Social media platforms can play a pivotal part in business growth, marketing and recruitment. In fact, it’s safe to stay that many small businesses were built using the reach of social media. But when you have employees affiliated with your business and you’re consciously building your businesses brand, you may way to get some sound advice from an employment solicitor on creating a water-tight social media policy.
Jump to:
- What is a social media policy?
- What is the purpose of a social media policy?
- What act does a social media policy come under?
- Why are social media policies important for your business?
- What to include in a social media policy
- Social media policy best practices
- What about a social media policy for the company’s official accounts?
- How to create a social media policy that protects your business and employees
What is a social media policy?
A social media policy or social media usage statement is where employers decide and communicate to staff in writing what is and what is not acceptable when using the internet, emails, smart phones, and social networking websites at work. This can be a policy in a staff handbook, such as part of a general IT and communication systems policy or a standalone social media policy.
Social media is the term used for internet-based tools used on computer, tablets, and smart phones that enables online users to interact and share information. This could be by way of video, audio, images or text, shared privately or publicly.
What is the purpose of a social media policy?
The reason why a social media policy is a good idea is because, if drafted well, it can give clear guidelines for employees on what they can and cannot say about the organisation they work for and what they can and cannot do in respect of business and private use of social media. If a business allows limited private use in the workplace, for example, it should be clear what this means in practice and this can be made apparent by writing this in a social media policy provided to all employees.
Employees should feel protected against online bullying and businesses should feel confident that it will not suffer reputational damage at the hands of its staff.
What act does a social media policy come under?
There is relevant case law and legislation which deal with aspects of social media, as follows:
The Human Rights Act 1998 Article 8 gives a 'right to respect for private and family life, home and correspondence'. Case law also suggests that employees have a reasonable expectation of privacy in the workplace. Article 10 provides for the freedom of expression, which should not be unjustly restricted, but can be restricted ‘for the protection of the reputation or rights of others’ which would include other employees or an employer and so these rights all need to be carefully balanced in a social media policy.
The Data Protection Act and GDPR covers how information about employees and job applicants can be collected, handled and used. The Information Commissioner's Office offers advice to help employers comply with the law as do our Data Protection FAQs.
The Regulation of Investigatory Powers Act 2000 covers the extent to which organisations can use covert surveillance alongside recent EU case law.
Why are social media policies important for your business?
Social media policies are important because postings on social media platforms affects communications among staff members and prospective staff members and how they treat each other, as well as how businesses promote and control their reputation. There has been research to suggest that misuse of the internet and social media by workers costs Britain's economy billions of pounds every year. There are also other issues which, if not controlled correctly by a business, could have negative implications including time theft, defamation, cyber bullying, freedom of speech and the invasion of privacy. If you have a clear and enforceable social media policy which you do effectively enforce, your business can minimise risk associated with employee misuse of social media such as:
- Potential unauthorised disclosure of the employer's confidential and proprietary information
- Infringement of third-party intellectual property rights
- Liability for discriminatory or defamatory comments posted by employees
- Reputational damage
A well drafted social media policy can minimise the costs and time-consuming nature of dealing with the above, and so it is advisable for your business to have one.
What to include in a social media policy
Employers should take time and care to develop a comprehensive policy which sets out what is and what is not acceptable behaviour at work when using social media. There should be clear reference to the separation between business and private use, and if limited private use of social media is permitted in the workplace, it should be clear what this means in practice.
You may want to include the following points in your social media policy:
- Reputation and brand management including, who is able to comment on behalf of the company and the types of comments that they are committed to make, and on what platforms. If an individual is permitted to comment on behalf of the company, it is worth also considering whether their personal messages are also monitored.
- How negative comments and defamation by employees about other staff, the business, its suppliers or other business contacts will be handled, including reference to the company’s disciplinary policy.
- How company devices can be used for personal communication and/or social media, if at all, and whether personal devices should be used for official social media communications on behalf of the company.
- How social media use by employees will be monitored.
- How employee, client and other business contact information will be protected.
Social media policy best practices
There are a number of things which can be drafted into a company’s social media policy, which are fair and compliant with the law but also best protect a business.
