Read InsideCounsel’s full cover story on the risks and rewards of social media use.

With growing scrutiny on social media policies from regulators and plaintiffs, now is the time to review existing policies for potential pitfalls. These tips will assist companies in drafting policies that won’t garner unwanted attention from federal agencies or potential litigants.

1. Be specific.

Every company that had its druthers would like to bar employees from disparaging or criticizing the company online, but the National Labor Relations Board (NLRB) has found that such policies violate the law because employees could interpret them as restricting their right to discuss the terms and conditions of their employment with other workers.

“The board is taking an aggressive position toward any broad statement such as ‘you can’t post messages that damage any person’s reputation,’” says Ken Yerkes, a partner at Barnes & Thornburg. “On the other hand, the NLRB has embraced a policy that prohibits unlawful harassment or discrimination on social media. You need to make sure you’re specific about the conduct you’re trying to address.”

2. Tailor to your industry.

The concerns facing a carwash are different than those facing a hospital, and their social media policies should be different, too. Although a simple policy that prohibits harassment and discrimination may be sufficient for the carwash, a hospital’s policy should specifically address Health Insurance Portability and Accountability Act restrictions on sharing any patient information online. Likewise, companies in highly regulated industries, such as financial institutions, energy companies or pharmaceutical makers, should take into account the regulations specific to their industry, especially where they concern the timing and contents of disclosures to the public.

3. Give examples.

Companies naturally want to keep employees from disseminating intellectual property or proprietary information on the Internet, but policies that state employees cannot post “confidential” information have caught the attention of the NLRB as potentially prohibiting employees from engaging in concerted action, even if the company’s intention was to keep employees from sharing customer lists, confidential manufacturing processes or proprietary formulas.

“You’re in a far better position to defend the policy if you define the term ‘confidential information’ and give specific examples of what employees cannot post,” says Brian Hayes, a shareholder at Ogletree Deakins.

4. Distinguish work from personal time.

“Policies often don’t draw a distinction between what employees can do on company time using company systems and what employees can do on their personal time using their personal computers,” says Richard Greenberg, a partner at Jackson Lewis. “Employees are not entitled to as much freedom when they are using the employers’ systems.”