Social Media Policy In New Zealand: What To Include And How To Implement It

Social media can be one of the cheapest and fastest ways to grow a small business in New Zealand. But it can also create some of the quickest legal and reputational headaches if you don't have clear rules in place.

That's where a social media policy comes in. A good policy helps you set expectations with staff and contractors, protect your brand, and reduce the risk of privacy breaches, misleading advertising, or messy workplace disputes.

If you're a business owner, the key is to treat your social media policy like part of your "legal foundations" - not something you scramble to write after a problem hits.

What Is A Social Media Policy (And Why Does Your Business Need One)?

A social media policy is a written set of rules for how people connected to your business can use social media in a way that protects your business. It usually covers:

• how your business accounts should be managed
• who can post on behalf of your business (and what approvals are needed)
• how employees and contractors should refer to your business online
• what's not okay (for example, sharing confidential information or posting abusive content)
• what happens if someone breaches the policy

Even if you're not running ads or posting every day, social media still affects your business. Your staff might mention work on personal accounts, respond to customers in comments, or share behind-the-scenes photos at your workplace.

Without clear guidelines, you can end up with issues like:

• brand damage from a single poorly worded post or comment
• privacy breaches (for example, sharing customer details or filming people in a way that unfairly intrudes on their privacy)
• consumer law risks (for example, making claims you can't back up)
• employment disputes if you discipline someone without a fair process
• ownership confusion over who "owns" a business account, followers, or content when someone leaves

For many NZ small businesses, a social media policy sits neatly alongside core documents like your Employment Contract and workplace policies, because it sets clear expectations from day one.

What Laws In New Zealand Affect Your Social Media Policy?

A social media policy isn't just about "professionalism" - it also helps you manage compliance with real legal obligations in New Zealand.

Here are some of the key legal areas to keep in mind when drafting and enforcing a social media policy.

Privacy Act 2020 (Customer And Staff Information)

If your business collects, uses, stores, or shares personal information (and most businesses do), you need to take privacy seriously. Social media can easily create privacy issues, like:

• posting a customer's name, order details, or complaint publicly
• sharing screenshots of messages or emails
• posting photos or videos of customers in-store (especially where it's unexpected, sensitive, or identifies them)
• sharing staff personal details (including rosters, phone numbers, or private messages)

A social media policy should clearly set boundaries around what can and can't be posted, and how to respond if personal information is involved. It also helps to have a proper Privacy Policy so customers know how you handle their information.

Fair Trading Act 1986 (Advertising And Claims)

Under the Fair Trading Act 1986, your business must not mislead or deceive consumers. Social media posts count as advertising if they promote your business, your products, or your services.

This matters if your social media content includes:

• before-and-after photos (that could be misleading if not representative)
• limited-time offers and discounts
• claims like "guaranteed results" or "best in NZ"
• pricing statements that don't match what customers actually pay

Your policy should help your team understand that marketing isn't just creative - it's regulated. It should also set a rule that only authorised people can make product/service claims, approve ads, or respond to complaints.

Employment Law (Discipline, Misconduct, And Process)

A social media policy is often used when a workplace issue arises - but it's important to get the process right.

In New Zealand, employment decisions must generally be fair and reasonable. If you discipline or dismiss an employee for social media conduct, you usually need to follow a proper process (for example: investigate, give the employee a chance to respond, consider alternatives, and document the steps).

This is where having clear written expectations upfront really helps. A strong policy makes it easier to point to:

• what rule was breached
• why the rule exists
• what the consequences may be
• how you'll handle alleged breaches

It also helps to ensure your policy aligns with the rest of your employment documents and your workplace culture.

Health And Safety (Workplace Conduct And Bullying)

Under the Health and Safety at Work Act 2015, you have a duty (so far as reasonably practicable) to provide a safe workplace. Online conduct can still affect workplace safety, for example if social media use leads to bullying, harassment, or threats between staff members, or towards customers.

Your social media policy can support your broader workplace behaviour expectations by clearly stating that harassment, discrimination, and bullying aren't acceptable on social media. This can include conduct outside work hours where there's a real connection to the workplace or it impacts work relationships, safety, or your business.

What Should A Social Media Policy Include For A Small Business?

There's no single "perfect" social media policy for every business. A caf? with casual staff and a retail Instagram will need something different to a professional services firm with LinkedIn-focused marketing.

