How to create a social media policy to minimize risks to your organization

Kristen Werries Collier, Partner, Novack and Macey LLP

If your organization still doesn’t have a social media policy, it is time to create one.

“Every organization should have a social media policy that enables it to optimize the opportunities that interactive social media sites present while minimizing the attendant risks,” says Kristen Werries Collier, a partner with Novack and Macey LLP.

Smart Business spoke with Collier about those risks and how to develop a workable policy to minimize your exposure.

What are some of the risks associated with social media?

While social media’s open format and accessibility to the public makes it a vital platform for organizations to disseminate information, that attribute engenders certain risks, including: the disclosure of confidential or proprietary information; the broadcast of negative comments about your organization, co-workers, customers or clients; and the risk of employees’ personal views being improperly imputed to the organization’s detriment. Your social media policy should essentially be a primer of how to avoid these and other risks.

How can an organization begin to draft a social media policy?

You don’t need to start from scratch. Visit or — free databases of social media policies. Assimilate what you like from these policies and then continue to modify the directives to address your specific concerns. If your organization already has a code of conduct related to media, you can modify those directives to cover the use of social media.

One size doesn’t fit all. You need to tailor your policy to reflect your organization’s culture. Determine how strict your policy needs to be based on your needs and tolerance for risk. I don’t think it makes sense to bar your employees from accessing social media sites at work. Your organization depends on your employees’ professional judgment, and their use of social media sites should be governed by that judgment, guided by your social media policy.

Even if you block access to social media altogether, that does not obviate the need for a policy that informs employees of the repercussions of posting negative comments during nonwork hours that could damage the organization’s reputation or reveal confidential or propriety information.

Who should be involved in creating the policy?

Keep in mind that you are asking your employees to self-monitor their behavior in accordance with prescribed guidelines, which means that any policy’s effectiveness turns on whether your employees understand it and buy into it. Given that, you want to create an understandable policy that protects your organization from the pitfalls of social media sites without overreaching.

To get employee buy-in, recruit a cross-section of employees to help you create the policy. They can then be integral to communicating it, facilitating implementation, monitoring its effectiveness and tweaking it.

What are some general guidelines for creating an effective social media policy?

1. Keep it short.

2. Define social media so it is clear what the policy is addressing.

3. Start on a positive note and highlight how your organization uses social media sites to its advantage so it is clear the policy is intended to empower and educate.

4. Declare that the purpose of the policy is to protect the organization.

5. State that the policy is not intended to infringe on employees’ personal interaction online but to ensure their posts do not reflect poorly on the organization, its employees or clients, and do not reveal confidential or proprietary information.

6. Encourage employees to use common sense.

7. Be specific. Provide an organization-specific list of the types of information that cannot be disclosed and note that if it seems confidential, it probably is.

8. Remind employees that if they identify the organization as their employer in online profiles, comments posted there could be imputed to the organization.

9. Direct employees to refrain from posting comments that could be interpreted as harassing, slurs, disparaging, demeaning or inflammatory.

10. Explain why certain conduct is prohibited.

11. Remind employees that their online presence is subject to applicable laws and terms of service.

12. Inform employees that you will monitor their social media presence, and then do it.

13. Tell employees the use of social media at work is a privilege, one that can be rescinded if abused.

14. Spell out the repercussions for violating the policy.

15. Have employees sign the policy.

16. Have a plan to minimize damage if the policy is violated.

How should an organization implement the plan?

Communicating the policy is as important as writing it. With that in mind, designate someone to convey a clear message about why the policy is necessary and that employees are expected to follow it. It would be a shame to invest significant time and effort into drafting the policy and then have it sit unread in your employees’ inboxes.

Also have a point person to answer questions because employees can’t abide by the policy if they don’t fully understand it.

How often should the policy be reviewed?

It should be reviewed at least annually, allowing you to work out the kinks by refining what works and eliminating what doesn’t. After you have a policy that has proven to be workable and effective over time, you can revisit it when the need arises, or at least every couple of years.

Kristen Werries Collier is a partner with Novack and Macey LLP. Reach her at [email protected]