Creating Effective Corporate Social Media Policies

Close up of woman's hand using smartphone in the dark

Elon Musk should probably think about putting down his smartphone before it lands him in more hot water, not to mention jail.

The billionaire founder of Tesla and SpaceX was charged with contempt-of-court in February for tweeting that his electric-car company would produce about 500,000 vehicles this year. The tweet in question was misleading because Tesla doesn’t actually expect to produce half a million cars in 2019, although it should reach that rate of production. And because the tweet was sent without prior approval from company lawyers, it violated terms of a court-approved settlement with the U.S. Securities and Exchange Commission (SEC) relating to another misleading Musk tweet.

In August last year, Musk told his 22.9 million followers, “Am considering taking Tesla private at $420. Funding secured.” The tweeted transaction price represented a substantial premium to Tesla’s value at the time, generating more than three times the normal daily trading volume in company shares, which jumped at least 6 per cent. It remains unclear if Tesla’s board was caught off guard by Musk’s online musing about a privatization, but the company was forced to settle securities fraud charges after the SEC concluded, “Musk knew that the potential transaction was uncertain and subject to numerous contingencies. Musk had not discussed specific deal terms, including price, with any potential financing partners, and his statements about the possible transaction lacked an adequate basis in fact.”

Tesla was also charged with failing to have required disclosure controls and procedures in place. In addition to paying financial penalties, Musk was removed as company chairman and Tesla was ordered to undergo comprehensive corporate governance reforms, which were supposed to ensure all material tweets were vetted.

As veteran technology journalist Ashlee Vance points out early on in his Musk biography, it is actually hard to wrap your mind around just how brilliant Musk must be. “SpaceX flew a supply capsule to the International Space Station and brought it safely back to Earth. Tesla Motors delivered the Model S, a beautiful, all-electric sedan that took the automotive industry’s breath away and slapped Detroit sober.” These two feats alone elevate Musk to “the rarest heights among business titans.” And yet, the man’s tweets threaten his achievements by soaring at the highest level of careless risk taking.

The lesson here is obvious—even a rocket scientist can get into trouble using social media.

Keep in mind that Musk isn’t alone when it comes to needlessly creating corporate headaches via his social media use, and not just with regulators. Indeed, even seemingly rational social media interactions can quickly land a brand in hot water with consumers, something coffee-machine maker Keurig learned the hard way when it needlessly upset fans of The Sean Hannity Show.

In 2017, Sean Hannity generated a significant number of consumer complaints with questionable comments that appeared to dismiss the seriousness of sexual misconduct allegations aimed at controversial Alabama politician Roy Moore, who allegedly made advances toward teenage girls decades ago. Hannity walked back the comments, claiming to have “misspoke.” Nevertheless, Angelo Carusone, the president of Media Matters for America, used the situation to call on advertisers like Keurig to rethink supporting Hannity’s talk show, alleging on Twitter that the right-wing media personality “defends child molester Roy Moore and attacks women who speak out against sexual harassment.”

If Keurig had followed its own standard practices, it would have quietly put its support for the show on pause while taking the time to properly review its business case for advertising on it. Instead, the company’s official Twitter feed responded by thanking Carusone for raising the issue and announcing it had moved “to stop our ad from airing during the Sean Hannity Show.” This moved Hannity supporters to attack the company in significant numbers, and more than a few videos of angry fans gleefully destroying the company’s products as part of the Keurig Smash Challenge were soon being posted on social media platforms.

In a memo to company employees, which was obtained by The Washington Post, CEO Bob Gamgort called the decision to publicly communicate programming plans via social media “highly unusual,” noting that it created the impression that the company was taking sides in an emotionally charged debate. “I want you to know the decision to communicate our short-term media actions on Twitter was done outside of company protocols. Clearly, this is an unacceptable situation that requires an overhaul of our issues response and external communications policies and the introduction of safeguards to ensure this never happens again. Our company and brand reputations are too valuable to be put at risk in this manner.”

“The use of social media by senior managers and employees clearly doesn’t just constitute an operational or reputational risk—the potential for litigation exists and needs to be addressed.”

Even professional tweeters make mistakes. In 2014, for example, Twitter chief financial officer Anthony Noto meant to privately message a colleague, but instead sent a tweet to the world that suggested the firm was about to acquire another company.

These high-profile examples of corporate communication nightmares are not the only reason for boards to be concerned about social media. Academic research (Bansal & Clelland, 2004; Hunter & Bansal, 2007; Aula, 2010; Hunter & Bryant, 2010; Benthaus, Risius & Beck, 2016) has also highlighted how inconsistent, incorrect, and/or negative communication from a firm or an employee can put organizational reputation and performance (including sales and stock prices) at risk.