That said, most NZ small businesses should include the following key sections.

1. Purpose And Scope

Start by explaining why the policy exists and who it applies to. For example:

• employees (full-time, part-time, casual)
• contractors and consultants
• interns and volunteers
• anyone posting on "official" business accounts

It's also helpful to clarify that the policy covers both:

• official business social media accounts (posting as the business), and
• personal accounts where someone refers to the business, customers, suppliers, or colleagues

2. Roles, Access, And Account Ownership

This is one of the most overlooked parts - and one of the most important.

Your policy should clearly cover:

• who can create accounts on behalf of the business
• who holds admin access and how passwords are stored
• who can approve posts, ads, or responses to complaints
• what happens to access when a staff member leaves

For many businesses, social media accounts are valuable business assets. It's worth treating them like you would customer lists or supplier relationships - with clear controls, not informal "we'll figure it out later" arrangements.

3. Content Rules (What You Can And Can't Post)

This section sets the day-to-day practical rules. Consider covering:

• Brand voice and tone (friendly, professional, humorous, etc.)
• Accuracy (don't guess; check facts, prices, availability, and promotions)
• Confidentiality (no sharing internal matters, supplier terms, pricing strategies, or customer issues)
• Respect (no abusive, discriminatory, or bullying content)
• Competitors (avoid negative statements that could cause legal or reputational risk)
• Photos and videos (think about privacy, context, and permissions - and be extra careful where children or sensitive situations are involved)

If you work with contractors for content creation, it can also be smart to clarify who owns the content (photos, videos, captions, designs) and what rights your business has to reuse it.

4. Confidential Information And Privacy

You'll want a clear definition of "confidential information" and "personal information" in plain language.

Examples of information that should generally never be posted include:

• customer phone numbers, addresses, or order details
• screenshots of private messages without permission
• internal disputes or disciplinary matters
• financial data, passwords, internal systems, or security processes

If your business uses testimonials, user-generated content, or reposts customer photos, you should also outline the approval process (for example, asking first where appropriate, keeping a record of any permissions given, and respecting deletion requests where appropriate).

5. Customer Interactions, Reviews, And Complaints

Many social media issues don't come from posts - they come from comments and DMs, especially when a customer is upset.

Your social media policy should set guidelines for handling:

• refund requests and consumer complaints
• negative reviews
• aggressive or abusive messages
• people asking for medical, financial, or other sensitive advice (where relevant)

A practical approach is to include a "when to escalate" rule, for example:

• if someone threatens legal action
• if a complaint involves a privacy concern
• if media are involved
• if a staff member feels unsafe

This keeps your responses consistent and reduces the risk of a team member trying to "fix it fast" in a way that creates more problems.

6. Personal Use During Work Hours

It's okay to set reasonable rules about personal social media use during work hours (especially where it affects productivity, customer service, or safety). The key is to keep expectations clear and realistic.

Common approaches include:

• no personal scrolling during customer-facing time
• reasonable use during breaks only
• no filming in the workplace unless approved

If social media use forms part of someone's role, your policy should separate "approved work posting" from personal use so there's no confusion.

7. Consequences And Investigation Process

A social media policy should explain what may happen if the policy is breached, while leaving room to assess each situation fairly. For example:

• informal coaching for minor issues
• a direction to remove a post
• a formal warning
• termination in serious cases (for example, serious bullying, major confidentiality breach, or unlawful conduct)

This section is important because it supports consistent decision-making. It can also discourage knee-jerk reactions when a situation is stressful.

If you're relying on the policy in an employment context, it should fit neatly within your overall employment documentation. Many businesses also build it into their wider staff handbook.

How Do You Implement A Social Media Policy Without It Being Ignored?

Drafting a social media policy is only half the job. Implementation is what turns it into real protection for your business.

Here's a practical approach that works well for NZ small businesses.

Step 1: Decide What You're Actually Trying To Control

Before you write anything, get clear on your goals. For example:

• Do you want to protect customer privacy?
• Are you trying to standardise marketing and brand tone?
• Do you need a boundary around staff filming at work?
• Do you want to manage who can respond to complaints?

Policies work best when they reflect real risks in your business - not generic rules copied from a template.

