A study by The Chartered Institute of Marketing (CIM) of 1,500 companies found that just a third (36%) that collect and store data from their social media activity are confident their processes are compliant with regulation.
Beyond the long-standing Data Protection Act, understanding of how legislation applies to social media, such as BCAP Code 2010, the Business Protection from Misleading Marketing Regulations 2008 and The Privacy and Electronic Communications Regulations 2011, is “woeful”, according to the CIM.
Worse still, the report says, 30% of businesses admitted they have no regular data protection training for staff who work on the company’s social media platforms. Companies identified a lack of budget (49%), time (57%) and staff resource (57%) as the main barriers to enhancing social media skills in the coming year.
Thomas Brown, head of insights at the CIM, says marketers’ “apathy” towards regulation could have a detrimental impact on their companies beyond the financial punitive action regulators could enforce.
“A major concern is that you could irritate your customers if you try to engage them in a way they don’t feel they have agreed to. They can then take to Twitter or Facebook to complain and you could lose control of the conversation…leading to negative PR, a [dent in] brand perception and even a loss of customers,” he says.
The Advertising Standards Authority says it is “remiss” to think that just because social media is a different platform the same advertising rules do not apply. Matthew Wilson, spokesman for the watchdog, says marketers’ ignorance on such issues could be due to the fact that there has not been a “precedent-setting” case where a brand has found to be on the wrong side of data or privacy law.
“Marketers might feel kind of removed from [social media data and privacy legislation], thinking it doesn’t impact on their day to day. And while the ASA is not yet seeing a Wild West in complaint figures [in this area], nobody wants to be on the end of that precedent-setting case,” he adds.
Many recent examples of companies violating privacy rules have been on a global scale – such as Facebook’s recent settlement for allegedly violating their privacy on adverts and Google’s admittance that its StreetView cars had collected public data without permission – meaning some marketers could falsely believe their slight breaches might be overlooked by regulators.
Alexandra Scott, senior public affairs executive of the IAB, says while social media is a powerful peer to peer marketing tool, brands should not ever run the risk of isolating the very consumers they want to engage with.
She advises: “If you’re asking for personal details from consumers on social networking sites, you need to honour the law, as you would through any other medium. So you only use those details for the purpose you had stated it would be used for, for example. And you wouldn’t keep those details for longer than the intended use for that data.”
CIM’s 4 steps to staying compliant on social media
1) Speak to legal or compliance department if one exists within own organisation to assess potential implications.
2) Look to trade bodies such as the CIM, DMA, ASA and IAB, which all publish free material and training courses (although some are paid-for) on social media compliance.
3) Speak to other organisations facing similar issues. The CIM organises several networking events for marketers to discuss best practice on data and privacy concerns.
4) Turn to a law firm for legal counsel and copy approval.