Social Media Policy Questions

I’ve been doing a lot of work in the area of social media policy development. The same questions keep surfacing in my conversations with executives at different industry associations.  Although, we see many of the two-page social media policies that are public facing, many executives are inquiring about their employees and what they need to know regarding social media participation, beyond the obvious “Rules of Engagement.”

Whether you have one social media policy for all to see, or you separate your guidelines into a policy that is employee related and the other becomes outward or public-facing, here are several questions/considerations that must be discussed with different officers and departments in your organization.

Employee Access:

Many companies have an open access policy to social media and different websites.  However, for those that don’t, are there any sites that are currently off limits and/or have limited use within your organization?  If so, these sites need to be discussed in a policy.  Also, what is the process/protocol for employee access to social media?  Can an employee just set up a social profile or account on behalf of your brand (whether the employee just wants to create a social media initiative or is asked by a supervisor or leader within the company to participate)?

Employee Conduct:

Although I’ve seen many policies with the best practices for the Rules of Engagement including:  know who you want to reach, write what you know,  contribute to your community, avoid starting fires, etc.  However, other areas of conduct relate to how employees are supposed to identify themselves.  What type of disclaimers does the organization require employees to make with respect to their own opinions and views when they blog and post comments?  What is your policy on the personal use of social media? How do you advise employees on using brand style guidelines when setting up profiles and creating content on behalf of the organization (to keep the brand in tact)?  How do you advise employees with respect to customer privacy and/or patient information if you are in the health care industry?

Account Management:

Setting up accounts, when only a few people in an organization are participating, is easy to manage.  But what happens when there are hundreds of employees who want to set up accounts? Do you have a process in place for creating profiles and social networking accounts?  Is there one department or officer (i.e., a Public Information Officer) who manages the accounts?  Is this person working in conjunction with HR, so that there is a central database of domain names and user names and passwords? What is the process when employees leave a company and they are in charge of a social networking site or account(s)?  Who is in responsible for changing a site’s user name and password upon an employee’s departure?

Legal Issues:

Although social media is all about open conversations and transparency, it’s critical to impress upon employees what they are allowed to discuss and what is considered proprietary to the organization and/or its stakeholders.  Employees also have to understand that there are Public Record Laws that may apply and/or policies relating to privacy laws (i.e., HIPAA and FERPA).  Should your policy cover how you have the irrevocable right to use, reproduce, republish and edit any information that is posted on your social networking sites? When do you have the right to remove content or information that is posted?  What is your policy on trademarked or copyright information?

IT Issues:

There are several questions that you will need to answer that relate to IT participation in your social media policy development.  For example, how will IT continually work to mitigate network system risk and how will they institute any necessary controls? In addition, will IT monitor the transmittal of any unsolicited or unauthorized advertising,  promotional materials, junk mail or spam? What about the possibility of the transmission of any material that contains software viruses, worms or any disabling code that can interrupt and quite possibly damage the functionality of a computer software or hardware or telecommunications equipment?

These are only a few areas and a handful of questions.  There are many more to discuss and each organization will handle the answers to these questions differently.  I wish there was a “one policy to fit all,” approach, but I don’t think that would really protect our brands or the stakeholders in our communities. What do you think?  Do you ever look at those two-page social media policies and wonder if there should be more represented to help employees participate the right way?