21 min read
Jan 25, 2019

Data privacy in the digital age: Why you need employee social media guidelines

You cannot control what your employees post on social media, but employee social media guidelines act as a check to ensure that data privacy policies are not violated.

Gitanjali MariaSr Content Analyst

Gini was excited to start her new role as sales executive at a small yet growing IT startup. She was thrilled when one of her sales leads responded positively and accepted her invite for a face-to-face meeting.

She posted on her social media page:

"So glad to get a lead moving up the pipeline. Hope to convert Fraser & Co in Monday's meeting!"

Do you think Gini closed the deal?

Nope. In fact, she lost her job.

But, why?

Gini had shared confidential client and sales information on a public domain. Friends and competitors browsing her posts pounced on the lead and closed the deal for themselves before she could. The IT firm fired Gini for violating its data privacy rules and ruining a good sales opportunity.

According to a 2017 survey of hiring managers and HR professionals, 34 percent report reprimanding or firing an employee because of content they posted online.

You can’t control how employees use social media, but employees posting carelessly online can lead to important, or even classified, corporate information leaking out and your business giving away its competitive advantage.

Most enterprise businesses have detailed data privacy and nondisclosure agreements, as well as large IT, HR, and legal teams that are prepared to take action against such behavior. Small businesses, on the other hand, tend to have loosely worded confidentiality agreements or hastily create one when a data breach happens as a result of employees posting confidential business data on social networking sites.

Small-business managers must create and share social media and data privacy guidelines with employees to prevent the public sharing of critical information about clients, copyrights, and financial liabilities that undermines the organization’s competitive position and reputation.

In this article, we look at employees, like Gini, who learned about the perils of social media sharing and data privacy the hard way. We’ll also provide tips on how you can build effective employee social media guidelines and leverage security technology solutions to improve data protection.

What we'll cover:


  • Employee social media blunders put your business and reputation at risk

  • Employee social media guidelines protect you and your workers

  • How to create social media guidelines

  • Use technology to improve your data privacy efforts on social media

  • Next steps and more resources

Group 3@1x Created with Sketch.

Employee social media blunders put your business and reputation at risk: 5 examples

Thanks to Gini, we’ve already learned how posting client details or confidential sales information online hurts both the employee and the business. Here, we discuss some other social media mistakes and the lessons learned from them.

1. Posting videos and images of the office space

Mark was once an Instagram maniac. While working with a leading FMCG company, he posted a selfie from in front of the reception area with the following comment:

"Start of another great week. Good morning to all!"

The photo won more than hundred likes and as many shares within the hour. What else happened within the hour? He got a call from his HR manager asking him to remove the image immediately.

The HR lead informed him that his photo had announced to the world details about one of the company’s confidential clients. The reception area had a board welcoming the client partner that was visiting, which had also been captured in Mark’s post.

 Key lesson for employees 

  • Double-check photos before you post: Be careful when posting images of your work area. Be sure that nothing confidential is visible, and when in doubt do not post the photos.

 Key lessons for businesses 

  • Restrict photography: Many companies have guidelines that restrict employees from capturing images of their office space without proper authorization. Having guidelines that indicate what pictures employees can capture of their workspaces will help reduce chances of images with confidential information leaking out.

  • Define guidelines for uploading office images to social media: Employee social media guidelines will help employees check whether the images they capture while at work reveal confidential information unintentionally.

2. Posting negative reviews about your employer

Mark’s friend, Conner, was offered a position with Cisco soon after graduating. She tweeted:

"Cisco just offered me a job! Now I have to weigh the utility of a fatty paycheck against the daily commute to San Jose and hating the work."

Cisco HR, who happened to read the tweet, soon revoked her appointment.

 Key lesson for employees 

  • Think before you post: There is a thin line between the terms and conditions you sign with your employer and your own right to free expression. Refrain from posting, or anonymize any posts that portray your employer in a critical light.

 Key lesson for businesses 

  • Create employee code of conduct guidelines: Prepare and ask your employees to agree to a code of conduct that specifically includes social media guidelines. In the guidelines, you should specify what types of online content would be unacceptable for anyone on the organization's payroll.

3. When 'jokes' are insensitive

Gilbert Gottfried, noted comedian and actor, was dropped by his Japanese then-business partner, Aflac, for his insensitive jokes about the tsunami that hit Japan in 2011. His tweets included:

"Japan called me. They said, 'Maybe those jokes are a hit in the U.S., but over here, they're all sinking.'"

