With more than half of American adults participating in online networking, according to Forrester Research, it's time for companies to acknowledge that activity and implement a protective framework that will assist them in mitigating the risks related to employee productivity, confidentiality, brand representation, and company reputation.

For many, it's difficult to know where to begin, considering the unique nuances and still-evolving nature of the medium. Accordingly, we developed the following guide, which draws best-practices from trailblazers in this space—including Intel, IBM, Dell, and Best Buy—and highlights the key concerns that every company should address.

Step 1: Make Your Introductions

Start with the takeaway (i.e., what readers stand to learn from the policy) and then touch on what you intend to achieve through its implementation and clarify all the who's, what's, and why's.

The company philosophy. Help employees and others understand the company's attitude and approach to social media. For example, IBM's policy indicates that its interest lies in learning from the open exchange of information and in contributing to the future of business and technology, as well as to public dialogue on societal issues.

Best Buy's Connected site, on the other hand, explains to its Twelpforce (employees who tweet: derived from "Twitter help force") that the connection is intended to empower customers to ask questions and quickly gather feedback on purchase considerations, product use, and customer support.

Definition of social media. Don't assume that everyone's interpretation of social media is the same. Although some users may recognize YouTube as a social network, others may view it as a video library. It's important, therefore, to specify the types of networks your policy embraces and whether those include wikis, branded community sites, Flickr, Digg, and Second Life, for example, in addition to blogs, Twitter, LinkedIn, Facebook, and MySpace.

Scope of coverage. Clarify who is allowed to participate, whether the policy applies to every person employed by the company (recommended) or a unique subset, and to what extent the policy pertains to personal blogging.

Step 2: Protect the Company's Interests

Although a recent study by Deloitte found that 74% of employed Americans understand how easily a brand's reputation can be damaged via social media, it also found that only approximately one-third of those surveyed ever consider their employers, co-workers, or clients when posting material online, perhaps due to the informal feel of social media.

To safeguard your organization from that type of activity—as well as from unnecessary lawsuits, slander, and security breaches—your policy should spell out what employees need to avoid.

Confidential and proprietary information. Because all sites are vulnerable to hackers, it is crucial to forbid the discussion of confidential or proprietary information, even in private messages hosted by a social-networking platform. This approach should encompass comments or posts pertaining to the following:

  • Nonpublic or unreleased financial, operational, or business-performance data
  • Litigation and other legal matters
  • Company strategies and forecasts
  • Product or campaign benchmarks
  • Unreleased advertising
  • Brand and trade secrets
  • Proprietary research findings
  • Internal processes and methodologies
  • Circulating rumors
  • Colleagues' and clients' personal information

Prompt employees to ask permission or consult a legal representative or manager if there is any question of suitability.

Conflicts of interest. Prohibit employees from identifying, referencing, discussing, or citing business partners, clients, or vendors—even in a positive light—without those parties' explicit permission; otherwise, you risk damaging those relationships.

You might also note that photos featuring clients, partners, and vendors, or private casual conversations that take place on a blog or social platform, should be treated with the same level of respect.

If you're looking to offer some latitude, however, IBM's policy can serve as an example: "It is acceptable to discuss general details about kinds of projects and to use non-identifying pseudonyms for a client (e.g., Client 123) so long as the information provided does not make it easy for someone to identify the client or violate any non-disclosure or intellectual property agreements that may be in place."

Competitor defamation. Although relationships may not be on the line, comments about competitors should also make the watch list so that you can avoid stirring trouble or being sued for libel.

Intel's policy makes it clear: "If you want to write about the competition, make sure you know what you are talking about and that you have the appropriate permission."

Others' copyrights and trademarks. Remind employees that copyright and fair-use laws must be abided; that proper credit should be given to all rightful owners; and that plagiarism, even as part of a passing comment, is illegal. This rule should apply not only to copyrighted publications but also to any logos featured; photos, videos, or audio files shared, etc.

IBM's policy even suggests researching others who are blogging or publishing on the topic and citing them as a precaution. It further states, "You should never quote more than short excerpts of someone else's work. And it is good general blogging practice to link to others' work. Keep in mind that laws will be different depending on where you live and work."

Political correctness. Obscenities, personal insults, ethnic slurs, and other language that might be perceived as inflammatory, discriminatory, objectionable, or alienating should be expressly prohibited. Religious and political statements should also be avoided.

