Social Media Case Study (2019)

Social Media Case Study

Social Media Complete Case Study

Social media is also a relatively new concept and one that is constantly changing, with new platforms and features appearing all the time. The term social media is much broader than many think. This blog explains complete Social Media Case Study with examples. 


Many believe that social media only refers to social networks, such as Facebook, Twitter, LinkedIn, Pinterest and Reddit, to name just a few.


In fact, the term social media can be used to describe any digital systems where people connect with each other. The word ‘social’ in this context describes the way users on a digital platform share and interact with online content.


The content they share could be anything from short status updates to long-form blog posts. It could also include rich media such as images, videos or music.


While a simple online radio channel wouldn’t be described as a social platform on its own, it would become one if users were able to create profiles, build playlists and share them with others, due to these ‘social’ interactions.


Many retailers allow the products they sell to be reviewed and rated by customers. By doing this, it turns a simple online shopping site into a site driven by social interactions, where products can trend in popularity.


These online retail sites allow users to share their experiences, and even their own photographs of the products, through the online shopping platform.


Most people now look at travel review websites such as Tripadvisor before booking a holiday, which is another example of social media. These review sites allow users to create profiles, connect with other holidaymakers and share their experiences, photographs, and feedback as well as rate the overall holiday or hotel.


Some push the definition of ‘social media’ even further and include messaging apps like Whatsapp, and even voice over IP (VOIP) services such as Skype and Viber in the definition of social media.


In many ways, these platforms do exhibit many of the qualities associated with social media. New social networks and digital platforms with social features are emerging all the time.


The new platforms enter a highly competitive environment where the existing platforms are fighting to keep users away from their competitors.


Because of this, some of the most successful new platforms focus either on a specific niche or a unique feature, such as higher levels of security or a promise to never sell user data to third party advertisers.


Nowadays, because social media has become so popular all over the world, almost all new online platforms include some form of social features, such as a profile or the ability to rate or ‘like’ content or products and share them with a user’s own network of friends.


The power of social media

Social media is a fast-paced, constantly changing landscape. There are hundreds of thousands of conversations taking place all over the world at any given moment and it’s highly likely that social media users will be discussing your company, your people and your competitors.


This is a valuable opportunity to listen to them and gain intelligence about the opinions of the people that matter most – your customers and your employees.


There are a number of products on the market that allow you to listen to social media and analyze the resulting data.


 This data will allow you to see trends in your industry or in public opinion and can even be used to predict future trends when modeled effectively. But, you must be aware of the constraints that you face when it comes to storing or analyzing social media data.


Social media has fundamentally changed the way that people communicate with companies and with each other. We’re far more connected now than we ever were. Many people appear to be totally addicted to social media and spend hours on it every day – ignore it at your peril.


Businesses that harness the power of social media gain competitive advantage and stay ahead of change. In fact, there are a whole host of benefits to using social media effectively.


Social media shouldn’t be used as simply a channel to broadcast company marketing material. Instead, social media allows organizations to connect directly with their customers, their employees and other stakeholders in a deeper, more personal manner.


Organizations that harness social media effectively can embed their vision and gain supporters and followers. They can receive real-time feedback faster and more effectively than ever before – if acted upon this can give the board insight into what people think about their company and can influence the future direction of the business.


Successful organizations are open and transparent. They build trust with their stakeholders. Social media can help you do this – it’s a fast and extremely effective tool. When someone sends a message to a company on social media, it’s there for the whole world to see, and the response will be judged by others.


Companies that respond with automated messages or use overly ‘corporate’ tones face a high risk of receiving complaints en masse from social media users who feel the company isn’t relating to them on a personal level.


The result can be an increased negative sentiment about your company, which could have a snowball effect. What starts as a small issue can be amplified greatly if picked up and shared by social media users.


Creativity and innovation can come from anywhere – it’s no longer just the remit of research and development or specially created ‘innovation teams’. Social media allows companies to gather ideas from their customers and employees, which it can use to significantly strengthen their competitive advantage.


I often hear ‘this doesn’t apply to us because we don’t do social media…’ At this point, I usually have my head in my hands. If any company thinks that social media doesn’t apply to them they are seriously mistaken. We’re in the digital revolution. Digital technology is fundamentally changing the way that we do business.


Organizations need to know how to respond to the so-called digital disruptors – social media, mobile, data analytics and cloud. You only need to look at examples of former household names such as Blockbuster Video and Kodak to see what happens to companies that fail to keep up with change.


Change is inevitable – those companies who embrace it can turn challenges into opportunities and safeguard the future success of their businesses.


CASE STUDY Risk in action: The power of social media campaigns

There have been many successful social media campaigns that have raised awareness about particular issues or which received a large amount of support from users all over the world. Most social media campaigns center on the use of a hashtag. Three examples of successful campaigns are as follows:


#BringBackOurGirls – started in April 2014 after the abduction of more than 200 schoolgirls in Nigeria. It was started by a group of campaigners who wanted to exert pressure on the Nigerian authorities to do more to find the girls and bring them back safely.


The hashtag was used 3.3 million times. The most shared tweet was a photo of First Lady Michelle Obama holding a piece of paper with the hashtag written on it. The post was retweeted 57,000 times.


Ice Bucket Challenge – a campaign to raise money and awareness for the Amyotrophic Lateral Sclerosis (ALS) association. People all over the world made videos of themselves pouring a bucket of ice water over their head. The 2014 campaign saw people post their videos on social media and nominate their friends to do the same.


The 2014 campaign received $98.2 million (£64 million), compared with $2.7 million (£1.8 million) during the same period in the previous year. #WhyIStayed and #WhyILeft – a campaign that was started in August 2014 in response to a video of an NFL player assaulting his wife.

Millions of men and women used the hashtag to organize a conversation about why they stayed with an abusive partner.


These examples illustrate how powerful social media can be when users unite in support of a campaign. But, companies should be very cautious if they want to take part in the conversations around the campaigns. 


Unsurprisingly, the company received an immediate backlash from social media users and Time published an article with the headline ‘DiGiorno used a hashtag about domestic violence to sell pizza’. Companies must understand the context of a hashtag before using it. If a mistake like this happens, apologize profusely, as DiGiorno did.


Traditional social media vs enterprise social networks

It won’t come as a shock that the most prominent traditional social media sites are those you’re most likely already familiar with, such as Facebook, Twitter, Google+, LinkedIn, Pinterest, Wikipedia and so on.


These are the sites millions of us use on a daily basis, often multiple times a day using our mobiles when we’re out and about, sometimes even sending messages from unusual places.


The first thing that some people do in the morning is open social media before they’ve even got out of bed. The key thing to take from this is that ‘traditional social media’ means the public platforms that we’ve grown used to over the last 5–10 years and that allow us to interact virtually with our friends and family, or even those we don’t even know in person but have a virtual connection with online.


