How to write a social media policy
When Myspace burst onto the scene in 2003 (closely followed by the far more long-lived Facebook and Twitter), nobody really predicted just what a huge impact social media would have on our lives. Initially, social media was for friends and family, but companies soon learned that it could be an invaluable tool in everyday business too. Every business that uses social media or whose employees are active on Twitter and Facebook need to consider putting a social media policy in place.
Today, the social media statistics are astonishing. If you still need convincing on the power of social, take a look:
- 79% of people online use Facebook
- CEOs on LinkedIn have an average of 970 connections via the platform
- There are around 369 million monthly active users of Twitter
- 88% of businesses use Twitter as part of their marketing strategy
- eMarketer estimates Instagram will have generated approximately $5.48billion in US advertising revenue by the end of 2018
- Rules – this should outline how you expect employees to conduct themselves online, and lay out specific rules such as no swearing or posting controversial opinions, or posting negative opinions about the company or rivals. Bear in mind that when you create this policy, you do need to limit yourself to any content that directly relates to the business. You cannot start dictating to your employees how they interact with their friends on their own private feeds, for example.
- Brand guidelines – this can be simple things such as the correct images or terminology to use when talking about the business.
- Confidentiality – lay out clearly what can be discussed, and what is off limits. Again, you’ll need to comply with existing legislation too, such as GDPR so your policy should make it clear what information can be shared, and what can’t.
- Penalties for misuse of social media – You need to make perfectly clear in your policy what the consequences of misuse of social media will be, whether that’s disciplinary action, formal warnings, or even dismissal. You must not, however, infringe on your workers’ rights and any disciplinary action must follow the correct procedure including representation and the right for an employee to take the issue to a tribunal.
- Personal use – it’s estimated that employees can waste up to 12% of the working day using ‘unproductive’ applications such as Facebook and Twitter. A complete ban on accessing social media via workplace computers may be possible, but heavy-handed ‘bans’ often cause tension and friction. The best way to address this is to clearly lay out your company policy on personal social media time (such as restricting it to break periods).
- The Human Rights Act 1998 – you must ensure that the individual’s ‘right to respect for private and family life, home and correspondence’ is respected, so you cannot dictate how an employee conducts themselves on social media outside working hours. The only exception would be if the content the employee posted directly related to your business and was in contravention of your policy.
- The Regulation of Investigatory Powers Act 2000 – you may only intercept communications if the sender consents to have their communications monitored, or it is done in the interests of protecting the business.
- Computer Misuse Act 1990 – it is an offence to use a computer to gain access to data you are not authorised to use, so you cannot access your employee’s personal social media accounts without their consent.
- The new GDPR regulations are also applicable. If you are unsure as to how they relate to your business then talk to your legal or HR departments to get clarification before drawing up your final policy document.
- Passwords – how to create a strong and secure password, and the use of two-factor authorisation
- The maintenance and update procedures for software and devices
- The use of mobile devices away from the office (such as company-issued phones, laptops and tablets)
- Procedures and protocols for phishing attempts, hacks, Denial of Service attacks and other malicious threats
- How to identify an attack and who to notify if an attack is suspected
- The response in the event of an attack
- Responsibility for the safety and security of social media accounts.
Few people would dispute that harnessing the power of social media is a modern day business essential. The details on how your staff use this business channel, and the understanding that poorly managed social media activity could damage your business reputation or even lead to legal action is vital. If you’ve not yet developed a business social media policy, or are unsure about the efficacy of your existing policy, read on.
What is a social media policy?
A policy for social media usage within a business lays down guidelines and rules as to how everyone within an organisation engages with social media, and how employees should behave. Its primary function is to protect your brand and your business reputation, and to make sure employees work as ambassadors for your company during any interactions online.
Social media is constantly changing, which means any policy you bring in needs to have a degree of flexibility. Too rigid a policy can mean you respond incorrectly to a changing situation, so you will need to review and update your policy regularly.
The best social media policies are simple, straightforward, and easy to incorporate into an everyday working situation. The aim is to provide guidelines that are easy to follow and avoid being too draconian or, conversely, too lax.
What are the benefits of having a policy?
Even if you already have a strong social media presence and are incorporating platforms like Facebook, Twitter and LinkedIn into your campaign models, you can still benefit from creating a policy that is robust, proactive, and lays down clearly-defined guidelines for use going forward. The sooner you implement a policy, the more noticeable the positive effects in the short term.
There are specific areas that can benefit from having a strong online policy in place. These include:
Prevention against legal issues – as social media platforms are open access, it’s all too easy for information to get out into the public domain. This, in turn, can lead to complex legal issues, especially if there are accusations of defamation of character, libel, copyright, or privacy infringement.
