New York City

(212) 502-7960

Scottsdale(480) 275-

9797

Copyright © 2008 Amanda Vega Consulting, All Rights Reserved.

BOLO 2010

Social Media: Compliance Considerations

2

Amanda Vega20 years online experienceService agencies and clients alikeMBA, ColumbiaNY, Phoenix, Dallas, ShanghaiPR, social media, compliance, webwww.amandavega.comwww.PRinaJar.comwww.mommybloggerseminars.comPink Porsche owner, pug lover, red bottom shoe zealot

3

Amanda Vega Cont…

4

The Social Media Bible - contributor

5

Some of Our Clients

6

Some Key PointsNo other agencies have internal compliance department• Licensing requires sponsorship

(Series 7, 63 needs a broker dealer)• Very expensive to maintain internally

Compliance spans social as well as print, etc.Everyone has some regulation – FTC at the leastCrackdowns happening NOW

7

Regulatory BodiesFTC: all communication, advertising, marketingFDA: pharmaceuticals, nutraceuticals, some supplements, cosmetics, etc.FINRA: publicly traded companies, broker dealers, financial services companies AND individualsHIPAA: hospitals, physicians (and groups)GLBAUK LawsInternal risk controls (internal auditing, risk to data)

8

FTCOctober 2009 Changes• Celebrity endorsements, testimonials,

social media endorsements

Must disclose relationship to product/clientMust disclose if product was freeDoesn’t have to be in each post• Put in profile

Celebs have to disclose they are paid• Twitter wasn’t covered so no case on

this YET

Some employment considerations

9

FTC ContinuedNo more safe harbor with “results not typical”• Actual results have to be accessible

Disclosing of material connections• If blogger gets paid you have to

disclose

No false and misleading claimsDisclosure of use of company sponsored researchLiability for affiliates and other resellers is now on company

10

FTC ViolationsBanana Republic• Internal “intern” was posting “ad

heavy commentary” on fashion blogs• Did not disclose she worked for BR• Fine: $5,000 (pending)

11

FDADisease claims• Cannot say cure, treat, mitigate, or

prevent• Say “alleviate the symptoms of…”

Adequate substantiation of structure/function claims• If you say an ingredient does X, you

have to have studies proving that

Adequate substantiation of other statements• If you say “few or no side effects”

have proof• If you say this online, you are open

for product liability and personal injury claims

12

FDA ContinuedUse of Testimonials• When you allow testimonials you

accept liability of that person’s claims, period

Link to third-party literature• For anything you link to, you adopt all

of the claims

13

FDA ViolationsFirst Juice and 3 other small juice companies asked to change all labels saying “half sugar”• Big brands were not attacked – more

lobbyists• All brands had links to research/tests

proving claims• FJ fought back and won the claim

Pharmaceutical company fined for fake testimonials posted in social media by their PR firm• Use REAL people with disclosure

instead

14

FINRAOctober 2010 changes – VERY SEVERERecord keeping and reporting• You must archive/save all social/email

for 3 years

Communication online is considered same as in personAdvertisement versus correspondence• Tweets and blogposts on your blog

are considered advertisements• DM’s/email considered

correspondence• Ads need pre-approval,

correspondence needs review

15

FINRA ContinuedOversight into activities• Compliance can regulate any

offerings as part of oversight• They cannot regulate your personal

hobbies unles industry related

Customer service• Try not to handle full issues back and

forth on Twitter – chain leads to harder protection

• Cannot help with account specifics online

16

FINRA ViolationsCoca-Cola• Assistant posted to Twitter “it’s a

great day. Boss in meeting with XYZ all day. Quiet.”

• XYZ = competitor COO• Day traders went crazy thinking there

was going to be a merger• SEC came in and filed compliance

violation• Keep in mind – her actions were NOT

in violation of their internal policy OR any regulation

17

HIPAAAbout 500 of 6,000 hospitals are using socialDo not ever list a patients name or picture anywhereFriending patients on Facebook puts you into grey area – interaction can be confirmation of relationship which is violationYou can help people, but make disclosure in profile and posts

18

HIPAA ViolationsMedical resident twitpic’d photo of his first set of stitches• A part of a tattoo was showing –

therefore showing identity which is a violation

• $10K fine to hospital• Social media wasn’t included in their

training

19

Internal RisksSocial networking sites are the

most vulnerable category of Web sites 82% of social networking sites have an urgent,

critical or high severity vulnerability - May 2009 WhiteHat Security

“ It is not a risk that someone will do something dumb someday. Actually, it’s a certainty.”

20

Long Tail is Forgotten

21

It’s NOT Locked Down!

95% of companies have Anti-virus and 85% of companies have URL filters in place, but 30% of companies have bots on their networks and 40% still have viral infections Most financial institutions consider access “locked down” when it isn’tPCI data and monitoring is NOT enoughThere are too many sites created daily for the crawlers and enforcers to keep with

22

Reputation Risk Reputation Risk

74% of employed Americans believe it is easy to damage a brand’s reputation via sites such as Facebook,Twitter, and YouTube.

Fifty-eight percent of executives agree that reputational risk and social networking should be a board room issue, but only 15% say it actually is.

Only 22% of companies have policies on how employees can use social networking tools

53% of employees think their social networking pages are none of their employers business

(Deloitte LLP 2009 Ethics & Workplace Survey results)

23

Bottom Line…Risk vs. Reward – you have to

evaluateA good policy is your strongest

assetYou MUST have a social media

expert AND a compliance, IT, HR, and marketing person involved – the knowledge of each is imperative to be collectively used