Hey, You Can't Say That! Or can you?

I have received, from a friend, a draft of an intra-institutional guideline for employee blogging and online behavior. The employer has been anonymized. The document has been written by non-scientist non-bloggers at the institution and is making the rounds prior to formal review and approval.

We have talked about this at ScienceOnline'09 in the session Hey, You Can't Say That!. Here are some of the bloggy responses to that session to get you up to speed:

Deep Thoughts and Silliness: Semi-live Blogging Scienceonline09: Day 2
Highly Allochthonous: ScienceOnline Day 2: generalised ramblings
Ideonexus: ScienceOnline09: Hey, You Can't Say That!
Expression Patterns: ScienceOnline09 - Day 3
Confessions of a Science Librarian: ScienceOnline '09: Sunday summary and final thoughts

I do not know how many other research institutions (for example universities and research institutes), or other science-related businesses (for example science publishers and biotech), are developing - or have already enacted - similar guidelines, but there's no time like the present for the science blogging community to plug itself into this discussion and maybe even start taking some active steps (for example recommending a set of guidelines or a template document for circulation and use by scientists and their employers).

What I would like you to do is read these draft guidelines, comment on them on your own blogs, make changes and edits to make it better, or to make it start making sense, make sure that your edits are highly visible (e.g., in bold or red), and then post the URL of your post in the comments of this post. Here is the text as I got it:

Social media guidelines for Big Research Institution (which I will abbreviate as BRI from here on out) staff

These guidelines are intended to cover blogs, where BRI staff discuss their projects or professional work, as well as BRI related pages set up by staff on social networking sites such as Flickr and Facebook. They do not cover any personal use of social media which is primarily about personal matters or hobbies.

We have a long history of BRI staff actively contributing to public discussions. However there are a few simple guidelines for BRI staff to consider when setting up their personal blogs and wikis which are outlined under "Personal social media guidelines" at the end of this document.

Guidelines for a BRI context

BRI can clearly benefit from the use of social media to promote its activities, discuss projects and research, and increase its overall knowledge base. These guidelines are intended to ensure that BRI can have a strategic overview of how we are using social media, use it in an effective way to develop our vision, facilitate its development and cross promote where appropriate.

For the purposes of this document online social media activity by BRI staff and associates falls into two categories:

Public facing - Social media which directly relates to or discusses work or projects at BRI and has a general public audience.

Peer to peer - As above but where the blog, forum, wiki etc is used as a tool for scientists and others to communicate with their peers and is not intended for a general public audience. This includes both social media content hosted by BRI and collaborative projects.

Speak freely, but respect BRI's confidentiality and values

Whether social media content is public facing or peer to peer, the individual has a duty to:

* behave in a way that is consistent with BRI's values and policies
* respect the confidentiality of information as outlined in BRI's staff handbook

Unless there are specific concerns about the nature of the work, BRI staff are free to discuss work and research online. However, staff must not reveal any information which may be confidential. This might include aspects of research, BRI policy or details of internal discussions. Staff should check the BRI IP policy, the staff handbook and/or consult their manager if at all unclear about what might be confidential.

Editorial

The content of peer to peer pages or sites is the responsibility of the relevant department. The content should follow BRI editorial guidelines to ensure usability and accessibility. Content is the responsibility of the individual and their department and would not be edited by BRI editors. Moderation is the responsibility of the relevant department.

Public facing social media is covered by the general editorial guidelines, and should be written for the expected audience and have a moderation plan agreed with BRI.

Intellectual property

All BRI social media output is the intellectual property of BRI.

BRI will operate all of its social media under a creative commons license, which means that content such as images can be reused for educational purposes unless otherwise stated.

It is the responsibility of the author of any social media content to ensure that the copyright is cleared for any material published.

Setting up of new social media and content pages

Whether you are setting up new BRI social media pages within the BRI website or on an existing social media site such as Flickr or Facebook, they need to follow the BRI interactive project process.

In the first instance please discuss with your manager. If they are in agreement then the next step is to complete and submit a concept brief for social media (link here) which outlines:

* the purpose
* the author
* the audience
* the contributors
* moderation plans
* expected duration
* how they fit with department/corporate plans

Concept brief forms are available from your manager.

Existing blogs

Staff who already have a blog, wiki, forum etc. which is related to their work or BRI should discuss it with their manager and the BRI production editor. This will allow for a shared understanding of activity in this area and will help BRI promote and aggregate a body of BRI blogs in the future.

Scientists can link to their blogs from their CV's on the BRI website but it may also be appropriate to integrate it into other areas of the site and promote it more generally from BRI's website.

Personal use of social media by BRI staff

If within your blog, wiki or social media pages BRI or work at BRI is highlighted the content should comply with the Code of Conduct outlined in the staff handbook.

