Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Ref No: OD&HR
Organisational Development and Human Resources
Lead Head of Service Date Equality Impact Assess Completed
Date Approved by Chief
Executive
Implementation Date
Version Number
Issue Date Review Date
Lorraine Eastham
August 19 August 19 September 19 2 1/9/19 06/22
SOCIAL MEDIA POLICY &
PROCEDURE
2
Requirement Action
Who should be aware of the policy and where to access it?
All employees, volunteers and contractors
Who should understand the policy?
All employees, volunteers and contractors
Who should have a good working knowledge of the policy?
All managers, HR, Communications & Marketing and Trade Union representatives
Whether the policy should be included in the General Trust Induction Programme and / or departmental specific induction programme?
Yes, the policy is available on the intranet and where appropriate, in hard copy for the line manager and all employees.
Where is the policy available? On the Trust intranet – OD&HR Communications & Marketing Section.
Process for monitoring effectiveness of this document?
Monitoring within the Communications & Marketing Team and notification to the Chief Executive
Groups / Persons consulted?
Chief Executive Team Children in Care Council Trade Unions Staff.
Training
Awareness raising with managers, staff side representatives and employees. Corporate Induction
3
Contents
1.0 UNDERSTANDING WHAT IS SOCIAL MEDIA
2.0 THE PURPOSE
3.0 THE SCOPE
4.0 EQUALITY IMPACT ASSESSMENT
5.0 LEGAL FRAMEWORK & TRUST RELATED DOCUMENTS
6.0 GUIDING PRINCIPLES
7.0 ROLES & RESPONSIBILITIES
4
1.0 UNDERSTANDING WHAT IS SOCIAL MEDIA?
Social media and social networks allow us to reach some of our customers
online. Social media is the name most commonly used to describe online
communities or networks in which the users, be they individuals or organisations,
create, share and exchange information and ideas, such as Facebook, Twitter
and blogs.
It is different from traditional forms of media and social interaction in a number of
important ways:
Spontaneity: Users can instantaneously Tweet, post or send comments from almost
anywhere without any safeguards to vet that communication.
Reach: At the same time, social media provides an instant global audience, potentially
reaching thousands if not millions of recipients, depending on the popularity and
following of the user.
Permanence: Social media messages can be saved or reposted to create a record that
is difficult to withdraw or amend. This leads to a greater risk of saying something stupid,
or at least a greater risk that the stupid things you once shared later at night with a few
friends, forgotten the next day, are now read by thousands, never to be lost.
Everything shared on a social networking site could potentially end up in the
public domain, even where privacy settings have been set up to allow ‘friends’
only access. Sometimes the opinions, information and photos/videos you post
can end up being seen or used by people you never intended to share them with.
As someone who works with children, young people, parents or carers, whether in a
voluntary or paid capacity, whenever you are using social media you must always have
your professional role in mind and always consider how your behaviour could
affect your professional reputation and employment. All digital records should be
considered to be permanent.
2.0 THE PURPOSE
The purpose of this policy and procedure is to ensure all staff, volunteers, contractors
and children in our care are aware of the positive and negative impact social media can
have to the Trust’s reputation and also impact personally.
5
It sets out the standards that should be followed by all Trust staff when using social
media, either through individual social media accounts or through a Trust operated
account.
The policy and procedure clearly lays out the Trust’s stance on social media posting for
all staff, volunteers and contractors and is done so purely to protect the integrity of the
organisation and also its employees, volunteers, young people and families, its partners
and key stakeholders.
3.0 SCOPE
This policy applies to all employees employed by and working on behalf of Doncaster
Children’ Services Trust Ltd, including contracted, non-contracted, temporary, honorary,
secondments, relief, agency, students, volunteers.
Users who are found to breach this policy on the use of social media will be managed in
line with the organisation’s disciplinary policy or most appropriate process. It is important
to remember that adhering to the Trust’s Data Protection Policy applies equally both
inside and outside of working hours and includes any reference made to or about work,
colleagues or young people, either specifically or indirectly.
