Social Media in Action in Government Contracts & Investigations
Chapter Authors
Andrew L Hurst, Partner – ahurst@reedsmith.com
Daniel Z. Herbst, Associate – dherbst@reedsmith.com
Introduction
This chapter looks at the relationship between social media, government contractors, and those businesses regulated by the government or subject to government investigations.
With new and developing social media platforms, government agency Facebook pages, YouTube channels, blogs and Tweeters have begun to emerge and proliferate. The General Services Administration (“GSA”), Small Business Administration (“SBA”) and Office of Management and Budget (“OMB”), Health and Human Services (“HHS”), and Centers for Disease Control and Prevention (“CDC”) have all been early pioneers of social media and micro-sites. Today, a great number of federal and state agencies utilize at least one form of social media in furtherance of their agency mission. This interaction among government and the public using social media is what is commonly referred to as “gov 2.0.” Not only are agencies themselves using social media to interact, but government employees, government contractors and their employees, and companies regulated by the government and their employees are all exchanging information using social media as well.
These new platforms provide increased ability to access and interact, but also create significant legal risks to those that have contractual or regulatory interactions with the government.
Social Media in Action in Government Contracts & Investigations
Government Contracts
State and federal government contractors have a particularized interest in social media experience because they often obtain access to sensitive government information and systems, and as a result will be required to comply with government regulation of social media. Risks to information and system security, to privacy, and other risks associated with the use of social media prompted the federal Chief Information Officer (“CIO”) Council to issue Proposed Guidelines on the Use of Social Media by Federal Departments and Agencies in September 2009. The CIO’s proposed guidelines note pervasive risks associated with social media, suggest that each agency must make individual cost benefit calculations prior to creating an agency social media interaction, and recommend a series of both non-technical/policy and technical security controls to protect government information and security.
The Department of Defense recognized that social media may be an important tool to fulfill government policies, but it must be regulated:
On balance, DOD needs to appreciate that social software exists, is becoming increasingly popular, and has empowered people to self-organize outside government and other major institutions without permission, endorsement, or encouragement. DOD needs to be prepared to not only research, build, and/or acquire social software tools, but also to be prepared to educate its workforce about how to use them, and why.[1]
As each government agency adopts policies and guidelines for the use of social media in order to manage behaviour of government employees and interaction with the public, government contractors must understand and maintain compliance with each agency’s internal policies or face potential pitfalls associated with non-compliance. In particular, contractors who have access to government computers and information systems or sensitive and classified information will be required to establish robust compliance programs in place for security. Contractors whose employees have access to government computers or computer systems are at the greatest risk, and must take a proactive approach in ensuring employees are properly trained to protect sensitive information. Contractors who fail to address these issues may be prevented from obtaining government contracts, may find themselves in breach of security policies, or may be subject to civil or criminal liability for disclosure. Moreover, contractors without internal social media compliance programs subject themselves to the same privacy, security, and other risks associated with social media that concern the government.
In addition, companies providing social media platforms to the government must also be aware of specialized procurement and contracting regulations, and increased transparency in providing services to the government. The government has taken a close look at how procurement rules relate to companies offering social media tools to government agencies and their employees.[2] Further, government contractors who provide social media services to the government are subject to increased transparency, such as freedom of information act requests regarding their provision of services to the government. In August 2009, the Electronic Privacy Information Center (“EPIC”) compelled disclosure of government contracts with Facebook, Google (YouTube), Blip.tv, Blist, Yahoo! (Flickr) and MySpace.[3] Some of the agreements allowed companies to track users of government websites for advertising purposes. Accordingly, social media providers who contract with the government must be aware of the disclosure risks of contracts from legal and public relations perspectives.
Finally, as a result of gov 2.0, government information and communications are happening faster and being shared with a wider audience. Gov 2.0 utilizes social media technologies to make networking and engagement with the public simple and powerful, make research faster, identify influencers in useful micro-niches, provide mechanisms for combating negative publicity, and measure public sentiment to help inform public policy. Government contracts similarly may utilize social media as a strategic tool to increase access and communication with the government, and influence policy and perception to better position itself to receive government contracts and grants. Government contractors can develop strategies consistent with applicable laws and policies to take advantage of gov 2.0, and use social media as a tool to their competitive advantage in interacting with the government.
Government Investigations
In the course of state and federal government investigations, companies that are regulated by the government or subject to civil or criminal investigations are often confronted with information derived from social media sources, or asked to produce or provide information in regard to social media. These companies must understand the breadth of regulation of social media and set appropriate operating procedures pertaining to records management and document retention. (See Volume 1, Chapter 8 – Litigation, Evidence and Privilege) Companies also should set the terms and conditions on social media use for their employees to ensure that information flow is appropriately managed, and to prevent unwarranted disclosures before, during, and after government investigations. (See Chapter 6 – Employment)
Bottom Line—What You Need to Do
Contractors, companies in regulated industries, and those subject to government investigations cannot ignore the significant risks, forthcoming regulations, and new interactive opportunities associated with the proliferation of social media. These entities should develop a social media operating and compliance program and comprehensive strategy to mitigate risks, protect information and information systems, and streamline interface with government social media programs.
[1] DOD Report April 2009, p. 33, available at http://www.usa.gov/webcontent/technology/other_tech.shtml.
[2] Social Media and the Federal Government: Perceived and Real Barriers and Potential Solutions, Dec. 23, 2008, available at http://www.usa.gov/webcontent/technology/other_tech.shtml.
[3] Privacy and Government Contracts with Social Media Companies, available at http://epic.org/privacy/socialnet/gsa/.
