Social Enterprise

10 things you should cover in your social networking policy

As sites like LinkedIn, Twitter, and Facebook become intertwined with business uses, organizations need to establish guidelines for employees on workplace access and appropriate usage. Deb Shinder looks at 10 key considerations that such guidelines should address.

As sites like LinkedIn, Twitter, and Facebook become intertwined with business uses, organizations need to establish guidelines for employees on workplace access and appropriate usage. Deb Shinder looks at 10 key considerations that such guidelines should address.


When the social networking phenomenon began, many companies dealt with it by not dealing with it -- they simply banned/blocked social networking sites on the company network. Like the U.S. government's attempts at Prohibition of alcohol in the 1920s, that didn't work so well. Today's young workers have grown up with Internet access and come to the job with the expectation that they'll have those resources at their disposal. If you deny them the ability to check their Facebook pages during lunchtime or tweet when they're taking a coffee (or more likely, energy drink) break, they'll find a way around it or leave to work for a company that has fewer restrictions.

But it's not just about catering to spoiled workers. Businesses are learning that social networking, used properly, can be an effective business tool. Having your employees involved in the community can enhance the company's reputation and bring in more business -- so long as it's done right. Thus many large firms, especially in the technology industry, are actually encouraging their employees to blog, tweet, and participate in forums and social sites on company time.

Even so, you still need to exert some control over how these sites are used. You can't just give employees free rein and hope they'll all exercise common sense. And you can't, in all fairness, blame them for violating rules that don't officially exist. You need a social networking policy that explicitly lays out what is and isn't permissible, both on the company's network and outside of it if they're presenting themselves as representatives of the company.

If you do decide to take the "easy" way out and just block social networking sites at the company firewall, remember that what employees are posting from home can still affect your company's reputation, so you still need a social networking policy. In this article, we'll provide some tips on what you should be sure to cover in your social networking policy.

Note: This article is also available as a PDF download. Check out this sample social networking policy to use as a framework for your own guidelines.

1: A clear company philosophy

Before you can develop a policy, you need to define the company's overall attitude toward social networking. Is it something that you consider to be a strictly personal activity, which should be generally restricted -- like personal phone calls and visits from family members -- to the employee's break and lunch times? Or is the company interested in encouraging employees to use social networking for business purposes and incorporate it into their working time?

Some sites, such as MySpace, are primarily for personal socializing. Some, such as LinkedIn, are purely for business. But others, such as Facebook and Twitter, straddle the fence and are used by many for both purposes. You may want to allow or disallow use of specific sites during work time, but that's a challenge because new sites are always popping up and old sites are always evolving. For example, Facebook began as a venue for college students, but the demographics have changed. A recent study showed that the number of older Facebook users has grown tremendously over the past year, in comparison to the number of younger users:

2: The definition of "social networking"

It may seem obvious, but it's important that your policy define what is meant by "social networking" or "social media," since the term means different things to different people. Everyone knows Facebook is a social networking site, but what about Flickr (photo-sharing site), Indaba (musicians' collaboration site), or LiveJournal (blogging site)? Are Web forums, such as those hosted by many companies for their customers to ask questions, considered a form of social networking under your policy? What about "old-fashioned" online networking methods, such as email discussion lists and newsgroups? Or what about Digg, the "social news site" that allows people to share content?

You may want to name specific sites and technologies, but because new sites are always popping up, you should make it clear that the policies are not limited to the named sites.

3: Identifying oneself as an employee of the company

Your social networking policy should also make clear whether employees are allowed to identify themselves as representatives of the company. Most social networking sites have fields in the user profile for work experience, job title, etc. By identifying oneself as an employee of XYZ Inc., a social networker becomes, to some extent, a representative of that company, and everything he/she posts has the potential to reflect on the company and its image. Unless the employee is engaging in social networking for the specific purpose of promoting the company, some organizations prohibit their employees from listing the company name on such sites. If employees are allowed to advertise their association with the company, your policy should impress upon them that they take on the responsibility for representing the company in a professional manner.

If social networking users identify themselves as employees of the company, your policies should require that any personal blogs and other personal posts contain disclaimers that make it clear that the opinions expressed are solely those of the author and do not represent the views of the company.

4: Recommending others

Some social sites provide for members to write recommendations or referrals for friends/associates. If an employee does this as a representative of the company, it may give the appearance that the company endorses the individual being recommended. That could create a liability situation if another company hires the recommended person on the basis of the recommendation. For that reason, some company policies prohibit employees from making such recommendations or referrals.

