Most organisations have a social media presence. Far fewer have a clear policy governing how their employees use social media – either professionally on behalf of the brand, or personally in ways that might reflect on it. This gap creates risk. Without clear guidance, well-intentioned team members can inadvertently share confidential information, make statements that commit the organisation, or post personal content that creates reputational problems.
A social media policy does not need to be a lengthy legal document. It needs to be clear, practical and understood by the people it applies to.
What A Social Media Policy Should Cover
A well-constructed policy addresses several distinct areas. It should set out who is authorised to post on behalf of the organisation, what approval processes apply before content is published, and what categories of information must never be shared on any platform. It should also provide guidance on how employees should identify themselves when discussing their employer in a personal capacity – the standard phrase being that opinions are their own rather than those of the organisation.
The policy should cover confidentiality: client information, internal projects, financial data and personnel matters are all categories where social media disclosure could cause legal, commercial or personal harm. The test of whether something is confidential should be clear and practical – if in doubt, do not post.
Employee Advocacy And Official Activity
Some organisations actively encourage employees to share company content on their personal channels, building a distributed amplification network that extends reach considerably beyond the official account’s followers. This approach can be highly effective but requires a policy that makes clear what is encouraged, what support is available, and what the boundaries are.
LinkedIn employee advocacy programmes, in particular, have proven effective for many professional services and technology firms. Giving employees ready-made content to share, if they choose, reduces friction without creating pressure. CIPD provides detailed guidance on balancing employee rights to personal social media use with legitimate employer interests in brand reputation.
Personal Use And Reputational Risk
The boundary between personal and professional identity is permeable on social media in a way that it is not in most other contexts. An employee whose personal posts reflect poorly on their employer creates a problem regardless of whether they have mentioned their workplace. The policy should address this with care – not by attempting to control employees’ private lives, but by setting out clearly where the organisation believes its legitimate interest in reputation begins.
Crisis And Complaint Protocols
The policy should include specific guidance on what to do when the organisation comes under criticism on social media – whether to respond, how to escalate, who makes the decision and how quickly. In a crisis, the absence of a protocol creates confusion that can make things significantly worse.
Training And Communication
A policy that nobody has read or understood is not a policy – it is a document. Communicating the policy during onboarding, refreshing it annually and making it easy to find are all part of making it work. Effective social media management from a company like 99social operates within clear policy frameworks that protect both the brand and the team.
Clear guidance empowers employees to be genuine advocates – without inadvertently becoming a liability.
