Guidance

Social Media Policy

Updated 7 August 2025

© Crown copyright 2025

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/dwp-procurement-security-policies-and-standards/social-media-policy

Overview 

The DWP Social Media Policy refers to all web-based tools which allow users to generate content and interact online. Many of the technologies used are still developing and can often put individuals and organisations at risk of online abuse. It is mandatory that all employees and contractors adhere to this Social Media Policy and supporting standards, which provide a practical approach to minimising these risks. 

Note: For the purposes of this Policy, the term ‘social media’ relates to all web-based or mobile-app-based tools involving user generated content (including but not limited to: Bluesky, Facebook, Instagram, X, etc.). Review sites, chatrooms, forums, and blog entries (this list is not exhaustive) are also within the scope of this policy. ‘Content’ includes unauthorised video and call recordings. 

Purpose 

This policy and supporting standards help to ensure that all DWP employees and contractors (‘users’) utilise social media in a responsible, safe, and secure way. 

The policy and supporting standards define the boundaries between professional and personal use and ensures that users understand the risks of using social media and how to minimise them. 

Scope 

This policy: 

a. applies to all DWP staff (including contractors, consultants, other workers and employees of relevant Arm’s Length Bodies (ALB)), collectively referred to as ‘users’; 

b. does not replace any legal or regulatory requirements; 

c. plus the supporting standards apply to all DWP employees and contractors utilising social media platforms for business via officially sanctioned DWP accounts, and users must comply with vetting requirements where applicable. This includes DWP managed devices and users’ personal devices, in both work and personal time where this relates to DWP business, or an individual’s responsibilities under the DWP Acceptable Use Policy, Standards of Behaviour Policy and The Civil Service Code; 

d. plus the supporting standards also apply to new and existing social media accounts. All account holders and sponsors must ensure that any existing accounts are compliant with the requirements of this policy. 

Definitions 

Official DWP Accounts: Accounts that have been created for the purpose of representing the DWP or the Jobcentre Plus network online and are managed by staff whose job description includes the operation of the accounts as part of their role at the DWP. The officially sanctioned DWP accounts are listed on GOV.UK. 

Professional Individual Accounts (PIAs): Accounts used for posting, sharing, promoting, or engaging with DWP or HM Government related business – users must be officially approved and are representing the Department. Therefore, they must only use PIAs on DWP approved devices, unless a Security Policy Exception has been granted. 

LinkedIn accounts: Accounts used for professional networking that can be run from a user’s personal or DWP device for non-DWP business or, if sanctioned, from a DWP device for official DWP business. 

Personal Accounts: Accounts used by individuals in their own time to engage in or post non-DWP related content. 

Internet Trolling: Internet trolling is the act of bullying or harassment online by way of posting inflammatory and digressive or off-topic messages in an online community with the intent of provoking readers into displaying emotional responses, whether for the troll’s amusement or a specific gain.  

Cyberstalking: Cyberstalking is the use of the Internet or other electronic means to stalk or harass an individual, group, or organisation. It may include false accusations, defamation, slander and libel. 

Cyberbullying: Cyberbullying or cyber harassment is a form of bullying or harassment using electronic means. Cyberbullying and cyber harassment are also known as online bullying. 

Doxing: Doxing is the action or process of searching for, and publishing, private or identifying information about a particular individual on the internet, typically with malicious intent. 

Policy Statements 

  1. DWP will not tolerate any harassment, discrimination, or defamation of employees or the public via social media platforms (for example, doxing) and may investigate any allegations of employees misusing social media in this way, whether the alleged action takes place at work or outside in their own time. 

  2. This would include, but not be limited to, abusive comments posted on social media sites, unauthorised video footage, telephone recordings etc. and applies whether the alleged action took place at work or in users’ personal time. 

  3. If you or your colleagues experience any abuse on social media, please report it immediately (notifying your manager at the same time) to the Social Media Abuse Response Team (SMART) by following the Keep Customer Interactions Safe (KCIS) process.

  4. Users must operate separate social media accounts for professional and personal content. In this instance “professional” is defined as use only for DWP business related activity. Any user activity, either professional or personal on social media platforms, must comply with the requirements of this policy as defined in the compliance section below.  