That social media is an important tool in stakeholder relationship management is not in question, but due to the risks, proper board oversight is now an imperative. In the past, of course, a company could strive to maintain centralized control over corporate communications by focusing on policies that limited advertising risks and ensured that brand interactions with the press were authorized. But social media has changed the world of corporate communications, which is no longer about controlling the message.

While an organization can still exert some control over who speaks to the press (at least officially), it is nearly impossible to control employees’ use of social media. And because control is difficult at best, the next best thing is a social media policy that is vetted and implemented by the board to provide guidelines and standards of use. This demonstrates a strong attempt to mitigate the risk of unauthorized communications or messaging.

Unfortunately, in our work we have noted inconsistencies and gaps in many social media policies that have been implemented, as well as a stunning lack of social media policies in many firms. Clearly, because each organization is different, a boilerplate template for a corporate social media policy is not recommended. Our goal with this paper is to identify themes and elements of effective policies to provide a best-practice guide to help companies better manage the risks they face.

Using corporate social media policies from 85 publicly traded firms in North America, we performed content analysis to identify keywords and phrases relating to the use of social media by members of the firms. Content analysis is a widely utilized research method used to identify important similarities in factors and ideas from documents relating to a specific phenomenon that has previously not been well examined (Hsieh & Shannon, 2005). Researchers approach the information presented in documents without preconceived categories or concepts and let the data tell its story. As the information is examined, new concepts are identified and categorized to see if commonalities or themes (if any) can be gleaned.

We focused on publicly traded firms because they are highly regulated and face governance requirements not applied to privately owned companies. Not only do these companies have to follow the rules of the exchange on which their stocks are traded, but they are governed by numerous SEC regulations regarding stakeholder communications as well as the Sarbanes-Oxley Act of 2002 (SOX). For example, SEC Release 33-8591, regarding offering securities to the market, has many pages dedicated to communication, and despite being written in 2005 before the explosion of social media use, includes Internet-based communication as a method of communication requiring compliance (SEC, 2005).

To be SOX compliant, researchers have found that corporate annual reports have had to become more comprehensive and honest in terms of disclosure (Cheung, 2014). These are board-level responsibilities falling under the umbrella of corporate communications. Failing to comply with regulations or poor corporate representation due to omissions or lack of transparency are all possible through inappropriate social media use and present real operational risks.

Boards can never completely stop the inappropriate use of social media by a policy alone (just like they can never stop someone from embezzling). But in order to demonstrate proper oversight and risk management, companies need to be able to show that they have recognized risks exist and have provided a cutting-edge oversight and control system to mitigate them. This can be accomplished with an effective corporate social media policy that serves as an official guide to proper employee behaviour.

In our research, some clear themes emerged that represent governance best practices for ensuring firms are not put at risk by management and employees’ use of social media. Table 1 presents three of the most important themes—representation, legal and control—and the related elements of an effective corporate social media policy.

Table 1: Elements of Effective Corporate Social Media Policies

Theme Purposes Elements/Examples of policy
Control ·      Ensure proper communication from a legitimate source

·      Right message from the right source to the right audience

·      Create or designate corporate social media (SM) representative position

·      No use of SM at work unless authorized by SM representative

·      No expectation of privacy on electronic communications or SM websites

·      Reserve the right to block or monitor sites and activity

·      Encryption, locking, and travelling rules

·      Do not share personal information

·      Use of assets (computers, devices) for business only

·      No storage of firm information on SM

·      Do not disclose confidential information

Representation ·      Ensure that the firm’s reputation is not damaged

·      Clear separation of personal and corporate statements

·      Do not use the firm logo on SM

·      Do not speak on behalf of the firm. Identify yourself and state that your opinions are your own

·      Assume that people will connect you to the firm, and act as an employee in all your dealings

·      Understand the blurring of personal and professional life

·      Tone and response guidance given

·      Act with integrity and use judgement

·      Be honest in business dealings

Legal ·      Limiting liability

·      Creating an “out” if litigation ensues

·      Follow copyright laws with SM use

·      Define what constitutes “SM”

·      Describe personal liability relating to comments

·      Caution against or prohibit comments associating with or endorsing political parties

·      Acknowledge that employees can discuss terms and conditions of employment in accordance with applicable labour laws

·      Prohibit posting anything that would reflect badly on the firm

·      Personal use of devices at work is subject to review and monitoring if using firm’s technology (e.g., networks, email, devices)

The main aim of an effective social media policy is control over how members of the firm communicate with its stakeholders both in terms of what is said and who says it. To that end, many social media policies outline when social media can be used (e.g., no use at work without authorization, right to block and/or monitor sites and personal activity, need for manager approval), limit how managers use devices (no confidential information, no personal information, no storage of company information, no expectation of privacy on electronic communication platforms, must share social media platform passwords), and mandate training in proper usage (how to monitor/edit posts, general guidance for use of e-mail or social media, tone and response training, device locking, and travelling rules).