Step 2: Match The Policy To Your Team And Your Industry

A small team with one person running marketing will need different controls to a business where multiple staff members post stories and interact with customers.

For example, if you run a customer-facing business, you may want tighter rules around:

• photos/videos in-store
• comment moderation
• handling complaints and refund discussions

If you run a professional services business, you may focus more on:

• confidentiality and client information
• professional conduct
• misleading claims about results or qualifications

Step 3: Make It Part Of Onboarding (Not An Afterthought)

The easiest time to implement a social media policy is when someone starts working with you. Build it into your onboarding checklist.

That could look like:

• providing the policy alongside their employment documents
• walking through key do's and don?ts in person
• getting a written acknowledgement that they've read and understood it

If you're engaging contractors who will access your accounts or create content, you'll also want the relationship set out clearly in writing. Depending on the arrangement, that may be done through a tailored Contractor Agreement so ownership, confidentiality, and deliverables are clear.

Step 4: Train Your People Using Real Examples

Most social media issues happen because someone didn't think through the consequences in the moment.

Short, scenario-based training is often more effective than sending a PDF and hoping for the best. For example:

• "A customer complains in comments - what should you do?"
• "Someone wants to post a photo that includes a customer - what steps do we take?"
• ?A staff member wants to share a "behind-the-scenes" video - what's allowed??

This also helps your team feel supported (and avoids the policy feeling like a "gotcha").

Step 5: Keep It Updated As Your Business Grows

As your business grows, social media usually gets more complex: more staff, more platforms, more content, and more customer interactions.

Set a calendar reminder to review your policy at least annually, or whenever you:

• hire someone who will run accounts
• launch a new product line or promotion strategy
• start running paid ads regularly
• experience a complaint or incident that reveals a gap

Common Mistakes Businesses Make With A Social Media Policy

Most business owners don't set out to get social media wrong - it's just that the day-to-day pace of running a business makes it easy to overlook the legal details.

Here are some common pitfalls we see.

Using A Generic Template That Doesn't Fit Your Business

Templates can be a helpful starting point, but if the policy doesn't reflect how your business actually operates, it won't be followed (and it may not protect you when it matters).

For example, a policy that assumes your team never takes photos at work won't help if your marketing strategy relies on behind-the-scenes content.

Not Linking The Policy To Your Other Legal Documents

A social media policy is usually not a standalone document. It should line up with your:

• employment terms and disciplinary procedures
• confidentiality expectations
• privacy obligations
• brand and marketing approvals

If you're building out your full legal framework, you might also be thinking about broader business terms. For example, if you sell online and promote through social media, it's often important to have clear Website Terms and Conditions so the promises you make in posts line up with what customers agree to.

Only Enforcing The Policy When There's Conflict

If a policy is only mentioned when you're upset with someone, it can quickly feel unfair. That's why training, onboarding, and consistent reminders matter.

Think of your social media policy as part of your business culture: it should support good judgement, not replace it.

Forgetting About Account Ownership When Someone Leaves

This can be a painful one. If a staff member or contractor set up accounts using their personal email, holds the password, and is the only admin, you can lose access at the worst possible time.

Your policy should include practical rules like:

• business accounts must be created with a business email address
• at least two trusted people must have admin access
• passwords must be stored securely and updated when someone exits

If you ever sell your business, social media assets and the way they're managed can also become part of the handover and due diligence process. It's one more reason to stay organised and document your systems early.

Key Takeaways

• A social media policy helps protect your brand, your customers, and your business operations by setting clear rules for social media use and account management.
• Your policy should reflect New Zealand legal obligations, including the Privacy Act 2020 (personal information) and the Fair Trading Act 1986 (misleading advertising and promotions).
• At a minimum, a strong social media policy usually covers account ownership and access, content guidelines, confidentiality and privacy rules, customer interactions, personal use during work hours, and consequences for breaches.
• Implementation matters: include the policy in onboarding, train your team using real scenarios, and keep the policy updated as your business and platforms change.
• Avoid common mistakes like relying on generic templates, forgetting account access controls, or enforcing the policy inconsistently.
• If your team includes contractors or content creators, make sure responsibilities and ownership are clearly set out in writing, such as a tailored Contractor Agreement.

If you'd like help putting a social media policy in place (or reviewing how your current policy fits with your employment documents and privacy obligations), you can reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.