Social Media Policy

Statement of policy and purpose of Policy

  1. Stamford International University (the “Employer”) recognizes that social interaction on the internet is an important and integral part of life and, if used correctly, can offer valuable business opportunities. However, inappropriate use of social media can be a serious drain on productivity and can also pose significant business risks.
  2. It is our policy that staff may make limited use of social media during their hours of work, as set out in this policy.  In addition, the use by staff members of social media at any time, and whether or not using our equipment, must comply with the rules set out in this policy if it may affect our business in any way.
  3. The purpose of this policy is to ensure that all staff understand:
    1. the extent to which personal use of social media is permitted during hours of work;
    1. the limitations on their use of social media, whether used during or outside hours of work; and
    1. the types of use of social media that could expose them and us to legal liability.
  4. This is a statement of policy only and does not form part of your contract of employment. We may amend this policy at any time, in our absolute discretion.

Who and what does this policy apply to?

  1. This policy and the rules contained it in apply to:
    1. all our staff, irrespective of seniority, tenure and working hours, including all employees, directors and officers, consultants, and contractors, casual or agency staff, trainees, homeworkers and fixed-term staff and any volunteers (the “Staff”);
    2. use by Staff of websites specifically aimed at social interaction such as Facebook, LinkedIn, Wikipedia, and Twitter as well as blogging, participation in wikis and the use of interactive features or the ability to post or publish comments or information (including video, audio, photographs and text) with other people on other websites (social media);
    3. use of social media for business and/or personal purposes, whether or not during working hours and irrespective of whether our equipment or resources are used.
  2. This policy should be read in conjunction with our Data Protection and Data Security Policy. Other policies that should be read in conjunction with this policy include:
    1. Communications and acceptable use of equipment policy.

Who is responsible for this policy?

  1. The IT Director has general responsibility for the oversight and updating of this policy. All Staff have personal responsibility to ensure compliance with this policy. Managers have special responsibility for leading by example, ensuring that members of Staff are familiar with this policy and for monitoring and enforcing compliance.

Business and personal use of social media

  1. All media enquiries (including requests for comments for publication on social media) should be directed to the Head of Public Relations. If you are contacted by a media representative or asked for comment for publication about us or otherwise in connection with your employment, you should not respond unless you have been given written approval by the IT Director.
  2. Only Staff specifically authorised by the IT Director (Authorised Business User) may use social media on our behalf as an organisation or otherwise or post comments on any of our Social Media accounts or profiles. If you are authorised to do this, then we may require you to undergo training before undertaking such activities and you will be required to comply with additional guidance and instructions concerning these communications.
  3. We allow Staff to make occasional personal use of social media while at work and using our IT or communications resources and equipment (IT Systems), so long as all use complies with this policy and does not interfere with the proper performance of work duties. 

Guidance on use of social media

  1. Personal capacity: Unless you are an Authorised Business User, when using social media:
    1. you should make it clear that you are speaking in your personal capacity and not as our representative, communicate in a way consistent with that and if you choose to include contact information this should be your personal, not work contact details; and
    2. if you do elect to disclose your connection to us, then you must clearly and expressly state that your views do not represent those of the Employer.
  2. Permanent form: It is always useful to bear in mind when posting any Social Media content or comment that they may be permanently and publicly available and that you may not be able later to delete or remove them. You should ensure that your communications are consistent with the image that you would like to present publicly including to us and any future employers, colleagues, friends, business contacts and the world at large.
  3. Personal liability. Remember that you are personally responsible and may be legally liable for what you communicate on social media. Public statements of this type can create legal issues in a number of different ways including for being defamatory, breach of confidentiality, infringement of intellectual property or amounting to unlawful harassment.
  4. Taking care to avoid misunderstandings: Before posting comments, think about whether, even if innocently meant, they could be misconstrued in a way that creates legal problems or reputational damage for us or you. Steer away from commenting on sensitive topics relating to us or your employment. Such comments might damage our reputation even if you make clear that the views you express are personal.
  5. Respecting privacy and confidentiality. All of us have information that we prefer to keep private. Do not post anything related to your colleagues or our customers, clients, business partners, suppliers, vendors or other stakeholders without their written permission or in breach of this policy.
  6. Respecting intellectual property: If you post or reference material that is protected by intellectual property rights, you should satisfy yourself that you have taken steps to avoid legal liability such as appropriately referencing sources and ensuring that citations are accurate. If you are an Authorised Business User and have questions about whether a particular post or upload to our Social Media accounts or profiles might violate anyone’s copyright or trademark, then you should check with IT Director in advance.

Prohibited uses of social media.

