The days of anything goes within the social media space are gone. Regulation and legislation now have a profound influence on your company’s social media policy

In the 1990s and early part of this century a few things happened: First the Internet arrived. It feels a long time ago but it’s a very recent thing. Then almost immediately people started making wrong assumptions: that if for instance a photograph appeared on the Internet, it was free to use on any other website. Even professional newspapers were guilty of this and found themselves in court for copyright and intellectual property infringement.

To an extent this still goes on but most participants have adjusted to the central truth: this is the Internet rather than the Wild West and you can’t simply help yourself. Until, that is, you end up in social media in which case a number of liberties are still taken – until a corporate takes some control.

Take the company making satellite navigation systems whose research and development personnel were tweeting about future product developments and how great the next generation of products were going to be – very much before the company was ready to release them. This needed some sort of policy statement to mitigate trade secrets being lost.

There are other less well-intentioned examples, and even as this article was being written a high profile case in which an employee complained about being fired because he was actively looking for further employment through LinkedIn went against him. The employer argued, successfully, that he was criticizing the company in public.


The way to avoid these issues is to develop a policy and share it with employees so that they understand the implications if it is breached. A good first step is to ensure that they understand the old rules count just as much in cyberspace as in the real world – so if they betray a commercial confidence online, then it’s as serious as if it is done in the pub.

Ideally the policy should be evolved before such a breach. John Whiting, head of online solutions for professional services company Deloitte, explains the first thing his organization did was to get all possible stakeholders involved. “Deloitte formed its social media policy following consultation with a range of departments across the firm, including Marketing, PR, the online team and Risk,” he says. The idea was “to ensure the firm balances the benefits of the innovation, opportunities and flexibility that social media offers while, at the same time, protecting [the company] from potential risks, including protecting client confidentiality and guarding against reputational damage. Deloitte’s policy has evolved as we have observed usage, alongside other Deloitte member firms’ experiences as our confidence in the medium grows.”

The benefits can be considerable, particularly when social media structures are put in place internally: “One example of Deloitte’s successful use of social media is Yammer, the internal social networking site,” continues White. “Deloitte’s use has grown organically to involve 5,000 of Deloitte’s people, who actively speak to each other on the site about projects, issues and challenges they are facing. It is also used to conduct internal research, request information and share relevant news stories.” However there is another caveat: keep telling people about the risks. “Deloitte has put in place the relevant safeguards and regular educational updates in order to remind members of the rules in place to protect client confidentiality.”


International digital security specialist Gemalto has better reason to be aware of implications of staff talking out of turn and internal confidentialities than most – not because of any bad experience but because of its security remit. The man responsible, Tim Cawsey, head of branding and public relations, explains that there were wider issues. “We spent some time coming up with internal policies for social media use as part of a wider social media strategy we created at the end of 2010,” he says. “Social media access has been allowed within the company for a few years now. As we have a large technical community (more than 1,500 engineers help design our solutions) these are typically early social media adopters.”

This could have meant people were very much at the aforementioned Wild West stage of adoption so it was essential that the company had the right policies in place quickly. “Our policy boils down to two main points: A. Don't give away any confidential information. And B. Do state that you work for Gemalto if you discuss our solutions in social media – i.e. don’t astro-turf. Social media offers great possibilities for our employees to network with customers, prospects, partners etc. When tweeting from a personal account we ask them to make it clear that their opinions are their own and not Gemalto's.” His own Twitter profile has a typical disclaimer: “Views here are personal” – simple as that.


Every social media policy needs to look inward and outward to cover internal as well as external interactions. The important thing is that your policy needs to run through all interactions. It needs to apply to the tone as well as to substance - so responses to customer complaints need the same tone as marketing messages no matter how got-at an employee might feel. There can be no snapping, and no "mavericks" who want to strike out with their own individual style under the company name unless your company policy is to encourage an individual style!

There are laws and regulations – libel, copyright infringement – which apply in cyberspace just as they do anywhere else. These shouldn’t need restating but as in the Deloitte example, reminding people they exist never does any harm. The internal, company-specific rulings can be more fluid and harder to apply unless they are stated overtly, which is where an explicit policy written alongside all stakeholders is a business essential.

Legal Eagles

There are a number of laws and guidelines that should be followed in any social media engagement. Data Protection applies online as well as offline and legally enforceable confidences clearly need to be kept; likewise libel and defamation laws need to be observed - although common sense should intervene before anyone wants to publish anything libellous in the first place.

Social media is a form of publishing so copyright will rest with the writer unless they are a member of staff writing on the company's time, in which case the company will own the rights. This applies regardless of the subject; the fact that it's about your company doesn't mean you own it. Given that social media is publishing it's important to bear in mind that contempt of court applies and there have been test cases.

Again, common sense should intervene before hate crimes, racism, sexism or other antisocial behaviours become an issue. These are laws; consider also the regulations and guidelines enforced by, for example, the Advertising Standards Authority, which includes strictures on misrepresentation and honesty in statements.