All policies apply equally inside and outside of work hours when work-related. Also,
where the trust allows access to the internet, accessing any social networks is at the sole
discretion of the trust and staff are required to abide by the content of this policy.
5.0 EQUALITY IMPACT ASSESSMENT
To be completed.
6.0 LEGAL FRAMEWORK & TRUST RELATED DOCUMENTS o The General Data Protection Regulation
o Data Protection Act 2018 Human Rights Act 1998
o Defamation Act 2013
o Trust Related Documents Disciplinary Policy
o Data Protection Policy
7.0 GUIDING PRINCIPLES– WHAT WE EXPECT FROM YOU?
7.1 USE OF SOCIAL MEDIA – GENERAL
Where social media is used as part of an employee’s work they should ensure it is
used in accordance with the Trust’s policies listed above. Staff, especially those in
direct contact with service users, may wish to consider carefully who can see their
6
profile information and what information to include when operating any social media
account. For example easily identifiable personal emails or mobile numbers that are
used for work, that could allow an individual to be easily identified. This also includes
information about their employer or type of work that may enable service users to
identify them.
Trust employees should not be ‘friends’ with service users who are vulnerable
adults or children, as this could be regarded as a safeguarding issue.
Unauthorised use or disclosure of confidential information gained through
employment with the Trust, or failure to protect such information will be treated as
misconduct, unless the disclosure is protected by law for example Whistleblowing.
Staff, volunteers and contractors of the Trust may use designated facilities provided
by the Trust for their private use of social media during their work breaks, with the
agreement of their line managers. However, social media sites must never be used
to access or share pornographic, offensive or otherwise inappropriate material which
may be deemed detrimental to the Trust.
Cisco Jabber is a permitted form of instant messaging within the Trust and is
primarily for work use. Occasional and reasonable personal use is allowed but must
not interfere with the performance of an employee’s duties.
Staff, volunteers and contractors may also use private social media accounts in a
professional or semi-professional capacity (eg accessing Trust communications via
social media, using social media to share best practice with peers) outside of work
breaks for the general benefit of the Trust with the consent of their line managers.
Staff, volunteers and contractors should be aware that the Trust reserves the right to
use legitimate means to monitor employee internet use on trust IT equipment,
including use of social media sites, for content that it finds inappropriate. Existing
Trust policies should be observed at all times. If inappropriate use of the internet is
suspected, managers may request internet usage reports and where warranted,
action may be taken in accordance with the Trust’s Disciplinary Procedure and
normal HR processes.
Staff, volunteers and contractors are encouraged to observe professional guidance
from respective professional bodies. For security reasons it may be advisable for
staff not to divulge their exact employing organisation/base (particularly those
working in contentious areas such as safeguarding) however employees may identify
themselves as Trust employees for valid reasons, eg during involvement in raising
awareness/PR activities or in the case of employees with public-facing roles, such as
the Chief Executive. Employees who do divulge their employment with the Trust
should state that they are tweeting/blogging in a personal capacity. For example ‘The
views expressed on this page are my own and not those of Doncaster Children’s
Services Trust.’
Staff, volunteers and contractors are ultimately responsible for their own behaviour
online. Staff volunteers and contractors must take care to avoid posting online
content that is inaccurate, libellous, defamatory, harassing, threatening or may
7
otherwise be illegal. If not, they may be subject to civil proceedings or criminal
prosecution.
Staff, volunteers and contractors are encouraged to like and share Trust social
medial posts. This will aid the Trust reach a wider and more diverse audience and
therefore help promote the work that the trust does.
Social media sites or pages relating to the Trust should not be set up by staff,
volunteers or contractors without the involvement of the Communications &
Marketing team. All accounts created for Trust purposes should meet the
organisation’s branding requirements. Further information and guidance can be
obtained in this document 6.3 Use of Social Media for Trust Business and by
contacting the Communications Team by email
Staff, volunteers and contractors who may not directly identify themselves as Trust
members/connected to the Trust when using social media for personal purposes
should be aware that the content they post could still be construed as relevant to
their employment/connection with the Trust under certain circumstances, for example
by a journalist, Ofsted, DfE or potential employees. This is particularly the case when
expressing strong views, political allegiances or posting content of an offensive,
controversial or sexual nature and if posted in the public domain, comments and
images posted can generally be reproduced without their permission.
