Post by: Kim Stephens
Lea Shanley, (or @geodatapolicy on twitter) alerted me to an article entitled The Rules of Social Media Engagement. The author had a great list of the “top 25 best practices for drafting policies and guidelines”. The list is interesting, but it really applies more for folks in the business community. This prompted me, however, to think about a list for gov types and I consulted this blog’s bibliography for inspiration.
The article by Jana Hrdinova, et al: Designing Social Media Policy for Government: Eight Essential Elements proved a great place to start. It was written May, 2010 by researchers at the Center for Technology in Government at the State University of New York. These researchers reviewed multiple government social media policies with the objective of answering the question: What are the core elements of a government social media policy? They came up with eight: employee access, account management, acceptable use, employee conduct, acceptable content, security, legal issues, and citizen conduct (see their appendix for a great list of gov social media policies).
I’ve used these elements as framework and have expanded on each of them. What has resulted is the list below of about 36 items government agencies should include in their social media policy. I’m sure I’ve missed many, but I’ve linked to some great resources so you can add your own. Remember–you are not alone!
- Define which employees will officially represent your agency’s interests through social networks.
- Define authorization process for employees wishing to create an account.
- Define employees access for professional interests, even if not the “official voice”.
- Define whether or not employees can access social networking sites for personal use during business hours. (Some agencies do, in line with checking personal email accounts).
- Define when and how their personal use (even at home) intersects with your agency’s interest: Think OPSEC!
- Define disciplinary actions (which can include dismissal) based on legal precedent. (See Privacy, Safety and Security case-law from IACP center for social media.)
- Define who will set up the social media accounts.
- Define procedure[s] for establishing an account.
- Define who will track those social media accounts and how (e.g. domain names, administrator names, names of all employees with access, etc.)
- Define who will close social media accounts (e.g. due to lack of public interests–“myspace”).
Acceptable Use and Employee Conduct:
- Define which acceptable use policies apply to social networking sites from already existing online communications policies (e.g. such as email). (Best example: See North Carolina‘s policy).
- Define what can and cannot be stated on social media platforms in an official capacity (e.g. political views).
- Define why and how employees should present themselves and your agency on social media platforms in an unofficial capacity. (Best example: Orange County California Participation Guidelines).
- Define how conduct reflects upon employees. Good policy example from Indiana State Police: “Don’t say or do anything you wouldn’t be proud to have your mother see or hear.”
- Define disciplinary actions if inappropriate usage occurs. (See also Orange County California Policy Compendium.)
See this article: “Police Lesson: Social Network Tools Have 2 Edges.” For an example of why social media policies need to be clear and why employees need to have training on those policies.
- Define purpose and scope of presence on social media platforms. (See Model Policy by IACP).
- Determine which office or individual will be the “gatekeeper” regarding what is acceptable and what is not. (Most use Public Affairs Office for this role.)
- Clearly state how communications will reflect upon your government agency.
- Define what can and cannot be shared (e.g. confidential info):
- Define when it’s appropriate for employees to post an opinion (see US Air Force’s handy chart for an example).
- Define disciplinary action if inappropriate content is posted.
Security: (best resource: DOD Social Media Hub)
- Define who will hold usernames and passwords for social media accounts.
- Provide information on what constitutes personally identifiable information.
- Define and provide training on how employees can establish privacy settings on social media platforms.
- Define who will be responsible for overall security to include developing and delivering training (most often occurs in IT department).
- Define geo-tagging and appropriate usage.
- Provide awareness and protections against phishing scams and viruses.
- Describe and define what will happen if a security breach does occur.
- Define what and how public records law’s and freedom of information act applies to usage.
- Define who (or what office) will be responsible for maintaining records. (great example: State of California).
- Define and write disclaimers to be used on all content regarding laws that apply to usage.
- Define how freedom of speech/1st amendment rights apply to content.
- Define applicable privacy laws for dealing with information from the public.
- Define and address user accessibility rights.
- Define Terms of Service or Terms and Conditions outlined by the third-party platforms. Be sure to include new government exemptions and policies. (e.g. those negotiated with facebook by the National Association of State Chief Information Officers).
- Outline expectations of citizen conduct.
- Write and post comment policy including when comments will be removed.
- State what will happen with removed content (e.g. records retention).
- Planning: Social Media Policies for Employers (iowabiz.com)
- George F. Snell III: Are Corporate Social Media Policies Necessary? (hightalk.net)
- With Social Media Comes Great Responsibility and Opportunity!! (tbreb.com)
- Social Media and the Law: Police explore new ways to fight crime (thenextweb.com)
- Empower Employees as Brand Champions in Social Media (socialmediatoday.com)
- How to stop employees using social media (employmentlawsensecheck.wordpress.com)