Instead of cracking down on staff using Twitter and Facebook at work, firms will soon be exploiting social networking’s business potential and drafting policies to control its use. Andrew Donoghue reports.

The days of companies being able to dismiss social networking as a consumer issue are numbered. That’s the outlook from analyst companies including Gartner group, which predicts by 2014 social media will replace email in about 20 per cent of businesses.

Rather than trying to stamp out social media use, companies may actually look to build their own social networking platforms, or at least take greater advantage of existing sites such as Facebook and Twitter.

In a recent research note, Gartner vice president Matt Cain said the rigid distinction between email and social networks will erode. “Email will take on many social attributes, such as contact brokering, while social networks will develop richer email capabilities,” he wrote.

Given this outlook, it appears those companies that have dodged making explicit decisions about social network use will soon have to face up to the issue. According to anecdotal evidence from IT consultancy Accenture and technology-specialist law firm Morrison & Foerster, about 50 per cent of companies have a social media policy in place. The rest have some catching up to do.

Most companies will already have policies in place to govern staff use of technology such as email and the web generally. They will also probably have codes of conduct for behaviour both within the company and with external partners and clients. But social media sites have the ability to cross the boundary between what is traditionally deemed business activity and an employee’s personal life.

This blurring of lines creates challenges not only for developing a policy but for which department should be charged with managing it. Is social media use an issue for IT or HR exclusively, or does the new medium cross departmental lines? asked several experts for their perspectives on whether social media policies are really necessary and, if so, how to go about developing them.

social networking at work, it can work for your business

Don’t fear social networking – make it work for your business
(Photo credit: Shutterstock)

To block or to trust?
The biggest question when it comes to explicit rules on issues such as social networking is one of trust. Especially in smaller companies, management may argue that employees don’t need detailed rules on every questionable activity or to be actively prevented from accessing certain sites.

But Gary Curtis, chief technology strategist at consultants Accenture, argues that while a light touch may be appropriate in some circumstances, clear guidelines and even blocking software are important to protect the company and employees alike.

“Having been in that discussion with other CIOs around the world, I have come to the belief that as a senior manager you have to protect the interests of the whole,” he says. “There is content on the web that is hugely inappropriate in any enterprise company and it is not possible in any large corporation to trust that everyone will have the same level of discretion.”

According to the 2010 Information Security Breaches Survey from PricewaterhouseCoopers, nearly half of large organisations now restrict staff access to the internet, while less than a third did so in 2008. So although it seems more companies may be relying on social media for business use, such as recruitment and collaboration, they are doing so in a prescriptive way.

Sanctioned business use is being encouraged, while personal access is being controlled by policies and even blocking software. “Organisations are one and a half times as likely to monitor postings to social networking sites if social networking is considered very important to their business”, PricewaterhouseCoopers reports.

Whose problem is it?
Accepting that your company needs a social media policy is an important step. The next one is deciding whose job it is to develop the guidelines. Traditionally, issues that deal with staff behaviour and conduct are dealt with by HR. But social media is also a tech issue so it makes sense for the IT department to be involved.

Experts agree that most companies are going to have to involve…

…a group of stakeholders in drafting a policy and, more importantly, in enforcing it. “I think it is cross-departmental because it is not just a pure HR issue,” says Ann Bevitt, head of employment at lawyers Morrison & Foerster.

“You have got to understand how your systems are set up and whether what you are suggesting reflects the technical reality,” she says, adding there should be legal input on any policy that seeks to control employee behaviour.

What to leave in, what to leave out
Having pulled together the best minds in the company – and perhaps an external consultant or two – the next step is to draft the policy. Companies may be tempted to think that existing rules on issues such as staff conduct or web use may cover most of the bases.

But according to Bevitt, it makes sense to have explicit rules in place for emerging issues such as social media. “I think when something is new it is useful to really draw attention to it rather than just amending an IT or tech use policy,” she says.

Issues to consider include external risks such as defamation and interfering with client relationships, if remarks are made about a customer or partner, for example. There are also internal risks to consider.

social networking at work, it can work for your business

Putting together a policy should be a joint project between HR and IT
(Photo credit: Shutterstock)

“Companies need to be aware of issues such as vicarious liability in the case of employee-to employee-harassment, victimisation or discrimination,” Bevitt says. There are also risks to confidential information and trade secrets to consider, which could occur accidentally or on purpose.

Accountability all the way
Being explicit about what employees can and cannot do on social networks is important but it’s also important not to be too prescriptive, experts argue.

The secret to drafting guidelines of this type successfully is to encourage users to accept responsibility for their own behaviour, according to the president of recruitment site CareerBuilder, Farhan Yasin.

“The first issue is accountability. You write it, you own it. Employees are essentially acting as online spokespeople for the company. If they’re talking about the company or about their work at the company, they need to clearly identify themselves and adhere to company policies,” he says.

Education, education, education
While many staff will have used at least one social media application, others may have no experience of the technology. It might sound counter-intuitive to provide training in a medium that you are trying to control but making sure all staff have a basic grasp of the leading social media tools is fundamental to laying down policies on use.

“The key to controlling social media is education,” says Rick Mans, social media evangelist for consultancy Capgemini. “Employers need to talk to employees about the technologies they are using, how they are using them and their impact on the working day. Not only will this communication increase trust but it might give those in charge new ideas about utilising these technologies to generate business.”

Policing the policy
With a policy in place, the issue of how to enforce it arises. For most staff the policy should be an explicit reminder of what sort of behaviour is expected by the company. But the question of how exactly to police such policies is more problematic.

“I think it’s acceptable to say to staff that if they see something that is in breach of this policy to report it,” says Morrison & Foerster’s Bevitt. “You have that in other areas of employment law. But as for taking action against someone for the failure to report – not the actual act but the failure to report it – would be difficult unless there was clear information available to you,” she adds.

But trawling around looking for evidence of social media offences could see management in breach of data protection laws, so any steps in this area have to be taken carefully.