Social media governance in HMRC: What is the tax man's strategy?

The financial sector and public sector are particularly sensitive about social media usage. So how does the UK's customs and tax department deal with it?

In the Workings and social networking report, a series of interviews are conducted between the Advisory, Conciliation and Arbitration Service (Acas) and representatives from HM Revenue & Customs (HMRC), including an HR advisor, the department’s head of digital strategy, and a trade union representative involved in data security issues.

The report delivers interesting insight into the tax man’s strategy towards social media and online usage by staff. For instance, only half of all employees at HMRC currently have access to the internet in the workplace, though plans are currently underway to deploy access to all staff “as part of the process of centralising the HR functions of civil service departments”. The department already implements an acceptable use policy, which blocks access to certain websites.

As an organisation holding huge amounts of sensitive data, the report says HMRC feels it needs to control the types of sites employees can access from its IT system in order to maintain “extremely tight data security procedures”.

“We’re part of the government and have to be very secure. We don’t like people using sites that might bring in viruses or malware,” the HR adviser at HMRC told Acas.

HMRC is currently in the process of developing a strategy on digital engagement, including social media, “[including] how the press office might use social networking sites in order to communicate with the public”.

“We realised that one of the things that you need to do first is to set the ground rules in terms of staff engagement with social media,” explained the head of digital strategy at HMRC. “Once you have that in place, you can do other things. For example, if you want the press office to use Twitter, there needs to be some guidance about who can and who can’t use it. We have to draw a line between the sort of corporate presence and the boundaries governing people’s general use of Twitter.”

The report reveals the catalyst for the strategy’s creation is the decision to roll out blanket internet access to all HMRC staff, as well as “a couple of high-profile incidents picked up by the media of HMRC employees using social networking sites”.

“We had concerns within HR about social media and how staff were using it. We’ve had misconduct cases involving social media, although we’ve handled it quite well. We decided in HR that we needed to do something,” the HR adviser at HMRC explained to Acas. HMRC is developing the policy in conjunction with the trade unions, with internal postings on bulletin boards for employees “to see and comment upon”.

According to the report, the department feels it’s the correct approach to take with policy formation “as it will help to ensure that employees can have an input into the policy, which in turn will increase overall acceptance and awareness”.

Ultimately, the policy urges staff to conduct themselves in the online world in the same way they would in the offline space – along with the reminder that: “Everything you share on a social networking site could potentially end up in the worldwide public domain and be seen or used by someone you did not intend, even if it appears to be ‘private’ or is on a closed profile or group.”

HMRC’s basic guidelines are:

• Employees need to exercise common sense, that “what they write on social networking sites is essentially in the public domain, even if they have privacy settings, or material is posted on a closed profile or group”.
• Do not disclose personal details or whereabouts
• Choose online ‘friends’ carefully
• Ensure that privacy settings remain unchanged
• Finally, that use of the HMRC logo “is not permitted”

“We try to avoid telling people how to behave privately, but our guidance does go into private use of social media, from our department’s point of view,” added the HMRC HR adviser.