The objective here is to clearly delineate what employees can and cannot do and the rights the firm has with respect to stakeholder communications. There are limits to the extent and expectations firms can have with respect to behaviour control based on the job title of the employee in question. For example, while it is reasonable to expect all employees to refrain from sharing confidential information in any way, by virtue of the special position board members and senior leaders hold in the firm, it is reasonable to provide stricter limits on their social media use (access to passwords, monitoring, etc.). Further, the extent to which control is needed depends on the role an employee plays, what sort of information they can access, and the industry in which the firm operates.

Delineating how a firm is represented when social media is used is another important theme in effective corporate social media policies. Boards must recognize that regardless of who makes a comment on social media, stakeholders may form an impression (positive or negative) about the firm, whether the commenter is authorized to speak on behalf of the firm or not, for various reasons. Stakeholders may take offense to the language in a post, the tone, the emotions conveyed, or the apparent support or lack thereof of a politically charged or seemingly benign social or political issue. The point is that while some believe that offense is taken rather than given, stakeholders’ interpretation and reaction to a social media post cannot be known, and due to the uncontrolled and personal nature of social media, maintaining a consistent representation of the firm that evokes the desired stakeholder impressions is difficult. Firms cannot make their stakeholders have the exact desired feelings toward them; they can only try to influence them. Reputations are hard to build, but easy to lose. The potential for comments made on social media going “viral” represents a real risk to firms because they may undo years of costly branding and reputation building.

Unlike with comments that appear in the press, there is no opportunity with comments made on social media to blame the context for any embarrassment or misrepresentation—the commenter makes the comments and there is no intermediary. If an employee makes a comment, there can be no doubt that she or he said it. At times, the comment will be blamed on a social media account being hacked, which, while common, may not be accepted as the truth or even as an excuse. Further, even if comments or posts are made and then deleted, often they are saved or retrieved by someone else and then become further circulated. It is therefore difficult, if not impossible, to lay the blame for comments on anyone other than the commenter, which affects the way in which the firm is represented to its stakeholders. Effective social media policies should thus clearly discuss and outline how employees will present the firm to its stakeholders and how to separate personal from corporate views.

This separation is particularly important for firms with well-known executives who often personify the firm and have a large social media following. For example, as of August 2, 2018, the day that Apple became the first company in history to surpass the US1 trillion market valuation mark, the firm’s official Twitter account had about 1.96 million followers compared to CEO Tim Cook’s 10.9 million. A look at Cook’s account shows he is not opposed to offering opinions about social causes that may not be shared by all of his firm’s potential or current stakeholders. Which Twitter account has a greater influence on Apple’s reputation might be debatable, but Cook’s personal brand is clearly more influential than the corporate brand on social media.

To draw a distinction between personal and corporate opinions and statements, many corporate social media policies provide guidance as to how to communicate and respond in a way such that a) there will not be confusion as to who is speaking and on whose behalf, but more so, b) the tone and type of response is well thought out and not argumentative or provocative in a way that is contrary to the organization’s official position or statements. Many official policies further encourage employees to use social media with integrity and honesty while imploring them to always use judgement, tact, and discretion when communicating on a social media platform.

At a more technical level, corporate social media policies often stipulate that the organization’s logo or trademarks cannot be used on personal social media accounts or posts. They require the users to clearly identify themselves and specify that they are speaking their own perspective and not that of their firm.  They are cognizant of the blurring of personal and professional lives and urge users to assume that followers will connect them personally with their firm and assume they are speaking on behalf of the company, thus requiring clarification as to the separation of the two. Policies cannot force readers to hold the exact perspective the firm may wish them to have, but if they can demonstrate that every effort to make the separation has been made, then the interpretation is that of the audience and not one created by the firm or its employees.

Legal considerations also play an important role in effective policy development. After all, as Reuters reported the day Musk led millions of his followers to believe he had the funding to take Tesla private, social media is still beholden to laws. With such a prominent personal account from someone at such a high-profile firm, in such a litigious country, it is fair to ask if Musk’s nine-word tweet managed to create undue shareholder risk. Either way, after reaching his latest settlement with the SEC in late April, Tesla’s founder is now subject to what Wired called a strict social media “babysitter,” who must be an experienced securities lawyer employed by the company.