Unauthorised disclosure of confidential information would constitute misconduct
/gross misconduct in accordance with the trust’s Disciplinary Policy.
When using social media, staff should respect their audience. As a general rule, staff
should be mindful of any detrimental comments made about colleagues while using
social media, e.g. failing to show dignity at work (harassment), discriminatory
language, personal insults and obscenity. These examples are not exhaustive and
will be considered a disciplinary matter.
It is important to also protect the privacy and to safeguard the people we work with
and for. Staff should therefore not post any pictures of individuals without first
obtaining their written consent, and for those under the age of 16 years consent
should be obtained from their parent/ legal guardian. This includes taking photos of
colleagues and people supported by the Trust at events such as the Staff Summits.
Line managers are asked to take an active role in any social media activity
developed for Trust purposes, within their service to ensure quality of content, and
that it is in keeping with the Trust’s values and behaviours.
If, as non-employees, volunteers, contractors and individuals on work placements are
exempt from conventional disciplinary/HR processes, any misuse of social media by
them must be dealt with appropriately by whichever trust employee is responsible for
their supervision while at the trust. This may result in a number of measures,
including the termination of their role/contract with the trust where it is deemed
appropriate.
8
The below outlines good and bad practice for all staff when using social media for
personal use.
Good Practice:
1. Set your privacy settings for all social networking sites you use.
2. Ensure any technological equipment, (including your mobile phone) is password/
PIN protected.
3. Consider having professional online accounts/ identities if you wish to have online
contact with service users, their families and other professionals.
4. Make sure that all publicly available information about you is accurate and
appropriate.
5. Remember online conversations may be referred to as ‘chat’ but they are written
documents and should always be treated as such.
6. Make sure you know the consequences of misuse of digital equipment.
7. If you are unsure who can view online material, assume it is public. Remember –
once information is online you have relinquished control.
8. Switch off Bluetooth.
9. When you receive new equipment (personal or work) make sure that you know
what features it has as standard and take appropriate action to disable/ protect.
Bad Practice:
1. Give your personal information to service users – children/ young people, their
parents/ carers. This includes mobile phone numbers, social networking
accounts, personal website/ blog, online image storage sites, passwords etc.
2. Use your personal mobile phone to communicate with service users. This
includes phone calls, texts, emails, social networking sites etc.
3. Use the internet or web-based communication to send personal messages to
children/ young people.
4. Share your personal details with service users on a social network site.
5. Add/ allow a service user to join your contacts/ friends list on a personal social
networking profiles.
6. Use your own digital camera/ video for work. This includes integral cameras on
mobile phones.
7. Behave in a way that could suggest that are trying to develop a personal
relationship with a child or vulnerable adult
8. Post any content that could be deemed defamatory, obscene or libellous.
9. Post comments that appear to endorse grossly irresponsible behaviour or law
breaking of any kind.
Remember you are responsible for the data on your electronic communication device.
7.2 USE OF SOCIAL MEDIA IN PRACTICE
The circumstances when a social worker/ practitioner may consider using social media include using it to search for an individual, such as a birth parent in care proceedings, or to confirm certain activities that an individual may be involved in and
9
are considered to be high risk or detrimental to the welfare and/or safety of a particular child or children. There may be legitimate use made of social media to locate missing birth parents in care proceedings cases, although it would be prudent not to undertake any such search without first seeking legal advice. Communicating with individual service users via social media has been regarded by the HCPC as inappropriate activity (although the broader context of that particular case is obviously relevant). This is an area where separate detailed guidance may be beneficial. It is helpful to very briefly look at the legal context before considering the implications for social workers of using social media to either find service users or to gather evidence in relation to service user activities.
