As the use of social media – including Twitter, LinkedIn, and Facebook – grows, organisations are becoming increasingly aware of the potential risks posed by the use of such sites.

With companies’ reputations and corporate secrets potentially put at risk by thoughtless tweets or other postings by employees, businesses are putting in place policies setting out recommendations for how staff use social media – whether they should identify themselves as working for that organisation, for example, and what subjects should not be discussed.

But it shouldn’t be the role of the CIO to set such policies,’s exclusive CIO Jury has ruled.

When asked “Should the CIO have responsibility for setting an organisation’s social media policy?” the jury voted ‘no’ by a margin of eight to four, with many of the CIOs arguing that it must be shared with marketing directors and HR.

Alastair Behenna, CIO at Harvey Nash, said that although the CIO can outline the risks in terms of security and potential productivity drain, the ownership of the benefits and defining best practice should be driven by the management team as a whole.

Alan Bawden, IT and operations director at the JM Group, concurred, saying that while the ability to control who has access to which social media platforms rests with IT, the IT, HR and the marketing departments should work together to decide what the overall policy should be “to ensure that the best solution for the business is provided”.

Steve Clarke, systems and operations director at The TalkTalk Group, said the acceptable use policy for technology should be agreed jointly with those with most “skin in the game” – HR and IT.

“Compliance teams may also want to be involved and since social media means brand exposure whether positive or negative – marketing will probably want to be involved as well. CIOs cannot unilaterally make these decisions,” he said.


Should the CIO have an eye on your Twitter stream?
(Photo credit: respires via under the following Creative Commons licence)

Nicholas Bellenberg, IT director at Hachette Filipacchi, added HR and marketing departments should have a strong view on any social media policy: “CIOs should be making sure that their colleagues own this issue along with policies on staff appearances on or in any other media. And the enforcement should be down to local managers to ensure that their staff understand their responsibilities.”

According to Mike Tonkiss, IT director at Neopost, a company’s CEO should be responsible for setting social media policy, weighing up factors such as the marketing potential against the reputational risk associated with social networking.

“The role of the CIO should be to assist the CEO with the impacts on the business,” he said.

However, some CIOs believe heads of IT should have a major role in setting social media policy.

Graham Benson, IT director at M and M Direct, said: “Whilst the marketing team should be consulted – as it is a customer contact channel after all – the CIO is the custodian of IT security and the performance/use of the IT architecture.”

Mike Roberts, IT director at The London Clinic, warned: “Social media represents a critical risk to corporate security. If an organisation needs to use this type of service, they need to be very careful about who can see sensitive data so it does not subsequently appear on the internet!”

Gavin Whatrup, group IT director at Creston, added: “Any CIO worthy of the title should certainly be involved in the process of policy setting, both substantively and procedurally, but as part of an executive team that can represent all parts of the business.”

Today’s CIO Jury was:

  • Alan Bawden, IT and operations director, the JM Group
  • Alastair Behenna, CIO, Harvey Nash
  • Nicholas Bellenberg, IT director, Hachette Filipacchi
  • Graham Benson, IT director, M and M Direct
  • Steve Clarke, systems and operations director, The TalkTalk Group
  • Madhushan Gokool, IT manager, Storm Model Management
  • John Keeling, CIO, John Lewis
  • Jacques René, CIO, Ascend
  • Richard Storey, head of IT, Guy’s and St Thomas’ NHS Foundation Trust
  • Mike Roberts, IT director, The London Clinic
  • Mike Tonkiss, IT director, Neopost
  • Gavin Whatrup, group IT director, Creston

Want to be part of’s CIO Jury and have your say on the hot issues for IT departments? If you are a CIO, CTO, IT director or equivalent at a large or small company in the private or public sector and you want to join’s CIO Jury pool, or you know an IT chief who should, then drop us a line at