The key characteristics of traditional social media are:

a profile, usually with a photo, a short biography, and some personal information;

  • the ability to connect with others, by ‘friending’, ‘following’ or ‘connecting’; the ability to share information with a larger network, be that with your group of friends, or a post visible to the general public;
  • the ability to comment on information posted to the network by yourself or others; tagging or mentioning people, places or businesses in posts or in photos.


There are many social media sites out there that offer other features, however, the points above are common across most social media platforms.


Enterprise social networks, on the other hand, are technology platforms deployed within an organization to allow employees to work collaboratively, taking advantage of features similar to those in traditional social media.


It’s worth us touching on some of the high-level benefits of enterprise social networks so that we can understand why organizations are implementing them in the first place.


There is a rapidly growing trend in the industry for organizations, both small and large, to implement platforms that allow their employees to collaborate internally.


You may have already heard these platforms referred to as ‘Facebook for the enterprise’, or a company’s ‘internal Facebook’. While this does go a little way in explaining what it is, it falls far short of really defining the benefits of implementing such a system.


I would avoid using such terms as it can cause confusion to the end users and give them a false impression of the platform before they’ve even experienced it.


An enterprise social network allows an organization’s employees to connect with each other and to discover other people within their organization across the globe.


Have you ever considered how difficult it can be to find specific people or experts within a large, multinational company?


Imagine that you are based in the United Kingdom and you want to find a colleague with a specific skill. Perhaps you’re working on an international project involving the use of databases in a foreign country, let’s say Russia, and you’re stuck on a certain aspect.


You want to find someone who understands databases that might be able to help, but they need to have Russian language skills too.


My guess is that you would start by leveraging your own personal network, calling your connections and sending a few emails to colleagues. If you work for a large organization this could be like finding a needle in a haystack…


One of the key features of an enterprise social platform, similar to traditional social media, is a profile. Each user has a profile to which they add their skills, contact information, photos, interests and anything else relevant. This makes it much easier to find people in your organization by using the in-built search functions.


You may think that this sounds like LinkedIn or a glorified internal phone book, however, it’s far more than that. The internal profiles become much more powerful when you think about the other key feature of Enterprise Social: collaboration.


Enterprise social networks enable collaborative working across the globe. Most platforms allow you to create or join ‘groups’. These groups are virtual areas that allow users to connect and post content of interest to members of the group, similar to LinkedIn.


So, if you work as a communications professional at a multinational tire manufacturer, you might want to join a group that focuses on writing, branding or communications.


By doing this you’ll be able to see other colleagues who also work in communications around the world. Because each user has a profile with details about themselves it’s an easy way to find or meet colleagues virtually and build your network. 


Some of the real power of Enterprise Social can be seen in the discussions that are taking place in groups.

Using our example from earlier of trying to track down a Russian-speaking colleague with experience working with databases, we might enter a search on the platform. By searching, we might discover some groups devoted to discussing the very same issues we’re trying to resolve. 


By reading through the comments and checking out the profiles of the people making the posts we might just find exactly the person we’re looking for.


Many of the leading enterprise social networks also integrate into Microsoft Office. This allows two or more people to work on a document at the same time. The document is hosted ‘in the cloud’ (on the platform itself) and users publish their changes as they go.


This reduces effort on versioning as there’s no need to keep emailing the latest document around to your team – the latest version, plus all of the previous versions, are neatly organized and stored for reference.


This may sound like familiar functionality to some other platforms, such as modern document repositories or file sharing tools, however, what’s different is the ‘social’ element that allows users to discover new documents and content.



One of the benefits of social media is its ability to foster innovation. Social media, both traditional and enterprise, allow people to connect with each other and work together virtually. Companies can engage with their customers and get real-time reviews and suggestions about their products or services.


This can be vital information for the company as it ponders new services or product lines and allows it to use the ideas of a wider range of people and, in turn, gain a competitive advantage.


Enterprise social networks provide companies with the full power of their people in a way that was previously extremely difficult. No longer is innovation solely the realm of the research and development teams. Many of the tools allow ‘ideation’, which is the concept of allowing people to submit ideas online and vote other ideas up and down.


This ‘crowdsourcing’ of ideas with natural peer review (through votes and comments) can be harnessed to drive efficiencies and further encourage innovation.


The main operational risk is that if these tools are ignored, or if their implementation is ineffective, there is a chance that a company will lose out on the benefits that could, in turn, lead to loss of competitiveness, especially if their competitors adopt these technologies.


Another point to consider is how easy it might be for someone to cheat the system in some way in order to make their ideas gain more votes, thereby eroding value and making strong ideas less prominent.


Careless employees

Unfortunately, people are often the weakest link in the chain when it comes to security. Because of this, company culture and appropriate training are vital. Employees can be duped into sharing information with an attacker.


The most common attack of this kind is ‘phishing’, which is where a user receives an official-looking email asking them to log in to their social media account.


Unfortunately for the unsuspecting user, in a phishing attack, they will be logging in to a malicious website that simply looks like the real deal. When they log in, their user credentials can be stolen easily by the attacker.


Careless employees can also be the reason for confidential or sensitive information being shared on social networks when it should not be. Without the appropriate training and awareness, a user may inadvertently announce to the world that your company is about to be acquired, or may share negative views about one of your company’s own products.


Many of the social media fails are down to users simply making mistakes, for example by accidentally posting something from the company’s official account instead of their own personal account.


Keeping your confidential information confidential is of the utmost importance to any organization and although often not deliberate, a careless employee can easily make a mistake.


Content that works well for social media includes:

Blogs. Blogs are extremely popular on the internet and they give the ability to publish to the masses. Blogs are short-form text, usually around 350 words in length. Blogs can be about anything, literally!


If you plan to use blogs in your content strategy, you should consider who is going to be writing, what they’re going to be writing about and what the call to action is for the reader.


A blog, or any piece of writing, needs a punchy and engaging title or heading that entices people to read the blog. The use of short sentences is advisable in blogs as they make it easier for a reader to quickly scan through the content.


Infographics. These are images that convey statistics, facts or other information in a visually appealing format. Infographics are usually long (vertically) and allow the viewer to scroll down through a story, reading break-out text, quotes and viewing images as they scroll.


Infographics are popular online with many being shared on social media networks, but particularly on Pinterest.


Pictures/photos. As the saying goes, ‘a picture is worth a thousand words’, and as social media users want to consume information quickly and easily, pictures can be an effective way of conveying your messages.


Most social networks allow pictures to be embedded directly into posts and have become a staple of most engaging posts. Video. If you want to know how to do something, such as install some shelves or cook a new dish for dinner, in the past you may have searched for an article with instructions.


Nowadays, however, many users look first for a short video that explains how they can solve their problem. While it may take a little more time and effort to create engaging video content, video content is growing in popularity and many popular social media networks allow video to be embedded directly into posts and shared.


Regardless of the format that you choose to publish your content, you must ensure that you are communicating your messages clearly and effectively, and in most cases, you should include a call to action.


How do you want your viewers and readers to feel when they read or view your content, and what do you want them to do? Clear calls to action will help make your content more effective, your communication more effective, and in turn drive your engagement metrics.


