Social Media Policy (New Zealand)
SOCIAL MEDIA POLICY
[Organisation Name] | NZBN [Organisation NZBN]
[Organisation Address]
Effective Date: [Effective Date]
1. PURPOSE AND SCOPE
This Social Media Policy ("Policy") governs the use of social media by [Scope Personnel] in their professional capacity and, in certain respects, in their personal capacity where their social media activity relates to the Organisation or may affect its reputation.
"Social media" means any online platform or digital communication channel that enables users to create, share, or exchange content, including but not limited to: [Platform Examples].
This Policy applies to social media use during working hours, on Organisation-owned or Organisation-leased devices, and to personal social media use outside working hours where that use relates to the Organisation, its employees, clients, or suppliers. This Policy must be read together with the Organisation's Code of Conduct, Data Protection Policy, and technology use guidelines.
The Organisation's social media activities are governed by New Zealand law, including the Harmful Digital Communications Act 2015, the Privacy Act 2020, the Fair Trading Act 1986, the Defamation Act 1992, the Employment Relations Act 2000, and the Human Rights Act 1993.
2. OFFICIAL SOCIAL MEDIA ACCOUNTS
2.1 Authorised representatives — [Authorised Posters]
2.2 All content posted on official social media accounts must be accurate, professional, and consistent with the Organisation's values and brand. Content must not be posted on any official account without the required approval.
2.3 Official social media accounts must comply with the Fair Trading Act 1986, which prohibits misleading or deceptive conduct in trade. Testimonials, endorsements, and claims made on social media must be accurate and substantiated.
2.4 All official posts that promote the Organisation's goods or services must comply with the Advertising Standards Authority (ASA) Codes of Practice applicable in New Zealand. Sponsored or paid social media content must be clearly identified as such in accordance with ASA requirements.
3. PERSONAL SOCIAL MEDIA USE
3.1 The Organisation respects employees' right to maintain personal social media accounts and to participate in online communities in their personal capacity. However, personal social media activity can have professional consequences when it relates to the Organisation or its stakeholders.
3.2 Identification — If an employee identifies themselves as an employee of the Organisation on a personal social media account, [Disclosure Requirement]
3.3 Work time and devices — [Personal Use Work Time]
3.4 Employees must be aware that content posted on personal social media accounts — even outside working hours — can affect the employment relationship if it: damages the Organisation's reputation; discloses confidential information; harasses or bullies a colleague, client, or supplier; or constitutes a harmful digital communication under the Harmful Digital Communications Act 2015. The Employment Relations Authority and Employment Court have upheld disciplinary action and dismissal for personal social media posts that damaged the employer's reputation or constituted serious misconduct.
4. PROHIBITED CONTENT AND CONDUCT
The following content and conduct is strictly prohibited on both official and personal social media accounts used in connection with the Organisation:
- Content that is defamatory — that is, content that lowers the reputation of any person in the estimation of reasonable members of society, contrary to the Defamation Act 1992.
- Content that constitutes a harmful digital communication — defined in section 4 of the Harmful Digital Communications Act 2015 as a digital communication that causes serious emotional distress to an individual. This includes content that is grossly offensive, threatening, menacing, or designed to cause distress.
- Disclosure of personal information about any individual — including colleagues, clients, or suppliers — without their consent, contrary to the Privacy Act 2020 and its Information Privacy Principles.
- Disclosure of the Organisation's confidential information, including trade secrets, financial information, client information, business strategies, or any information that is not in the public domain.
- Misleading or deceptive statements about the Organisation's products, services, or competitors, contrary to the Fair Trading Act 1986.
- Content that constitutes harassment, bullying, or discrimination on the basis of any ground prohibited under the Human Rights Act 1993.
- Content that infringes third-party intellectual property rights, including copying or sharing copyrighted material without permission.
- Statements purporting to be the official view or position of the Organisation without authorisation.
- Statements that could be construed as financial advice, investment advice, medical advice, or legal advice without the appropriate qualifications and disclaimers.
[Additional Prohibitions]
5. PRIVACY AND INTELLECTUAL PROPERTY
5.1 Privacy — All social media activities must comply with the Privacy Act 2020. Employees must not post photographs, videos, or other content that identifies or is likely to identify any individual without that person's consent. Health information, financial information, or other sensitive personal information must never be disclosed on social media.
5.2 Intellectual property — Employees must not post the Organisation's intellectual property — including logos, trademarks, proprietary images, copyrighted text, or unpublished research or data — without authorisation. When sharing third-party content, employees must comply with applicable copyright law and include appropriate attribution.
5.3 User-generated content — Any content created by an employee in the course of their employment relating to the Organisation may be the property of the Organisation under New Zealand intellectual property law. Employees must not publish such content on personal accounts without authorisation.
6. CRISIS AND SENSITIVE COMMUNICATIONS
In the event of a social media crisis — including a viral negative post, an online media story, or a coordinated campaign against the Organisation — the following process applies:
Designated spokesperson: [Crisis Contact].
