Who Owns Your Contacts and Communications?

26 Feb

Over the past 1-2 years, I’ve been having a conversations with savvy folks lately who run in the social media / startup world about a sticky point that seems to have some complexity. That issue is privacy, ownership and portability of social graphs and communications by the “social employee” who does any outreach or relationship building on behalf of the company / brand that he / she represents. It’s a hairy issue.

Evangelists and social media, community and PR professionals are often hired for their connections. Social media, if used right, really accelerates the speed with which relationships can be built online and offline. A lot of us come to jobs with strong existing networks, and we continue to build them as a result of being on the job. A truly social business understands that to truly fulfill the “social employee” and get best results, there must be a symbiotic relationship between building the personal brand and the company brand simultaneously. For the social media practitioner, it is very important to keep developing his / her voice while developing the voice for the company, and deepening professional and personal relationships. Social media has really blurred the lines between personal and professional relationships, which only further obfuscates the issue of who owns what, and how you “split up the goods” when you split up. Just like with marriage, most people don’t think about their exit when they start working, but here are some things you should think through:

1) Understand intellectual property. Examine the labor laws in your state with regards to prior inventions and intellectual property. Then examine your employment / consulting agreement. How is your prior intellectual property treated? In most cases, no one can claim what you have done prior to joining the company. What you do during — that’s a different story. You need to understand what work you have done before your contract with your company begins, and what relationships you created before starting work there. If you create relationships as a result of doing work there (if a company sends you to a conference and you network there on behalf of the company, those leads are technically the company’s. However, the relationships are still yours. You will probably still have them after you leave, but you still have to be careful about respecting your NDA. By the same token, if you were to do business for your company with someone you knew from before, that part of the conversation is definitely part of the company’s record and should be transitioned to the next employee when and if you leave. Make sure you and your employer are on the same page about this.

2) Understand the contact management software completely. Your company most likely uses some system to manage its contacts. It could be a CRM, a Social CRM, or whatever you want to call it. Before importing contacts into that database, it is imperative that you understand what happens during and after that process. If you are doing a batch upload from your social network or a database file, make sure you are partitioning and loading only the relevant business contacts. For example, while loading your Facebook friends may be a fine and dandy idea while you are at the company, it may not be such a great idea after you leave, as your high school girlfriends get “stranded” in this business database. If you are importing from a social network, you need to understand if you will pull your list in its entirety or select a list / group / section. Don’t make the assumption that you can take this data away later, because any database can be rolled back. It’s better to work within boundaries that are comfortable to you from the beginning – if you don’t want your high school girlfriends in there, don’t put them in in the first place.

3) Understand how contact and messaging data is pulled in and used. If you are using a system that automatically fetches groups of contacts, you need to understand what data gets fetched. This is even more important for more closed networks like Facebook and LinkedIn, where you have to be friends with someone to get their contact data. Imagine a scenario where you are pulling in a friend’s contact numbers, email and physical addresses via an API, and this API can fetch data because you are friends. This is not data that would be seen by others in your company, because they don’t have a Facebook realationship with that person. Then you are exposing these people’s private information to others — do you really wanna do that? Does your friend want you to do that? You should also understand the same about messaging accounts. For example, if you import from LinkedIn, are you getting just the contact info, or are you also associating all past and present communications? Is this what you feel comfortable with now? What about 1 year from now? What about in perpetuity?

4) Understand who sees what. Going along with #2, you need to understand how your contact database shows information to others. Is it just you and your team? Or the whole company? What data is shared with whom? Make sure that you feel comfortable sharing anything that’s automatically pulled in via an OAuth. Just as importantly, will your contacts whom you import be OK with you sharing their conversations with your team in their entirety? Are you violating your contacts’ privacy?

5) Understand how to revoke access of your system to your social and professional networks. If you do create a link to LinkedIn with the purpose of importing contacts, but then decide that you don’t want it anymore, you need to make sure that you know how to do that. Each social network has its own permissions page, where you can manage the apps that have access to your accounts. This is something that most people don’t realize: just because you kill access on the side of the app by deleting that account, does not always mean that access was revoked. It’s imperative that you check out your permissions pages of the actual social accounts (LinkedIn, Twitter, Facebook). I have a detailed how-to post coming on this.