Don’t forget that social media is not a one-way channel for you to broadcast your products, services or content. You will want users to engage with your content in some way.


Consideration should also be given to who is authoring and publishing your content. Many organizations choose to produce content in advance that can be posted and shared by specific individuals within your organization through their own networks.


If your employees are being encouraged to write blogs, you will need to give them the appropriate tools and training to do this effectively, while ensuring that they understand the boundaries, policies, and safeguards you have in place. 


Not all content will or should be pushed out repeatedly forever. For example, if you have a social media campaign running during a specific time period, you’ll want to ensure that you have plans in place to ensure that the content is indeed posted during that period and not afterward.


Content calendars can be an effective tool for planning what content is going to be posted, by whom, how often, and when.


Many companies choose to post content relevant to certain events that are happening in the world and that are trending on social media. If there is a genuine link between something that’s happening in the world and your brand, then this can be an effective way of gaining extra exposure but should be done with caution and tact.


There are many examples where companies have posted content related to a specific event only to find that social media users have taken a disliking to it, or it has caused offense in some way.


In 2014 Catherine, Duchess of Cambridge gave birth to Prince George of Cambridge. The birth of the Royal baby was met with much celebration in the United Kingdom and many companies decided to launch promotions at the same time to celebrate the birth.


Designing for mobile vs desktop

As previously discussed, people access social media from a variety of different devices, such as smartphones, tablets, desktop/laptop computers, and even smartwatches. It’s important to bear this in mind when designing the content that you plan to push out on social media.


While standard text, images, and videos will probably be universally compatible with the main devices, there may be times when you want to encourage people to visit a specific website or application that you have created.


If you plan to launch a specific website or microsite to support a campaign and you plan to publicize it through social media, you had better make sure that the website is compatible with a broad range of devices.


You should also consider what software is running on those devices, for example, if it’s a smartphone or tablet, is it running iOS, Android, Windows or BlackBerry OS? For desktops/laptops you’ll need to consider whether it’s running Windows, Mac OS or another operating system such as Linux.


To further complicate matters, users have a choice of which internet browser they use. The most popular internet browsers are Internet Explorer, Safari, Firefox, Chrome, and Opera. We can take this to another degree of complexity by considering which versions of a browser your website will support.


For example, if you wanted to use features of HTML5, a scripting language used for web design, you will need to consider that earlier version of some browsers may not support the functionality.


Clearly, device and browser compatibility is a complex and specialist area, but one that you should be aware of. From experience, I know that if you are not explicit in your conversations with developers regarding compatibility requirements, you may find your new website will only work properly with a small subset of your target audience.


If social media users follow your links to your new website and find that it doesn’t work, you’re likely to feel a backlash.


That said, it’s important to know your audience and find a balance. Trying to develop content that will display seamlessly on all devices, all operating systems and all previous versions of web browsers is near impossible.


But it is important to consider your requirements in advance. Just because your company is using one of the latest versions of a web browser doesn’t mean everyone else is.


Many large corporates, for example, have policies in place that stop them from upgrading to the latest version of software until a later date. This is because new software often contains bugs and security holes. Larger organizations wait until these issues have been fixed and the software is more stable before they upgrade.


I was once part of a ‘social vote’ designed to allow users to vote for the people that they wanted to hear speak at a conference.


The votes were captured through Facebook ‘likes’. Working at a large organization, our default web browser at the time was Internet Explorer 9 but the latest version available was Internet Explorer 11.


To my horror I found that the ‘social voting’ functionality which had been implemented was not compatible with Internet Explorer 9, meaning that none of my work colleagues were able to vote for me using their work browser.


I hoped that perhaps some of my colleagues would be able to vote using their mobile devices, but then discovered that because they were viewing a webpage on their phone when clicking the ‘Like’ button, they were prompted to log in to


Facebook. This confused many people as they were never normally asked to authenticate themselves when they opened the Facebook app on their phone. It also caused some of my colleagues to become suspicious of the login page and simply close the webpage, thinking that it may be a hoax designed to steal their information.


Many developers I speak with are surprised by the fact that many large businesses use an older version of internet browsers, so it’s worth bearing this in mind when developing new content which you plan to share through social media.


If you don’t, it could cause a lot of frustration and anger in your social media followers, especially if employees of large organizations are the part of your target audience for your products, services or social media campaign.


‘Responsive web design’ is the concept whereby websites are developed to provide optimal viewing experiences across multiple devices, as it can be difficult to view websites that have been designed for desktop screens on mobile devices.


Which networks should you target?

There are certainly a lot of social media networks out there, which can make it difficult to decide where you should focus your efforts.

Due to the ‘always on’ nature of social media conversations, it’s not advisable to try to target and maintain a presence on every social network you can think of. By doing this you will be spreading yourself too thinly, and consequently diluting your message.


In turn, this increases the likelihood that you will miss something on one of the networks unless you have a considerable resource at your disposal. Therefore, as part of your social media listening activities, you should spend time identifying the networks most popular with your target audience.


The functionality and purpose of each social network differ, so it’s important to know and gain experience using the networks on which you plan to develop a presence.


If your organization operates in countries where English is not the native language you may wish to consider targeting popular networks in those territories. This will, of course, pose challenges related to language as well as a time-zone.


The multinational organizations which most effectively target non-English social networks have dedicated social media teams located in the country where most of their audience is based.


This will allow the local teams to post content that is relevant to the culture of that country, as they will be ‘on the ground’ and more aware of local issues.


A popular way of demonstrating some of the main differences between the different social networks is by using a doughnut analogy.


Rome wasn’t built in a day

The age-old saying ‘Rome wasn’t built in a day’ is as true in social media as it is elsewhere. While social media is a fast-changing medium where certain posts can go viral, attracting huge numbers of views or shares in the space of minutes or hours, don’t expect that you will be able to reach your goals instantly.


Building a brand and attracting followers or supporters takes time, perseverance and persistence. It’s hard work. Don’t be tempted to try to take shortcuts – these more often than not backfire.


One of the typical ways that some people and brands have tried to outsmart the system is by purchasing followers. Many people and brands measure their success by the number of followers/connections they have.


In many ways, this is an effective measure; however, it can be manipulated. There are a number of companies that offer social media followers for cash. Unfortunately, though, it’s not actually real people who will be following you or your company.


Instead, the companies that offer these services have thousands of fake accounts which they use to follow you. Paying for services like this, aside from being unethical, is usually a breach of the social network’s terms and conditions, and therefore increases the risk that your account may be blocked by the network.


Social media users will also view your activity as unethical and deceptive, which will cause a breakdown of trust in your faithful followers, who may turn against you. Furthermore, paying for fake followers, likes or retweets will make it much more difficult for you to extract meaningful metrics about your social media engagement.


Often, social media programmes or social media marketing campaigns will run for an extended period of time and will consist of multiple tasks. Some of these tasks may run in tandem, but with different start and end dates.