"Japan is really advanced. They don't go to the beach. The beach comes to them."

 Key lessons for employees 

  • Use common courtesy: Remember to be sensitive to different cultures and events, since posts are available globally.

  • Be careful when sharing others' posts: Sharing or liking may not be an endorsement per se, but it certainly affiliates you with the post. Sharing or liking distasteful posts can have serious consequences.

 Key lesson for businesses 

  • Educate employees as to what is acceptable online-and what isn't: Use simulated training exercises and case stories to train employees on best practices to be followed when using social media websites. Your business partners and clients may read your and your employees' posts. Any disrespectful posts may damage business relations as we saw in this case.

4. Spilling the beans on confidential information

Nicole once worked as an extra on the Fox show “Glee.” She tweeted about who was to be crowned prom queen and king in a yet-to-be-aired episode, spoiling it for the audience.

"K is PQ and Ka is PK"

She was immediately terminated and labeled as a person who is not fit for employment in the entertainment industry.

 Key lesson for employees 

  • Do not reveal business secrets: Never take to social media for posting (business) secrets. Refrain from posting anything, even if you remotely feel it could be confidential.

 Key lesson for businesses 

  • Have employment agreements with data privacy clauses: Require all employees-including contract, full-time, and part-time-to sign confidentiality agreements with clauses that demand data confidentiality. Explicitly state that any disclosure of confidential information can lead to termination and legal action.

5. Disclosing company's financial prospects

Alex was a finance wizard who worked with technology giant, IIB. In his free time, he wrote blog posts on the stock market outlook. In one post he wrote:

"Tech businesses will see their share value rise 6x and upwards in the coming year. Businesses like IIB are expected to report 20 percent higher profits."

Soon afterward, his employment was terminated. The Securities and Exchange Commission initiated an investigation on possible counts of insider trading.

 Key lesson for employees 

  • Do not disclose unpublished financial numbers: Never use information that is not available in the public domain to build a stock market case for a company. Do not disclose unreported company financial numbers to anybody, least of all on social media. You could be pulled up by federal authorities on suspicion of insider trading.

 Key lesson for businesses 

  • Have nondisclosure agreements in place: Ensure data privacy by having employees acknowledge the company's nondisclosure agreement policies. This data privacy policy must list what information employees may not reveal. It must also list social media best practices to help employees avoid unintentionally posting data that is not to be disclosed.

You should also use your employee social media guidelines to educate your employees against committing other, more obvious, social media mistakes. Posting pictures that are of an extremely personal nature or photos that capture lewd behavior is definitely not allowed. Instruct your employees to exercise caution when posting pictures that capture their recreational activities, late night drinks, parties, etc.

Remember, the content your business and employees post online impacts how everyone, including potential business partners and clients, view your organization and its values.

Warning to employees:


Group 3@1x Created with Sketch.

Employee social media guidelines protect you

"Due to the casual nature of these sites, it is easier to give away key information without realizing it."

-Shama Hyder, CEO Zen Media, in "The Zen of Social Media Marketing"

Managing employee behavior and related data privacy challenges on social media is a challenge. Businesses must ensure that they do not tread on their employees’ rights, while at the same time ensuring that their posts do not harm the business’s reputation or leak confidential business details.

Employee social media guidelines can help employers and employees reach a consensus on social media etiquette and best practices to be followed by anyone who represents the company. A social media policy outlines how an organization and its employees must conduct themselves online.

Some ways employee social media guidelines benefit both businesses and employees include:


  • Enhance data privacy policies and nondisclosure agreements by adding guidelines for new communication channels including social media websites, e.g., Facebook, Twitter, and Snapchat.

  • Address issues of exposure of confidential data via social channels by making employees aware of and asking them to adhere to social media guidelines.

  • Support brand advocacy programs that encourage your employees to share the company's posts through their accounts, helping your posts reach a wider audience.


  • Understand what content is acceptable and what is not acceptable in social media posts while employed with the company.

  • Have explicit guidelines outlining what types of data are sensitive and should not be posted online.

  • Create awareness of the consequences of leaking confidential data and potentially breaching the employment contract they signed: suspension, termination, legal action, etc.

  • Learn who are the points of contact to approach for social media support and to address related questions.

