that they must not associate their personal profiles with the company. The employees must be reminded that they are ambassadors of the brand of the company they work in and also, although they may talk of the company’s activities, there are secrets, projects and situations that must be kept private.
  7. Finally, monitoring is important, “supervision and verification of compliance” and “updating”, of the policies. It should be an active document, and it is important to implement mediums and/or have people in charge of their supervision, and, where necessary, lines of action in order to eliminate, modify and even start internal or external actions when facing behaviour which could result in a risk for the reputation of the company.

The main risk areas for companies:

  1. Concerning data protection: having the express consent of the persons data to send them publicity or include them in promotional campaigns, guaranteeing the exercise of ARCO rights (access, rectification, cancellation and objection) and other guarantees in the LOPD (Organic Law for Data Protection) and its development regulation.
  2. Concerning LSSI: informing, as a lender of services on websites and social network profiles, about your name, address, e-mail address, etc. Also, having general conditions of service that regulate the contracting or purchase through internet, and sending publicity that makes the identity of the advertiser known, not sending unrequested promotional messages (SPAM), offering to the recipient, the possibility of objecting data processing for promotional aims both for data collection and commercial communications, and establishing mechanisms so that users may stop receiving something after it was authorized.
  3. In relation to the regulation on protection of the brand and disloyal competition: not using the trademark of a competitor as a key word in search engines, and not carrying out disloyal competition practices when connecting to competitors’ sites, which offer services or products that are similar or the same, or not using small spelling mistakes or similar words that can cause confusion for users, and result in the exploitation of the reputation of an unrelated company, and
  4. Concerning intellectual property: to copy (plagiarize) and reproduce the entire contents and images of websites, blogs etc. without respecting the rights of the author concerned, as well as publishing part of the contents without citing the author, and without including references or corresponding links.

These are some practical examples that should be followed in order to not go against the law in force, and so there is no risk of liability for companies.

If you would like further information on the contents of this article or require our collaboration in order to be informed about the specific impact concerning your activity, please do not hesitate to contact us.

Por ello, resulta necesario conocer la normativa aplicable en el uso de redes sociales que abarque las normas y políticas de uso propia de la red social como (políticas de privacidad, normas de publicidad, condiciones de uso, reglas, etc.), más la normativa vigente, como la referida a protección de datos de carácter personal que garanticen la privacidad, confidencialidad, buen uso de los datos de los usuarios y de sus derechos; protección de los derechos de autor de los contenidos online, se garantice el derecho al honor, a la intimidad y a la propia imagen de los usuarios, se eviten prácticas de competencia desleal, se respete el derecho de marcas registradas, se cumpla con la normativa para realizar sorteos promocionales, así como las obligaciones previstas en la LSSI (Ley de Servicios de Sociedad de la Información y del Comercio Electrónico).

Cuyo incumplimiento, puede generar responsabilidad civil y administrativa por cuantiosas sumas, y responsabilidad penal de la empresa que puede ocasionar multas, penas de prisión, e incluso disolución de la empresa y cese de a actividad, por delitos realizados vía online cometidos en nombre o por cuenta de la persona jurídica, y en su provecho, por sus legales representantes y administradores de hecho o de derecho, o por su personal interno o externo (como lo pueden ser agencias de publicidad o marketing, o community manager) cuando se demuestre que “han podido realizar los hechos por no haberse ejercido sobre ellos el debido control atendidas las concretas circunstancias del caso.” (art. 31 bis del Código Penal)

En consecuencia, la empresa debe acreditar que ha ejercido el suficiente control sobre el personal encargado de su presencia en los medios sociales, a través de instrumentos que pueden ser como señala (Marina Roig Altozano, 2012) de prevención, como códigos de conducta, programas de cumplimiento de la legalidad, etc., donde la empresa analiza los riesgos penales en que puede incurrir en función de su actividad, define las normas y principios éticos por los que debe regirse el comportamiento de todos los agentes de la empresa, y prohíbe expresamente aquellas conductas que puedan ser consideradas constitutivas de delito, y todos los agentes de la empresa asuman los valores de la misma y se de una cultura de respeto a la legalidad. Instrumentos de control (internos y/o externos de supervisión), e Instrumentos disciplinarios (sanciones) que garanticen el cumplimiento.

Dichos instrumentos, deben formar parte de una buena estrategia de social media Compliance que: (i) permita a la empresa evitar responsabilidades, cumplir con la normativa vigente y prevenir multas, sanciones o denuncias que dañen la imagen, prestigio y reputación online de la empresa (marca), (ii) regule las reglas de comportamiento del personal o del Community manager en el uso de las redes sociales (importante ante la gestión de una crisis de comunicación), y (iii) permita tener una política de actuación uniforme, con reglas claras conocidas por todo el personal, que mejore la coordinación y gestión de las actividades realizadas, generen confianza y seguridad y proyecte una imagen coherente de la empresa en el ámbito online.