Additionally if a personal blog is clearly identifying the staff as a member of BRI it should have a simple and visible disclaimer such as 'The views expressed on this blog/website are mine alone and do not necessarily reflect the views of BRI.'

Personal social media pages or websites may link to BRI's website, but should not reproduce material that is available as a result of BRI employment, use any BRI branding, nor should the blog or website purport to represent BRI in any way.

If you wish to use BRI copyrighted material you need to obtain BRI's permission.

Social media

For the purposes of this document, the term Social Media includes:

* blogs
* forums
* networking sites such as Facebook, Bebo, Linked In
* photo sharing sites such as Flickr
* video sharing sites such as YouTube
* all other sites allowing publishing of opinion and comment where an individual might be viewed as representing BRI

Appendix: BRI's existing social networking rules

Social networking websites

We provide open access to the internet for business use. However, we do recognize that you might use the internet for personal purposes. This policy sets out your responsibilities in relation to using the internet to access social networking websites such as Facebook, MySpace, Bebo and Friendster.

Personal use of the internet

We allow you to access social networking websites on the internet for personal use during certain times. These times are:

* before and after work hours; and
* during the one-hour break at lunch.

We reserve the right to restrict access to these websites and to bar individuals who abuse our broad approach to open internet access.

Personal conduct

While we respect your right to a private life, we also have a general duty of care for the welfare of all our staff and also a responsibility to ensure that the reputation of BRI as an institution of world standing is protected. We therefore require employees using social networking websites to:

* refrain from identifying yourself as working for BRI;
* ensure that you do not conduct yourself in a way that could be perceived to be of detriment to BRI's reputation and its role as a public authority; and
* take care not to allow your interaction on these websites to damage working relationships between members of staff and clients of BRI.

Monitoring of internet access at work

We reserve the right to monitor internet usage, but will endeavor to inform you should your usage be under surveillance and the reasons for it. We consider that valid reasons for checking an individual's internet usage may include suspicions that you have

* been spending an excessive amount of time viewing websites that are not work-related; or
* acted in a way that damages the reputation of BRI and/or breaches commercial confidentiality.

We reserve the right to retain information that it has gathered on an individual's use of the internet for a period of 12 months.

Access to the web may be withdrawn in any case of misuse of this facility and may result in disciplinary action.

Security and identity theft

You should be aware that social networking websites are a public forum, particularly if you are part of a 'network'. You should not assume that your entries on any website will remain private. You should never send abusive or defamatory messages.

Please be security conscious and take steps to protect yourself from identity theft, for example by restricting the amount of personal information that you reveal. Social networking websites allow people to post detailed personal information such as date of birth, place of birth and favorite team, which can form the basis of security questions and passwords. In addition, you should:

* ensure that no information is made available that could provide a person with unauthorized access to BRI and/or any confidential information; and
* refrain from recording any confidential information regarding BRI on any network

What do you all think? Go ahead and make your own edits, or de novo drafts on your own blogs, and let me know the permalinks here.

More like this

Thanks for posting this. I hope we can develop this discussion to a very high level before the next conference. Maybe we can get some BRI reps to show up.

"All BRI social media output is the intellectual property of BRI."

Whoa.

"refrain from identifying yourself as working for BRI"

Double whoa.

That all seems pretty standard-issue to me. It's also horribly restrictive, which is why I'd always prefer to blog etc on my own time and dime. Not that doing so absolves one of all responsibility to one's employer.

@Karen: why "double whoa" to that particular injunction?

An example: I got a right bollocking over this article, which identifies me as a Shriners employee -- I'd no idea Mitch would write that, though of course he knew where I worked, and it just never occurred to me to ask him not to.

Next thing I knew (well, months later actually) suits from headquarters were all a-flutter over the idea of Shriners being linked with something they hadn't vetted. It all came to nothing in the end, but although I disagree with their views on the article, I see the suits' point: the article makes an explicit link between me (and my opinions) and Shriners, without any disclaimer. Many readers might have been led to think, or unconsciously assume, that Shriners was on board with my ideas there. (Believe you me, they were not and are not and likely never will be!) What right had I to force that association on them?

I was happy to promise that I would ask future interviewers not to identify me as a SHC employee. I've made that request twice since; one correspondent (freelance journalist, asking for an interview) lost interest when told she couldn't identify my place of work, and one (liberal arts faculty, asking me to give a talk) was happy to oblige. I'm not sure what difference it makes to journalists -- if there are any reading, perhaps they might comment?

Disclaimer, or something: I no longer work for Shriners.

@bill @Karen: why "double whoa" to that particular injunction?

