{{org_field_logo}}

{{org_field_name}}

Registration Number: {{org_field_registration_no}}

---

Social Media and Internet Use Policy

1. Purpose

The purpose of this policy is to provide clear guidance on the acceptable use of social media and the internet by all individuals working for or associated with {{org_field_name}}. This policy aims to protect the reputation of {{org_field_name}}, its clients, and its service users, while also safeguarding the privacy, dignity, and confidentiality of all involved. As an agency providing temporary registered nurses and healthcare assistants to care homes and other healthcare settings, {{org_field_name}} has a responsibility to ensure that staff uphold the highest professional standards both inside and outside of work, including online. The misuse of social media and the internet can cause significant harm, including breaches of confidentiality, damage to professional relationships, reputational damage to clients and service users, and violations of legal and regulatory obligations, including but not limited to the Data Protection Act 2018, UK GDPR, the Employment Agencies Act 1973, the Conduct of Employment Agencies and Employment Businesses Regulations 2003, the Agency Workers Regulations 2010, the Equality Act 2010, the Immigration, Asylum and Nationality Act 2006, the Police Act 1997 and DBS Code of Practice where applicable, and the Nursing and Midwifery Council Code and social media guidance where relevant. As {{org_field_name}} supplies temporary staff to third-party care and healthcare providers and does not itself provide or direct regulated care, this policy is intended to support our obligations as an employment business / employment agency and does not imply that {{org_field_name}} is itself carrying on a regulated activity requiring CQC registration. This policy demonstrates our commitment to responsible, safe, and lawful use of social media and the internet by all staff.

2. Scope

This policy applies to: All employees, temporary workers, agency workers, contractors, and volunteers of {{org_field_name}}, including registered nurses, healthcare assistants, and administrative staff, regardless of contractual status (e.g., zero-hours, part-time, or full-time). All online activity undertaken during working hours, using work equipment, or in relation to any aspect of your duties for {{org_field_name}}. All personal use of social media or the internet outside working hours where such use could affect {{org_field_name}}, its clients, service users, colleagues, or its reputation. Platforms and technologies including, but not limited to: Facebook, Instagram, X (formerly Twitter), TikTok, WhatsApp, YouTube, LinkedIn, blogs, forums, online reviews, and any other digital platforms.

This policy applies to content that is posted, shared, reposted, forwarded, commented on, reacted to, stored, searched for, downloaded or transmitted using agency systems, devices, email accounts, messaging services or internet access, and to personal accounts or devices where the conduct may reasonably affect {{org_field_name}}, its candidates, workers, clients, service users, confidential information, business relationships or reputation.

3. Related Policies

• Confidentiality Policy
• Data Protection Policy
• Code of Conduct
• Disciplinary Policy
• Safeguarding Policy
• Whistleblowing Policy
• Information Security and GDPR Compliance Policy
• Anti-Bullying and Harassment Policy

3.1 Legal and Regulatory Framework:

This policy should be read in conjunction with the Employment Agencies Act 1973, the Conduct of Employment Agencies and Employment Businesses Regulations 2003, the Agency Workers Regulations 2010, the Employment Rights Act 1996, the Working Time Regulations 1998, the National Minimum Wage Act 1998 and National Minimum Wage Regulations 2015, the Equality Act 2010, the Immigration, Asylum and Nationality Act 2006, the Police Act 1997, the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 where applicable, the Data Protection Act 2018, UK GDPR, and any applicable professional standards, including the NMC Code and NMC social media guidance.

4. Policy Statement

All individuals working for or associated with {{org_field_name}} must:

• Use social media and the internet in a responsible, respectful, and lawful manner.
• Avoid actions online that could bring {{org_field_name}}, its clients, or service users into disrepute.
• Never disclose confidential, sensitive, or personal information about clients, service users, staff, or the agency.

Individuals must understand that misuse of social media or the internet may result in internal disciplinary action, removal from assignments, notification to clients, referral to safeguarding authorities, the police, the Disclosure and Barring Service, the Home Office, the NMC or other relevant professional or enforcement body, where appropriate, and any other lawful action considered necessary.

5. Responsibilities

Directors and Senior Management are responsible for:

• Ensuring that this policy is implemented, promoted, and reviewed regularly.
• Leading by example by using social media and the internet responsibly.
• Monitoring agency-wide compliance through audits, spot checks, and investigations when concerns arise.
• Delivering appropriate training and guidance on social media, confidentiality, and safeguarding.
• Ensuring that staff understand the disciplinary consequences of inappropriate online behaviour.
• Liaising with regulators and clients if a serious breach or incident occurs involving social media.
• Ensuring that online incidents which may involve safeguarding, confidentiality, discrimination, unlawful harassment, right-to-work concerns, criminal conduct or data breaches are escalated promptly to the appropriate internal lead and, where required, to external bodies.