Security risks – a policy will highlight potential gaps in your online security, and what employees have to do to ensure that the information they put out on social media is authorised and secure, and doesn’t pose a risk to the overall cyber-security of the company.
GDPR compliance – in 2018, the legislation surrounding the collection, use and storage of data underwent a radical overhaul in the form of the GDPR or General Data Protection Regulations. One of the key areas that this updated European legislation addressed was the collection, use and storage of digital data, including any information gathered on social media platforms. Even if you already have a policy, it may be prudent to revisit it and ensure that it complies with GDPR legislation.
Minimising accidental information leakage – a throw-away comment on Twitter may seem innocuous enough, but could have far-reaching consequences for your business. A policy makes sure employees are fully aware of the potential consequences for ‘Tweeting in haste’, and allowing sensitive business information out into the public domain where rivals could take advantage of an employee’s error of judgement.
It shows your business partners you’re serious about social media – by instigating a formal online policy as part of your business model you are demonstrating to your business partners that you’re serious about protecting your reputation and your business online. It makes you more trustworthy and professional – the right kind of company to do business with both online and in the ‘real’ world.
What to include
It’s best to break your policy down into two sections, one for official company accounts such as your business’ Facebook, Twitter, LinkedIn or blogs, and one for employees.
The legalities of social media policies
There are several legal considerations to take into account when creating a policy for your employees.
Social media is notorious for getting hacked. It’s therefore essential that your policy addresses the question of online security and make it a key part of any final document. Security considerations should include things such as:
Mistakes happen, and sometimes a supposedly harmless post can explode out of control for no reason. It can be very easy to apportion blame. However, with a policy in place, it’s much easier for employees to know exactly what is acceptable and what isn’t, and to avoid posting content that could ‘go viral’ for all the wrong reasons. If they are fully aware of your company policies and the potential recriminations for breaches of company protocol online, you are far less likely to be faced with a problem online.
Involving your workforce – getting their feedback and ideas
Before you finalise your company policy, talk to your employees. If you have a relatively young workforce then their knowledge of how social media works could be invaluable in creating a policy that works well. It also means that they have partial ownership of the decisions being made, and are therefore more likely to ensure that the rules and guidelines you produce are adhered to.
Once the policy has been drawn up, the implementation should be relatively straightforward to roll out. Make sure all of your staff are fully aware of the document – it can be distributed either as documents or, if you want to keep paper down to a minimum, as a pdf file (which cannot be altered by anyone who isn’t authorised to edit the contents).
Workers’ rights and rights to privacy
While a policy is designed to protect a business’ reputation and interests online, it must take into account workers’ rights and their rights to privacy throughout. Before any policy is implemented, it is wise to ask a legal expert specialising in HR and employment law to take a close look at the guidelines, especially with regard to the policy’s compliance to all current privacy legislation. Remember, having a policy in place does not give you the right to ignore the privacy and the rights of your employees.
While it’s important that they do not breach the rules your policy lays out, it is also crucial that it does not breach any privacy laws. If you do, for example, access an employee’s social media accounts without their consent then you could find yourself taken to a tribunal and end up paying a considerable amount in damages, even if the employee’s postings could be construed as detrimental to the reputation of your business. If you do need to take action then make sure it is within the remit of the law.
Adaptability – why social media policies need to be flexible
Social media is incredibly dynamic. While the algorithms that run these platforms remain relatively static, the content that’s downloaded every day is fluid. However, it needs to be emphasised in any policy that just because a Tweet or comment has disappeared from a feed, it hasn’t ‘vanished’ completely. As many celebrities have found to their costs, a flippant remark or online comment made 10 years ago can come back to haunt them a decade later, and have a very real impact on their status. Encouraging your staff to think carefully before they press ‘Post’ is part of your policy. Remember – Tweet in haste, repent at leisure!
Your policy needs to be flexible, too and should be able to respond to the changing face of social media. This is a document that will need to be revisited every year or so, to make sure it is compliant with both current legislation and the platforms themselves.
This is one of the most important documents any 21st-century business can draw up, and explains how employees should behave online when posting on both their own timelines (with regard to any posts that have direct relevance to your business) and how they should conduct themselves when operating the business’ own accounts. It lays out what the consequences can be with regard to inflammatory and offensive posts, or those that could be construed as portraying the company in a negative light.
It needs to conform not just to digital media legislation, but workers’ rights and privacy laws too, and needs to be flexible enough to cope with a rapidly changing online world. If you want to create a robust social media policy that’s fit for purpose, getting free policy advice is a positive first step that will enable you to create a document that will protect both your workers’ rights, and your business’ reputation online.