Organizations in regulated industries, such as healthcare, legal, and finance, have strict privacy and security guidelines they must abide by, which is why they are careful and cautious when adopting any new software platform.These platforms must check the boxes of IT security, privacy, regulation and social network compliance and more before these companies can onboard it. This is nothing new for GaggleAMP, who works with companies of all sizes and industries to meet these requirements and make sure they’re out ahead of any changes to compliance guidelines that come up.
“Regulated businesses want the same things out of employee advocacy that any other organization wants,” said Jason Nochlin, CTO and Co-Founder of GaggleAMP. “It’s just how you get there is a little more nuanced. Our overall goal is to be a trusted advisor and partner to help you implement a successful program that meets with all your regulations, and operates in a secure manner.”
In this blog, we dive into how GaggleAMP keeps its platform secure and works with clients to make sure they remain compliant while getting the benefits of employee advocacy.
Platform Security and Password Protection
At a foundational level, all business software needs to be secure in order to be trusted.
To protect against security threats, GaggleAMP takes every precaution. As a SaaS vendor, the company follows Amazon Web Services best practices for cloud security. It also takes steps to protect users’ social media credentials through encryption. GaggleAMP uses OAuth tokens, meaning Gaggle Managers never have access to the username or password of a user’s social media account.
For example, when a user approves the GaggleAMP platform’s access to their personal Twitter account, the social media platform will send GaggleAMP an encrypted token that approves access without GaggleAMP ever seeing the user’s Twitter credentials.
User Privacy and Protection of Personal Social Accounts
GaggleAMP focuses on the user’s perspective and experience, and because of that, user privacy is paramount.
The company takes several steps to protect user data. For example, user activity is not accessible by a user’s organization or by GaggleAMP. A Gaggle Manager gets an aggregated view of their employee population as a whole, and can’t see the actions of a specific employee. Managers can request users perform an activity and can see how many Members responded to that activity, but cannot see which individual users responded.
Even with gamification, where Managers assign points to each activity they request of their Members, they can see how many points each individual employee has, but can’t see which activities the employee performed to earn those points.
Additionally, all activities are requests to employees. A Gaggle Manager does not have the ability to perform an activity on a Member’s social media account. They can send a request to Members to carry out an activity, but it’s ultimately up to the Members to take action. Employees have the ability to choose which activity requests that want and don’t want to respond to.
Social Network Compliance and Transparency
GaggleAMP maintains relationships with social media companies to ensure the platform is always in compliance with a social network’s policies.
By monitoring any platform, technology and policy changes the social networks make, GaggleAMP can get out ahead of any upcoming changes to ensure organizations that use the GaggleAMP platform are always in compliance.
For example, Facebook does not allow pre-filling comments on posts, so GaggleAMP does not give its users this ability. Within the last year, Twitter made a change to its policy that disallowed multiple accounts having substantially similar messages. Knowing about these platform changes, GaggleAMP made a change to this feature and communicated this change to all clients before it went live. Managers can now prompt employees to create their own Tweet by answering a question. This drives authentic content creation at the employee level.
Internal Compliance And Management Control
Any company that uses GaggleAMP needs to know they have some control of the message users share through the platform in order to appease internal compliance guidelines.
This is why Gaggle Managers have full control of activities they request to users. For example, businesses can lockdown messages their Members share on social media platforms by disabling the “Edit” capability, preventing users from altering the caption of a post. Again, users have to choose which messages they want to promote, but they can’t share anything through the platform that the Manager doesn’t approve unless the Manager allows for editing.
For example, let’s say a business has an upcoming announcement about a new product, but the press announcement is under embargo until a specific date and time. The Gaggle Manager could schedule posts regarding the announcement that Members can’t share until that embargo lifts.
Lastly, GaggleAMP has a blacklist capability that prevents users from sharing certain words on social media. The Manager can choose words he or she would like to blacklist.
Industry Regulations and Compliance
GaggleAMP works with businesses in many regulated industries and abides by broader regulations including GDPR and FTC, for example.
In accordance with GDPR, users must consent to all electronic activities. The company does not sell or trade user data to third-parties, and their data is only used in ways that are required and consented upon for running an employee advocacy program.
According to FTC guidelines many companies have to disclose when an employee of an organization promotes its brand on social media. This is why the GaggleAMP platform has a “disclose hashtag” feature, where Managers can assign a hashtag to go with posts that discloses the user works for that company. For example, Divvy, a financial software vendor, uses #GetDivvy for employees to signify in posts that they work for the company.
More specific guidelines may apply to different industries. For example, companies in the pharmaceutical industry can’t mention specific drugs. In this case, Gaggle Managers of these companies can blacklist certain names of drugs and competitors from being shared by employees on their Gaggles.
There are many ways GaggleAMP can appease businesses of all sizes in any industry. The company’s product and customer success teams work every day to do just that.