Still don't have a social media policy? Bet you'll write one after this...ShareThis
by Ron Daly
Yeah, I know. You're tired of getting poked and prodded and constantly reminded that you need to hurry up and implement your social media policy. After all, you don't even use Facebook or Twitter or YouTube or Pinterest or FourSquare or...whatever else there is. How important could it all be?
What if an employee was shooting videos of your member's feet?
You balk. That's ridiculous, you're thinking. What kind of person would go around shooting videos of people's feet?
A credit union employee, that's who. From the Financial Brand:
The Financial Brand first learned about this series of shocking and offensive videos when one popped up on an automated Google Alert for “credit union” + “YouTube.” Someone under the YouTube handle marajohn1123 had posted an odd video of a female credit union co-worker’s toes. When a similar Google Alert was triggered for another video, this time of a member’s toes, it was clear that a credit union somewhere had a serious problem with a serial voyeur.
Presently, there are over 100 videos of women’s feet, all shot spycam style without the knowledge and approval of the victim. Based on information revealed in the videos, the videos were likely shot in and around a suburb of Atlantic City.
The credit union employee appears to be a loan officer or similar member service rep, but that doesn’t stop him from leaving his desk to film members’ toes at the branch ATM.
This is a gross abuse of trust. The emphasis in that last passage is mine - Jeffry Pilcher did a little detective work around which credit union might be employing this voyeur. He's narrowed it down to a few possible places. I'm hoping at least one employee there has the intelligence to figure out who this might be and bring this to the attention of the management. Because where does it stop?
Think about it for a minute. Most of the videos in that story appear to be shot on a smart phone. What happens when it's not feet they're recording, but credit card and debit numbers? Checking account numbers and balances? Still not seeing a problem?
I don't want to dismiss what's being done here - taking video of someone without their knowledge is wrong. Add to that the fact that these are being used to feed a fetish (one assumes), you're talking about not only a breach of trust, but serious damage to the CU's reputation. This employee should be fired, full stop.
"On what grounds?", you ask.
And THAT'S why you need a social media policy. Now. Today.
As Jeffry said in a comment further down on this same post:
If you don’t have one yet, this kind of situation should illustrate the gravity of need. If an employee posted something that you wouldn’t want on social channels — not necessarily stuff as bad/potentially illegal as what Marcus did, but bad just the same — a social media policy can give your organization the legal leverage you need to deal with the problem swiftly and without complications.
But where to begin? This article from Credit Union Magazine is a great resource to get you started. Their list of best practices covers a lot of ground.
- Define social media usage expectations clearly in your policy;
- State that employees may only access social websites consistent with the credit union’s security protocols (i.e., they may not circumvent information technology security protocols);
- Educate staff on the risks of exposing confidential information about their employer, other employees, volunteers, and members;
- Monitor social media use via credit union resources;
- Outline expectations for reporting policy violations;
- Enforce policy violations in a nondiscriminatory manner;
- State that retaliation for reporting violations is not tolerated; and
- Define personal off-duty use of social media. For example, supervisors should not “friend” their direct reports due to the potential sharing of personal information.
A word on the "monitor" part of that equation - the employee who was shooting these videos was, as I said above, most likely doing this via smart phone. That doesn't use the credit union's data network - that's technically external use. If you aren't watching out for threats internally and externally, you're doing yourself - and the members who might be at risk - a disservice.