As sites like LinkedIn, Twitter, and Facebook become intertwined with business uses, organizations need to establish guidelines for employees on workplace access and appropriate usage. Deb Shinder looks at 10 key considerations that such guidelines should address.
When the social networking phenomenon began, many companies dealt with it by not dealing with it -- they simply banned/blocked social networking sites on the company network. Like the U.S. government's attempts at Prohibition of alcohol in the 1920s, that didn't work so well. Today's young workers have grown up with Internet access and come to the job with the expectation that they'll have those resources at their disposal. If you deny them the ability to check their Facebook pages during lunchtime or tweet when they're taking a coffee (or more likely, energy drink) break, they'll find a way around it or leave to work for a company that has fewer restrictions.
But it's not just about catering to spoiled workers. Businesses are learning that social networking, used properly, can be an effective business tool. Having your employees involved in the community can enhance the company's reputation and bring in more business -- so long as it's done right. Thus many large firms, especially in the technology industry, are actually encouraging their employees to blog, tweet, and participate in forums and social sites on company time.
Even so, you still need to exert some control over how these sites are used. You can't just give employees free rein and hope they'll all exercise common sense. And you can't, in all fairness, blame them for violating rules that don't officially exist. You need a social networking policy that explicitly lays out what is and isn't permissible, both on the company's network and outside of it if they're presenting themselves as representatives of the company.
If you do decide to take the "easy" way out and just block social networking sites at the company firewall, remember that what employees are posting from home can still affect your company's reputation, so you still need a social networking policy. In this article, we'll provide some tips on what you should be sure to cover in your social networking policy.
1: A clear company philosophy
Before you can develop a policy, you need to define the company's overall attitude toward social networking. Is it something that you consider to be a strictly personal activity, which should be generally restricted -- like personal phone calls and visits from family members -- to the employee's break and lunch times? Or is the company interested in encouraging employees to use social networking for business purposes and incorporate it into their working time?
Some sites, such as MySpace, are primarily for personal socializing. Some, such as LinkedIn, are purely for business. But others, such as Facebook and Twitter, straddle the fence and are used by many for both purposes. You may want to allow or disallow use of specific sites during work time, but that's a challenge because new sites are always popping up and old sites are always evolving. For example, Facebook began as a venue for college students, but the demographics have changed. A recent study showed that the number of older Facebook users has grown tremendously over the past year, in comparison to the number of younger users:
2: The definition of "social networking"
It may seem obvious, but it's important that your policy define what is meant by "social networking" or "social media," since the term means different things to different people. Everyone knows Facebook is a social networking site, but what about Flickr (photo-sharing site), Indaba (musicians' collaboration site), or LiveJournal (blogging site)? Are Web forums, such as those hosted by many companies for their customers to ask questions, considered a form of social networking under your policy? What about "old-fashioned" online networking methods, such as email discussion lists and newsgroups? Or what about Digg, the "social news site" that allows people to share content?
You may want to name specific sites and technologies, but because new sites are always popping up, you should make it clear that the policies are not limited to the named sites.
3: Identifying oneself as an employee of the company
Your social networking policy should also make clear whether employees are allowed to identify themselves as representatives of the company. Most social networking sites have fields in the user profile for work experience, job title, etc. By identifying oneself as an employee of XYZ Inc., a social networker becomes, to some extent, a representative of that company, and everything he/she posts has the potential to reflect on the company and its image. Unless the employee is engaging in social networking for the specific purpose of promoting the company, some organizations prohibit their employees from listing the company name on such sites. If employees are allowed to advertise their association with the company, your policy should impress upon them that they take on the responsibility for representing the company in a professional manner.
If social networking users identify themselves as employees of the company, your policies should require that any personal blogs and other personal posts contain disclaimers that make it clear that the opinions expressed are solely those of the author and do not represent the views of the company.
4: Recommending others
Some social sites provide for members to write recommendations or referrals for friends/associates. If an employee does this as a representative of the company, it may give the appearance that the company endorses the individual being recommended. That could create a liability situation if another company hires the recommended person on the basis of the recommendation. For that reason, some company policies prohibit employees from making such recommendations or referrals.
5: Referring to clients, customers, or partners
Your company's relationships with clients, customers and partners are valuable assets that can be damaged through a thoughtless comment. Even a positive reference could be picked up by a competitor and used to your company's disadvantage. Your social networking policy should make it clear that employees are not to reference any clients, customers, or partners without obtaining their express permission to do so.
6: Proprietary or confidential information
Even though you may have other policies that cover the dissemination of the company's proprietary or confidential information, trade secrets, etc., the social networking policy should reiterate those policies and provide specific examples as they relate to social networking sites. Because social networking communications are somewhat informal, it's easy for employees to develop "loose lips" - especially when they think they are discussing only among themselves.
Social networking sites have varying levels of security and as public sites, all are vulnerable to security breaches. Your policy should make it clear that proprietary information is not to be discussed or referred to on such sites, even in private messages between site members who have authorized access to the information. You may want to spell out examples of information that is considered to be off limits, such as the company's financial information, intellectual property, information about customers, and so forth.
7: Terms of Service
Most social networking sites require that users, when they sign up, agree to abide by a Terms of Service (ToS) document. Your policy should hold employees responsible for reading, knowing, and complying with the ToS of the sites they use. It should not contain rules that require employees to violate the common ToS stipulations. For example, most ToS agreements prohibit users from giving false names or other false information, so the company policy should not require users to use pseudonyms when signing up for social networking sites.
8: Copyright and other legal issues
Policies should require that employees at all times comply with the law in regard to copyright/plagiarism. Posting of someone else's work without permission is not allowed (other than short quotes that comply with the "fair use" exceptions). Other relevant laws include those related to libel and defamation of character. A good rule of thumb is the one our mothers taught us long ago: "If you don't have something good to say, don't say anything at all." Defamatory statements can lead to lawsuits against the author of the statement -- and if that is one of your employees, at the very least it can bring bad publicity for the company. A slander suit was filed against singer Courtney Love for posts she made on Twitter.
9: Productivity impact
Social networking sites can be good tools for developing business relationships, but they can also turn into big time-wasters. It's easy to set rules for purely personal use of the sites, but it's more difficult to draw the lines when it comes to business-related networking. As with the "six martini lunch," appropriate use often slips gradually into abuse without the employee even realizing it. That's why it's important to set guidelines and priorities. Your policies should make it clear that social networking activities are not to interfere with the employee's primary job responsibilities.
10: Disciplinary action
To have teeth, a policy must include consequences for violations. The policy should spell out that violation of the policy can result in disciplinary action, up to and including termination, and reference other company policies that lay out the appeals process and other relevant information.
Check out the new 10 Things newsletter!
Get the key facts on a wide range of technologies, techniques, strategies, and skills with the help of the concise need-to-know lists featured in TechRepublic's 10 Things newsletter, delivered every Friday. Automatically sign up today.
Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 additional books on subjects such as the Windows 2000 and Windows 2003 MCSE exams, CompTIA Security+ exam, and TruSecure's ICSA certification.