Wednesday, April 22, 2009

Guidelines for Scientist Blogging and Online Behavior

A Blog Around the Clock recently posted a draft of an institutional document governing employee blogging and social media use. This pseudonymous Big Research Institution is trying to establish guidelines about the information that its employees are allowed to share online. As someone who blogs under my own name about things that I do for a living, such policies would affect me if Emory decided to enact them. I'm posting the whole set of proposed rules in block quotes, with some of my own comments from a research blogger's perspective. I should note that this document did NOT come from Emory, and my response to it is purely hypothetical.

Social media guidelines for Big Research Institution (which I will abbreviate as BRI from here on out) staff

These guidelines are intended to cover blogs, where BRI staff discuss their projects or professional work, as well as BRI related pages set up by staff on social networking sites such as Flickr and Facebook. They do not cover any personal use of social media which is primarily about personal matters or hobbies.

I would consider my Facebook profile to be primarily centered around "personal matters or hobbies," but since it includes my university affiliation, it can be policed under this set of rules. Because nothing on the internet is anonymous, I am careful about the information that I share on Facebook, but I also get pretty personal there (sharing political links, making off-color jokes, posting pictures in which I am making a silly face, etc.). I'm completely aware of the fact that anyone can find my Facebook page and pass judgment on me because of it; what I'm not prepared to do is to act as though everything posted on my Facebook is directly linked to my job. Therefore, I would question any institutional policy that attempted to be so broad in its application to personal social networking sites like Facebook.

We have a long history of BRI staff actively contributing to public discussions. However there are a few simple guidelines for BRI staff to consider when setting up their personal blogs and wikis which are outlined under "Personal social media guidelines" at the end of this document.

Guidelines for a BRI context

BRI can clearly benefit from the use of social media to promote its activities, discuss projects and research, and increase its overall knowledge base. These guidelines are intended to ensure that BRI can have a strategic overview of how we are using social media, use it in an effective way to develop our vision, facilitate its development and cross promote where appropriate.

For the purposes of this document online social media activity by BRI staff and associates falls into two categories:

Public facing - Social media which directly relates to or discusses work or projects at BRI and has a general public audience.

Peer to peer - As above but where the blog, forum, wiki etc is used as a tool for scientists and others to communicate with their peers and is not intended for a general public audience. This includes both social media content hosted by BRI and collaborative projects.

Here again I would argue that some "public facing" content (like Facebook pages) does not directly relate to work or projects at the employee's institution, even if the employee happens to mention where he or she works.

Speak freely, but respect BRI's confidentiality and values

Whether social media content is public facing or peer to peer, the individual has a duty to:

* behave in a way that is consistent with BRI's values and policies

* respect the confidentiality of information as outlined in BRI's staff handbook

Unless there are specific concerns about the nature of the work, BRI staff are free to discuss work and research online. However, staff must not reveal any information which may be confidential. This might include aspects of research, BRI policy or details of internal discussions. Staff should check the BRI IP policy, the staff handbook and/or consult their manager if at all unclear about what might be confidential.

Before I can feel comfortable with these guidelines, I need to have "BRI's values and policies" defined. If I post pictures of myself holding a beer, or wearing a coconut bra and a grass skirt at a luau, am I somehow tarnishing the reputation of my university? If I flame someone for making a stupid post, am I considered to be doing so on behalf of my employer? If social networking sites like Facebook are to be held to these standards, do they also apply to personals like If I were to write a lonely-hearts ad that mentioned both my employer and my participation in potentially shocking subcultures, for example, could my employer object? Those of us with any degree of internet prominence should carefully weigh the decision to make information about ourselves public, but we should do so using our own "values" as a yardstick, not a set of ambiguously-defined "values" from our employer.

I'm also uncomfortable with the idea that discussing my university's "policy" could be considered inappropriate. Shrouding institutional policy in secrecy does not bode well -- institutions with sound, sensible policies should be shouting them from the rooftops to try to attract the best employees. If my institution has a bad policy and I criticize it publicly, the proper response is not to censor me for talking about it. The response should be to improve the policy so that the institution is no longer ashamed of it.

I have no qualms about honoring confidentiality, however, or about keeping sensitive data out of the public eye. To me, that's just common sense, codified.


The content of peer to peer pages or sites is the responsibility of the relevant department. The content should follow BRI editorial guidelines to ensure usability and accessibility. Content is the responsibility of the individual and their department and would not be edited by BRI editors. Moderation is the responsibility of the relevant department.

Public facing social media is covered by the general editorial guidelines, and should be written for the expected audience and have a moderation plan agreed with BRI.