7.2.1. LEGAL BACKGROUND:
Human Rights Act 1998/ European Convention on Human Rights (ECHR)
Article 8 of the ECHR provides that each person has a right to respect for his "private and family life, his home and his correspondence" (much social media content is likely to fit the definition of correspondence, such as messaging through media such as Facebook, Twitter etc).
Regulation of Investigatory Powers Act (RIPA) 2000
RIPA regulates directed and, or covert surveillance carried out against private individuals or organisations by public authorities. It is unlawful to undertake surveillance without obtaining proper authorisation in compliance with these regulations.
Amendments to the Regulation of Investigatory Powers (Directed Surveillance and Covert Human Intelligence Sources) Order 2010
These amendments mean that a local authority can now only grant an authorisation under RIPA for the use of directed surveillance where the local authority is investigating particular types of criminal offences. These are criminal offences which attract a maximum custodial sentence of 6 months or more or relate to the underage sale of alcohol or tobacco. Obviously it is never the role of social workers to investigate criminal offences.
General Data Protection Regulations 2018
Under this act personal data has to be “fairly and lawfully processed”, meaning that there needs to be legitimate grounds for collecting and using personal data, and there must be “no detriment” to the data subject of their data being collected.
7.2.2 SPECIFIC CONSIDERATIONS
Searching for Missing Individuals: Family court judge, Justice Holman, adjourned an adoption hearing to give time for the birth mother who the LA had been unable to contact to be traced and notified of
10
the hearing. Justice Holman had been informed by a party in the case that the mother had been found on Facebook. He said:
“...Facebook may well be a route to somebody such as a birth parent whose whereabouts are unknown and who requires to be served with notice of adoption proceedings.
“I do not for one moment suggest that Facebook should be the first method used, but it does seem to be a useful tool in the armoury which can certainly be resorted to long before a conclusion is reached that it is impossible to locate the whereabouts of a birth parent.
“...in this particular case, a relatively socially disadvantaged young mother…has been found very rapidly by that means.”
In this type of instance the General Data Protection Regulation requirement that there be “legitimate grounds” for gathering information is clearly met, and in any event the search of Facebook or any other form of social media account had been ordered by a court. More generally however there should be a record of the decision making in relation to the legitimacy of any search.
As well as satisfying the ‘legitimacy’ test, there is a requirement to consider whether there is any detriment to the data subject. It may be in the case of someone who is effectively ‘in hiding’ that a search on Facebook or any other form of social media account for that person by a public authority could infringe, and thereby cause them detriment. Of course in any one case it may be very difficult to determine whether this is likely to be the case or not.
Even having taken into account all of the above there remain complex issues about whose Facebook or any other form of social media account should be used to search and contact a service user. It would not be safe or appropriate for an individual social worker/ Trust employee to do this through their own private account and of course the Trust could not expect or require that they do so either. Before taking any such action, please contact Legal in the first instance to discuss.
7.2.3 VIEWING SERVICE USERS SOCIAL MEDIA
Often social workers or other social care staff will be made aware of the content of an individual service user’s social media account by another service user. Social workers are then sometimes tempted to make a search and even gather information. For example by copying and pasting screenshots into case notes or reports via their own social media accounts. There is a temptation to think that there is no infringement of the service user’s privacy if they have not applied privacy settings to their account. This is not the case.
There is clear guidance produced by the Office of Surveillance Commissioners (OSC): https://osc.independent.gov.uk/category/guidance-notes/ripa/
The guidance is for members of the State (such as social workers) setting out when they can view social media without consent of the author. If a parent has privacy
11
settings, then the only way to view it is with the person’s explicit consent or a warrant under RIPA from a Magistrate. Anything else is an offence. The guidance is also clear that the use of dummy or fake accounts to gain access to another person’s social media presence is ‘inadvisable’.
In relation to when privacy setting have not been used, the guidance states:
“Where privacy settings are available but not applied the data may be considered open source and an authorisation is not usually required”.
However:
“Repeat viewing of ―open source sites may constitute directed surveillance on a case by case basis and this should be borne in mind”.
