Acas uses cookies to ensure we give you the best experience and to make the site simpler. Find out more about cookies.

Website URL :

Social media and how to develop a policy

A research paper from the Institute of Employment Studies, commissioned by Acas, highlights the difficulties some employers have in setting standards of behaviour for employees' use of social media. It advises employers to take a "common sense stance" in regulating conduct and treat 'electronic behaviour' as it would 'non-electronic behaviour'.

Key points

  • Work out a policy: An employer should set out in writing what it regards as acceptable behaviour in the use of social media at work and what is unacceptable.

    It should also give clear guidelines for employees on what they can and cannot say about the organisation.
  • Draw a line between private and work lives: An employer should be clear throughout its policy in making a distinction between business and private use of social media. If it allows limited private use in the workplace, or in any way connected with the organisation, it should be clear what this actually means in practice.
  • Advantages: The benefits of a policy can include helping:
    • the employer to protect itself against liability for the actions of its workers; 
    • line managers to manage performance effectively.
  • Be ready to adapt: A policy can have many benefits, but an employer should make sure it is written in a way that can accommodate alterations so it keeps pace with the continuing evolution of social media.

Acas Senior Policy Advisor Adrian Wakeling talks about social media in the workplace.


What should the social media policy cover?

  • Network security: To avoid viruses, most organisations will have controls on the downloading of software. Technical security features, such as firewalls, will usually be managed by the IT department.
  • Acceptable behaviour and use of:
    • Internet and emails: If personal use is allowed, state the boundaries.
    • Smart phones and hand-held computers: Employers need to regularly review and update their policies to cover the new and evolving ways for accessing social media, and to reflect changing employee behaviour and attitudes about their use.
    • Social networking sites: Remind employees to regularly check the privacy settings on their social networking profiles, as they can change.

      Also, research has shown that the majority of employees would alter what they have written on their social networking profiles if they thought their employer could read them. To find out more, see Acas guide Social media, defamation, data protection and privacy.

      Further, an employer should cross-reference its social media policy to its bullying and harassment policy.
    • Blogging and tweeting: If an employee is representing the company online, set appropriate rules for what information they may disclose and the range of opinions they may express. Bring to their attention relevant legislation on copyright and public interest disclosure.
  • Data protection and monitoring: An employer should try to find alternatives to checking staff use of social media, if it can. It needs to justify the use of monitoring, showing that the benefits outweigh any possible adverse impact. An employer should consult with employee representatives or a recognised trade union.
  • Business objectives: As well as setting clear rules on behaviour, many employers are integrating the use of social media tools into their business strategy. Social networking can be used internally to encourage employee engagement with the organisation, and externally to help promote the organisation's brand and reputation.
  • Disciplinary procedures: An employer should try to apply the same standards of conduct in online matters as it would in offline issues.

    To help an organisation respond reasonably, the employer should consider the nature of the comments made and their likely impact on the organisation. It would help if the employer gives examples of what might be classed as 'defamation' and the penalties it would impose. Further, the employer should be clear in outlining what is regarded as confidential in the organisation.
  • The organisation's 'intellectual property': This is material which is the result of creativity in the organisation - for example, the company logo and brands, a song, copyrights, an invention, patents, designs etc.. The employer should clearly outline what constitutes its intellectual property.

How to communicate your social media policy

  • Consult: An employer should talk with employees in determining what will be in the policy. This will help ensure it is fair, and seen to be fair. It will also help make it relevant to the organisation's needs. For example, if your employees handle sensitive and confidential information on members of the public, the policy will need to reflect this.
  • Use social media: A high proportion of employees do not know if their employer has a policy on internet use. Technology is evolving so quickly that many policies soon become out-of-date, so they need to be reviewed regularly. Social media channels can be an effective way for an employer to raise awareness of its policy and any changes.
  • When settling in new staff: A 2010 report by the website job board network the My Job Group found that 55% of employees questioned admitted to accessing social networking sites at work. An employer's induction programme is a good way to make clear to new starters the boundaries for use of the internet. Each organisation will have its own culture and standards of 'acceptable behaviour', but it is best to be clear about these from the beginning.

Legal considerations

  • The Human Rights Act 1998 gives a 'right to respect for private and family life, home and correspondence'. The provision is directly enforceable against public sector employers, and all courts must interpret other existing legislation in relation to the Human Rights Act. Case law suggests that employees have a reasonable expectation of privacy in the workplace.
  • The Regulation of Investigatory Powers Act 2000 covers the extent to which organisations can monitor or record communications at the point at which they enter or are being sent within the employer's telecommunications system. It applies to public and private communication networks. It gives the sender or recipient of a communication the right of action for damages against the employer for the unlawful interception of communications. There are two areas where monitoring is not unlawful:
    • Where the employer reasonably believes that the sender and intended recipient have consented to the interception;
    • Without consent, the employer may monitor in certain circumstances -for example, to prevent crime, protect the business or to comply with financial regulations.
  • The Data Protection Act 1988 covers how information about employees and job applicants can be collected, handled and used. The Information Commissioner's Office has published an employment practices code - Information Commissioner’s Office: Quick guide to the employment practices code [PDF, 168kb] - to help employers comply with the law.