HR Headaches: Should My Company Have a Social Media Policy?

A social media policy for employees is an essential tool for a business to protect its staff, brand, and reputation in the marketplace. It prohibits sharing proprietary, confidential, and personnel information online — reminding employees that coworkers and the organization have a right to privacy. A policy should also clearly delineate what is acceptable on company-sponsored media pages and what is not. It should suggest, as well, what is appropriate representation of the company on an employee’s personal media pages.

Scores of organizations have endured the scrutiny of social and professional media posts that place companies in a bad light; some are unable to weather the outrage storm that ensues. While it’s important to recognize employees’ right to free speech, it’s also critical to remind them they represent the organization when online. Their posts can have an impact far beyond what was intended.

What to include in your policy

A social media policy should outline what you allow and prohibit with regard to business media outlets as well as recommendations for personal media posts. Break down your policy into several parts: company-owned or sponsored media, personal media accounts, overall security, and employee monitoring.

In-house accounts

For the company’s own pages, you should clearly define rules with regard to:

• Who can make posts
• What approvals, if any, are necessary for posts
• When posts are made and with whom they are shared

Authorized posters

For public posts, guidance should be clear and specific with regard to chain of authority. A marketing team, for example, you may need to receive approval from management or legal before publicizing a post. Research and development may need similar approval to discuss innovations or discoveries. The need to publicize cannot override the need to protect. Few employees alone should have the authority to post on an in-house account without some form of oversight or chain of command before they hit “send.” Even the president of the company should ask someone to review their post, if only to catch a potential typo before it goes online.

The need to publicize cannot override the need to protect. Few employees alone should have the authority to post on an in-house account without some form of oversight or chain of command before they hit “send.”

Confidential information

For private business posts, to shareholders only for example, similar rules should apply. Again, assume anything in the cybersphere can go viral. Information you share on your Board’s private page may not be for public consumption. A better route may be direct emails for sensitive data. Whoever is posting information online in this scenario should adhere to a chain of approvals before making it public.

Online responses

Responding to negative posts is another area experts — who understand the thin line between responsible answers and starting a Twitter war — should handle. Loyal employees may want to quickly reply to negative or disparaging comments about the company or its employees, but these can turn into online verbal wars that escalate the situation. Remind employees to let subject matter experts respond to negative posts. While you appreciate their loyalty, they’re not paid or required to join the fray. Ask them to immediately notify the company’s online representatives of any posts that warrant a response, and let the experts handle it.

Employee accounts

Here are some rules you should consider establishing for employee accounts.

Protecting your brand

A social media policy should remind employees they are the face of your organization to the public. Their conduct online should be a reflection of their values and the values your company promotes. For security reasons, personal and professional media accounts should be separate and not link to one another.

Even posts without text can be problematic. Wearing branded clothing of any kind increases risk. You should ask employees not to wear company-branded attire on their personal pages, with only a few exceptions. If they’re posting about a company picnic or volunteer event, company clothing may be allowed. For all other posts, discourage attire that has visible company images or names. They have every right to party until they do something so embarrassing that their friends can’t resist posting an image online. Just ask that they do so in street clothing and not the company uniform.

A part-time seasonal employee at a suburban zoo received national attention and backlash after posting a rant about customers to her personal Facebook page. If she had been wearing street clothes, her post would probably have been ignored. But, wearing the company uniform, her complaint quickly went viral, triggering her termination and a host of negative press. Even on personal social media pages, that employees only share with “friends,” the chances of a post leaking is almost certain. For employees wearing branded clothing, the backlash can immediately be felt by the organization.

Conduct unbecoming

Your policy should underscore that online, employees represent the company and its values: there can be no tolerance for harassment, prejudice, or hatred.

Even employees who err in public, not in uniform, can affect the organization. Your policy should underscore that online, employees represent the company and its values: there can be no tolerance for harassment, prejudice, or hatred.

While they have the right to freedom of expression, there is the possibility their posts could negatively impact the company and their continued employment. A best practice is to think carefully before you post. Would you want your colleagues, boss, or family members to see the image or read the text? If it’s questionable, it might be better for in-person communications, rather than online.

Beyond what you post, a new trend that can affect organizations are posts by others. Recently, a biotech CEO had a run-in with a group of prom celebrants who posted a video of his behavior online. He was quickly doxxed and then terminated by the company he founded — by his own Board of Directors. In today’s environment, it’s important to remind employees to assume whatever they do in public, or whatever they post that they believe is private, has the potential to go viral.

Security

Critical to any social media policy is the focus on security. These situations can post a potential threat to the business or colleagues:

• Posting proprietary information
• Sharing images of internal locations that are not accessible to the public
• Sharing images of security personnel or coworkers

You should prohibit employees from posting any such material without the consent of the organization and any affected employees.

Security extends to who can post online. Consider requiring designated representatives who post to an organization’s media accounts to enact extra protocols to ensure the security of all devices they use to go online. If personal phones allow access, secure screen locks and dual password authentication must be enabled and verifiable. The prospect of an employee’s lost phone opening the floodgates to a company’s online accounts could be disastrous. For those who are designated to represent the company, online security is critical.

Post monitoring

Another integral part of your social media policy must be a reminder (and fair warning) for employees that the company may be monitoring their personal and professional media. It’s estimated that more than half of companies monitor their employee’s online presence, and over 70% view social media before extending a job offer. Entire industries are being built around pre and post-employment social media monitoring. Employers are looking for harassment, discrimination, and bullying among internal relationships as well as to others.

In today’s volatile media climate, no employee should be surprised by a social media policy in their organization. A straightforward policy should outline what you expect from staff members online and what they can expect from you. Your policy should notify employees their presence could be viewed as a reflection of the organization, and you must take all necessary steps to protect your brand, your business, and your employees.