As an employment law firm we are often asked to provide risk management advice to companies wanting to provide guidance to their employees on using social media. Something I've noticed is that the terms "guidelines" and "policies" are often used interchangeably and I think it's important to address the key differences as they are two very different sets of documents with clearly different purposes.
Both guidelines and policies are important to develop and you may often find that the guidelines come first as an organisation struggles to deal with the social media phenomenum and the need to keep up. Progressive companies that want to enable their employees to use social media, rather than taking the easy option of simply banning it, may quickly put together a set of guidelines to be used as a reference by engaged employees.
Guidelines are typically a one page document with a set of company "rules" or directions as to how social media is (and is not) to be used in relation to the work place. They may, for example, provide direction as to language, etiquette and how to respond to on-line complaints. The purpose of social media guidelines is simply to act as a quick reference tool for employees in doubt as to how to behave online. You can see some sample guidelines here.
A social media policy should be a far more comprehensive document and is the starting point for an organisations social media risk management. Whereas guidelines are a one page quick summary of a companies' expectations of behaviour on-line, the purpose of a policy is to provide detailed information about how a company is approaching social media.
A social media policy should, for example, outline in detail what is confidential information for the company, whereas social media guidelines may just say "don't post confidential information on-line".
The purpose of a social media policy is two-fold. Firstly it is a source document for educating employees on using social media in the particular work environment in which they are employed. Secondly, it is to protect the organisation from uninformed (and often unintended) misuse of social media to the detriment of the organisation.
When developing a social media policy, the following should be taken into consideration;
- Have you defined social media? You need to have a definition that is wide enough to cover social media platforms commonly used now, as well as any that might become used in the future.
- What is the purpose of your policy? What is the company's overall strategy with regards to social media and how do you envisage employees engaging in this space?
- If using social media as an overall company strategy, who is responsible for the implementation and mentoring/management of social media in your workplace?
- You need to be upfront and specific about what is an absolute no-no. What are the prohibited forms of communication?
- There need to be some guidelines about the setting up and general use of social media.
- Do you wish to monitor employee use of social media? Have you received legal advice about this and inserted the correct clauses into the policy regarding monitoring?
- The most important part: what are the appropriate use guidelines? This section needs to cover off on areas such as confidentiality, privacy, honesty and accuracy, competition, respect and fair use.
- What happens if an employee violates the policy?
- There needs to be a section where the employee signs the policy and indicates that they have understood the policy.
Ideally, an organisation would spend some time developing a customised social media policy that enables employees to engage on-line without the need for prior approval. This policy should then have guidelines as a cover page for quick reference. Don't forget that a policy is useless if employees are not trained on its' content.