Social Media Laws and Regulations You Should Know

John Porcaro

26 August 2011

[Update: The NLRB ruled on Sept 2011 that "workers can safely vent their frustrations about the workplace on social network"). (Source: Forbes:Tech)

Go straight to jail!  Do not pass Go!  Do not collect $200!  (Before I forget, I'll remind you that Monopoly is a trademark of Hasbro...). 

As social media becomes more prevalent, the possibility of using it improperly is causing policymakers to create guidelines and enforce compliance.   It’s important to stay current on regulatory guidelines that govern your industry, and to have a solid social media policy in place. 

Here are a few agencies, codes, and regulations that have social media implications.  This is (by no means!) comprehensive, and laws are always changing. How many of these were you already aware of?  


FINRA (Financial Industry Regulatory Authority) 
If you work for a financial firm like a brokerage or bank, any communications with customers must be done carefully.

  • Every firm that intends to communicate, or permit its associated persons to communicate, through social media sites must first ensure that it can retain records of those communications.
  • A registered principal of the firm must approve all static content on a page of a social networking site established by the firm or a registered representative before it is posted.
  • Firms must supervise interactive electronic communications in a manner reasonably designed to ensure that they do not violate the content requirements of FINRA’s communications rules
  • Firms must adopt policies and procedures reasonably designed to ensure that their associated persons who participate in social media sites for business purposes are appropriately supervised, have the necessary training and background to engage in such activities, and do not present undue risks to investors. Firms must have a general policy prohibiting any associated person from engaging in business communications in a social media site that is not subject to the firm’s supervision.

HIPAA (Health Insurance Portability and Accountability Act)
If you work in healthcare, including a hospital, doctor’s office, or clinic, it’s important to keep customer information private. 

  • The HIPAA Privacy Rule protects the patient’s protected health information, which is “all individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper or oral.” 45 C.F.R. 160.103
  • Don’t inadvertently share any patient information, like a cell phone photo that includes a patient, or a tweet that could identify someone that visited your clinic.
  • Don’t  invite customers to post personal information
  • Don’t acknowledge a condition that a patient discloses, or defend a negative post when a patient posts something online.

FTC (Federal Trade Commission)
If you’re being paid to say something, it better be the truth, and it better be disclosed.

  • Communications that feature a consumer and convey experience with a product or service as typical when that is not the case will be required to clearly disclose the results that consumers can generally expect.
  • Material connections (sometimes payments or free products) between advertisers and endorsers – connections that consumers would not expect – must be disclosed.
  • Advertisers and endorsers may be liable for false or unsubstantiated claims made in an endorsement – or for failure to disclose material connections between the advertiser and endorsers. The revised Guides also make it clear that celebrities have a duty to disclose their relationships with advertisers when making endorsements outside the context of traditional ads, such as on talk shows or in social media.

FDA (Food and Drug Administration)
The pharmaceutical industry has been regulating customer communication since 1906.  If you communicate to consumers at all, you need to make sure you’re not overstating the benefits of a product. The FDA has been asked to offer specific guidance for social media participation, and though they’ve solicited feedback, they have yet to publish anything specific. 

  • Promotional statements can make claims about approved indications only.
  • A company should neither overstate the benefits nor understate the risks. 
  • The manufacturer has responsibility for user-generated and third-party content that appears on a company-created site. 

US Copyright Statute
Copy and paste much?  Be careful not to borrow too liberally.

  • Under the fair use doctrine of the U.S. copyright statute, it is permissible to use limited portions of a work including quotes, for purposes such as commentary, criticism, news reporting, and scholarly reports. There are no legal rules permitting the use of a specific number of words, a certain number of musical notes, or percentage of a work.
  • Only the owner of copyright in a work has the right to prepare, or to authorize someone else to create, a new version of that work. Accordingly, you cannot claim copyright to another's work, no matter how much you change it, unless you have the owner's consent.

NLRA (National Labor Relations Board)
An employer can’t prohibit employee self-organization.  

  • An employer can’t create work rules, like limiting Facebook participation, if they keep employees from self-organizing.
  • An individual employee can’t be prohibited from seeking to initiate, induce, or prepare for group action, or when the employee brings “truly group complaints to the attention of management.”
  • Comments made “solely by and on behalf of the employee himself” are not protected.

GINA (Genetic Information Non-Discrimination Act)
If you’re an employer, you need to make sure you don’t use social media to access information that could lead to discrimination.

  • A company is not allowed to search social media with the intent of finding genetic information about an employee or potential employee.

SOX (Sarbanes-Oxley Act)
If you work at a public company, you might accidentally mislead investors by what you say.

  • Make sure any financial information posted on your Facebook fan page, Twitter, website, etc., is updated to reflect material changes in financial condition and operations.
  • Do not release financial information on social networking sites that you have not also published in a press release.

COPPA (Children’s Online Privacy Protection Act)
If your product or service is marketed to children, you need to follow the COPPA laws set forth by the FTC.  This is the main reason Facebook is limited to those at least 13 years old.

  • If you operate a commercial Web site or an online service directed to children under 13 that collects personal information from children or if you operate a general audience Web site and have actual knowledge that you are collecting personal information from children, you must comply with the Children's Online Privacy Protection Act.
  • An operator must notify a parent that it wishes to collect personal information from the child; that the parent's consent is required for the collection, use and disclosure of the information; and how the parent can provide consent.

CAN-SPAM Act (FTC’s Controlling the Assault of Non-Solicited Pornography and Marketing Act)
Think Facebook messages or posts aren’t covered under SPAM laws?  Not so much. 

  • On March 28, 2011, the U.S. District Court for the Northern District of California held in Facebook, Inc. v. MaxBounty, Inc.1 that messages sent by Facebook users to their Facebook friends’ walls, news feeds or home pages are “electronic mail messages” under the CAN-SPAM Act.

CFAA (Computer Fraud and Abuse Act)
Organizing a grass-roots effort to flood someone with messages or comments is frowned upon.

State of Missouri Senate Bill 54
Besides not being a good idea, Friending your students is illegal in Missouri.

  • No teacher shall establish, maintain, or use a nonwork-related internet site which allows exclusive access with a current or former student.

Codified Ordinances of the City of Cleveland – Section 605.0091 Improper Use of Social Media
Think before organizing that Flash Mob.

  • In Cleveland, it’s Illegal to use Facebook and other social media to call together unruly crowds.

California Juries Prohibited from Electronic Communication
And one final reminder from California judges…

  • Jurors are prohibited from using any form of communication or research about the case, including all forms of electronic or wireless communication or research.

These are just a few ways well-meaning marketing pros can inadvertently cause problems for their company.  It’s worth working with a professional firm like Metia (my employer, in case that’s not obvious!) to audit your online communications or help with creating a solid marketing strategy, to make sure you do pass go, and you do collect $200 (oh, ya, a reminder that Monopoly is a trademark of Hasbro).