Government Sector Policies and Procedures
From Emergency 2.0 Wiki
|This page is under development and needs expansion. Please feel free to add relevant and timely content, following the Emergency 2.0 Wiki Style Guide.
|Reference Group||Policies and Procedures|
|Additional Contributors||Kim Stephens|
The Policies and procedures Reference Group will be managing the development of content for this section and will be a point of contact for questions or help.
If you have policies and procedures for using social media in emergency communications, please contact the Reference Group so that together we can adapt them to develop generic policies and procedures guidelines for use by everyone. Also, (if you have permission), please link to them in "Examples'. Please feel free to add content to help develop this section.
Here's a list of about 36 items government agencies should considering when constructing a social media policy:
- Define which employees will officially represent your agency's interests through social networks.
- Define authorization process for employees wishing to create an account.
- Define employees access for professional interests, even if not the "official voice".
- Define whether or not employees can access social networking sites for personal use during business hours. (Some agencies do, in line with checking personal email accounts).
- Define when and how their personal use (even at home) intersects with your agency's interest: Think OPSEC!
- Define disciplinary actions (which can include dismissal) based on legal precedent. (See Privacy, Safety and Security case-law from IACP center for social media.)
- Define who will set up the social media accounts.
- Define procedure[s] for establishing an account.
- Define who will track those social media accounts and how (e.g. domain names, administrator names, names of all employees with access, etc.)
- Define who will close social media accounts (e.g. due to lack of public interests--"myspace").
Acceptable Use and Employee Conduct:
- Define which acceptable use policies apply to social networking sites from already existing online communications policies (e.g. such as email). (Best example: See North Carolina's policy).
- Define what can and cannot be stated on social media platforms in an official capacity (e.g. political views).
- Define why and how employees should present themselves and your agency on social media platforms in an unofficial capacity. (Best example: Orange County California Participation Guidelines). 
- Define how conduct reflects upon employees. Good policy example from Indiana State Police: "Don't say or do anything you wouldn't be proud to have your mother see or hear."
- Define disciplinary actions if inappropriate usage occurs. (See also Orange County California Policy Compendium.) 
See this article: "Police Lesson: Social Network Tools Have 2 Edges." For an example of why social media policies need to be clear and why employees need to have training on those policies. 
- Define purpose and scope of presence on social media platforms. (See Model Policy by IACP).
- Determine which office or individual will be the "gatekeeper" regarding what is acceptable and what is not. (Most use Public Affairs Office for this role.)
- Clearly state how communications will reflect upon your government agency.
- Define what can and cannot be shared (e.g. confidential info):
- Define when it's appropriate for employees to post an opinion (see US Air Force's handy chart for an example).
- Define disciplinary action if inappropriate content is posted.
Security: (best resource: DOD Social Media Hub) 
- Define who will hold usernames and passwords for social media accounts.
- Provide information on what constitutes personally identifiable information.
- Define and provide training on how employees can establish privacy settings on social media platforms.
- Define who will be responsible for overall security to include developing and delivering training (most often occurs in IT department).
- Define geo-tagging and appropriate usage.
- Provide awareness and protections against phishing scams and viruses.
- Describe and define what will happen if a security breach does occur.
- Define what and how public records law's and freedom of information act applies to usage.
- Define who (or what office) will be responsible for maintaining records. (great example: State of California).
- Define and write disclaimers to be used on all content regarding laws that apply to usage.
- Define how freedom of speech/1st amendment rights apply to content.
- Define applicable privacy laws for dealing with information from the public.
- Define and address user accessibility rights.
- Define Terms of Service or Terms and Conditions outlined by the third-party platforms. Be sure to include new government exemptions and policies. (e.g. those negotiated with facebook by the National Association of State Chief Information Officers).
- Outline expectations of citizen conduct.
- Write and post comment policy including when comments will be removed.
- State what will happen with removed content (e.g. records retention).