All Staff and Workers

All staff and workers, including agency workers on zero-hours contracts, must:

• Read, understand, and adhere to this policy at all times.
• Protect the privacy, dignity, and confidentiality of clients, service users, colleagues, and {{org_field_name}}.
• Avoid posting anything that could be perceived as discriminatory, defamatory, offensive, harassing, or bullying towards any individual or group.
• Avoid engaging in online discussions about clients, service users, care homes, or matters related to {{org_field_name}}.
• Report any concerns about inappropriate online behaviour, bullying, harassment, or breaches of confidentiality without delay.
• Not presenting personal views as those of {{org_field_name}}.
• Reporting immediately any suspected data breach, safeguarding issue, unlawful discriminatory content, fake or misleading online content relating to the agency, or online activity that raises concerns about a worker’s suitability for placement.
• Cooperating with lawful requests for information during any investigation into alleged online misconduct.

6. Acceptable Use of Social Media

The following is considered acceptable:

• Using social media in a personal capacity outside working hours provided you do not reference {{org_field_name}}, clients, or service users.
• Maintaining professional boundaries and refraining from accepting friend requests or connections with clients, service users, or their families.
• Using social media for professional networking where relevant and in line with this policy.

Staff using agency platforms or accounts on behalf of {{org_field_name}} must only do so when authorised and trained.

Where staff identify themselves online as working for or being associated with {{org_field_name}}, they must make clear when views are personal, must not disclose confidential or commercially sensitive information, must not use client names, logos, uniforms, premises, rostering information or identifiable workplace details without prior written authority, and must comply with any applicable professional standards, including NMC requirements on professional boundaries and responsible use of social media.

7. Unacceptable Use of Social Media

Examples of unacceptable use include, but are not limited to:

• Posting photographs or information relating to service users, clients, or colleagues without their explicit consent and proper authorisation.
• Sharing confidential information obtained through your work with {{org_field_name}}.
• Making negative, derogatory, or inappropriate comments about clients, service users, {{org_field_name}}, colleagues, or other organisations.
• Engaging in cyberbullying, harassment, or discrimination online.
• Misrepresenting {{org_field_name}} or claiming to speak on behalf of the agency without permission.
• Recording or photographing care home premises, service users, or staff without lawful and proper consent.

Unacceptable use also includes:

• posting or sharing information about candidates, workers, applicants, clients, placements, rotas, shift patterns, security arrangements, incidents, complaints, medication, treatment, health information, DBS status, immigration status or other compliance matters;
• sharing work-related information in supposedly ‘private’, ‘closed’ or encrypted groups where that information is confidential, personal, sensitive or inappropriate to disclose;
• creating fake accounts, impersonating colleagues, workers, clients or {{org_field_name}}, or using anonymous accounts to harass or intimidate others;
• deleting, concealing or altering relevant online content after an incident has been reported or an investigation has begun.

8. Personal Use of Social Media and the Internet During Work

Limited personal use of social media or the internet is permitted only where it does not interfere with work, patient or service-user safety, confidentiality, information security, or client site rules. Personal use must not take place when a worker is expected to be carrying out duties, supervising service users, administering medication, handling confidential information, driving, or undertaking any safety-critical activity. Use of client devices, client systems or agency systems for personal social media activity may be restricted or prohibited. Personal mobile phone use must also comply with the rules of the placement site and any local restrictions on photography, recording, messaging applications and access to clinical or care areas.

9. Confidentiality and Data Protection

Staff must not use social media, messaging applications, personal email, cloud storage, screenshots, recordings or internet platforms to disclose, discuss, transfer or store personal data, special category data, criminal offence data or confidential business information obtained through their work, except where this is expressly authorised, secure, lawful and necessary for work purposes.

This prohibition applies to information relating to service users, clients, candidates, workers, applicants, employees and business contacts, including names, photographs, video or audio recordings, dates of birth, addresses, contact details, health information, care information, disciplinary matters, DBS information, right-to-work information, complaints, incidents, investigation details and assignment information.

Sharing such information in ‘private’, ‘closed’ or encrypted groups is still a disclosure and may amount to gross misconduct. Any actual or suspected data breach, accidental disclosure, loss of a device, or unauthorised access to online information must be reported immediately in accordance with {{org_field_name}}’s Data Protection / Incident Reporting procedures.

{{org_field_name}} will process personal data relating to monitoring, investigations and disciplinary action in accordance with UK GDPR, the Data Protection Act 2018 and any applicable updates to the UK data protection framework.

9.1 Recruitment, Vetting and Suitability Information

{{org_field_name}} may, where lawful and proportionate, consider publicly available online information when assessing suitability for recruitment, placement, safeguarding, professional conduct, client complaints or disciplinary investigations. Any such checks will be relevant to the role, carried out fairly, and processed in accordance with data protection law.

