Social Media Guideline
Every social media account that operates on behalf of Baylor University (or some part of it) offers new opportunities for the university – but also additional risks, if those accounts are not properly managed.
To better balance the opportunities with the risks, the university has developed this guideline for accounts that represent the university, its schools/colleges, departments, etc. (These do not apply to course- or class-specific accounts, and student organizations’ social media accounts are governed by Student Policies and Procedures.)
Baylor has many policies regarding privacy, appropriate behavior, requirements to report in certain situations, copyright, and more (see Item 6 below). This guideline does not replace these other policies; this guideline covers account security, emergency response, risk mitigation, and other social media-specific issues.
- Passwords/security
- General rules regarding passwords and account access:
- For each social media account representing a unit, more than one person in the unit should have the password and/or administrative access.
- Passwords/general account access should not be shared with people who are not employees or student assistants.
- Passwords should be changed at the start of each semester, plus whenever someone with access either leaves the unit or no longer has a need to access the account.
- For platforms without passwords (like Facebook and LinkedIn), the list of administrators should be reviewed at the beginning of each semester.
- Where an account allows/requires an email address, a baylor.edu email address – either an individual’s (preferably, a full-time employee) or a generic unit address – should be used. (No addresses from Gmail, Yahoo, Hotmail, etc.)
- Passwords for social media accounts should not be the same as BearID passwords.
- Student access:
- If a student needs long-term access to an account:
- The student should be thoroughly vetted by his/her supervisor and/or the account administrator within the unit. (See examples of student instruction in the appendix of this guideline.)
- The student should sign a statement of responsibility or understanding. (See examples in the appendix of this guideline.)
- The student should read and agree to the “best practices” found on the Baylor social media website. The unit may also have additional guidance in the form of style guides, allowable practices, etc.
- The account password should be changed once the student no longer needs access to the account.
- If a student needs temporary access to an account (~72 hours or less), an account administrator should be the one to log the student in and out of the account; the password should not be shared with the student for short-term use. The account administrator should verify that the student is no longer accessing the account when the immediate need passes.
- If a student needs long-term access to an account:
- Log-in information for each unit account, plus names and contact information (email and cell phone number) for a primary and secondary account administrator, should be provided to the university’s Marketing and Communications division for use in an emergency.
- Marketing/Communications will use this information only in case of emergency, and will not intervene unless necessary (see Item 2).
- This information will also be used to generate the university’s official social media directory, featured on the university social media website.
- When a social media administrator (employee or student) leaves the unit:
- The account’s password should be changed and/or administrative access revoked.
- If the person’s departure leaves only one person with administrative access, a new person in the unit should be granted access.
- General rules regarding passwords and account access:
- In case of an account emergency (mistakes, hacked accounts, rogue administrators)
- University accounts should follow all standard university policies.
- Marketing/Communications is charged with the primary responsibility to uphold the university’s brand and image. If Marketing/Communications sees something inappropriate from an official account, they will first attempt to contact the account’s listed administrators. If the administrators do not respond quickly, Marketing/Communications may step in to handle the errant post(s).
- If an account administrator notices an errant post (for instance, something personal accidentally shared to the unit account), he/she should delete it as quickly as possible. Posting a public apology is usually not necessary.
- If an account administrator notices something sinister (a hacked account, or a rogue administrator), he/she should contact the university’s director for social media communications for guidance.
- In case of emergency on campus (natural disasters, criminal activity, etc.)
- Unit accounts should defer to (and actively share from) Baylor Alert, Baylor DPS and primary Baylor University accounts to deliver any messaging.
- Improper information during an emergency may directly conflict with law enforcement and/or endanger lives. Therefore, only accounts that have worked with the Emergency Management office in advance and come to an agreement regarding their specific facility should attempt to offer tips or information about what’s happening.
- Adding an account to the university social media directory
- In order for an account to be listed in the university’s online social media directory, an account administrator must:
- Have provided both account log-in information/access and contact information for two or more account administrators to Marketing/Communications (see Item 1c).
- Have the account approved/authorized by the appropriate dean/vice president (or their designee);
- Agree to the university’s social media guideline; and
- Acknowledge having reviewed all provided best practices.
- The above information should be submitted by an account administrator using the registration form found on the university social media website.
- In order for an account to be listed in the university’s online social media directory, an account administrator must:
- Regular communication
- Marketing/Communications will convene a regular social media working group for those across campus who handle official accounts to discuss best practices, industry news, etc.
- Marketing/Communications will contact administrators once a semester with a reminder to change passwords and review best practices.
- Marketing/Communications will annually review the list of accounts and administrators to ensure that accounts are still active, that log-in information is up to date, and that the listed administrators are still correct. If an account is no longer following best practices, it may be removed from the university’s social media directory. If it appears that an account has been abandoned, Marketing/Communications may initiate a process to shut down the account or, if necessary, to recover it through legal means.
- Related policies
- Baylor University Personnel Policies found at https://risk.web.baylor.edu/policies?field_bu_tag_target_id=316. (In particular, BUPP 023 Standards of Personal Conduct, BUPP 024 Code of Ethics, BUPP 025 Technology Systems Usage Policy, BUPP 029 Handling of Confidential Information, BUPP 039 Policy on Usage of Copyrighted Material, and BUPP 721 Intellectual Property Policy)
- The Faculty Handbook found at https://provost.web.baylor.edu/facultyhandbook.
- Student Policies and Procedures found at https://studentpolicies.web.baylor.edu.
- Information Technology Services policies found at https://risk.web.baylor.edu/policies?field_bu_tag_target_id=286. (In particular, Network Usage Policies and the Information Use Policy)
- Graphic Standards found at https://brand.web.baylor.edu.
- Website & E-mail Privacy Statement found at https://disclosures.web.baylor.edu/web-priv.
- Sexual and Gender-Based Harassment and Interpersonal Violence Policy found at https://titleix.web.baylor.edu.