An Employer’s Guide to Social Media & Mobile Device Policies
As new technology continues to shape the workplace and the use of social media and mobile devices at work becomes more widespread, organizations must create and enforce employment policies to protect themselves from the risks and liabilities associated with these new applications for working. Here's a short guide which contains important tips and guidelines for creating social media and mobile device policies.
Social Media Policies
Social media policies must balance a range of interests. First, they need to protect other employees and the company’s information and reputation without prohibiting employees from engaging in conversation about employment at your organization. Second, social media policies need to be flexible enough to allow your marketing, sales, recruiting, and PR employees to promote your company and network, but restrictive enough so employees won't excessively use these platforms for non-business related purposes.
Below are several guidelines and best practices for creating social media policies, consistent with recent guidance issued by the National Labor Relations Board (NLRB) and endorsed best practices published by the Society for New Communications Research. Additionally, this 2012 policy was approved by the NLRB and is helpful for employers as they create their own guidelines.
- Require that social media usage is consistent with other workplace rules and policies, including federal laws related to discrimination and harassment.
- Encourage employees to be respectful and fair to coworkers, customers, vendors, and other individuals affiliated with the company online and when using social media. Promote dealing with conflicts or complaints directly with one another rather than via social media outlets.
- Educate employees that if online complaints or remarks are construed as disparaging, malicious, or threatening, their postings could be perceived as harassment or contribute to a hostile work environment, and thereby be unlawful.
- Communicate that social media postings be accurate, factual, and truthful. Clarify how your organization will handle mistakes and edits to content. For example, many organizations require that mistakes be corrected promptly and edits or deletions to online content be communicated.
- Define specific types of appropriate and inappropriate content to publish online. For example, trade secrets, private or confidential information, and financial disclosure laws/regulations can be reasonable content to protect.
- Specify how employees should represent themselves online. Make clear that employees are not to represent themselves as spokespeople on behalf of the company and that employees who publish anything online related to their work or subjects associated with your organization should identify who they are and that their views do not represent those of their employer.
- Specify if and when employees are able to use social media on the job. You may restrict employees from using social media at work if it is not job related or delegated by one’s manager, or if excessive use of social media is affecting job performance.
- Don’t prohibit employees from talking about your organization online or expressing their personal opinions. The NLRB has been especially critical of employers who are trying to prevent employees from discussing terms and conditions of the workplace.
Bring Your Own Device to Work (BYOD) Policies
In addition to social media policies, every organization should have a Bring Your Own Device to Work Policy (otherwise known as a BYOD or a Mobile Device Policy) because employees are increasingly bringing their own mobile devices to work and accessing company networks through smartphones, tablets, IPADs, and laptops - to name just a few.
Although these devices can be of benefit to employees and employers alike by increasing productivity and providing flexible access points to company information, BYOD creates huge risks for employers in terms of compliance with the Fair Labor Standards Act (FLSA), privacy and compliance mandates, etc. if mobile device policies are not in place. Here are some guidelines for developing those policies.
- Consider the adverse effects of not allowing these devices in the workplace. Bans on mobile devices are usually not feasible because inevitably there is an employee who needs mobile access.
- If your organization needs to remain compliant with certain regulations (HIPAA, etc.), take special precautions to safeguard this data and restrict employees’ access to it on their own devices. Work with your IT department to design those precautions.
- Define and provide examples of what is acceptable use and transfer of organizational data on mobile devices.
- Put into place guidelines regarding confidentiality and data ownership, including a procedure for data retrieval when an employee leaves the organization via voluntary or involuntary termination or when a device is lost or stolen.
- Require strong or complex passwords in order to login to your company networks on mobile devices.
- Have employees formally consent to an acceptable mobile device use policy, such as by signing off on your policy.
- Establish clear rules for non-exempt employees about what they can and can’t do with their mobile devices during non-working hours to protect you in terms of FLSA requirements
- Suggest that employees not use their phones or mobile devices with driving, in light of Ohio's recent ban on texting while driving
- Indicate disciplinary consequences for employees who inappropriately use business data on their mobile devices.
Two final pieces of advice when creating these policies. Collaborate with your employees to create a policy. Be sure to include your legal department, your core users of social media for business purposes (for social media policies) and IT department (for BYOD policies). Finally, update these policies on an ongoing basis. With technology constantly changing, these policies need to be revisited at least annually.
Please note that by providing you with research information that may be contained in this article, ERC is not providing a qualified legal opinion. As such, research information that ERC provides to its members should not be relied upon or considered a substitute for legal advice. The information that we provide is for general employer use and not necessarily for individual application.