This gives me pause. Because I have a blog that occasionally mentions my institution, I should have a "moderation plan" with them? And, what are the "general editorial guidelines" that I must follow? No blinking text? No curse words? I require more detailed information about the moderation and editorial policies in question before I would feel comfortable agreeing to anything like this. If such guidlines would entail much more than common sense policies covering confidentiality, I imagine I would find fault with them.

Intellectual property

All BRI social media output is the intellectual property of BRI.

Like heck it is. If I post one of my famously witty sonnets about DNA on my blog or my Facebook, the university doesn't get to slap it on a t-shirt and call it their own.

BRI will operate all of its social media under a creative commons license, which means that content such as images can be reused for educational purposes unless otherwise stated.

It is the responsibility of the author of any social media content to ensure that the copyright is cleared for any material published.

Ah, "for educational purposes." I don't have a problem with people sharing content from my blog -- after all, I make it freely available on the internet -- but I would like to at least be credited for creating it. It's unclear what sort of Creative Commons license is being proposed here, but I would be okay with this provided there is an attribution condition. For example, I wouldn't mind if my university linked to a post on my blog from their website, next to a picture of me, while crediting me for the writing. That does not make my blog their intellectual property, however.

Setting up of new social media and content pages

Whether you are setting up new BRI social media pages within the BRI website or on an existing social media site such as Flickr or Facebook, they need to follow the BRI interactive project process.

In the first instance please discuss with your manager. If they are in agreement then the next step is to complete and submit a concept brief for social media (link here) which outlines:

* the purpose

* the author

* the audience

* the contributors

* moderation plans

* expected duration

* how they fit with department/corporate plans

Concept brief forms are available from your manager.

This seems completely unfeasible. No one is going to consult with their manager and submit a "concept brief" before making a Flickr account. If I wanted to blog about details of experiments that were happening in my lab, I would consult with my PI before doing so. But if I just mention that I'm a graduate student in So-and-so's lab, I don't think my PI or university should have veto power over my blogging. Even if I removed all references to my PI and/or institution from this blog, any enterprising soul with access to Google could enter something like "Laura Mariani" + "neuroscience" and find references to me on my department's website. I see no need to pretend otherwise.

Existing blogs

Staff who already have a blog, wiki, forum etc. which is related to their work or BRI should discuss it with their manager and the BRI production editor. This will allow for a shared understanding of activity in this area and will help BRI promote and aggregate a body of BRI blogs in the future.

Scientists can link to their blogs from their CV's on the BRI website but it may also be appropriate to integrate it into other areas of the site and promote it more generally from BRI's website.

This seems reasonable. I think it would be cool to see a collection of blogs by Emory students, for example. Letting your supervisor know that your blog exists is one thing; making it their intellectual property or allowing them to censor what you post based on institutional "values" is another.

Personal use of social media by BRI staff

If within your blog, wiki or social media pages BRI or work at BRI is highlighted the content should comply with the Code of Conduct outlined in the staff handbook.

Additionally if a personal blog is clearly identifying the staff as a member of BRI it should have a simple and visible disclaimer such as 'The views expressed on this blog/website are mine alone and do not necessarily reflect the views of BRI.'

Personal social media pages or websites may link to BRI's website, but should not reproduce material that is available as a result of BRI employment, use any BRI branding, nor should the blog or website purport to represent BRI in any way.

If you wish to use BRI copyrighted material you need to obtain BRI's permission.

This isn't bad. As you can see, I've already included a disclaimer on my own blog stating that my opinions are my own, not Emory's, and that I don't officially represent my university. I'd be willing to maintain a reasonable Code of Conduct, but I'd have to see the handbook before deciding whether or not it was reasonable. And it's already against the rules to share confidential or privileged information that I have access to by way of my institutional login, whether through social media or some other avenue of distribution.

Social media

For the purposes of this document, the term Social Media includes:

* blogs

* forums

* networking sites such as Facebook, Bebo, Linked In

* photo sharing sites such as Flickr

* video sharing sites such as YouTube

* all other sites allowing publishing of opinion and comment where an individual might be viewed as representing BRI

Appendix: BRI's existing social networking rules

Social networking websites

We provide open access to the internet for business use. However, we do recognize that you might use the internet for personal purposes. This policy sets out your responsibilities in relation to using the internet to access social networking websites such as Facebook, MySpace, Bebo and Friendster.

Personal use of the internet

We allow you to access social networking websites on the internet for personal use during certain times. These times are:

* before and after work hours; and

* during the one-hour break at lunch.

We reserve the right to restrict access to these websites and to bar individuals who abuse our broad approach to open internet access.

Um... let's just say that I don't restrict my personal internet usage in this way. I get things done, but I also read a lot of blogs while samples are in the centrifuge. It's safe to say that rules such as the above do not apply to graduate students -- thank goodness.