Note: Employee social media guidelines may be an addition to your data privacy policy or acceptable use policy.

Group 3@1x Created with Sketch.

How to create employee social media guidelines

Now that we’ve seen how data confidentiality and privacy can be affected by erroneous social media posts and taken a look at the benefits of creating a clear policy, it’s time to start building your own employee social media guidelines.

Employee social media guidelines do not need to be a long and intimidating document. They can even be captured on a single slide.

Here are some tips to help you prepare your own employee social media guidelines:

  • Define clearly what actions are permitted and not permitted. This could include guidelines around posting company financial details, client names, or quoting competitor sources. The guidelines should also lay down what action may be initiated against employees who violate the rules.

  • Encourage employee advocacy. Make employees part of your social media presence and encourage them to share company stories, career openings, and events. Seventy-nine percent of firms reported more online visibility after implementing a formal employee advocacy program. Define hashtags that employees can use while posting pictures of their corporate life. For example, here at Gartner, we use the hashtag #LifeAtGartner when posting about happy moments at the office.

  • Keep it flexible and update it regularly. Social media trends tend to change rapidly. What works today for brand promotion may not yield effective results tomorrow. Therefore, it is important to keep your social media policy flexible and open to change. Update your guidelines to reflect the new trends in the social media space.

  • Build a social media team. Create a social media team or identify points of contact (POCs) to address social media concerns and issues that arise. The team can have members from leadership as well as from your marketing, PR, and IT units. If you already have a specialist who handles social media posting, include them, since they already understand the world of social media. The team should use the company's handles to reply to comments on social media, monitor social channels for mentions about the company, and create and update the employee social media guidelines.

Some do’s and don’ts that your employee social media guidelines should include:

Group 3@1x Created with Sketch.

Use technology to improve your data privacy efforts on social media

We’ve seen how employees posting on social media can put your data privacy in jeopardy, but they can also put your data at risk just by browsing on social media.

According to RiskIQ’s report, phishing attacks via social media websites increased 100 percent in the fourth quarter of 2017. Another report notes that in the same time period, there was a 345 percent increase in fake profiles and 469 percent more suspicious applications on social media.

This leaves your employees more susceptible to accidentally divulging confidential information via social media channels. Therefore, you need to put in place security controls that prevent employees from falling for phishing attempts or downloading malicious applications.

Here, we discuss some technology and tools that can improve employee and data protection on social media.

  • Computer-based security awareness training. All employees should be educated on security awareness using classroom sessions and online training. Computer-based security awareness tools provide lessons and simulations that help employees understand data privacy issues on social media and the correct actions in different scenarios.

Simulation exercises offered in Proofpoint security awareness training software, Wombat Security Essentials (Source)

  • Internet security suites . If your employees use their business devices to access social media portals, there is a chance that they will fall prey to clickbait and download malicious files. According to one report , social networks such as Facebook, Twitter, Instagram, and others have major vulnerabilities that lead to many cyberthreats. Your business systems should have internet security suite software or antivirus solutions installed to alert users to malicious programs online.

  • Social media monitoring tools . Social media monitoring tools, while typically designed to aid you with your digital marketing efforts, also allow you to monitor your online reputation. They allow you to track employee mentions and negative sentiments about your business. You should invest in additional security tools that integrate with social media management platforms that alert you to malicious links on your social accounts, offensive content targeting your brands, etc.

Group 3@1x Created with Sketch.

Next steps and more resources

You cannot completely curb social media usage by your employees. However, you can effectively channel the power of your employees’ social networks to build your brand rather than tarnish it.

Don’t wait for social media blunders to occur to create employee social media guidelines. Start today. You can download our employee social media do’s and don’ts guidelines chart provided above and use it as a starting point.

Social media guidelines are essential for avoiding offensive posts and to ensure that proprietary information is not disclosed, damaging your credibility and competitive advantage.

Read on to discover

  • Download our free tools to build your own security awareness training plan

  • Know more about data privacy laws – GDPR, CCPA, state of internet privacy laws

Visit our directory for

social media marketing


IT security software


marketing software

and more. Read

user reviews

on our platform to get to know how well real users like the software.

Note: The information contained in this article has been obtained from sources believed to be reliable. The applications selected are examples to show a feature in context, and are not intended as endorsements or recommendations.

Back to top