You can’t control what employees do away from work on their own time and using their own equipment but companies do have a right to control their brand and that includes how they are represented by their employees on social media sites. For that reason, every organization should develop, implement and enforce a corporate-wide social media policy for all employees (because if you don’t enforce it, then do you really have a policy?).

Gary MacFadden was kind enough to pose a great question in response to my last blog posting titled “Did you hear the one about the Attorney who thought social media was a dating website for singles over 40?”. Gary pointed out that it would be helpful if I could give examples of a corporate social media policy (what it involved) and what the employee education process would be to make employees aware of the policy. With that in mind, here are some aspects of a corporate social media policy:

1. A policy author with contact information in case employees have questions
2. An effective date
3. A definition of what social media is
4. A description as to why this policy is being developed (for legal defense, brand protection etc)
5. A description of  what social media sites the company officially participates in
6. A listing of those employees approved to participate on those sites
1. The fact that any and all approved social media participations will be done only from corporate infrastructure (this is to protect approved employees from discovery of their personal computers)
2. A description of topics approved to be used
3. A description of those topics not approved to be used
4. A description of any approval authority process
5. A description of what will happen to the employee if they don’t follow the approved process
7. A direct statement that unapproved employees that make derogatory remarks about the organization, publish identifying information about clients, employees, or organization financials, talk about organization business or strategy etc. in any social media venue will be punished in the following manner…
8. A description of how these policies will be audited and enforced

Once the policy is developed, it needs to be communicated to all employees and updated by legal representative on an annual basis. This education process could include steps like:

1. A regularly updated company intranet site explaining the policy.
2. A description and discussion of the policy in new employee orientation activities.
3. A printed description of the policy which the employee signs and returns to the organization.
4. An annual revisiting of the policy in department meetings.
5. The publishing of an organization “hot line” to your corporate legal department for real-time questions.

On a related topic, for legal reasons you should be archiving all approved social media participations much like many companies now archive their email and instant message content.

This practice will seem rather draconian to many employees but in reality the organization needs to protect the brand and always have a proactive strategy for potential litigation.

A sampling of various organizations social media policies can be found here. I was particularly impressed with Dell’s.

From a previous blog post titled ”Beware: your facebook posts could end up in court”

Social networking posters beware…your Facebook and other social media accounts may be seen by more than just your friends; in fact, what you post and tweet could become court evidence.

But many of us don’t consider these implications when tweeting and posting. Current employers, potential employers and, yes, even attorneys review social networking sites for information on workers, job candidates and litigants.

Individuals as well as organizations need to carefully consider what they post to these sites. In the personal injury case of McMillen v. Hummingbird Speedway, Inc., No. 113-2010 CD (C.P. Jefferson, Sept. 9, 2010), Hummingbird Speedway, Inc. sought access to plaintiff’s social network accounts, requesting an eDiscovery production of his usernames, log-ins and passwords.

The olaintiff objected, arguing that the information on those sites was confidential.  Upon defendants’ Motion to Compel, the court found the requested information was not confidential or subject to the protection of any evidentiary privilege and ordered its production to defendants’ attorneys within 15 days. Additionally, the court ordered that plaintiff should not take steps to delete or alter the existing information on his social network accounts. The court said:

Specifically addressing the expectation of privacy with regard to Facebook and MySpace, the court found that any such expectation “would be unrealistic.”  The court then analyzed the relevant policies of the two sites, and concluded as to both that, “[w]hen a user communicates through Facebook or MySpace, however, he or she understands and tacitly submits to the possibility that a third-party recipient, i.e., one or more site operators, will also be receiving his or her messages and may further disclose them if the operator deems disclosure to be appropriate.”  Accordingly, the court determined that defendant could not successfully assert that his accounts were confidential.  In so holding, the court also noted the possibility that communications could be disclosed by friends of the account holder with whom the communications were shared.

Organizations need to establish and enforce employee social media policies to lower their risk and better protect their brand.