Inclusion of other policies. Reiterate your current company policies—such as those regarding codes of conduct, ethics, discrimination, and harassment—and expound how they apply to social media.

Statement of responsibility. Make it clear that employees are to respectfully represent the company, adhere to the terms and conditions of any third-party sites, and take full responsibility for their communications, both on and off company time.

Encourage users, even when they engage independently of the company, to use their best judgment, to exercise common sense, and to explicitly state that their views do not necessarily represent those of the company. To ensure that this concern is properly communicated, develop a standard disclaimer for use by all employees and publish it within the policy.

Coming clean. Instruct employees on the actions to take when a mistake is made or inappropriate material is posted. Directions should include making the correction in a timely fashion, being upfront with others about the mistake, and never altering a previous post without divulging that the change was made.

Step 3: Advise on Proper Procedure

Next, lay out a framework of acceptable behavior for all users.

Online representation. Explain how employees should identify themselves when engaging in social media, and specifically state whether it is acceptable to use pseudonyms or to interact anonymously.

Many companies, in an effort to instill trust, require their users to disclose their real names and titles. Dell further encourages its users to use "@dell" (e.g., Lionel@dell) in their Twitter handles to avoid any ambiguity.

You might also consider whether to advise employees on acceptable avatars and other profile graphics if you're concerned about brand consistency or public perception.

Authenticity and transparency. Beyond having users disclose their full name and title, urge them to be clear about their roles and their understanding or involvement in the topic of discussion.

Intel, for example, tells its users to "write what you know" and "post about your areas of expertise" but to also clearly state when they are speaking from the view of an end user, rather than an expert, on a topic. It also insists that users point out if they have a vested interest in the subject.

Further counsel users to speak in the first person, to be themselves, and to use their own voice, since social networks don't typically respond well to corporate-speak.

Community citizenry and customer interaction. Inform employees of the community conventions you expect them to follow, such as striving for interactive engagements with other users and adding value to those conversations, whether by improving knowledge, solving problems, provoking thought, supporting the community, or entertaining the masses.

Similarly, urge users to create an environment where customers and others are comfortable interacting and sharing their thoughts, requests, or grievances.

Also direct employees to never ask for personal customer information via these outlets, even through private messaging; instead, provide guidelines for moving the conversation offline or to email.

Response to conflicting opinions. Counsel users to respect others' opinions and not get caught up in criticism and barb. Explain that it is alright to politely point out the facts if they are being misconstrued by another user; however, as representatives of the organization, they should not ignite or inflame such conflicts.

Step 4: Establish Parameters

For all its virtues, social media also has the potential to disrupt employee productivity, so be sure to address how much participation is appropriate, along with how you plan to monitor and manage that activity.

Expectations around participation and job performance. Detail whether and when employees are allowed to use social media during work hours, including while on personal breaks, and whether prior permissions are required. Also clarify to what extent that participation is allowed to take away from employees' core responsibilities or if it is to be systematically integrated into their everyday roles.

Monitoring. Make employees aware that you have the right to monitor their online activities, and describe the extent to which you plan to do so.

Disciplinary action. Also explain the consequences for violating policy; or, at the very least, indicate that such violations can result in disciplinary action, including the possibility of termination or involvement in a civil lawsuit.

Step 5: Allow for Evolution

Social media is by no means a static channel; it continues to transform, advance, and multiply. So, although you'll want to be as specific as possible in some of the above inclusions, also be careful to not limit your policy strictly to today's technologies and usage. Instead, pad it for flexibility, or implement a process for regular updates so that tomorrow's new arrival doesn't come back to haunt you.

Once you've developed a policy on social media, it's important to track the success of your campaigns. Check out our new case study collection, Social Media ROI Success Stories, to learn how to monitor and measure your social media and PR efforts.

Enter your email address to continue reading

A Corporate Field Guide to Social-Media Policy Development

Don't worry...it's free!

Already a member? Sign in now.

Sign in with your preferred account, below.

Did you like this article?
Know someone who would enjoy it too? Share with your friends, free of charge, no sign up required! Simply share this link, and they will get instant access…
  • Copy Link

  • Email

  • Twitter

  • Facebook

  • Pinterest

  • Linkedin


ABOUT THE AUTHOR

Kimberly Smith is a freelance writer. Reach her via dtkgsmith@gmail.com.

LinkedIn: Kim Smith