  5. Users involved in the operation and management of officially sanctioned accounts must be trained in their use. Any DWP staff who have not been trained to use these accounts will not be given access. 

  6. All official social media accounts must be managed in accordance with the DWP Information Management Policy  to ensure information is handled, stored, and disposed of securely.  

  7. New accounts on social media platforms in existing use must fulfil a strategic business requirement of the DWP and can only be created following approval by relevant members of the DWP Directorate or their proxies. 

  8. Officially sanctioned accounts will undergo periodic review and if they no longer fulfil a strategic business requirement, they may be closed and removed from the host platform. 

  9. Users must not associate themselves or their personal expressions with DWP or the Government generally. 

Accountabilities and Responsibilities 

a. The DWP Chief Security Officer is the accountable owner of the DWP Social Media Policy and is responsible for its maintenance and review, through the DWP Deputy Director for Security Policy and Central Services. 

b. Line managers must ensure that employees are aware of their responsibilities when using Social Media platforms. 

c. It is the responsibility of all users to ensure that social media abuse or misuse is reported to their line manager and, if required, to the Security Incident Response Team. 

d. It is the line manager’s responsibility to take appropriate action where non-compliance to policy is identified as detailed in the DWP Discipline Policy. 

Compliance  

a. All DWP employees, whether permanent or temporary (including DWP contractors) have security responsibilities and must be aware of, and comply with, DWP’s security policies and standards. 

b. Many of DWP’s employees and contractors handle sensitive information daily and so need to be enacting minimum baseline behaviours appropriate to the sensitivity of the information. Most security incidents and breaches relate to information security. 

c. Failure to report a security incident, potential or otherwise, could result in disciplinary action and, in the most severe circumstances, result in dismissal. A security incident is the attempted or actual unauthorised access, use, disclosure, modification, loss or destruction of a DWP asset (or a supplier asset that provides a service to the Authority) in violation of security policy. The circumstances may include actions that were actual, suspected, accidental, deliberate, or attempted. Security incidents must be reported as soon as possible. DWP users must report security incidents via the DWP Security Incident Referral Webform; third parties and suppliers must follow the DWP Security Incident Management Standard (SS-014).   

d. DWP’s Security and Data Protection Team will regularly assess for compliance with this policy and may need to inspect physical locations, technology systems, design and processes and speak to people to facilitate this. All DWP employees, agents, contractors, consultants, business partners and service providers will be required to facilitate, support, and when necessary, participate in any such inspection.

e. An exception to policy may be requested in instances where a business case can be made to undertake an activity that is non-compliant with DWP’s Security Policies. This helps to reduce the risk of non-compliant activity and security incidents.

f. Users are responsible for understanding their responsibilities as defined in this policy and the consequences of non-compliance. The Civil Service Code, the DWP Acceptable Use Policy (AUP) and DWP Standards of Behaviour must be read in conjunction with this policy. Compliance to the policy and personal conduct applies to the use of personal social media accounts, as well as professional accounts. 

g. A breach of these policies or standards could result in disciplinary action and, ultimately, dismissal from the DWP.  

h. DWP have the right to undertake routine monitoring to protect individuals and guard against any potential cyber-attack. DWP staff managing officially sanctioned DWP accounts could analyse any reference or sentiment towards DWP online as part of their role. Any misuse of social media which is identified during this routine monitoring work will be reported to the Security Incident Response Team for investigation. 

i. Failure to report a security incident, potential or actual, could result in disciplinary action. 

j. Trade Union members have the right to engage in trade union related debate and activities in their own time, using personal accounts and their own equipment as per existing guidance in the DWP Employee Relations Framework, the Civil Service Code and DWP Standards of Behaviour. Official Trade Union account activity on official Trade Union social media accounts is outside the scope of this policy. As such Trade Union related accounts may mention DWP in the account name for example, PCS DWP Group Branch. 

Any business requirement that is not consistent with this policy must be raised with the Security Advice Centre (SAC) in the first instance and consideration should be given to the Security Policy Exception process if necessary.

Back to top