Certain content may need to be created while another part of your project is running, and certain key dates may need to be met in order for other parts of your project to run smoothly.


A common way of illustrating project timelines and tasks is to use a Gantt chart. Time is displayed horizontally and tasks are listed vertically. This makes it easy to see what tasks or activities should be running at any given time, and should help you predict any pinch points where extra resource or support might be required.


Getting everyone on the same page

A challenge that many faces when starting a social media programme is stakeholder engagement. The chief information officer (CIO) of any given organization will typically be responsible for IT, and the HR department will be responsible for people and people-related issues and policies. When it comes to social media, however, it’s often less clear as to who owns it, or who should own it.


Typically, there is some justification for a number of different stakeholders owning social media:


Marketing. In many organizations, social media is used as a marketing tool. They may pay for advertising on social media and track who the influencers are so that they can engage them directly. Marketing, therefore, have a valid argument to why they should own it.


Communications. Some organizations use social media primarily, either externally or internally, as a communication tool. They use it to connect with their employees or to communicate press releases externally.


Customer services. The use of social media as a means of providing customer service is quite mature in the United States and is growing in the United Kingdom.


Where teams of customer service representatives are using social media regularly to engage with customers there’s a valid argument that customer services should be the owners. IT.


Some organizations believe that because social media is accessed through IT equipment, IT should be responsible for and take ownership of social media.


Those in IT may also identify social media as a risk, as viruses and other malware could be downloaded to the company’s IT equipment and introduced to the corporate network through social media.


HR. As social media is about people connecting with each other, and because social media is seen by some as a ‘time-wasting activity which employees are engaging in when they should be working’, some argue that HR should own social media and its associated policies.


The HR department will already have policies and procedures in place to deter bullying or inappropriate behavior at work and therefore may want to extend this authority to social media too.


So, what’s the answer here? Who should be the rightful owner and take responsibility for social media? One answer doesn’t fit all, unfortunately, and in many cases, there will be a mix of people and departments who have a stake in social media and a role to play.


Governance can be used as a way of making the process of identifying an owner and linking up the different stakeholders easier. By engaging each of the groups or communities who have an interest in social media within an organization you can begin to formalize the roles which each will play.


I can’t stress more firmly the need to ensure that the different stakeholders are brought together to support social media within an organization. Forming working groups and committees that meet regularly to discuss strategy, planned activities, and issues is vital to ensuring that the benefits of social media are realized and risks are managed.


How regularly the working group or committee meetings take place will depend on the size and complexity of your organization.


As with any working group, an agenda should be circulated beforehand and any actions should be captured, documented and reviewed at the next meeting. This topic is covered in more detail in blog 5, Governance.


Engagement in social media will require a budget. Even if you do not plan to pay for sponsored posts or other forms of advertising, do not overlook the time commitment.


Who holds the budget for social media is often something that many struggles with. As all organizations are structured differently, there isn’t a quick answer to finding the budget that you need.


You may find that the key stakeholders who have an interest in social media each contribute to the overall social media budget. For example, Marketing may budget an amount for advertising on social media and IT may budget for the necessary tools to monitor and control social media.


The tone from the top

If you have ambitions to engage the people in your organization and encourage them to use social media to promote the company or to amplify the organization’s marketing messages, then you’ll need to think about how to engage the leaders at the top of the organization.


Without buy-in, sponsorship and engagement from the leaders at the top, getting people lower down to engage with social media is likely to be an uphill challenge, to say the least.


Before going to your senior leaders for the support you will need to have a clear vision in place for what you want to achieve. You should then try to identify a sponsor, preferably at board level, who will support you. It’s likely that you’ll need to spend time presenting your plan and vision to the sponsor to gain their support, but once you have it, you’ll need to use it.


It is important to stress just how important buy-in from senior leaders is to the successful rollout of social media through an organization.


Once you have successfully engaged someone to sponsor your initiative you can get to work preparing material to present to the wider leadership team. Everyone fights for time with the senior leadership and everyone believes that whatever it is that they’re working on is the most important thing.


So, persistence and self-belief will go a long way in helping you achieve your goals. Getting a slot on the agenda may prove difficult, but it’s necessary to increase your impact and buy-in across the leadership.


I often find that many senior leaders are supportive of social media initiatives, but are simultaneously cautious because they often haven’t had as much exposure to social media as, say, the digital-native generation.


I find that a formal programme of reverse-mentoring can be the best way to gain further support and help those senior leaders become active on social media. This is hugely rewarding, both for the mentor and the mentee.


Reverse-mentors will need support too, so it’s worthwhile creating a short training course for them so that they know what specifically they should be providing coaching on.


Courses that include some soft-skills around engaging and dealing with senior leaders may also be necessary, as some people may find it intimidating going to a senior leader and coaching them in something that they see as easy or obvious.


I believe the mentor-mentee relationship should be owned by the two individuals engaged in the coaching, but that the mentor should be offered guidance and supporting material to assist them.


A one-off meeting may be effective in the short term, but for the senior leaders to benefit most they should understand the time commitment, engage in the sessions and ensure they happen regularly, for example monthly.


Engaging the rest of the organization

Once the senior leaders in the organization are behind your initiative and are fully bought-in to what you’re trying to achieve it will be easier to engage everyone else. Engaging the rest of the people in your organization will not be an easy task, but the use of advocates will greatly increase your chances of success.


Advocates are crucial because they can encourage their colleagues and peers to adopt social media by explaining the benefits to them in a way that is relevant to their part of the business. They’re also far more accessible to those who need a bit of support and would rather approach a friendly colleague than a central team.


An effective advocate programme will rely on the successful engagement of advocates throughout the organization at all levels. The advocates are giving up some of their time to support your initiative so it’s important to give them the support and materials that they needed to make their job easier.


Some material you may wish to make accessible to the advocacy group is:

Use-cases for social media that explain the benefits of the new way of working.


Examples of social media success stories.

  1. Presentation templates and a master deck of ready-made slides that they can pick from and adapt to their needs.
  2. Ready-made email communications or announcements that they can tailor and send out to their teams.
  3. To engage the advocate community you could run meet-ups or virtual meetings to let them know about important changes or developments before the wider community.


If you are rolling out or already use an enterprise social network, creating a specific group on the platform that can act as a repository for all the resources and materials that an advocate might need is a good idea.


Doing this will also give the advocates a platform to allow them to connect with other advocates and bounce ideas around, discuss any challenges and plan the development of new materials.


What makes a good advocate or mentor?

I believe that the most important attribute of an advocate or mentor is passion and energy. They will be playing a challenging role and will probably receive push-back from people at all levels of the organization. People generally don’t like change, so it’s natural that some will challenge the need to adopt social media or an enterprise social network.


Patience is a virtue, and it’s an important attribute for both advocates and mentors to have. Coaching can be tough and the advocates and mentors may find themselves explaining the same, seemingly simple, steps again and again.


Some organizations have a selection process for their advocates. They stipulate a set number of advocates that they are going to be able to accept onto the programme.