Online information will not be used in a discriminatory manner or in a way that unfairly intrudes into private life. Where information may affect a person’s recruitment, placement or continued engagement, {{org_field_name}} will, where appropriate, give the individual an opportunity to respond before a decision is made.

Where a role requires a DBS check, professional registration, evidence of identity or a right-to-work check, online activity that raises genuine concerns about identity, authenticity of documents, barred status, safeguarding, fraud, violence, harassment, hate speech, unlawful discrimination, professional misconduct or suitability for work with vulnerable persons may be investigated and acted upon.

10. Safeguarding Considerations

All online activity must protect service users from harm, including:

• Avoiding the identification of vulnerable individuals in online posts or photos.
• Preventing information leaks which could place service users at risk of exploitation or abuse.
• Reporting concerns if you observe others sharing inappropriate content relating to service users, whether in public or private online settings.

This includes online conduct that may indicate grooming, exploitation, boundary violations, abusive attitudes, hate speech, sexual misconduct, intimidation, inappropriate contact with vulnerable adults or children, or any conduct that could call into question a person’s suitability to work in regulated environments or with vulnerable persons.

11. Cyberbullying and Online Harassment

Bullying, harassment, sexual harassment, victimisation, discrimination or other inappropriate conduct carried out via social media or other digital means will not be tolerated, including conduct related to any protected characteristic under the Equality Act 2010. This includes offensive comments, gossip, derogatory remarks, or the spreading of false information about staff, service users, clients, or the agency. Allegations will be thoroughly investigated and may result in disciplinary action, including dismissal.

12. Compliance Monitoring

{{org_field_name}} reserves the right, where lawful, necessary and proportionate, to monitor the use of agency equipment, systems, email, internet access and business communications for legitimate business purposes including information security, safeguarding, prevention and detection of misconduct, protection of confidential information, regulatory compliance and investigation of complaints or incidents.

Any monitoring will be carried out transparently and in accordance with UK GDPR, the Data Protection Act 2018, applicable worker-monitoring guidance issued by the ICO, and any applicable laws governing the interception or monitoring of communications. Monitoring will not be carried out in a covert or excessive manner unless exceptionally justified and lawful.

Individuals must cooperate with lawful investigations, preserve relevant evidence, and provide access to agency-owned systems, accounts and devices where required for investigation.

12.1 Right to Work, DBS and Professional Registration

Nothing in this policy removes {{org_field_name}}’s separate obligations to carry out and maintain compliant right-to-work checks, DBS or other criminal record checks where legally permitted, identity checks, reference checks and professional registration checks.

If online material gives {{org_field_name}} reason to believe that a worker may not have a valid right to work, may have provided false information, may be barred from relevant work, may not hold the registration or qualifications claimed, or may pose a safeguarding risk, {{org_field_name}} may suspend placement, undertake further checks and make any appropriate referral or report.

Any handling of DBS certificate information or criminal record information must comply with the DBS Code of Practice and data protection law, including restrictions on use, retention, storage and disclosure.

13. Training

All staff will receive training on:

• responsible use of social media, messaging applications and internet services;
• confidentiality, data protection, screenshots, recordings and information-sharing risks;
• safeguarding and professional boundaries in online settings;
• equality, harassment, sexual harassment and discriminatory online conduct;
• how and when online conduct may affect suitability for work or placement;
• incident, data-breach and safeguarding reporting; and
• the agency’s monitoring arrangements and expectations when using agency systems or devices.

14. Disciplinary Action

Misuse of social media and the internet may constitute misconduct or gross misconduct. Depending on the seriousness of the matter, the consequences may include informal action, removal from a placement, suspension from assignments, restricted system access, disciplinary action up to and including dismissal or termination of engagement, notification to a client, referral to safeguarding authorities, the police, the DBS, the Home Office, the NMC or any other relevant body, and civil or criminal action where appropriate.

Deliberate breaches involving confidentiality, unlawful discrimination, harassment, sexual misconduct, safeguarding concerns, falsification, intimidation, retaliation, unauthorised recording, publication of personal data, or serious reputational harm are likely to be treated as gross misconduct.

14.1 Protected Disclosures and Lawful Reporting

Nothing in this policy is intended to prevent any worker from making a protected disclosure, reporting safeguarding concerns, reporting criminal conduct, cooperating with a regulator or law-enforcement authority, or exercising any other statutory right. Workers should usually raise concerns through {{org_field_name}}’s Whistleblowing Policy or safeguarding procedures, but this policy does not remove any legal protection available to whistleblowers.

15. Policy Review

This policy will be reviewed at least annually and earlier where required due to:

any incident, complaint, audit finding or safeguarding concern indicating that revision is required.

changes in legislation, statutory guidance or enforcement practice;

changes to the Conduct Regulations, agency worker rights, right-to-work requirements, DBS requirements or data protection law;

updated guidance from the ICO, NMC, DBS, the Home Office, the Department for Business and Trade or any successor enforcement body; or

---

Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.