Every system IT deploys must be given a clean bill of health by your Compliance department. They’re the folks who make sure you don’t run afoul of the federal, state, county, and city statutes and regulations that establish boundaries and set requirements for organizations doing business within their jurisdictions.
If your company is multinational, multiply by the number of nations within which you do business.
And don’t complain … not because I want to convince you that regulation as public policy is a good thing.
Don’t complain because what good will it do you? As a leader, complaining will do you no good at all. Quite the opposite – it will cause harm by demoralizing the employees who have to make compliance happen.
So figure out the good idea that’s at the core of most compliance requirements, make sure everyone understands that underlying good idea, never mind the cumbersome implementation requirements, and move on.
Move on to what?
To Facebook, and its emerging status as an independent government, as intriguingly explained in “Facebook has declared sovereignty” (Molly Roberts, The Washington Post, 1/31/2019).
Is Facebook-as-nation real, or is it metaphor? That’s a surprisingly hard call.
If Rocket J. Squirrel lives in a private residence at 246 Freon Drive, Frostbite Falls, MN 56537, his home ownership and property rights and privileges are defined and protected by various U.S. governmental entities.
But Mr. Squirrel also has a virtual life. He goes online and it’s Facebook that provides the real estate in which he resides … his home page … and just as surely provides the foundations on which the social media society in which he lives has been built.
There’s more: Facebook must defend itself from intruders with malicious intent — it needs a department of defense — and also must help its citizens protect themselves from smaller-scale intruders: It needs a police force. Calling the two InfoSec doesn’t change their functions, only their names.
That isn’t the end of it: Many on-line businesses let you make use of your Facebook credentials instead of establishing a separate login ID and password. Facebook issues passports or, if you prefer, these other sites award visas to people who possess Facebook passports.
Facebook-as-nation leads to all sorts of questions, like, when its citizens are living their virtual, as opposed to their physical lives, does Facebook have a role to play when the governing entity for its citizen’s physical location wants to independently impose rules restricting their on-line behavior?
Some countries, for example, recognize sedition as a felony, unlike the U.S., which long ago declared such laws unconstitutional. So …
A Dutch national posts content that insults King Willem-Alexander Claus George Ferdinand, which can be and is read by various and sundry citizens of the Netherlands.
This is, in Holland, a crime (who knew?). The Dutch government, reasonably enough, would probably like (not Like) Facebook to enforce its laws when functioning in the Netherlands — to take down offending posts and reveal the criminals’ identities to the proper authorities.
But … the criminal responsible for posting this content might not, as it turns out, post it while in the Netherlands. J-walking might be a misdemeanor in New York City but that doesn’t mean I’ve violated New York City law when I J-walk in Minneapolis.
It was, the miscreant might argue, posted in Facebookland, not the Netherlands.
And … it gets even more complicated from there.
All things considered, a declaration of national sovereignty on Facebook’s part might actually simplify things. Its offices become embassies, and all of the complexities of enforcing local laws in Facebookland are dealt with by negotiated treaties.
Interesting or not, this might not appear to be relevant to you in your role in corporate life.
Except for this: Your business undoubtedly has its own social media presence — on Facebook, and Twitter, and Instagram, and all the rest. That means your business is a citizen of Facebook, subject to its laws and regulations just as it’s subject to the laws and regulations of every governing entity within which it does business.
I suspect that right now, responsibility for complying with this new regulatory landscape isn’t clearly defined.
Which leads to this week’s suggestions for Things You Can Do Right Now to Protect Yourself from Harm:
1: For any project you’re involved in that might be affected by social media laws and regulations — especially but not limited to Facebook — make sure someone is responsible for defining these constraints.
2: Make sure that person isn’t you.
3: Suggest to whoever is responsible that the Compliance Department might be a good place to start.
4: Duck.
You must really be eating your Wheaties these days! Another, outstanding, interesting article.
Keep on with your challenging articles for our challenging times.
Well, Grape Nuts, but thanks!
Being Dutch, I seemed to recall that the penal code for insulting our Royals had been scrapped a few years back. But, apparently, that change hasn’t made it all the way through the legislative process yet.
Long live our King 😉
Parliament has agreed to abolish this law in April 2018, but it still needs to be confirmed by the Senate.
The use of personal social media accounts in business is a tough nut to crack. On the one hand, a company would surely LOVE to leverage all of its workers’ social networks on LinkedIn … on the other, the workers definitely own that intellectual property and should not, as a matter of employment, have to cede it to their employer. Seems the very definition of indentured servitude.
Post-engagement, the worker MUST retain their personal social media accounts, including any network development during employment. That grates against the corporate mentality that something like a “contact list” is portable. I think both sides need to insist on two identities, one for the company if social media is in your work portfolio that is retained by the company; the other is the individual’s property.
Any lawyers around here to help us figure this out?
When Scott Lee and I wrote The Cognitive Enterprise we talked about this a bit in the context of our Customers / Communities / Capabilities model. Very short version: There’s more benefit to be gained by leveraging employees’ networks to develop ideas quickly than there is disadvantage from losing control of IP that mostly isn’t all that protectable … or valuable … in the first place.
Back in the day, when InfoWorld was an ink-and-paper publication and Bob’s column appeared there, I thought of compliance as an adversary. It always seemed to be a battle to get them to see how wonderful the world could be if they could just let us develop systems the way we wanted.
Then, a light appeared. What if we think of compliance as a partner in finding ways to go where the competition fears to tread? Takes lots of dialogue and the right people willing to be creative, but it can happen. Compliance, after all, is interpretation of words and there are alternative, creative ways to interpret. Which takes it into risk management – is it worth the risk to interpret a little differently than the other blokes?
“Best practices” gets thrown around a lot during those conversations, but once we get past the point that “best practices” is letting someone else do our thinking for us and, surely, we’re as smart as they are, that hurdle can be jumped.
Now, as far as Facebook as a nation, that’s an intriguing perspective. That gets into scary territory!