Other organizations make it completely open and allow anyone to become an advocate if it’s of interest to them. What you choose here will depend on the culture within your organization and your operating model.


If your organization is large it may work in your favor to allow anyone to become an advocate as it’s not always possible to predict who is going to have the required passion, enthusiasm, and persistence to really make an impact in the organization.


Motivating advocates and mentors

As previously stated, advocate and mentor roles are usually in addition to an official role. Because of this, it’s important to carefully consider how best to engage and motivate your advocate community.


Some ways that you might decide to motivate or reward your advocates are:


An advocate of the month award. A good way of motivating and recognizing their efforts is to run an advocate of the month competition.


The prize does not necessarily need to be monetary and instead could simply be having their name in lights as the advocate who made the most impact in that month. Perhaps it could also be something that could lead to their end-of-year performance review.


Presenting at advocate meetings. Some of the advocate community will often be junior members of your organization. Giving them the opportunity to get in the limelight and present some of their success stories, or particular challenges that they have faced and overcome could be exactly the type of recognition that the advocates will respond to.


Badges. Help your advocates to stand out within your organization by giving them badges that they can wear to help others identify them as advocates of your social media programme.


To coordinate the advocate programme and engage the advocates and mentors is a challenge in itself. It is worth considering whether or not to create a full-time role for an ‘Advocate Programme Manager’.


Clearly, this will depend on the size of your organization and the ambition of your social media programme. Regardless of whether or not you have a budget for this, bear in mind that managing a group of advocates will take considerable time and effort.


Almost all organizations run an annual performance review whereby employees are reviewed against a set of competencies and objectives. It’s likely that you could link your social media programme directly to one of the competencies that employees are required to demonstrate.


By doing this it gives the advocates and mentors an extra incentive so that, come end-of-year review, they have evidence to show how they have demonstrated one of the competencies through involvement with the social media programme.


Many organizations that I have worked with understand the value of communication and knowledge sharing, and therefore include it as one of the competencies that are reviewed at the end of the year.


A social media programme, either internal or external, should be able to fit neatly into this category and give the advocates and mentors a big differentiator against their peers as having supported the programme and demonstrated knowledge sharing and communication.



Ideation is the crowdsourcing of ideas. Ideation is enabling organizations to really harness the collective knowledge of their people and foster innovation. Many enterprise social networks have ideation functionality built in, but there are also a number of standalone ideation platforms available.


The huge advantage and opportunity for organizations looking to use ideation are that it gives them the ability to reach out to all of their employees, regardless of their role, location or seniority, and capture ideas about a specific topic or question.


For example, an organization might post the question ‘How do we grow revenues faster?’ or ‘How can we improve the way that we share knowledge or communicate?’


The employees in the organization can answer the question by submitting ideas. Just imagine the possibilities – ideation can unlock the potential of all of your people to help you innovate and stay competitive.


What’s more, ideation functionality or platforms allow ideas that have been submitted to be voted up or down. This acts as a peer review, where the best ideas, as viewed by the users, will rise to the top of the list and the less popular ideas will sink to the bottom.


Commenting allows users to critique the ideas and offer guidance or support about how to develop the idea further. Not only is ideation a great way to capture ideas and innovations, but it is also a very effective engagement tool.


If supported by a good communication campaign and clear leadership support it can quickly become ‘the thing everyone’s talking about’.


Any ideation project will need appropriate governance to support it. Depending on the solution or platform you choose, you’ll need to make a number of decisions about what governance you want to implement. Some things that you can consider are:


Moderation. The good thing about ideation is that ideas are essentially ‘peer-moderated’. Ideas are voted up and down by users of the network. However, you may wish to implement an approval step to have ideas reviewed before they are published on the platform to ensure that they don’t include any offensive or abusive comments.


Review team. It’s important to remember that, as with most things, an oversight or management group will be required to manage the campaign or programme. Particularly if you force all submissions to be reviewed, you will need to define the process for approval or rejection.


Ideation stages. Do you plan to have a number of ‘rounds’ where the top ideas go through to the next round and the top ideas in that round progress to a third round and so on? If this is the case, you’ll need to define the parameters for each round. Some parameters that you might use to dictate which ideas will progress are:

  1. minimum number of views;
  2. minimum number of positive votes;
  3. minimum number of comments; and
  4. minimum team size.


Management override. It might be possible for some users to manipulate the platform in some way, for example asking all of their connections to vote for their idea.


As a rule, it’s best to limit your management intervention so that it doesn’t look like everything is being censored and so that it doesn’t undermine the whole concept of ideation.


However, there may be some particularly strong ideas that are submitted which get missed, perhaps because the idea owner forgot to encourage their network to vote for them.


In these cases, it may be beneficial to reserve the right to push through particularly good ideas to the next stage if they were not able to reach the required metrics.


You should also note that the functionality available from vendors will differ and some platforms may offer more control over how you govern the platform than others. It’s important to complete a review of your requirements and potential vendors before purchasing a platform as getting it wrong could be a costly mistake.



Gamification is a term used to describe features and functionality within an online platform that reward users in some way for performing a variety of typical tasks.


The simplest example to illustrate this is a points-based system, where users of a platform receive a number of points if they submit or answer questions, upload documents, vote on polls and so on.


The purpose of using gamification techniques is to drive user engagement in a platform. If you are implementing an enterprise social network, for example, and you want to encourage people to post their ideas or share knowledge on the platform, you may find that gamification is one of the mechanisms you could use to encourage these behaviors.


It may seem banal at first as you may ask yourself ‘why would anyone care that they have more virtual points that another person?’, but in fact, gamification can result in a large increase in user engagement when effectively implemented.


Caution is needed when considering your gamification strategy as you must ensure you keep a balance between where users are using the platform to add value and when they are simply wasting time.


Whether you are trying to drive user engagement inside or outside of your organization, gamification can be very effective as some users get consumed with the ‘gaming’ nature and can spend long periods of time on the network.


Clearly, too much time spent on a social network can have a negative impact on other areas of the users’ work or life, so consider functionality carefully.


Personally, I would stay clear of immersive games that hook users in for long periods of time. Instead, I’d focus on simple rewards for actions, such as a reward for uploading a document or sharing a post with colleagues.


As previously stated, virtual points are a typical first step into the world of gamification. Users are awarded a variety of points based on a set number of actions, and the number of points that they are awarded will depend on your strategy.


For example, if your main objective on a platform is to encourage users to share documents, you might give a user five points for each document uploaded.


Comments on a discussion thread may also attract points, but perhaps you would award only one point for every comment that is added to a discussion.


It’s common to have various ‘status levels’ based on the total number of points a user has achieved. For example, a user with 0–50 points may have a status level of ‘new’, 50–100 points may grant the user ‘intermediate’ status and so on.


Virtual ‘badges’ are another way of rewarding users for displaying certain behaviors. For example, a user may get awarded points for correctly answering a question.


