Crafting an Effective Social Media Policy for Employees
July 8, 2021
A social media presence is essential in generating new growth for a business. Maintaining social media accounts will not only expand brand awareness and elevate your company’s status, but it provides an opportunity to directly engage with consumers, disclose information, and receive product feedback. For example, Amazon uses one dedicated Twitter account, or “handle,” for brand promotion, another handle dedicated to customer support, and a third Twitter handle for Amazon news.
Although a social media presence provides significant benefits, businesses must also prepare for the associated risks. Social media use by businesses can give rise to third-party liability and may implicate areas of data privacy law, employment law, labor law, and securities law for publicly traded companies. Allowing employees to use their personal social media accounts at work can also produce negative consequences such as a loss of productivity, inappropriate conduct shared among employees and potential disclosure of confidential or proprietary information.
To minimize these risks, businesses should adopt a social media policy which sets forth clear written rules regarding social media use, both internally and externally (personal social media accounts that identify an individual’s employer may implicate the employer in some fashion).
Social Media Policy Best Practices
A social media policy sets rules and guidance on how an organization and its employees should conduct themselves on internet platforms. A good social media policy will plainly describe the employer’s expectations surrounding social media use and provide a level of tolerance for personal use of social media by employees, provide guidance on business use of company accounts and put in place measures to ensure that the social media use complies with the law.
Personal Use Policies
The business’s policy on employee personal use of social media should clearly identify whether the company permits employees to access their social media accounts during work hours or on employer equipment. If the business permits personal use of social media, then it should set clear guidance on what type of content (i.e. vulgar, obscene, harassing, threatening, disparaging, chain letters, spam) will not be tolerated. Furthermore, it should let employees know if they should have expectation of privacy regarding messages and content shared or accessed on social media using employer equipment.
Business Use Policies
A company may require an employee to use social media to promote the company through marketing strategies, consumer engagement or recruitment efforts. The company’s social media policy should be designed to protect the employer’s assets and reputation, protect any third-party property or privacy and ensure that social media use complies with all applicable federal and state laws.
Protection of Assets Reputation: Set a policy that governs disclosure and misappropriation of the company’s confidential, proprietary and privileged information such as intellectual property. Emphasize the use of good judgment and remind employees that the social media posts reflect on the employer.
Compliance with the Law: Businesses should ensure that their social media policies do not run afoul of any applicable state or federal law. The policy should clearly state that nothing in the social media policy is intended to prevent employees from engaging in legally protected activities.
- Employee Rights: Avoid setting policies for retaliatory adverse employment actions against employees that engage in protected activity though the use of social media. Employers should consider the following legal frameworks that are applicable to their organization when developing disciplinary measures as part of their social media policy.
- National Labor Relations Act – Section 7 of the NLRA protects employees’ right to self-organize, unionize, collectively bargain, and participate in other mutual aid activities.
- Whistleblower Laws – Whistleblower laws, such as the Sarbanes Oxley Act, provide protections for whistleblowers at publicly traded companies.
- First Amendment – government employers should ensure that any disciplinary policies do not violate the free speech rights of their employees.
- State Privacy Laws – Additionally, the unauthorized use of a person’s name or image for commercial purposes may violate local privacy laws and even expose the company to criminal sanctions.
- Promotion Disclosures: The Federal Trade Commission Act requires the disclosure of an employees’ connection to an employer when advertising the employer’s products or services. Companies that use online endorsers or influencers to promote their products could face regulatory scrutiny if the endorser does not disclose the connection. Relevant connections between a company and an endorser that must be disclosed can include payments, free products and discounts given to the endorser.
- Securities Concerns for Publicly Traded Companies: Social media posts are subject to the same securities regulations as any other written communication from a publicly traded company. Extra care should be taken to ensure that social media posts and comments avoid disclosing regulated information under the Securities and Exchange Act such as:
- False Statements (Rule 10b-5)
- Disclosure of Non-Public Information (Regulation FD)
- Non-GAAP Financial Info (Regulation G)
Most importantly, there is no “one-size-fits-all” approach to a social media policy. Your policy should be tailored to the culture, needs and circumstances of your workplace. However you develop your social media policy, it should be plain and clear regarding the company’s expectations. The informality, speed and ease of social media makes it a great tool to grow your business, but it can also rapidly turn a bad situation into a disaster. A good social media policy will minimize those risks so your business can maximize the benefits.
If you have any questions about the information presented in this memo, please contact Jessica L. Copeland, any attorney in Bond’s Cybersecurity and Data Privacy practice or the Bond attorney with whom you are regularly in contact.