  1. Your communications through social media, like all other modes of communication, must not breach our disciplinary or workplace rules or any other policy and procedure and must not cause us to be in breach of obligations we owe to others or breach any laws. For example, you must not use social media in any way that:
    1. breaches obligations of confidentiality which you owe to us or to any third party or which causes us to breach duties of confidence which we owe to any third party.
    2. breaches the rights of any other Staff member or third party to privacy, data protection and confidentiality or which amounts to bullying or harassment;
    3. is offensive, insulting, discriminatory or obscene;
    4. poses a threat to our trade secrets, confidential information, and intellectual property;
    5. infringes the intellectual property rights of any other person or entity;
    6. defames, disparages, or causes reputational damage to us or our associated companies or to any party with whom we have a business relationship, such as suppliers or customers;
    7. breaches or causes us to breach any law or the rules or guidelines of any regulatory authority relevant to our business;
    8. breaches data protection rules;
    9. breaches our rules, policies, or procedures for the use of our IT Systems or other equipment or resources;
    10. is dishonest, improper, unethical, misleading, or deceptive (e.g., pretending to be someone);
    11. is likely to either directly or indirectly damage your reputation or our reputation;
    12. breaches any of our other policies and procedures, including communications and acceptable use of equipment policy.
  2. You may not use our logos, brand names, slogans or other trademarks, or post any of our confidential or proprietary information without prior written permission.
  3. Information relating to business contacts that you make in the course of your employment amounts to confidential information and belongs to us. As such, you are not permitted to add such information (including contact details) to your personal Social Media accounts.
  4. You must not give references for any person on a social media site (including any professional networking sites) on which our identity as your employer is shown in any public or private part of the site. This applies whether the reference is positive or negative. The reason for this is that such references may otherwise be attributed to us and create legal liability both for us and for you personally as the author.

Monitoring

  1. Information stored in our IT Systems belongs to us. You should have no expectation of privacy in any communication, document, information file, post, or conversation (“Information”) which you send or receive, access, print or store using our IT Systems. In particular, we may:
    1. intercept, monitor and read any Information or activities using our IT Systems, including Social Media use, to ensure compliance with our rules and for our legitimate business purposes. This may include use of recording devices or other surveillance methods, keystroke monitoring and other technologies; and
    2. retain copies of Information to store copies of such data or communications after they are created and delete such copies from time to time without notice.
  2. Monitoring Social Media use will be conducted in accordance with an impact assessment that we have carried out to ensure that monitoring is necessary and proportionate. Monitoring is in our legitimate interests and ensures this policy is being complied with. For the purposes of the law on data protection, the Employer is a data controller of the personal information in connection with your employment. This means that we determine the purposes for which, and the manner in which, your personal information is processed. The person responsible for data protection compliance is our Data Protection Officer.
  3. Monitoring will normally be carried out by our IT Security team.
  4. Personal information obtained through monitoring may be shared internally, including with members of the HR team, your line manager, managers in the business area in which you work and IT staff, if access to the information is necessary for performance of their roles. Information is only shared internally if we have reasonable grounds to believe that there has been a breach of this policy. We will not share information gathered from monitoring with third parties, unless we have a duty to report matters to a regulatory authority or law enforcement agency. Personal information gathered through monitoring will not be transferred outside of the Kingdom of Thailand.
  5. You have a number of rights in relation to your personal information, including the right to make a subject access request and the right to have your information rectified or erased in some circumstances. You can find out more about these rights and how to access them in our Data Protection and Data Security Policy, which you can find here: [Link to data protection and data security policy].[PS1]  If you believe that we have not complied with your data protection rights, you can complain to the Personal Data Protection Committee.
  6. Access to social media may be withdrawn in any case of misuse.
  7. Please refer to our Communications and acceptable use of equipment policy for more information.

Breaches of this policy

  1. We must all contribute to protecting the business reputation of the Employer. If you see content in social media that is defamatory, false or disparages or reflects poorly on our organisation or our stakeholders, you should contact the IT Director.  In the event the breach of this policy causes any loss or damage to us, or we become aware of any breach under this policy fall under the provisions of material breach in your employment agreement, in addition to our right to terminate your employment, we reserve the right to take any other legal actions and pursue any other legal rights available to us.
  2. Staff who breach this policy:
    • will be required to disclose relevant passwords and log in information and to otherwise co-operate with our investigation;
    • may be required to remove the offending internet postings, comment, or information; and
    • may be subject to disciplinary action up to and including dismissal.

Other relevant policies

  1. Staff are referred to the Staff Handbook for other policies and procedures which may be relevant to the issues covered in this policy.