Social networking and how to develop a policy

A recent research paper from the Institute of Employment Studies, commissioned by Acas, highlights the difficulties some employers are having in setting standards of behaviour for the use of social networking tools. The report advises employers to take a "common sense stance" to regulating behaviour and to draw on "norms that might apply in non-virtual settings". In other words, treat 'electronic behaviour' as you would treat 'non-electronic behaviour'.

Policies will not necessarily have to be drawn up from scratch. For example, you may already have guidelines for the use of emails and the internet that can be expanded.

Be clear throughout your policy about drawing a distinction between business and private use of social media. If you allow limited private use be clear about what this actually means.

Why have a policy?

By having a written policy on 'the acceptable use of social networking' at work an organisation can:

help protect itself against liability for the actions of its workers.
give clear guidelines for employees on what they can and cannot say about the company.
help line managers to manage performance effectively.
help employees draw a line between their private and professional lives.
comply with the law on discrimination, data protection and protecting the health of employees.
set standards for good housekeeping - for example, for the use and storage of emails.
be clear about sensitive issues like monitoring and explain how disciplinary rules and sanctions will be applied.

Acas Senior Policy Advisor, Adrian Wakeling, talks about social media in the workplace

What should it cover?

Network security: to avoid viruses, most organisations will have controls on the downloading of software. Technical security features, such as firewalls, will usually be managed by the IT department.
Acceptable behaviour and use for:
- Internet and emails: what limits are there on personal use of internet and email?
- Smart phones: employers need to update their policies to cover new and evolving ways for accessing social networking tools and to reflect changing employee behaviour and attitudes.
- Social network sites: remind employees of privacy settings. Research has shown that the majority of employees would change what they have written on their social networking sites if they thought their employer could read them. Also cross reference to your bullying and harassment policy.
- Blogging and tweeting: if an employee is representing the company, set appropriate rules for what information they may disclose, the range of opinions they may express and reference relevant legislation on copyright and public interest disclosure.
Data protection and monitoring: Have you considered alternatives to monitoring and can you justify its use in terms of the negative impact it will have on your business? Make sure you consult thoroughly with your employees and their representatives.
Business objectives: As well as setting clear rules on behaviour, many employers are integrating the use of social media tools into their business strategy. Social networking can be used internally to promote levels of employee engagement and externally to help promote the organisational brand and reputation.
Disciplinary procedures: Try and apply the same standards in virtual and non-virtual settings. To help you respond reasonably, consider the nature of the comments made and their likely impact on the organisation. Provide examples of what might be classed as 'defamation' and the sanctions you will impose. Also, be clear about confidentiality and what constitutes intellectual property.

Who should be involved?

Consultation: consultation with staff on the policy will help to ensure the policy is fair. It will also help to make the policy relevant to your organisational needs - for example, if your employees handle sensitive, confidential information on members of the public your policy will have to reflect this.
Communication: a high proportion of employees don't know if their employer has a policy on internet use. Technology is evolving so quickly that many policies soon get out-of-date, so they need to be reviewed regularly. Social media channels can be a good channel for raising awareness of your policy.
HR induction: a report published in 2010 by My Job Group found that 55% of employees questioned admitted to accessing social networking sites at work. The research does not suggest that use of these sites is affecting productivity but your induction programme is a good way to set clear boundaries about the use of the internet. Each organisation will have its own culture and standards of 'acceptable behaviour' but it is best to be as clear as possible about these from the start.

What are the legal considerations?

Human Rights Act 1998 gives a 'right to respect for private and family life, home and correspondence'. The provision is directly enforceable against public sector employers, and all courts must now interpret existing legislation in relation to the Human Rights Act. Case law suggests that employees have a reasonable expectation of privacy in the workplace.
Regulation of Investigatory Powers Act 2000 covers the extent to which organisations can monitor or record communications at the point at which they enter or are being sent within the employer's telecommunications system, and applies to public and private communication networks. It gives the sender or recipient of a communication the right of action for damages against the employer for the unlawful interception of communications. There are two areas where monitoring is not unlawful. These are:
- where the employer reasonably believes that the sender and intended recipient have consented to the interception.
- without consent, the employer may monitor in certain circumstances, for example, to prevent crime, protect their business or to comply with financial regulations.
Data Protection Act 1988: the Information Commissioner is responsible for enforcement of the Data Protection Act and has published a code of practice to help employers comply with the provisions of the Act. The Employment Practices Codeclarifies the Act in relation to processing of individual data, and the basis for monitoring and retention of email communications.