How To Write A Web 2.0 Policy

Writing a Web 2.0 policy has become an important priority for organisations as they battle to understand the legal and regulatory risks associated with their staff using social media websites. This article discusses the issues and challenges facing top managers and compliance professionals.

Web 2.0 is called many things: a technology, business process and even an online behaviour. What's clear is that a Web 2.0 web site allows users to interact and collaborate with each other in a social media dialogue as creators of user-generated content in a virtual community.

What's less clear are the policies and rules that protect organisations against their liabilities that arise out of Web 2.0.  Here we discuss some of the legal issues and what organisations can do to mitigate their risk.

Examples of Web 2.0 include social networking website, blogs, forums, wikis and other online meeting places. This type of website is in contrast to websites where users are limited to the passive viewing of content that was created for them.

From a business perspective, Web 2.0 has both advantages and disadvantages.

Advantages of Web 2.0

  • Greater online collaboration between supply chain participants;
  • Service-orientated architecture with more user-interface, software and storage facilities;
  • Richer user experience, user participation;
  • Dynamic content, metadata, web standards and scalability;

Disadvantages of Web 2.0

The key areas for concern focus on security and management:

  • Workers wasting time on irrelevant browsing;
  • Create holes for information leakage, resulting in the loss of confidential information;
  • Expose organizations to legal liabilities and financial penalties from compliance breaches;
  • Compromise network security from malware spread through real-time channels;
  • Increase help desk calls and support costs;
  • Cause network bandwidth overload with file sharing.


The client-side/web browser technologies used in Web 2.0 development are Asynchronous JavaScript and XML (Ajax), Adobe Flash and the Adobe Flex framework, and JavaScript/Ajax frameworks such as Yahoo! UI Library, Dojo Toolkit, MooTools, and jQuery. Ajax programming uses JavaScript to upload and download new data from the web server without undergoing a full-page reload.

AJAX is a key technology used to build Web 2.0 because it provides rich user experience and works any browser whether it is Firefox or Internet Explorer. Then, a language with very good web services support should be used to build Web 2.0 applications. In addition, the language used should be iterative meaning that it will help easy and fast the addition and deployment of features.


  • Search Finding information through keyword search;
  • Links Connects information together into a meaningful information ecosystem using the model of the Web, and provides low-barrier social tools;
  • Authoring The ability to create and update content leads to the collaborative work of many and not just a few web authors. In wikis, users may extend, undo and redo each other's work. In blogs, posts and the comments of people build up over time;
  • Tags Categorization of content by users adding "tags" - short, usually one-word descriptions - to ease searching, without dependence on pre-made categories. Collections of tags created by many users within a single system may be called "folksonomies" (i.e., folk taxonomies);
  • Extensions Software that makes the Web an application platform as well as a document server. These include software like Adobe Reader, Adobe Flash player, Microsoft Silverlight, ActiveX, Oracle Java, Quicktime, Windows Media, etc;
  • Signals The use of syndication technology such as RSS to tell users of content changes.

Legal risks

The main legal risks associated with Web 2.0 and external corporate blogging

  • Damage to an individual's or company's reputation. This typically arises if a blogger says something which tarnishes the reputation of the company in the eyes of the reader. It could be an inappropriate comment, or it could be that they criticise the company directly;
  • Liability for infringement of intellectual property rights. The biggest risk here is that the blogger copies content for the blog post from another source without permission. It could be that they copy the text of an article, or include a photograph or logo belonging to another party;
  • Liability for defamation or illegal content. Defamation is perhaps one of the greatest risks to corporate blogs – especially if authors are given a free rein. It is probably natural that employees would want to put down the competition, and fair comparisons are fine. The risk arises when authors cross the line, and opinion becomes defamation;
  • Leaking confidential information. Internal losses are as much of a concern as external liability. Not all employees will realise what is and is not proper to show – meaning that confidential information can easily leak out of the business. This could be details of a new product launch, or disclosure of poor financial figures. Commercial damage and breach of insider trading rules are just two of the risks;
  • Harassment. Employers have a duty to protect all of their employees, so it is important that blogs are not used as a way of harassing others. The employer could become liable for allowing one employee's blogging to amount to harassment of another;
  • Failing to recognise a statutory grievance. A statutory grievance is any complaint which is capable of forming a claim before an employment tribunal.

Writing a web 2.0 policy

Consider the following actions

  • Assess how the organisation uses online collaboration tools such as blogs, forums and social networking sites.
  • Are these tools necessary to work performance? If so, how do you measure their impact upon the bottom line?
  • How much time can be spent blogging? How should staff balance this with the performance of other duties? Are you able to set down some key aims for each online community and ask the relevant staff member for regular reports / updates / reviews in line with the company’s appraisal system.
  • Remind bloggers that they act as representatives of your company, albeit they write in their own names.
  • Warn against posts that could potentially offend readers (e.g. obscene, threatening, abusive, sexually or racially offensive material);
  • Forbid posting anyone else's content without their written permission;
  • Disallow posting anything that is confidential to the company. Written and agreed guidance about what confidential information is may be necessary – e.g. financial information or information about future projects.