Directed surveillance requires authorisation under RIPA, conducting directed surveillance without authorisation is a criminal offence under RIPA, and may also attract damages claims against the Trust. Since the 2010 Amendments to RIPA (see above) it is highly unlikely that authorisation will be obtained in child protection cases.
Even if a social worker only viewed an account on one occasion, if another social worker for the same LA were to look at the same social media account, then the Trust may be running the risk of inadvertently straying into the territory of conducting directed surveillance.
7.2.4 CHILDREN’S SOCIAL CARE STAFF ADVICE
Staff should not look at service users’ social media accounts at all, as to do so could result in criminal prosecution of the individual/s involved and possible claims for damages against the Trust.
Staff should also not ‘commission’ another person not employed by the Trust to undertake a search on their behalf.
In the event of social media content being passed to a member of staff in an unsolicited manner, the staff member should report this to their line manager in the first instance and legal advice sought as to how to ‘process’ that information.
If in any doubt, or you would like to consider using social media to find an absent parent or other relative, legal advice should be sought.
7.3 USE OF SOCIAL MEDIA FOR TRUST BUSINESS
Only those employees authorised by the Trust to use social media as being the
‘voice of the Trust are permitted to do so. Any social media presence on behalf of the
Trust will require the approval of the Head of HR, OD, Communications and
Marketing prior to an account being set up. If approved you will need to share the
account and login details with the Communications and Marketing team.
The Trust’s corporate social media accounts will be managed by the
Communications and Marketing team. This is to ensure that all messages are
12
accurate, consistent and coordinated with other communication and marketing
activity across the Trust.
If managers believe that using social media as means for communication with staff,
young people, carers, volunteers, stakeholders or the general public is appropriate
and necessary, some considerations must be made. The below cover the areas
services would need to outline prior to an account being approved.
Clear objectives: There should be clear potential benefits from setting up a new
social media account. Be it to reach young people, carers and/or colleagues within
the Trust and/or the wider local or national community. You must be able to illustrate
why you feel this can’t be achieved through the Trust’s corporate social media
channels. In addition to this, you will also be asked to demonstrate how you and your
team plan to manage the account, if approved. An initial buzz of activity followed by
the account rarely being used will be seen in a poor light and may lead to the site
being closed down.
Right network for your audience: It is easy to select a channel because it is the
one that you use and know, as it may not be the right one for your audience. Instead
you should start by identifying which networks your target audience use. If you can,
ask a cross section of your audience and where they like to be online. You might find
they like to use multiple channels, but don’t spread yourself too thinly online. Running
social network accounts takes time and resources.
Have a strategy: Regular posts that interest your audience will help to build your
platform and attract new audiences. It is therefore really important that you have a
strategy for developing your content. The Trust’s Communications and Marketing
team can help you with this. A good place to state is to listen to what your audience
like to talk about. Keep focussed on your own messages and priorities but don’t be
afraid to share relevant content besides your own. Do be mindful of Trust campaigns
and how your objectives could be similar – you can help to amplify the Trust’s
messages.
How is your platform performing? It is important that you make the time to review
your social media channel is performing, if it is achieving your original objectives.
Regular reviews should be undertaken to understand which activities have not been
effective and why so that you can adapt future content. The Trust’s Communications
and Marketing Team can help you with this.
Monitoring/moderating the site must be done regularly on the five working days of
each week (Monday-Friday), in order that any malicious or malevolent comments are
removed as soon as possible. This must be undertaken within the service and the
relevant Head of Service and Trust’s Communications & Marketing Team must be
informed of any material which may potentially attract media interest, breach
confidentiality or bring the trust into disrepute generally.
Disclaimers on social media sites do not remove the Trust’s obligations to
accuracy and potential legal implications. Generally, the operators of websites or
social media accounts are not held liable for unmoderated defamatory material
13
posted by third parties, however once notified of potentially defamatory material, it is
the site or account owner’s responsibility to remove it within a reasonable timeframe.
If a manager decides that social media is an appropriate service tool, a Privacy
Impact Assessment must be completed and forwarded to the Corporate Resource
Manager, who holds responsibility as the Trust’s Information Officer together with a
risk assessment which will identify how the issues identified above are going to be
addressed.