5: Referring to clients, customers, or partners

Your company's relationships with clients, customers and partners are valuable assets that can be damaged through a thoughtless comment. Even a positive reference could be picked up by a competitor and used to your company's disadvantage. Your social networking policy should make it clear that employees are not to reference any clients, customers, or partners without obtaining their express permission to do so.

6: Proprietary or confidential information

Even though you may have other policies that cover the dissemination of the company's proprietary or confidential information, trade secrets, etc., the social networking policy should reiterate those policies and provide specific examples as they relate to social networking sites. Because social networking communications are somewhat informal, it's easy for employees to develop "loose lips" - especially when they think they are discussing only among themselves.

Social networking sites have varying levels of security and as public sites, all are vulnerable to security breaches. Your policy should make it clear that proprietary information is not to be discussed or referred to on such sites, even in private messages between site members who have authorized access to the information. You may want to spell out examples of information that is considered to be off limits, such as the company's financial information, intellectual property, information about customers, and so forth.

7: Terms of Service

Most social networking sites require that users, when they sign up, agree to abide by a Terms of Service (ToS) document. Your policy should hold employees responsible for reading, knowing, and complying with the ToS of the sites they use. It should not contain rules that require employees to violate the common ToS stipulations. For example, most ToS agreements prohibit users from giving false names or other false information, so the company policy should not require users to use pseudonyms when signing up for social networking sites.

8: Copyright and other legal issues

Policies should require that employees at all times comply with the law in regard to copyright/plagiarism. Posting of someone else's work without permission is not allowed (other than short quotes that comply with the "fair use" exceptions). Other relevant laws include those related to libel and defamation of character. A good rule of thumb is the one our mothers taught us long ago: "If you don't have something good to say, don't say anything at all." Defamatory statements can lead to lawsuits against the author of the statement -- and if that is one of your employees, at the very least it can bring bad publicity for the company. A slander suit was filed against singer Courtney Love for posts she made on Twitter.

9: Productivity impact

Social networking sites can be good tools for developing business relationships, but they can also turn into big time-wasters. It's easy to set rules for purely personal use of the sites, but it's more difficult to draw the lines when it comes to business-related networking. As with the "six martini lunch," appropriate use often slips gradually into abuse without the employee even realizing it. That's why it's important to set guidelines and priorities. Your policies should make it clear that social networking activities are not to interfere with the employee's primary job responsibilities.

10: Disciplinary action

To have teeth, a policy must include consequences for violations. The policy should spell out that violation of the policy can result in disciplinary action, up to and including termination, and reference other company policies that lay out the appeals process and other relevant information.


Check out the new 10 Things newsletter!

Get the key facts on a wide range of technologies, techniques, strategies, and skills with the help of the concise need-to-know lists featured in TechRepublic's 10 Things newsletter, delivered every Friday. Automatically sign up today.

About

Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 add...

16 comments
lsnyder67
lsnyder67

I have to come up with a policy for our business. I want it to where we can get on facebook during our lunch hour. Do you have any suggestions on how I should start this and what exactly I need to put in it. We are a small business but our Board Members wants this policy made. Thanks Laura

EstelleClaassen
EstelleClaassen

The Company that I work for has blocked social networking to some degree. Between 12:00 - 14:00 we can go on fb. Where I work at one of the Depot's the Manager blocked all social networking. I do work from 8:00 to 17:00. Do not take lunch as I operate the switchboard as part of my job. Today I took a sneak peak at my private mail on Gmail and got the showing finger as to what will happen to me if I do that. Surely it can't be a violation of the rules if I go to my gmail. I do that about 4x per day. I feel like I am being treated unfair. Is this ligit to threathen an employee if you read your mail? My work was done.

frainhrc
frainhrc

As a professional HR consultant this topic is becoming hotter everyday. I am frequently updating Employee Handbooks, adding these guidelines to technology policies, and include them in all new handbooks I develop. Great tips for employers! D. Frain "Human Resource Design"

vpadmana
vpadmana

These measures are likely to have a chilling effect on the conversations. The value of social networking to a corporation is in enhancing its brand image, improving its customer relationships and increasing loyalty. If you institute a command & control structure over a FaceBook discussion, you can pretty much forget about deriving any value out of it for your company. If each message has to go through strict corporate filters and approvals, then the spontaneity and quality of the conversation is lost. Official sounding, politically correct, press-release type statements will not work in a social networking scenario. While I'm not a proponent of free-for-all, I'm also not a fan of the strict rules and procedures recommended in this article.