Crisis response process: [Crisis Process]
Employees must not make independent social media comments about any crisis, litigation, regulatory investigation, or other sensitive matter without prior approval. Unauthorised comments during a crisis can significantly increase the Organisation's legal and reputational exposure.
7. MONITORING
[Monitoring Approach]
Any monitoring of social media by the Organisation will be conducted in compliance with the Privacy Act 2020. Employees using the Organisation's technology systems should be aware that use of those systems (including accessing social media platforms from company devices or networks) may be subject to monitoring consistent with the Organisation's technology use policy.
8. HARMFUL DIGITAL COMMUNICATIONS ACT 2015
The Harmful Digital Communications Act 2015 (HDCA) creates criminal offences and civil remedies in relation to harmful digital communications. Under section 22 of the HDCA, it is an offence to post a digital communication with the intention of causing serious emotional distress to a specific individual, where the content would cause harm to a reasonable person in the position of the affected individual. The maximum penalty is a fine of NZD $50,000 or imprisonment for 2 years.
Harmful digital communications are broadly defined in section 4 of the HDCA to include communications that: disclose sensitive personal information; are indecent or obscene; are threatening, menacing, or grossly offensive; encourage a person to commit suicide; or discourage a person from seeking support.
Any employee who engages in harmful digital communications — whether from official or personal accounts — will face disciplinary action. The Organisation may also report the matter to NetSafe (the approved agency under the HDCA) or to the New Zealand Police.
9. BREACHES AND DISCIPLINARY ACTION
[Disciplinary Outcomes]
The Organisation's disciplinary process will comply with the good faith obligations under the Employment Relations Act 2000, including providing the employee with a clear statement of the alleged breach, a reasonable opportunity to respond, and the right to have a support person present at any disciplinary meeting under section 97 of the ERA.
In addition to internal disciplinary action, breaches of this Policy may constitute criminal offences under the Harmful Digital Communications Act 2015, the Crimes Act 1961, or the Privacy Act 2020, which the Organisation may refer to the appropriate authorities.
10. GOVERNING LAW AND REVIEW
This Policy is governed by the laws of New Zealand, including the Harmful Digital Communications Act 2015, the Privacy Act 2020, the Fair Trading Act 1986, the Defamation Act 1992, and the Employment Relations Act 2000.
This Policy will be reviewed at least annually. Questions about this Policy should be directed to the designated compliance contact at [Organisation Name], [Organisation Address].
Chief Executive / Authorised Representative
________________
Signature
What Is a Social Media Policy (New Zealand)?
A Social Media Policy in New Zealand sets the organisation's rules and expectations on social media use and the responsibilities of staff and users, supporting compliance with the Companies Act 1993.
Social media creates legal risk for New Zealand organisations across multiple dimensions. The Harmful Digital Communications Act 2015 (HDCA) creates criminal offences and civil remedies for harmful digital communications — content that is grossly offensive, threatening, or designed to cause serious emotional distress. The Privacy Act 2020 prohibits the unauthorised disclosure of personal information about identifiable individuals, which can easily occur through careless social media posts. The Fair Trading Act 1986 prohibits misleading and deceptive conduct in trade, which applies to all commercial social media activity. The Defamation Act 1992 provides remedies for individuals who suffer reputational harm from false statements made on social media. The Employment Relations Act 2000 permits disciplinary action — including dismissal — for employees whose personal social media conduct damages their employer's reputation or constitutes serious misconduct.
A Social Media Policy addresses both the official use of social media on behalf of the organisation and the personal social media use of employees. For official accounts, it specifies who is authorised to post, what brand and communication standards apply, how advertising is disclosed, and how comments and interactions are managed. For personal use, it sets clear limits on what employees can say about the organisation, its clients, its competitors, and their colleagues, and requires disclosure of any affiliation with the organisation.
The Employment Relations Authority and Employment Court have considered social media conduct in a range of cases and have consistently held that personal social media posts can justify disciplinary action — including dismissal — where the conduct has a sufficient nexus to the employment relationship. A Social Media Policy that clearly communicates expected standards, is consistently enforced, and provides a fair ERA-compliant disciplinary process gives employers the framework they need to manage social media risk effectively.
When Do You Need a Social Media Policy (New Zealand)?
A Social Media Policy is needed by any New Zealand organisation that uses social media for business purposes or has employees who use social media in connection with their work. Given that social media is ubiquitous in modern workplaces, this means virtually every New Zealand employer.
When hiring staff — a Social Media Policy should be provided as part of the employee onboarding pack. Under the Employment Relations Act 2000, employees must comply with reasonable employer policies. A Social Media Policy that is clearly communicated from the start of employment establishes behavioural expectations and provides a lawful basis for disciplinary action if they are not met.
When the organisation is active on social media — any organisation that maintains official social media accounts on LinkedIn, Instagram, Facebook, X (Twitter), TikTok, YouTube, or other platforms needs a policy that governs who posts on those accounts, what content is permitted, and how the accounts are managed. Without a policy, the risk of unauthorised or inappropriate posts from official accounts is significantly increased.