Por ello, si deseas implementar una estrategia de “Social Media Compliance” recomendamos que tengas en cuenta los siguientes aspectos:

  1. Como primer paso, es necesario hacer un “análisis y estudio previo”, del personal, el tamaño de la empresa, los objetivos que persigue con al presencia en medios sociales, la estrategia a implementar, etc.
  2. Identificación y priorización de los riesgos que podrían afectar a la empresa en la estrategia de Social Media, y evaluación de los riesgos.
  3. Elaboración de una “Política interna de social media” de obligatorio cumplimiento para personal, que especifique de forma clara y precisa de las medidas a seguir y pautas de actuación en el uso de las redes sociales (horarios, mensajes dentro de las redes, descargas, roles, articulaciones, consultas y mensajes en general). Está política interna puede estar basada en principios claros y sencillos por ejemplo la empresa Dell tiene 5 principios que os puede servir de guía como lo son: protege la Información; sé transparente y date a conocer; sigue la ley; sigue el código de conducta; sé responsable, sé simpático, divertido y conéctate; y recuerda que la propiedad de la cuenta en las redes sociales es de Dell).
  4. Es necesario “capacitar y formar” al personal, directivos y empleados sobre la normativa a cumplir, las reglas a seguir y la importancia del uso de las redes sociales, conozcan sus limitaciones y las consecuencias de su actuación.
  5. Es recomendable que exista una política uniforme de “elaboración de contenidos de terceros” que se publican en Internet, y que exista control sobre los mismos, ya que pueden causar daños a reputación e imagen de la empresa.
  6. Asimismo, se debe dejar claro al empleado que no debe asociar sus perfiles personales con la empresa. Hay que recordar a los empleados que son embajadores de la marca en la que trabajan y aunque pueden hablar de actividades de la empresa hay secretos, proyectos o situaciones que deben mantenerse en secreto.
  7. Finalmente, es necesario, el control, “supervisión y verificación del cumplimiento” y “actualización” de las políticas. Debe ser un documento vivo, y es importante que se implanten medios y/o personas encargadas de la supervisión de las mismas, y, en su caso, unas pautas de actuación para eliminar, modificar e incluso iniciar acciones internas o externas ante comportamientos que puedan generar un riesgo para la reputación de la empresa.

Sin ánimo de ser exhaustivos relacionados las principales áreas de riesgo para las empresas:

  1. En materia de protección de datos: No contar con el consentimiento expreso del titular de los datos al enviarle publicidad o incluirlos en campañas promocionales, ni garantizar el ejercicio de los derechos ARCO, y demás garantías previstas en la LOPD y su reglamento de desarrollo.
  2. En relación a la LSSI: No informar como prestador de servicios en las websites y perfiles en redes sociales de su (nombre, domicilio, dirección de correo electrónico, etc.), así como no disponer de condiciones generales de servicio que regule la contratación o compra por internet, y enviar publicidad sin dar a conocer la identidad del anunciante, enviar mensajes promocionales no solicitados (SPAM), no ofrecer al destinatario la posibilidad de oponerse al tratamiento con fines promocionales tanto en la recogida como en cada una de las comunicaciones comerciales, y no establecer mecanismos para dejar de recibir los que hubiera autorizado.
  3. En relación a la normativa de protección de marca y competencia desleal: utilizar una marca registrada de un competidor como palabra clave o keyword en buscadores, y realizar prácticas de competencia desleal al enlazar a sitios de competidores, que ofrecen servicios o productos similares o iguales, o utilizar pequeños errores ortográficos o palabras parecidas que generen confusión en los usuarios, y permitan aprovecharse de la reputación ajena, y
  4. En materia de propiedad intelectual: copiar (plagiar) y reproducir la totalidad de los contenidos e imágenes de páginas web, blog, etc., sin respetar los respectivos derechos de autor, así como publicar parte de los mismos sin respetar los derechos de cita del autor, y sin incluir las referencias o enlaces correspondientes.

Son algunos ejemplos prácticos, que resultan contrarios a la normativa vigente y pueden ocasionar responsabilidad en las empresas.

En caso de que desee ampliar estas notas o requiera nuestra colaboración para conocer el impacto específico en su actividad, no dude en contactarnos.

 

Therefore, it is necessary to know the regulations applicable for the use of social networks which includes the regulations and policies of personal use of social networks (privacy policies, advertising regulations, conditions for use, rules, etc.), as well as the regulations in force, such as that related to personal data protection. These guarantee privacy, confidentiality, a proper use of the users data and of their rights; protection of the rights of the author of the online content, the right to honour, intimacy and personal image of the users is also guaranteed, disloyal competition practices are avoided, the right to trademarks are respected, regulations for promotional competitions are complied with, as well as the obligations of the LSSI (Law of Information Society Services and E-commerce).