If that user correctly answers a certain number of questions on a certain topic, say 50, they could be awarded a badge, such as ‘Subject Matter Expert’. Badges would normally be displayed on the user’s profile so that others can see them.


Many companies already offer similar schemes as a way of encouraging brand advocacy and loyalty. On a small scale, many restaurant chains offer loyalty schemes whereby they offer points or free products to loyal customers; for example, a coffee shop may offer its customers the ‘10th coffee free’.


On a larger scale, most hotel chains offer loyalty schemes that reward their customers with ‘points’ which can be redeemed for things such as a free night’s stay or a room upgrade.


Most also include different status levels, meaning that those customers who have stayed a predetermined number of times at one of the chain’s hotels will get a higher status which will offer them even more benefits.


These enticements are similar to the gamification incentives that can be implemented in social media and, from experience, I can confidently say that playing the ‘hotel point game’ with colleagues can be quite competitive as work colleagues compete to see who can amass the most points.


Hopefully, the benefits of implementing some form of gamification as part of a social media programme are clear. Gamification can significantly increase engagement and adoption of a new way of working.


However, it’s important to consider the governance and controls that might be needed, both to ensure the success of your project and also to ensure that the related risks are managed effectively.


In some parts of the world, enabling gamification functionality can cause a number of legal challenges. Local employment law may disallow certain gamification features if they are seen to feed into an individual’s performance review unless the features were agreed by an authorized group or council.


In Germany, for example, ‘workers’ councils’ protect employees and hold power over what an employee is allowed to do in relation to performance appraisals or working conditions. Likewise, trade unions may also have a view on how gamification can be used as a way of measuring an employee’s performance.


Large organizations will need to ensure that they adhere to the local employment laws of the countries in which they operate. The impact of this may result in a need to implement controls within your enterprise social network or other applications that are specific to certain countries.


These specific requirements are important to address, therefore, it’s important to seek appropriate legal advice to ensure that you do not face heightened risks in this respect.


Engaging external communities

Many organizations have successfully implemented ‘customer advocacy schemes’ as a way of engaging with their customers. Customer advocacy is designed to engage a small group of customers of a business in a way that encourages them to support the company or its other customers.


Generally, the customers are not paid; instead, they are given incentives, such as free access to events, access to the company’s professionals or free access to its services. A good example of a strong customer advocacy scheme is Microsoft’s ‘Most Valuable Professional’ programme.


The power of a brand can be truly awesome. You just need to look at the fans of Apple to see it in action. Fans of Apple products sometimes queue for hours outside Apple stores at the release of a new product so that they can be some of the first customers to own one.


Many computer games also have fans who support a particular game to such an extent that they will openly defend the game, or the company behind the game if it faces criticism.


Building a customer advocacy scheme usually means giving customers a platform where they can engage with both the company and its other customers. You’ll need to consider:

  1. How do you want customers to engage?
  2. What is the outcome you’re looking for?
  3. How will you reward or encourage engagement?
  4. Do you have the resource capacity to support such a scheme?


A customer advocacy scheme isn’t necessarily right for all organizations. One of the best examples of customer advocacy in action is in technical help forums. Sometimes, certain customers may be more knowledgeable about a particular software or technical applications than the developers who created it.


This may be because those customers have tested the application on a wide range of devices and have identified problems and fixes to problems that they have experienced.


Many technical support sites allow customers to post questions about a particular product. These questions are often answered by other customers who have experienced the same issue. This community of users offering each other advice is an excellent example of customer advocacy.


Users of these platforms are often motivated through gamification techniques. Those that answer questions that have been posted by other customers can gain points or badges as a reward. These points and rewards sometimes equate to discounts for other products or services.


An active community like this is a valuable resource for companies. New products or services can be tested by the community, who will then feedback on what they like and dislike and will flag issues or bugs that they identify.


This obviously means that when the product or service is released more widely, the company will have had the opportunity to address any issues or problems with it.


The small print

When considering strategies to engage employees or external communities it can be easy to overlook the importance of terms and conditions.


For example, if you run an ideation platform for your employees or even any form of external community, it’s important to remember to design terms and conditions that set out the purpose of the platform as well as the ownership of the information within it.


I recommend getting independent legal advice to ensure that the terms and conditions provide enough protection for your organization.


Data privacy.

Marketing – will you contact them? Will you give their data to third parties/affiliates?

It’s important to ensure that the rules of the platform are clearly outlined to the users in your policies and training material. This is both to ensure not only that the platform is used effectively, but also to safeguard the owner of the platform.


For example, users may unknowingly break copyright by uploading photos or imagery they do not own. That copyrighted material would then reside on the platform, which may mean that the company providing the platform is breaking copyright.


The key takeaways are:

  1. seek legal advice regarding the terms and conditions of the platform;
  2. ensure that users of the platform agree to the terms and conditions before they are able to use the platform; and
  3. store the user’s acceptance of your terms and conditions with the date and time that
  4. the terms and conditions were accepted.
  5. Aligning your governance to your strategy


Your strategy should not be held back by governance. Instead, governance is there to help your project succeed. It’s designed to help you gain maximum benefit and ensure that any associated risks have been addressed and are managed.


Many people I have worked with get anxious at the thought of approaching the people in risk and compliance. They assume that they might stop the project from going ahead, or might dictate extra requirements, such as the implementation of safeguards before they can give it their blessing.


While this may be true to some extent, it’s important to engage all stakeholders early to ensure that you don’t find that your project gets shut down at a later stage due to some issues that were not addressed.


Trying to implement a social media programme without wider input may mean that you commit to purchasing some tools, only to find that at a later date you need to cancel the contract because of security concerns you had not considered. These mistakes can, of course, be very costly.


Although it may feel like a lot of effort in the short term, designing good governance and solid controls from the outset will help your project succeed in the long term. There will, undoubtedly, be many stakeholders who have an interest in your social media programme.


The ideas, concepts, and frameworks in this blog will help you to engage with those stakeholders more effectively and allow you to address the concerns of each group. You will be able to demonstrate that you have thought about the potential issues and have a plan in place to address them.


The key steps you need to take are:

  1. Work out what you want to achieve from your social media programme.
  2. Analyze the risks your project may face.
  3. Design appropriate governance around it to ensure that the risks are managed according to your risk tolerance.
  4. Decide what technology will support your social media programme, and how it will need to be configured to support your governance framework.


As demonstrated too much governance and control can be expensive to implement and can hamper your project’s success by over-protecting it. Therefore, governance and risk management is about achieving a balance, engaging with key stakeholders and working towards a successful outcome for all involved.


Some of the frameworks may need to be tweaked for your specific industry, organizational culture or strategy; however, they should prove to be a solid base for building the governance around your programme.


Documenting your strategy, policies and operational procedures will also go a long way to helping you control risk and achieve success. Should you ever be in a situation where a regulatory is investigating how social media is managed at your organization, one of the first things they will ask for is your documented policies and procedures.