6) Establish a dialogue. As you are preparing for your exit from the company, make sure that you keep the dialogue going with your employer. Access to your accounts should remain active until the last day, and you should have a full understanding of how the company intends to message your contacts after you are gone. If you do have personal contacts that got imported, with whom you have never done business on behalf of the company, you should have an opportunity to remove them. However, if you have done business on behalf of the company with certain contacts whom you brought to the table, they need to remain — fair is fair. The key to underscore here is that you need to have an open and honest dialogue and work something out that woks for all parties.

I don’t have any answers, and I certainly am not dispensing any kind of legal advice. These are just tips to help you deal with the new paradigm of relationships that go along with being a social business and a social employee. In some respects, things are no different from the “olden days” where you came in with a rolodex, which you also took with you when you left. In some respects, things are very different with all this new technology that automatically lifts and fetches things from your social networks. Whatever you do, make sure you feel comfortable and know what happens to your contacts during and after your employment. I’d imagine employment contracts and NDAs will have to be updated over time to include these cases.

In the unfortunate event that your contacts sail away, don’t take your eye off the prize. At the end of the day, someone can have your data, but they can’t take your relationships. Even if someone misuses emails that you once loaded, sending them uninvited communications, they are subject to anti-SPAM laws, and may not even get past the email filter. Besides, even if the email got through, any communication that occurs would not be as powerful as it is when you have a true relationship with this person. It’s up to you to protect your relationships, and the only way to do that is to be someone with whom people want to have relationships.

Photo credit: Robert Nilsson

  • http://www.lizasperling.com LizaSperling

    This is a topic that is increasingly important to those of us who work hard to build relationships that transcend a company logo.

    You pointed out the good news: “communication that occurs [from mass emails, etc…] would not be as powerful as it is when you have a true relationship with this person.” This happened to me, and I was fortunate enough to get calls from the recipients letting me know they were contacted.

    We discuss these issues privately, but hopefully now we can continue this conversation publicly and learn from each others’ experiences. Thank you for putting it out there!

    Liza Sperling | @lizasperling

    • http://themaria.me/ themaria

      Thanks for commenting and sharing your story, Liza! I’m glad to see this resonated, although not glad that the mishandling of contacts happened to you. It truly is all about relationships, and they will tell you when something “shady” is going on!

  • http://pulse.yahoo.com/_QFQB3RYPV223ZOTPK6CA7UTB6Y Il

    Good article Maria. This plays right into the old rules about “mixing business with pleasure”. In the final analysis, ALWAYS operate with an eye towards what could happen in a worse case scenario.
    It can be expensive to hire attorneys as part of the end game rather than, using prudence in the beginning…

    • http://www.lizasperling.com LizaSperling

      I don’t think this is about business vs. pleasure. It’s not my post, so I may be wrong, but I would hate to see this dismissed as a business vs. pleasure issue that can be managed with prudence. If only it were that simple.

      • http://pulse.yahoo.com/_QFQB3RYPV223ZOTPK6CA7UTB6Y Il

        Well, the thrust of the article is about putting personally owned data onto an employers system.
        That’s why it brings up labor law… And, that’s why prudence serves.

        • http://themaria.me/ themaria

          You are both right. It is about the chaos that can ensue by putting personal data into an employer’s system. However, as personal and professional get so closely intertwined, it’s getting tougher and tougher to separate the two. To be truly effective, you can’t really have too much separation.

          Also, I probably should’ve pointed out that this scenario is not limited to just employee / employer relationship — it can be any set of people sharing personal communications — business partners, etc. In any case, we all need to be aware of what we are sharing and with whom, and also what this sharing looks like from the standpoints of the contacts themselves.

          Thanks to both for your comments!

  • http://www.jeromepineau.com/ JeromePineau

    “Examine the labor laws in your state with regards to prior inventions and intellectual property. ” – Are you kidding? You ever been able to make anything out of that jibberish? :)
    Great post though, thanks!

    • http://themaria.me/ themaria

      haha No I can’t make anything out, which is why I surround myself with people smarter than myself :) If someone makes you sign an NDA, make sure you know how it treats which inventions.

      • http://www.jeromepineau.com/ JeromePineau

        The connections you make in any industry you work in (at least that’s my experience) are not just business but also personal. So I don’t think you can just “leave them behind” when you switch employer (or client) – surely you can leave their contact info, but somehow trying to get someone to not contact or have a relationship with them anymore is absurd at best – the very nature of our work implies these are more than casual bonds. I have personal relationships with all my “core” influencers – or my “watch pack” as I call them – unthinkable to simply jettison that like an old rolodex :)

  • Latoya

    Congratulations on the new gig! I’ll be reviewing Yammer in March on http://www.socialmediumsphere.com