For example:
It is advisable to use a disclaimer that any opinions expressed are personal and do not represent the views of the organisation, preferably using a personal email address rather than a company one.
If a social media policy is breached and disciplinary action is to be taken, this should be consistent with the way in which offline behaviour of the same type would be managed. The impact or potential impact of behaviour carried out or threatened to be carried out will be relevant when looking at what is reasonable behaviour by the company.
Social media policies should try to provide practical examples and clear definitions of what, for example, ‘defamation’ might include and what is ‘confidential’ to the business. Definitions of sensitive business topics which should be avoided should also be provided, such as business performance where negative comments could damage reputation and further damage any performance deficiencies.
There should be some guidance on recruitment and use of social media to ensure managers are aware about what information they may disclose and what is confidential to the business. There should also be guidance on the range of opinions they may express to ensure they do not make any comments or judgments in assessing applicants by looking at their social networking pages - this can be discriminatory and unfair.
Other company policies which may be related, such as an anti-bullying policy should now also reference anti-cyber bullying. If there is an IT policy, any monitoring of emails or internet activity should be mentioned there too.
Monitoring of employee emails and social media may be helpful to employers so that they can keep better watch on what is being said about their business, but this monitoring must be proportionate, and the employer must provide information to the employee about the monitoring that is being conducted.
Any limitations on the use of social media should not go beyond what is reasonable. An example of a policy which is too stringent might include potentially infringing the human rights of the employee or impinging on the freedom for employees to report illegal activity.
ACAS research has recently suggested that businesses may want to provide staff with email management strategies to help effectively manage email inboxes. Employers may also encourage staff to use the 'delay send' function when sending an email out-of-hours so that colleagues receive emails during working hours, not at home during their leisure time.
It is advisable that business’ promptly respond to any complaints of harassment or discrimination via social media, just as the organisation would in non-social media contexts.
Ideally, social media policies should be discussed and agreed with employee representatives or trade unions, if applicable, so that employees feel able to express their opinions but not in a way which is damaging to their employer.
What about a social media policy for the company’s official accounts?
It is important that a company makes clear whether employees' personal use of social media will be encouraged, discouraged or tolerated, but also how company official social media accounts can be used and by whom. It can be of benefit for HR to advertise using social media such as LinkedIn or marketing to tweet about a promotion on Twitter, but how do you ensure that your business gets the best from social media?
The answer is that there should be a limited number of trusted employees who must seek approval as clearly set out in a social media policy before making public comments on social media. Your business may want to hire somebody external to the business to review or write on its behalf and send employees who will be expected to comment, for further training. Businesses may also want to state that all media or other comments should be directed to a named individual. That way, all official comments are controlled and checked by the individual the company has directed the public to, and unofficial comments are not to be provided.
How to create a social media policy that protects your business and employees
So how can your business best use social media and protect its reputation at the same time?
To further minimise risk associated with employees' use of social media, remember:
- Draft a clear policy which all employees have access to and that they know where to find it.
- When drafting a policy, you should carefully balance a number of factors, including the employer's attitude toward social media use in its workplace, the nature of the employer's business and characteristics of the employees and workplace environment.
- A policy is only as good as its enforcement, any infringements should be followed up and enforced consistently.
- Regularly review and update the policy to ensure it is kept current with changing law, technologies and business practices.
- A good social media policy should not silence employees, it should allow them to speak out about the business without damaging its reputation.
- If there is consistency over who can comment on behalf of the business and the types of comment they can make and tone and attitude they use, this ensures that whenever someone interacts with a particular company online, they get the same consistent experience. This develops a more reliable, trustworthy brand.
- The policy should be clear on not only how to respond to comments from customers, but also how quickly this should be dealt with, as this can make a huge difference to the reputation of a business.
- Criminals and scammers also use social media and so a good social media policy includes guidelines to protect employees and the employer from phishing scams or ransomware attacks, for example. All employees should be aware of the risks and know what to do and who to contact if they have any concerns about the employer’s online security. Guiding employees on how to create secure passwords and set up two-factor authentication for brand and personal social media accounts, how to keep software updated and devices secure, and how to identify potential social media risks are a good starting point.