Something that I find many people get mixed up with is when they start thinking of technology first, rather than what they want to achieve. It’s often tempting to dive into research about the technologies that might support your goals;


however, by taking a step back and documenting what you want to achieve and your requirements, you’re more likely to pick the right technology to support your project.


Doing this the other way around is likely to impact what you think you are trying to achieve because the various features available can cloud your vision and lead you to try to do too much.


Likewise, if you think about how you are going to govern and operate your programme early on, it will allow you to choose the technology provider which meets your needs and discount the ones that offer lots of features, but don’t actually meet your needs.


Data privacy and control

Data protection is a complex and evolving hot topic that could warrant an entire blog on its own. In this blog, I’m going to draw your attention to some of the common issues that arise in this area and highlight their relevance to social media. I often find that companies are unaware of the importance of data protection and the risk of not getting it right.


But, ignorance is not a valid justification for non-compliance. Many countries around the world have their own laws and guidelines related to data protection and this represents a particular challenge for multinational organizations.


But even those companies that operate in only one country need to be aware of their local laws and be able to demonstrate compliance with the data regulators.


Data privacy and protection

The law surrounding data protection in the EU is currently being reviewed. The current EU Data Protection Directive 95/46/EC is going to be superseded by the proposed General Data Protection Regulation.


At the time of writing, the General Data Protection Regulation is expected to be adopted in 2015 and come into force in 2017. It foresees fines of up to 5 percent of a company’s worldwide revenue for non-compliance.


Furthermore, many jurisdictions outside of the EU are implementing similar laws. Enterprise social networks process personal data and are therefore subject to adherence with the law.


But, traditional social networks also process personal information so organizations need to understand what data they are capturing, why they’re capturing it, what they’re going to do with it, and how long they’re going to keep it for.


EU legislation prohibits the transfer of data outside of the EU unless certain measures and controls have been put in place.


The reason for this is that it is assumed that while the data is in Europe, the rights of its citizens will be protected by EU law, but as soon as the data leaves the EU that may no longer be the case as it is outside of its jurisdiction.


For multinational organizations who operate an enterprise social network, it is likely that the data within the network will be transferred cross-border.


Most enterprise social networks include profiles where employees include information about themselves, often including their skills and experience. I’ve also seen examples of networks that are configured to capture data such as date of birth or other personal details such as kids’ names.


Personal data needs extra protection as most data laws or regulations specifically cite how personal data should be handled. In many cases, an organization will engage a third party vendor to operate an enterprise social network.


The third party is effectively a data processor and even if they are located outside of the EU, it is the organization that engages them that is ultimately responsible for the protection of the data.


Therefore, even if a data breach is the fault of the third party vendor (the data processor) it is the company (the data controller) that bears the responsibility, and it’s the data controller that gets their name in the news and faces the heavy fines.


Third-party software vendors are not always aware of the legal requirements in each country and often offer their services on a take-it-or-leave-it basis.


Any organization purchasing an IT system, such as an enterprise social network, must be clear on how the vendor manages data because in the eyes of the EU and other regulators, claiming that services were offered on a take-it-or-leave-it basis is not an adequate argument.


Before implementing an enterprise social network or embarking on a new social media strategy, a company should complete a data privacy impact assessment. The impact assessment covers things such as:

  1. What data is going to be collected?
  2. How long is it going to be stored for?


Are employee communications going to be monitored?

A privacy impact assessment may take a few days or more to complete, depending on how complex your project or your IT environment is, and may require data protection or legal specialists to complete it properly. As such, it’s important that you are aware of the need to perform a privacy impact assessment.


The key point is that if there isn’t a good reason for collecting certain information, it will increase the risk of incurring a fine or enforcement notice from the data regulator.


Data management

Data privacy is important not just because of regulatory compliance requirements but because people and organizations expect that their data will be handled appropriately.


An organization faces two challenges when it comes to data privacy. First, it must safeguard the confidentiality, integrity, and availability of the data it holds on its customers, employees or other stakeholders.


Second, it must be able to demonstrate to regulators that it is complying with the rules governing the protection of personal information.


Data protection is not a new concept, but over the past decade, it has become a hot topic in the press and the need to demonstrate compliance with the relevant data protection regulations has had an increased focus around the world.


One of the main issues that have come about in recent years is in relation to the rise in cloud computing. Historically, when an organization implemented any type of IT system, they would purchase the hardware on which their applications would run and install it somewhere within their premises.


Increasingly, however, as we have all become more connected to the internet, organizations have started to adopt cloud-based models for their infrastructure and software.


In the cloud model, instead of an organization buying the required infrastructure and installing it on their premises, they rent the infrastructure or storage from a cloud provider.


The infrastructure or applications are then accessed over the internet. This is great for organizations as it means their IT hardware is far more scalable, meaning that if an organization needs more space, they simply pay the cloud provider more to get access to more space.


In theory, it also means that they spend less time and money maintaining these services, although, in practice, most CIOs have said that the expected cost savings are low or non-existent.


The problem with cloud services is that applications and data are ‘hosted’ (or stored) on a server, or collection of servers, in a specific physical location. This is a simplistic explanation of cloud computing, but it should suffice in the context of data protection.


If your cloud provider hosts your data in a specific jurisdiction, you will probably need to comply with the data protection legislation within that specific country.


But, because the data will be accessed by people in your organization who are physically sitting in other parts of the world, other data protection legislation comes into play as well.


Essentially, by accessing data from one jurisdiction that is hosted on a server in another jurisdiction, the data being accessed is being transferred cross-territory.


These sorts of international data transfers often cause some of the biggest challenges for organizations who are implementing cloud-based global IT systems. It’s therefore very important to carefully consider where the data will be physically stored and from which jurisdictions the data will be accessed.


The ongoing public debate around data privacy has also led some countries to consider implementing laws that aim to protect their citizens’ data by requiring that they be physically stored on servers situated within that particular country.


In today’s world, where most of us rely on the technology giants who provide access to their services, such as the social networks, the countries that are considering implementing such legislation are trying to stop their citizens’ data from being transferred out or being intercepted by foreign governments.


Data classification

It is good practice to have a data classification framework implemented at your organization. Data classification is important when thinking about social media governance because you need to understand what data you are storing and sharing across your network.


You need to do this to ensure that you don’t break the law (such as through copyright infringement) or share information that should be handled in a different way.


Data classification aims to define and classify any particular data in order to help guide a user on how they can use or transfer that particular piece of data. Typically, most organizations adopt four or five classifications of data. 


The pyramid in Figure demonstrates that the more confidential the data, the less of it there is. As you go down the pyramid from top to bottom the amount of control around the data decreases, but the number of data increases. So, as data becomes more sensitive, control must increase but the amount of data in that classification will decrease.


The data classifications are defined as follows:

Public. Public data is anything in the public domain and can, therefore, be treated as such. It’s important to note, however, that a lot of data that is publicly available may be subject to copyright and you may not be able to copy or store that data on your own systems.


Take, for example, a report from a research organization. You may have a license that permits you to use the report but the copyright may prohibit you from making a copy available on your own system.