The use of social media by senior managers and employees clearly doesn’t just constitute an operational or reputational risk—the potential for litigation exists and needs to be addressed.

Due to the delicate nature of communications with potential or actual stakeholders and the potential consequences of such communication, effective corporate social media policies often include terms and measures that we have labelled “legal” and which attempt to limit social media activity to a narrow band of legal behaviour. Technical speak often appears that outlines copyright laws, personal liability, definitions, and penalties for defamation of the firm or others, and that states the firm’s right to monitor personal devices or accounts that are accessed through corporate networks. Policies also often contain broad admonishments against conflating personal and corporate political views, comments, and activities, as well as not posting anything that would reflect badly on the firm even if the post is clearly personal.

The genie is out of the bottle when it comes to employee social media use, which has become almost an extension of identity. Any attempt by an employer to limit its use comes across as an intrusion on personal rights. The governance challenge is further complicated by the fact that it is often impossible to control what senior employees say online or offline. But boards cannot simply abdicate responsibility to limit the risk that employee social media use presents. And as our research indicates, the best policies are ones of guidance, not prohibition.

Effective corporate social media policies that strive to guide employees to proper usage accomplish multiple risk-mitigation goals.

First, they may prevent negative outcomes by making users think about what they are intending to post and the ramifications of their actions. Social media users may simply not know what is and is not appropriate or how their actions may reflect on the firm. If the firm does a good job writing, communicating, and enforcing their corporate social media policies, there is a high likelihood of compliance among users. If policy compliance increases, the risk of adverse consequences is reduced.

Second, effective corporate social media policies that guide employees in appropriate messaging may be an additional marketing/business development tool. As noted earlier in this paper, often top managers have a greater following than their firms. The personal charisma of the CEO and ability to connect with her followers may create a much stronger connection and more positive feelings toward the firm, which is often faceless and separate. A CEO’s personal brand personalizes the firm and makes it easier to create strong bonds between the company and its stakeholders. If positive social media usage creates a strong poster/stakeholder bond and positive feelings toward the poster and, by extension, the firm, impression management research suggests that stakeholders may be more forgiving if a post or two, or even specific operational behaviour, does not meet normal behavioural expectations.

Finally, and more practically, effective corporate social media policies can also protect the firm from adverse consequences of uncontrollable social media posts by legally separating the poster and the firm. Strong wording in the legal component of the policy can clearly outline behavioural expectations regarding social media usage. If it can be demonstrated that a) the user was speaking on her or his own behalf, and that b) the poster was not following the communicated policy, then the firm can limit its liability and essentially use the poster as a scapegoat. This is a powerful risk deflector.


Pekka Aula, “Social Media, Reputation Risk, and Ambient Publicity Management,” Strategy & Leadership 38, no. 6 (2010): 43–49.

P. Bansal and I. Clelland, “Talking Trash: Legitimacy, Impression Management, and Unsystematic Risk in the Context of the Natural Environment,” Academy of Management Journal 47, no. 1 (2004): 93–103.

J. Benthaus, M. Risius, and R. Beck, “Social Media Management Strategies for Organizational Impression Management and Their Effect on Public Perception,” Journal of Strategic Information Systems 25, no. 2 (2016): 127–139.

Oi Lin Cheung, “Impact of SOX on Management Communication Behavior: An Examination of Selected Financial Firms,” Journal of Management Policy and Practice 15, no. 4 (2014): 11–28.

Hsiu-Fang Hsieh and Sarah E. Shannon, “Three Approaches to Qualitative Content Analysis,” Qualitative Health Research 15, no. 9 (2005): 1277–1288.

T. Hunter and P. Bansal, “How Standard Is Standardized MNC Environmental Communication?” Journal of Business Ethics 71, no. 2 (2007): 135–147.

T. Hunter and M. Bryant, “BP and Public Issues (Mis)management,” Ivey Business Journal, September/October 2010.

Alexandria Sage and Sonam Rai, “Elon Musk Says Taking Tesla Private Is ‘Best Path,’ Shares Jump,” Reuters, August 7, 2018.

Securities and Exchange Commission, RELEASE NOS. 33-8591; 34-52056; IC-26993; FR-75 (2005) accessed July 23, 2018,

About the Author

Shawna Weingartner is an Assistant Professor with the School of Management, Economics, and Math at King's University College. Contact

About the Author

Trevor Hunter is an Associate Professor with the School of Management, Economics, and Math at King's University College. Contact

One response on “Creating Effective Corporate Social Media Policies

  1. plvan

    Great Information sharing .. I am very happy to read this article creative social media polices.. thanks for giving us go through info.Fantastic nice. I appreciate this post.

Leave a Reply

Your email address will not be published. Required fields are marked *