The Kansas Board of Regents, which oversees the state’s public university system, is under heavy fire for a new social media policy. The new policy allows the CEO to “to suspend, dismiss or terminate from employment any faculty or staff member who makes improper use of social media.”
Where it goes wrong
While policies like that may be OK in most businesses, this is a tricky line for a university to draw. As Stephen Diamond observed on the Technology & Marketing Law Blog, courts haven’t ruled consistently on how much protection public employees can expect when speaking.
Academic freedom is important for universities, and it doesn’t help that this new policy failed to narrowly define what would be considered “improper” and even define what counts as “social media.”
The policy defines social media as “any facility for online publication and commentary” and covers but is “not limited to blogs, wikis, and social networking sites such as Facebook, LinkedIn, Twitter, Flickr, and YouTube.” This definition could arguably include any message that appears electronically, including email and online periodicals and books.
The AAUP did say it understands the need for a strong policy and is urging the regents to “to develop a social media policy that protects both the legitimate interest of the university in security and efficiency as well as the paramount interest of faculty and students in the unfettered exchange of ideas and information.”
Building a better social media policy
While most IT departments don’t have to worry about stifling academic freedom, keeping users in-line with policies does require some degree of cooperation.
A good social media policy needs to include:
- Clear definitions. Explain what exactly is meant by social media and what specific behaviors or actions could be seen as a violation.
- Scope. Do the policies extend only to posts that are put out to the public? Or does it also cover those only shared with specific friends and followers? If you don’t put this in writing, you’re going to have a hard time explaining to users whether they’ve overstepped the bounds.
- Consequences. Outline what can result from social media violations, up to and including terminations. Also, be sure to explain the discipline process that will be followed.
- Security interests. In addition to protecting your company’s brand, social media carries a lot of security threats as well, such as phishing or social engineering attacks and malware. Make sure users know the dangers of social media and how to stay safe.
- Confidentiality. Users should know what information can and cannot be shared online. This should be more restrictive than not in order to protect your company.
If you can show users there’s good reason to adhere to the policies, it can certainly help get buy-in for them.
Asking for passwords
One final warning: Some companies are going the extra mile, asking for users’ social media passwords and usernames to ensure nothing untoward is said. But that practice gets a lot of backlash.
In Washington state, a bill passed last summer went so far as to ban the practice.
The law on these kinds of requests is certainly a gray area. Employers would be wise to tread lightly.