Personal conduct

While we respect your right to a private life, we also have a general duty of care for the welfare of all our staff and also a responsibility to ensure that the reputation of BRI as an institution of world standing is protected. We therefore require employees using social networking websites to:

* refrain from identifying yourself as working for BRI;

* ensure that you do not conduct yourself in a way that could be perceived to be of detriment to BRI's reputation and its role as a public authority; and

* take care not to allow your interaction on these websites to damage working relationships between members of staff and clients of BRI.

Okay, this is awful. It's silly and unfeasible to require that employees never, ever mention who they work for. My neuroscience program uses Facebook groups for a lot of things, and participation requires joining the Emory Facebook network, so clearly they are not in agreement with such a policy. I think it's a bad policy for any institution. It's totally unenforceable for in-person "social networking" (i.e., going out to a bar and chatting with strangers), and it shouldn't matter for online networking, either. I'm also not a fan of "do not conduct yourself in a way that could be perceived to be of a detriment for BRI's reputation" -- what does that even mean? Rooting for BRI's rival at a football game? It's too nebulous to be useful, and just leaves the institution with an opening to reprimand employees for things they do on their own time that should be none of their employer's business.

Monitoring of internet access at work

We reserve the right to monitor internet usage, but will endeavor to inform you should your usage be under surveillance and the reasons for it. We consider that valid reasons for checking an individual's internet usage may include suspicions that you have

* been spending an excessive amount of time viewing websites that are not work-related; or

* acted in a way that damages the reputation of BRI and/or breaches commercial confidentiality.

We reserve the right to retain information that it has gathered on an individual's use of the internet for a period of 12 months.

Access to the web may be withdrawn in any case of misuse of this facility and may result in disciplinary action.

Again, I don't see this being an issue for me as a student. I'm against monitoring anyone's internet browsing habits unless there's probable cause to assume that they're doing something really bad -- and by that I mean illegal, not just unproductive. If someone's personal web browsing is keeping them from doing their job effectively, I can kind of see the argument for shutting off their access, but wouldn't it be better to just hire employees that you can trust? If it's a slow work day and someone reads the New York Times for two hours, I don't see that as a problem. Lazy people will find ways to be lazy that don't involve the internet if you take their internet access away, and people become less productive when they don't have access to useful tools, some of which are web-based.

Security and identity theft

You should be aware that social networking websites are a public forum, particularly if you are part of a 'network'. You should not assume that your entries on any website will remain private. You should never send abusive or defamatory messages.

Please be security conscious and take steps to protect yourself from identity theft, for example by restricting the amount of personal information that you reveal. Social networking websites allow people to post detailed personal information such as date of birth, place of birth and favorite team, which can form the basis of security questions and passwords. In addition, you should:

* ensure that no information is made available that could provide a person with unauthorized access to BRI and/or any confidential information; and

* refrain from recording any confidential information regarding BRI on any network

I agree with this 100%.

So concludes my fisking of BRI's proposed policy. Although I found fault with some of the items included here, I have to applaud the mysterious BRI for opening up their institutional guidelines to public discussion before setting anything in stone. It takes a certain humility for administrators to admit that their ideas might not be perfect, and I applaud them for seeking feedback from actual scientists and bloggers during the revision period.

If you have anything to add, please do so in the comments!


  1. As I said over at Adaptive Complexity where Michael White did a similar analysis of BRI's draft policy from a different angle, I don't normally comment anonymously, but as I am the source of the document in question (Bora's "friend" and an scientist employed by BRI) it's necessary on this occasion.

    Thank you so much, Laura, for your analysis here. Your point of view is really useful, as BRI has graduate students too. Not only that but a lot of your comments are applicable to anyone in BRI's employment.

    Your post and Michael's have really helped me develop my thoughts about how to feed back constructively to BRI about the document.

    You're very generous to BRI in your final paragraph ...maybe too generous. See, BRI didn't 'open up their institutional guidelines to public discussion'. I just happen to be given a hard copy of the draft document, anonymized it and gave it to Bora to post for feedback. In other words, I'll take that last comment as a compliment to me rather than to BRI ;) (so much for 'a certain humility')

    Anyways, thanks again for your analysis. It's helpful in a very real and tangible way!

  2. Laura, I don't think you need to worry about Big Brother Emory policing your blog. The only time you'd have to worry about it is when you are applying to a faculty position and Emory or some other place is going to scrutinize you.

  3. qemag, as I mentioned in my post, Emory has already shown themselves to have saner ideas about social networking than are presented in this policy (departmental Facebook groups, etc.). I was offering my critique of BRI's policy in response to Mr./Ms. Anonymous's request for comments.

    I try to conduct this blog in a manner that could stand up to professional scrutiny, although I may not always do a perfect job. Hopefully my future employers will be okay with the fact that I have opinions and a personality.