Digital content is being published at a historically high rate. Organizations are employing business-minded strategies focused on delivering communications and marketing messages via websites, social media, email, and mobile applications. As they look to leverage even more online platforms – such as customer relationship management tools and chatbots – their exposure to regulatory and legal risks continues to grow.
Legal counsel, with its role of providing the organization advice to steer clear of risk and exposure – whether in-house or outsourced – should be focused on ensuring that team members working on digital delivers with integrity. In my consulting experience, legal counsel is the best entity to steward and help establish policies for most organizations. Policies, as commonly understood, are the organization’s statement of beliefs, goals, and objectives in order to comply with laws, manage risk, and drive competitive advantage. This is appropriate because legal counsel has the knowledge and ability to:
- Analyse risk and exposures associated with digital work in the context of organizational goals
- Help formulate the organization’s stance on current trends in partnership with management
- Interpret how regulations and laws apply to the organization
- Translate industry-specific trends around regulatory fines and legal case precedence that may impact the organization
- Enable other areas of the organization (e.g., security and privacy, information technology) to formulate appropriate subject-specific policies
In a marketplace that continues to struggle with online integrity because of the void of legal and regulatory guidance, legal counsel is ideally positioned to support and mature digital operations from this perspective.
Stewarding Policies within the Organization
If a digital policy program does not currently exist within the organization, legal counsel can initiate one by creating a steward role. In my consulting experience, steps to establish and operate the program tend to go like this:
- Obtain delegated authority from the executive level in order to root the steward role into the organization and ensure appropriate resources are allocated to the program
- Ascertain the organization’s digital operations landscape in order to identify the required policy range, including understanding how traditional policies should extend to digital (e.g., records management)
- Identify policy gaps and working with subject matter experts (e.g., information technology, marketing, security) to define and document these policy gaps while extending any existing policies that apply to, but don’t address in their current form, digital operations
- Determine how adoption and implementation of policies will be validated, measured, and non-compliance remediated
- Ensure that policies are disseminated to applicable digital workers through a centralized repository and supported by a training program
- Work with digital staff to answer questions and drive policy adoption into digital operations.
- Operate the program by ensuring digital policies are updated or created as regulatory, legal, and Internet requirements are identified
- Report on the program’s effectiveness to executives, including risk exposures and the need for changes to digital operations from a strategic perspective
Defining the Digital Policy Checklist
Risks and opportunities accompany every online activity and content publication that an organization undertakes. So what should one be thinking about when trying to develop a policy set to limit regulatory and legal risks while helping the organization take advantage of digital communications? The following checklist provides a general starting point:
- Accessibility
- Affiliate/partner company channel ownership
- Anti-spam
- Appropriate and prohibited content
- Branding
- Children’s online privacy protection
- Cookies and tracking
- Copyright protection, intellectual property and trademarks
- Data breach notification (state and country-specific)
- Data encryption, transfer, and localization
- Data privacy, and protection of personally identifiable information
- Digital records management
- Domain names, email addresses and social media accounts
- Language and content localization
- Online advertising and promotion
- Rights management
- Shareholder notification
- Social media (personal and corporate)
Additional consideration should be given to factors that may alter the checklist, including:
- Sector (e.g., White House mandates for federal agencies, federal regulatory requirement for food, safety, drug and similar organizations)
- Industry (e.g., Sarbanes-Oxley in banking or Health Insurance Portability and Accountability Act in healthcare)
- Location (e.g., states, countries, and regions have unique regulatory and legal requirements based on the user’s location, not the organization’s )
- Digital platforms (e.g., portals with personalized information and a database that stores user-provided input, versus a static website that serves one-directional information from the organization)
Shaping Digital Identity
Legal counsel should provide the organization with advice on the legal environment and the organization’s responsibilities, extending to their digital operations. Whether in-house or outsourced, legal should help shape digital publishing and initiatives so that they meet legal requirements and do not transgress into areas that would damage the corporation’s reputation or expose it to fines and/or other sanctions.
As a partner with senior management and a resource to organizational employees, legal counsel should take ownership of and retain the role of digital policy steward. It is the legal department’s function to make professional judgments around the use and exploitation of digital to serve organizational objectives. In doing so, legal counsel will fulfil their obligations and position the organization for success.