I can't answer that because if someone clicks on my name and goes to my profile, they might find out the name of my employer.

I'm with Karen on that one. It seems to want it both ways, owning the intellectual property while still avoiding liability for that property. So to that I second the 'double whoa'.

These guidelines are intended to ensure that BRI can have a strategic overview of how we are using social media, use it in an effective way to develop our vision, facilitate its development and cross promote where appropriate.

I may be wrong, but this sounds like BRI is trying to draft its staff into its marketing/PR wing. As such, I don't think they can in any way enforce this outside of work, without offering compensation in some form (and 'keeping your job' does not count - that's a threat, not compensation). Even in work, I'm not sure they can do that, depending on the nature of BRI. (If, eg, BRI is a university and you teach there, yeah they could. On the other hand, if the BRI is the NIH, and the only way you 'work' for them is via grants, then its highly doubtful they could enforce it.)

IANAL and all that..

I'm having a hard time imagining a legitimate situation in which elements of an organization's "policy" would be confidential. If an organization has internal policies that would reflect poorly on them if made public, that's generally a sign that they shouldn't have those policies.

refrain from identifying yourself as working for BRI

This came under the heading "personal conduct", where it speaks of the right to a private life. To me this injunction sounds odd - are not allowed to mention our place of work in general discussion with people we meet?

As is often said, Social Media are blurring the distinctions between work and life. Trying to force them apart again is working against reality.

@Karen and especially Southern Fried: I think we are thinking of different cases. To wit:

If I'm a BRI employee writing on an official BRI instrument, hosted and branded and etc by them, then they have a claim on any IP -- that's the "All BRI social media output is the intellectual property of BRI" clause from the top of the document. (Maybe it over-reaches, but that's a different argument.)

If, on the other hand, I'm writing on my own time and dime and website, they don't have -- and I don't think they're making -- any similar IP claim. I do still (as in the example I gave) have a certain responsibility to BRI. That's what the "refrain from identifying yourself as working for BRI" clause is meant to cover, just like the "should have a simple and visible disclaimer" clause: the point of both is to prevent Joe Public from thinking I speak for BRI when I'm not acting in that capacity, and when BRI has no control over what I say. Mutual deniability :-). The latter clause clearly comes under "Personal use of social media by BRI staff", whereas the former is in the Appendix under a separate heading -- hence, I think, the confusion.

As it happens, it's the next two clauses after "refrain... BRI" that give me hives. If it's just "refrain..." then as long as you don't go waving BRI around in your .sig and so forth, and have a disclaimer where you reasonably can do so (on your blog, in your Twitter profile perhaps), you should be covered.

It's important to note, though, that I'm interpreting "refrain" not as "you must NEVER EVER do this" but rather as "don't do this gratuitously". I can see how the leeway in interpretation might be dangerous, though -- better wording might be "take reasonable precautions against being identified as a BRI spokesperson" or something. For instance, a reasonable interpretation would mean it's fine for Karen to answer me, if she put a standard disclaimer (like the one here) on her site. I don't think that's too onerous a request.

But the next two clauses: "ensure... authority" and "take care... BRI", now those cross a line for me. Both of those *are* attempts to directly control behaviour outside of work time and place, rather than establish reasonable distance between BRI and what its employees get up to on their own time.

Having typed all that, now I wonder whether the onus should rather be on BRI? If a BRI employee moons the Preznit or something, surely they can issue a statement to the effect that BRI does not endorse ass-baring as political criticism -- rather than pre-emptively tying the employee down in a contract that allows them to fire him/her for the mooning.

I guess the thing is, I didn't feel my employers were being unreasonable in the personal example I gave, since I don't have a problem with putting a disclaimer on my website (see) and asking not to be identified as one of theirs when blathering on in public. But I can see how written policies could easily stretch from there into Unreasonable territory.

(Sorry for the length, don't have time to make it shorter.)

Good point, Southern Fried Scientist. Terms of employment are called 'contracts' after all, which suggests there should be rights and responsibilities on both sides, not just rights for the employer and responsibilities for the employee. Taking this idea a step further, imagine if employees wrote up guidelines that said their employers had to refrain from identifying their employees online. Oh the press releases that would have to be retracted...

I also agree with Frank Norman - it would be very strange if an employer were to bar it's employees from mentioning their place of work in a 'live' social context, why should online be different?

Disclaimer: The above are my own views and should not be taken to reflect the views of my employer.

Re. not revealing your connection to BRI, this also overlooks the existence of Google etc. It's a simple matter to stick someone's name into Google or Zoom or wherever and, with a bit of luck, find out a bit more about them. I appreciate the need to indicate that one is not a spokesperson for the organisation, but I don't think a blanket ban on mentioning the name of one's employer makes sense.