DonaldG_ent2
DonaldG_ent2

Hi, Thank you - I find these 10 things quite useful and straightforward. I was wondering however, with regards to "Proprietary and Confidential information" would your social policy apply for Web 2.0 utilised within your company's intranet? If you have a system setup within your own firewall (e.g. secure enterprise wiki) would you still discourage managing sensitive information amongst employees. Thanks for your post. Best Regards, Donald Gee (http://ent20dg.wordpress.com)

LoriRuff2000
LoriRuff2000

Brilliant recommendations and solid advice... companies and individuals are on the web in a big way. It's time they look at joining the conversation in a responsible and professional way. You can't stop the talk - but you can influence it.

nonDualist
nonDualist

That's an excellent example of the cold, inhuman, top-down controlling attitude that's wrong with corporate america. There's no humanity, no respect, no trust in this policy. Not even an attempt at any. How sad.

maclovin
maclovin

Our policy I just tried to implement had added by our "HR" person "...may result in discipline." ....WTF?! That doesn't mean anything if you don't tell them WHAT will happen. The above, in my opinion, though common, is an easy way of saying "we're probably not gonna do anything about it." Now, if you say, "You will lose all browsing rights you continue after the first warning...that's ON the second warning (I'm tired of three strikes, this ain't baseball, folks)...and people LOVE being able to browse the internet at work. If they continue after the removal or browser access, of find some way around it....bye-bye! NO EXCEPTIONS! This is, after all, work, not a playground. You have breaks, and lunch to do that, but not on our machines! People simply can't be trusted to keep away from bad sites, nor are they smart enough to tell the difference. Some still have problems understanding that the guy from Africa wanting your bank info is a scam. I've always said: "The older people get, the more childish they become."

b4real
b4real

I think too many organizations are leaving this area very vague. Unfortunately, it is really difficult to enforce externally.

Rustys
Rustys

One company I worked for had us sign and date two copies with HR present. One for our file and the other for us. Stating the we have read and understand the policy and procedures.

Forum Surfer
Forum Surfer

People should have enough common sense not to mention client or company sensitive info on personal webpages. The fact is, many people don't have common sense. The company needs policies in place to prevent Joe User from posting sensitive inside info on his personal weblog.

Scotty Bones
Scotty Bones

"That's an excellent example of the cold, inhuman, top-down controlling attitude that's wrong with corporate America. There's no humanity, no respect, no trust in this policy. Not even an attempt at any." Where do get off making a statement like that??? Seriously. Work is for work, not play; thats what you get paid for. That computer siting in your cubicle DOES NOT BELONG TO YOU. The internet connection DOES NOT BELONG TO YOU. Where do you get off thinking that you should be allowed to do what ever the heck you want with someone else's property. Talk about a serious lack of respect. I guess thats wrong with Americas youth today. You seem to think the rules should not apply to you. And when your held to those rules you think your being treated cruelly and unfairly. How sad.

EliSko
EliSko

A point I think you neglected is that it may not be necessary for the employee to identify his/herself as working for the corporation if s/he uses the corporate email address. Part of the policy should spell out when to use and when not to use the corporate email address. And if the policy recommends / encourages / mandates the use of a non-corporate email address, then the ramifications of all but requiring an employee to set up a Hotmail or Google or whatever account ALSO need to be spelled out. Should the employee be monitoring that other email address with corporate resources? Should there be limits on usage, time spent, content? Related, what about things like "offensive" content? If employees are allowed "free surfing time" may they view pornography during that time? Or what about quasi-pornography? Depriving an employee during "free surf time" from access to information about breast cancer might seem harsh (and might conflict with corporate efforts to encourage positive health practices,) but how do you deal with a very juvenile "adult" who uses such a loophole to "look for boobie pictures"? (Believe it or not, I know of such a case!) Thank you for opening up the topic - there's LOTS more to consider.

kwolf
kwolf

@Scotty Absolutely agree with you. I could not have said it much better. I do not understand the mentality of such people that think it is an infringement of their "rights" when there is an attempt to protect the property of the company they WORK for.

maclovin
maclovin

I'll second that. "If you block me, then that's an infringement on my rights as a citizen to screw around while at wo- ...oh, wait...nevermind." Get serious, people.