Internal. Internal data is surprise surprise, data that is internal to the company and is not therefore in the public domain.


It should be shared internally only. Typical guidance for internal data is that it should not be shared outside of the company unless an authorized person has approved its use.


An example of an internal document could be one that includes examples of client work, with client names explicitly cited. It would likely be in the company’s interest to keep this out of the public domain as they wouldn’t want their competitors to get hold of such information.


It could also cause offense to the clients themselves if the data was leaked publicly, particularly if a non-disclosure agreement had been signed. 


Confidential. Data in this category are usually a company or client data that is not freely available to all employees of the organization and is protected by the organization itself. This could be intellectual property, information about company deals, data from some internal company systems.


Confidential data should never be transmitted or stored on traditional social networks, but an organization may allow the data to be shared on their enterprise social network, provided adequate controls around the data are implemented.


The controls are important to ensure that the confidential data can be shared in the company only among those who are authorized to view it. The next section of this blog, ‘Implementing controls’, delves into the types of controls that can be implemented on an enterprise social network to ensure the security of the data. Highly confidential.


For data classified at this level, it is essential that it is highly protected. Probably only a small amount of data will fit into this category and it will usually relate to data that could move markets or government data where there is a specific requirement or obligation to maintain its confidentiality.


An organization should have specific requirements regarding how highly confidential data should be handled, such as requirements around minimum levels of encryption, how long the data can be held and how it can be transmitted.


I recommend that highly confidential data should never be stored on or transmitted over a traditional social media network, and serious consideration needs to be given as to whether this data will be permitted on an enterprise social network.


Most organizations I have come across do not allow highly confidential data to be stored on enterprise social networks and there is often a specific requirement from the client or organization, whose data it is, which stipulates where the data can and cannot be stored.


Other data that may be classed as highly confidential could be HR data that includes sensitive personal data or the intellectual property or other sensitive data held on behalf of an organization’s client or customers.


Exceptional. Some organizations may not even have an exceptional category as they may not handle data of this type. Data of this type tend to be government protectively marked data (such as Top Secret) or where a client has specifically stipulated exceptional security requirements.


It’s important to think about data classification, in line with your risk appetite, when considering what you want your employees to share on either traditional social media or your enterprise social network.


By setting clear criteria for defining data you can provide guidance to your employees and help them understand what they can and cannot share. On enterprise social networks you may want to think carefully about what types of data you allow your users to share.


If you decide to allow highly confidential information to be shared, are you confident enough in the security and control over your chosen platform?


Are you confident that you have implemented the right controls within the application to stop unauthorized persons within your own company from accessing that highly confidential information? These are all decisions that will be easier to make when you have set out your criteria for data classification.


Data archiving

While the issue of data archiving is mainly a regulatory and compliance one, it’s important to recognize that it also applies to data on social networks – especially enterprise social networks.


You are probably aware that organizations are required to retain certain pieces of data for some time depending on the type of data and the country in which the company operates.


Many companies choose to retain and archive some of their data even if they are not required to do so by a regulator as it means that the data can be referred to at a later date if needed, for example in a court case.


However, companies should be cautious about archiving all data because there can be separate regulatory requirements around it with regard to personal data and the requirements about how long personal data can store.


Data on traditional social networks can be a little tricky to archive, but there are tools available that will archive your social media posts for a fee.


For enterprise social media, most of the vendors will be able to advise on their own options to support your archiving requirements and it’s well worth investigating the options available early in order to get the right one for your organization.


In most countries, data subjects and law enforcement authorities have the right to request data about themselves or about a particular individual or entity, respectively. Because of this, you’ll also need to consider how quickly you can get access to your archived data, should you need it, and build this into your strategy.


An online system can be accessed and used in real time and, usually on a periodic basis, data from the online (also known as ‘live’) system will be copied or moved to an offline data store. Accessing the data on the online systems is quick and easy, however, accessing data on offline data stores is usually considerably more time consuming and expensive.


In some ways, social networks sit in between these because they are third-party networks that have their own data archiving procedures.


For example, some networks hold social media posts for only short periods of time before they are deleted, which means that your organization needs to implement an archiving solution to ensure that you can retrieve any conversations from social media should you be required to do so.


Implementing controls

There are two main types of control: policy controls and technical controls. In social media, policy controls are the rules that users or employees must follow.


This also includes the procedures that users should follow, such as the approval process for the creation of a new group within an enterprise social network or the creation of a new account on a traditional social network.


Technical controls are those controls that physically limit an employee from doing something. For example, a policy may say that passwords should be changed every 30 days.


Without a technical control, it is hard to ensure that this policy is adhered to, so a technical control such as a social risk and compliance tool may be implemented and configured to force the user to regularly change their password, in line with the policy.


An accompanying procedure will also dictate how a user should go about allowing others to use a specific account, for example. This section focuses on some of the technical controls that you can implement to control access to your social media accounts or to protect data within an enterprise social network.


CASE STUDY Risk in action: UBS

In 2010 Swiss investment bank UBS implemented Jive, an Enterprise Social Network. In 2012, however, the bank was hit with a rogue trader scandal after one of its employees ran up a $2 billion loss on the bank’s derivatives desk.


The bank’s legal department was worried that they did not have enough control over what their employees could and could not comment on, thus the Jive platform was closed and their global head of online media and IT was quoted as having had to implement ‘millions of controls’ to satisfy legal.


This example shows how important it is to understand the risk management impact that the implementation of an internal social system can have. Engaging stakeholders in risk, compliance and legal early is more likely to yield long-term results than trying to push digital changes through an organization without their support.


Access control within an enterprise social network

Once you have completed a data classification exercise, as detailed earlier in this blog, you can decide what types of data you want to allow in your enterprise social network.


You may want a mix of data, which means that you’ll need different controls and procedures to handle each type of data. Let’s say that you want to allow internal data (presentations, marketing material etc) to be shared openly on your platform. 


Let’s say that you also want to allow your employees to gain the maximum benefit of an enterprise social and that you are going to encourage them to collaborate in teams on projects that might involve confidential data.


It’s at this point that you need to implement appropriate controls to ensure that only those within the project team are able to view the confidential content. Almost all enterprise social networks allow ‘Groups’ or ‘Spaces’ to be created within them.


These are virtual areas that can be segregated from the wider network. You should define a policy and accompanying procedures for setting up such a project group, including appropriate approval procedures.


Once a group has been created, you should make someone a group owner – it will be their responsibility to manage the users within the group and monitor the content being posted within the group.


By doing this you can get comfort that the group owner will manage the group effectively and that confidential or sensitive data being shared within the group is only visible by those who are valid members of the project.


Of course, the group owner needs to be aware of their responsibilities and should, therefore, be trained on how to manage the group, its members and its content appropriately.


When implementing an enterprise social network it’s also important to note that you can’t rely solely on the controls within the network itself.

It’s important to ensure that outsiders aren’t able to gain access to the platform and that internal users cannot impersonate another user in some way to gain access to their data or the groups which they have access to.