Guidance on the Use of Social Networking

Guidance on the Use of Social Networking

Version 1 - January 2012 Reviewed: September 2013

Version 2 Approved by SM: November 2013

Version 2 modified and approved by the PCC Board: April 2014

Overview

The Patient and Client Council (PCC) recognises that there are legitimate business reasons for using social media at work or using corporate

computing resources. To enable employees to take advantage of the business value of these sites and to promote an open, trusting,

collaborative workplace, PCC policy allows designated employees to use social media within the guidelines specified below. This guidance seeks to provide information on publishing content in social media. Whilst primarily referring to employee responsibilities the guidance also applies to Patient and Client Council Board Members and members of its Local Advisory Committees

What is Social Media?

Social media includes any Web site in which visitors are able to publish information to a larger group. Information shared may include (but is not limited to) personal information, opinions, research, commentary, or

business information. Examples of such destinations include large branded entities such as Facebook, Twitter, YouTube, and LinkedIn. However, blogs, special interest forums, user communities are also considered social media.

Inappropriate Content

While social media contains legitimate business and personal content, they also include content that is inappropriate for the workplace including nudity, violence, abused drugs, sex, and gambling. Therefore, the same

inappropriate content policy that applies to the broader Web (the BSO ICT

Security Policy), also applies to content found within social media.

Inappropriate content should not be accessed by employees while at work, or while using PCC resources. Employees are expected to use common sense and show consideration for others in deciding which content is appropriate for the workplace. If in doubt, staff should seek guidance from the Head of Development and Corporate Services.

Productivity

The PCC provides access to social media for staff who need to engage as part of their role and for business purposes only.

Employees who access personal communications applications, email, and blog content within social media during breaks, using their own personal devices, are expected to ensure that personal business does not affect work quality or productivity.

Content Publishing and Confidential Information Policy:

Authorisation to represent the PCC in Social Media

Only those persons officially designated by the PCC have the authorisation to represent the organisation and post on PCC sponsored social media pages or other social media pages. The following users are authorised to represent the PCC:

The Chief Executive Officer The Head of Operations

The Head of Development and Corporate Services The Communications and Events Manager

If and when members of PCC engage in advocacy for the organisation and have the authorisation to participate in social media, they should identify themselves as such.

Guidance on Content Publishing and Confidentiality

The following are policy guidelines regarding what you should and should not do when publishing content in social media. These guidelines apply to all social media publishing whether personal or organisational-sponsored.

Employees are responsible for content they publish in social media and can be held personally liable for content published. Employees can also be subject to disciplinary action by the PCC for publishing inappropriate or confidential content. These guidelines only cover a sample of all possible content publishing scenarios and are not a substitute for good judgment.

Whilst primarily referring to employee responsibilities the guidance also applies to Patient and Client Council Board Members and members of its Local Advisory Committees

DO know and follow all privacy and confidentiality guidelines in the PCC Records Management Policy. All guidelines in the policy, as well as legislation including copyright, fair use and financial disclosure laws apply to social media.

DO adhere to the Code of Practice on Protecting the Confidentiality of Service User Information

××××

DO NOT disclose or use PCC confidential or proprietary information or that of any other person or organisation. For example, you should obtain written consent before posting someone's picture in a social

network or publishing in a blog a conversation that was meant to be private.

××××

DO NOT disclose any information relating to a patient/client or anything that could identify an individual

××××

DO NOT comment on PCC confidential financial information such as future business performance or business plans.

××××

DO NOT voice political opinion while engaging in the daily business of the PCC

××××

DO NOT cite or reference customers, partners or suppliers without their written approval.

××××

DO NOT endorse or appear to endorse any commercial product or service on behalf of the PCC or after having identified yourself as an employee of HSCNI

DO link back to the source when you do make a reference to a client, partner organisation or supplier.

DO identify yourself. Some individuals work anonymously, using pseudonyms or false screen names. The PCC discourages that practice when staff engage in the business of the PCC.

DO ask for permission to publish or report on conversations that are meant to be private or internal to PCC and when in doubt, always ask for advice from the Head of Development and Corporate Services

DO speak in the first person when engaging in personal social media communications outside of the workplace and make it clear that you are speaking for yourself and not on behalf of PCC.

DO be professional. You should bear in mind the possibility of being identified as a PCC employee within a social website, and therefore connected to your colleagues and even PCC clients. You should ensure that content associated with you is consistent with the Code of Conduct

DO use a disclaimer if you publish personal social media

communications that could be associated with the work you do in the PCC or subjects associated with the PCC. Use a disclaimer such as

"The postings on this site are my own and do not necessarily represent the views of the PCC”.

DO be aware of your association with PCC social media when using personal accounts and ensure your profile and related content is consistent with how you would wish to present yourself with colleagues and clients.

DO be aware that the buzz generated around communications on Twitter can very quickly escalate. Stories and discussions on Twitter can be quickly picked up, firstly by amateur bloggers, then by

professional bloggers and can eventually end up on new websites and in newspapers.

DO use your best judgment and remember that there are always consequences to what you publish. If you're about to publish something that makes you even the slightest bit uncomfortable, review the suggestions above and think about why that is. If you're still unsure, and the post might be related to PCC business, then discuss it with SMT or simply do not publish it. You have sole

responsibility for what you post to your blog or publish in any form of social media.

××××

DO NOT use personal insults, innuendo, ethnic slurs, obscenity, discriminatory or offensive language or engage in any conduct that would not be acceptable in the HSCNI workplace. You should also show proper consideration for others' privacy and for topics that may be considered objectionable or inflammatory.

××××

DO NOT engage in discussion around any PCC business when using personal accounts

××××

DO NOT conduct confidential business with a client or partner organisation through your personal or other social media.

××××

DO NOT register accounts using the PCC name, branding or any other unregistered trademarks.

Malware and Online Crime Prevention

Social media is commonly used by the online criminal community to deliver malware and carry out schemes designed to damage property or steal confidential information. To minimise risk related to such threats you should adhere to the following guidelines. While these guidelines help to reduce risk, they do not cover all possible threats and are not a substitute for good judgment.

××××

DO NOT use the same passwords for social media that you use to access PCC computing resources.

××××

DO NOT follow links on social media pages posted by individuals or organisations that you do not know.

××××

DO NOT download software posted or recommended by individuals or organisations that you do not know to PCC computers/ tablets.

DO use a security application such as Defensio (www.defensio.com) to protect personal and organisational social media pages.

DO close your browser and do not return any social media web page should you find that the content looks suspicious in any way

DO configure social media accounts to encrypt communications whenever possible. Facebook, Twitter and others support encryption as an option. This is extremely important for roaming users who connect via public Wi-Fi networks.

The BSO ICT security department employs technical controls to provide reminders, audit, and enforce these guidelines.

Non-Compliance

Breach of this policy may result in disciplinary action up to and including dismissal. Disciplinary action may be taken regardless of whether PCC equipment or facilities are used for the purpose of committing the breach.

Any member of staff suspected of committing a breach of this policy will be required to co-operate with any investigation. This may include removing internet access.

Serious breaches may be reported to the ICO, PSNI or other public authority for further investigation.