The incompliance of these could cause civil and administrative liability of substantial amounts, and criminal liability of the company that could result in fines, prison sentences and even the dissolving of the company and ceasing of activity, for crimes committed online in the name or on behalf of a legal person, and for their benefit, by legal representatives and de facto or de jure administrators, or by internal or external staff (such as publicity or marketing agencies or community managers) when demonstrated that “the events have taken place without having exercised the due control concerned with the specific circumstances of the case.” (art. 31 bis of Spanish Criminal Code).

Consequently, the company must confirm that adequate monitoring has been exercised by the person in charge of the social media presence, through possible instruments as indicated (Marina Roig Altozano, 2012), of prevention, such as codes of conduct, programmes for compliance with legality, etc., where the company analyses the criminal risks that could arise in light of its activity, defines the ethical principles and regulations which should be employed for the behaviour of all agents of the company, and expressly prohibits those behaviours that could be considered as criminal, and all agents of the company must assume its values and cultures, which respect legality. Instruments of control (internal and external supervision), and Displinary instruments (sanctions) that guarantee compliance.

Said instruments must form part of a good social media compliance strategy that: (i) helps the company to avoid liabilities, to comply with the regulations in force and to prevent fines, sanctions or claims that could damage the online reputation, prestige and image of the company (brand), (ii) regulates the rules of behaviour for staff and community managers for the use of social networks (important when managing a communications crisis), and (iii) provides a uniform policy for conduct, with clear rules known by all staff, which improves the coordination and management of activities carried out, gains trust and security and protects a consistent image of the company in an online setting.

If you would like to implement a Social Media Compliance strategy, we recommend that you take the following into account:

  1. As a first step, it is necessary to do a “preliminary study and analysis”, of staff, the size of the company, the objectives for having a social media presence, the strategy you will implement, etc.
  2. Identification and prioritization of the risks that could affect the company regarding the Social Media strategy, and an evaluation of these risks.
  3. To create an “Internal social media policy” which the staff must comply with, which clearly and precisely specifies the measures needed to follow and lines of action for the use of social networks (hours, messages within the networks, downloads, rolls, planning, enquiries and messages in general). This internal policy may be based on clear and simple principles, for example the company Dell has 5 principles that could be used as a guide: protect information; be transparent and disclose; follow the law; follow the codes of conduct; be responsible, be nice, have fun and connect (and remember that the social media account ownership is from Dell).
  4. It is necessary to “prepare and train” staff, directors and employees on the regulations that need to be complied with, rules to be followed and the importance of the use of social networks, but also that they know its limitations and consequences of related actions.
  5. It is recommended that a uniform policy exists of “creation of content of third parties” published on the internet, and that it is also monitored, given that this could cause damage to the reputation and image of the company.
  6. Likewise, it should be clear to employees that they must not associate their personal profiles with the company. The employees must be reminded that they are ambassadors of the brand of the company they work in and also, although they may talk of the company’s activities, there are secrets, projects and situations that must be kept private.
  7. Finally, monitoring is important, “supervision and verification of compliance” and “updating”, of the policies. It should be an active document, and it is important to implement mediums and/or have people in charge of their supervision, and, where necessary, lines of action in order to eliminate, modify and even start internal or external actions when facing behaviour which could result in a risk for the reputation of the company.

The main risk areas for companies:

  1. Concerning data protection: having the express consent of the persons data to send them publicity or include them in promotional campaigns, guaranteeing the exercise of ARCO rights (access, rectification, cancellation and objection) and other guarantees in the LOPD (Organic Law for Data Protection) and its development regulation.
  2. Concerning LSSI: informing, as a lender of services on websites and social network profiles, about your name, address, e-mail address, etc. Also, having general conditions of service that regulate the contracting or purchase through internet, and sending publicity that makes the identity of the advertiser known, not sending unrequested promotional messages (SPAM), offering to the recipient, the possibility of objecting data processing for promotional aims both for data collection and commercial communications, and establishing mechanisms so that users may stop receiving something after it was authorized.
  3. In relation to the regulation on protection of the brand and disloyal competition: not using the trademark of a competitor as a key word in search engines, and not carrying out disloyal competition practices when connecting to competitors’ sites, which offer services or products that are similar or the same, or not using small spelling mistakes or similar words that can cause confusion for users, and result in the exploitation of the reputation of an unrelated company, and
  4. Concerning intellectual property: to copy (plagiarize) and reproduce the entire contents and images of websites, blogs etc. without respecting the rights of the author concerned, as well as publishing part of the contents without citing the author, and without including references or corresponding links.

These are some practical examples that should be followed in order to not go against the law in force, and so there is no risk of liability for companies.

If you would like further information on the contents of this article or require our collaboration in order to be informed about the specific impact concerning your activity, please do not hesitate to contact us.