Email [email protected] for further details.
It is important to note that comments made on a social media account operated by
the Trust belong to the organisation and can be disclosed under the Freedom of
Information Act 2000. The Information Commissioner has also dictated that
organisations must be in a position to receive a Freedom of Information Act request
via that medium and site so any such requests received via trust-operated social
media accounts should immediately be forwarded to
7.4 USE OF SOCIAL MEDIA BY YOUNG PEOPLE IN OUR CARE
Due to the proliferation of internet-enabled mobile phones and other handheld
devices, it is not practical or possible for the Trust to monitor or control social media
activity by our young people in our care either on or off Trust premises. However, to
protect confidentiality, young people must not take pictures or videos of other young
people, visitors or Trust staff and post them on social media websites without their
permission.
Regardless of age it is important to have a discussion with a young person about
what is acceptable online behaviour. Talk frankly to your child about how they explore
issues related to the health, wellbeing, body image and sexuality of themselves and
others online. They may be discovering inaccurate or dangerous information on online at
what is a vulnerable time in their lives.
Young people must also not post personal details relating to other young people or
Trust staff on social media without their permission. Trust staff should challenge
anyone believed to be uploading pictures, video or personal details of young people
in our care, visitors or Trust staff without their permission.
In the first instance, staff should ask that the individual/s concerned delete any
photos/videos taken and/or remove social media posts revealing personal details. If
the individual does not comply with this request, then please take a screen copy of
the image and share it with the Head of Service and Communications by emailing
It may also be appropriate to report activity of this nature to the police in certain
circumstances. For example if it suspected that images or videos are of a voyeuristic
nature are being recorded or if the material posted is of a significantly offensive or
14
threatening nature. This will need to be reported immediately to the Head of Service
responsible for the Service area or equivalent.
7.5 REPORTING MISUSE OF SOCIAL MEDIA
All staff, volunteers and contractors are responsible for reporting any potential social
media misuse they may see online and reporting and challenging social media
misuse by young people and children.
Any concerns must be raised immediately by emailing
[email protected] and your Head of Service.
In the email you should include as much relevant detail as possible, including where
and when it was post, a screen shot of the post, and the action that has been taken
to try and get the post removed.
8. ROLES & RESPONSIBILITIES
The Chief Executive is the Accounting Officer and, supported by the SIRO has
overall responsibility for ensuring that information governance is applied through the
organisation. Whilst the Trust is the data controller the Chief Executive is
accountable for ensuring the role is carried out and meeting all statutory
requirements. The role carries the responsibility of being the trust’s Data Controller
and has overall accountability for compliance with the trust’s policies ensuring that all
staff are aware of the need to comply with the General Data Protection Regulation
and the Data Protection Act 2018. The Chief Executive also carries overall
responsibility for ensuring that arrangements with third parties who process personal
data on the Trust’s behalf do so under written contract which stipulates appropriate
compliance with current data protection legislation.
Managers and supervisors will be responsible for ensuring the local implementation
of information governance and that they implement this and appropriate information
policies within their sphere of responsibility, including monitoring the content of any
social network sites utilised by the service to ensure the content complies with all
Information Governance and trust policies. This includes taking appropriate
management action should non- compliance arise. Clear accountability
arrangements will ensure that staff are held to account for the work that they do and
this will be reinforced through contractual arrangements.
Employees, volunteers, agency workers, sub-contractors: All Trust staff,
employed, agency, sub-contracted or volunteers, have a responsibility to ensure
compliance with this and other information governance policies and procedures in
general. With regard to the application of social media, all staff, employed, sub-
contracted or volunteers have a responsibility to ensure that any content posted on a
Trust social media site complies with both information governance and trust policies
including ensuring that all staff as listed, must undertake annual mandatory
information governance training requirements.
15
VERSION CONTROL
Version Date Author(s) Status Comment
Draft1 10-10-18 Lorraine Eastham Draft For review by Chief Executive Team Expert Readers