In customer-facing industries — retail, hospitality, healthcare, financial services, professional services, and other customer-facing industries face heightened reputational risk from social media. A well-drafted Social Media Policy helps confirm that employee social media activity — both official and personal — supports rather than undermines the organisation's reputation and client relationships.
After any social media incident — if the organisation has experienced a social media crisis, a harmful digital communication involving an employee, or a complaint about an employee's social media conduct, reviewing and updating the Social Media Policy is an essential remediation step. It demonstrates that the organisation takes the issue seriously and has taken steps to prevent recurrence.
When employees work remotely — remote working arrangements increase the risk of employees using personal social media during work hours on work devices, blurring the boundary between official and personal social media use. A Social Media Policy that is updated to address remote working contexts is particularly important in the post-COVID work environment.
In regulated industries — financial services organisations regulated by the Financial Markets Authority, health providers, and other regulated entities may face specific regulatory requirements regarding digital communications, advertising, and social media. A Social Media Policy helps confirm regulatory compliance.
What to Include in Your Social Media Policy (New Zealand)
A well-drafted New Zealand Social Media Policy should include the following key elements to address the requirements of the Harmful Digital Communications Act 2015, the Privacy Act 2020, the Fair Trading Act 1986, and the Employment Relations Act 2000, and to be effective in managing social media risk.
Scope — clearly identify who the Policy applies to (employees, contractors, volunteers) and what platforms are covered (all social media and online communication channels, not just the major platforms). Specify that the Policy applies to both official use and personal use where the personal use relates to the organisation.
Official accounts — specify who is authorised to post on the organisation's official social media accounts and what approval processes apply. Require consistency with brand guidelines and legal requirements. Address advertising disclosure requirements under the Advertising Standards Authority (ASA) Codes of Practice and the Fair Trading Act 1986 — all sponsored or paid content must be clearly identified as advertising.
Personal social media use — set clear rules for employees who identify themselves as employees of the organisation on personal social media accounts. Require a disclaimer that personal views do not represent the organisation. Specify whether personal use is permitted on company devices and during work hours.
Prohibited content — list all prohibited content and conduct, referencing the relevant legislation: content that constitutes a harmful digital communication under the HDCA 2015; defamatory content; content that discloses confidential information or personal information in breach of the Privacy Act 2020; misleading or deceptive statements in breach of the Fair Trading Act 1986; discriminatory or harassing content in breach of the Human Rights Act 1993.
Privacy obligations — address the Privacy Act 2020 obligations specifically: employees must not post photographs or other content that identifies individuals without consent; health information and sensitive personal information must never be posted; any social media post that discloses personal information without authorisation is a potential privacy breach.
Intellectual property — prohibit the sharing of the organisation's intellectual property without authorisation, and require compliance with copyright law when sharing third-party content.
Crisis communications — designate a spokesperson for social media crisis management and set out a crisis response process. Prohibit employees from making independent comments about crises or sensitive matters.
Monitoring — state whether and how the organisation monitors social media activity, consistent with the Privacy Act 2020.
Disciplinary consequences — set out the consequences of breaching the Policy, referencing the ERA-compliant disciplinary process including the right to a support person under section 97 of the ERA.
Governing law — state that the Policy is governed by New Zealand law and commit to annual review. The forms-legal.com Social Media Policy (New Zealand) provides a ready-to-use template that meets New Zealand legal requirements.
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). Social Media Policy (New Zealand) (New Zealand) [Legal document template]. Forms Legal. https://forms-legal.com/new-zealand/business/corporate/social-media-policy-new-zealand
"Social Media Policy (New Zealand) (New Zealand)." Forms Legal, 2026, https://forms-legal.com/new-zealand/business/corporate/social-media-policy-new-zealand.
@misc{formslegal-social-media-policy-new-zealand,
author = {{Forms Legal}},
title = {Social Media Policy (New Zealand) (New Zealand)},
year = {2026},
howpublished = {\url{https://forms-legal.com/new-zealand/business/corporate/social-media-policy-new-zealand}},
note = {Free legal document template. Based on Companies Act 1993}
}Also available for these jurisdictions:
Frequently Asked Questions
Yes, under certain circumstances. New Zealand employment law under the Employment Relations Act 2000 (ERA) allows employers to take disciplinary action for an employee's personal social media conduct where that conduct has a sufficient connection to the employment relationship. The Employment Relations Authority and Employment Court have upheld dismissal and disciplinary action for personal social media posts in a range of cases, including: posts that were grossly offensive about colleagues or clients; posts that disclosed confidential business information; posts that brought the employer into disrepute; and posts that were incompatible with the employee's role (for example, a public-facing employee making offensive public statements). The key question is whether there is a sufficient connection between the employee's social media conduct and their employment. Factors relevant to this assessment include: whether the employee was identified as an employee of the organisation; whether the post was made on company devices or systems; whether the post affected the employer's reputation or business relationships; whether colleagues, clients, or suppliers were identified; and the nature and seniority of the employee's role. A Social Media Policy that is clearly communicated to employees, consistently applied, and enforced through a fair ERA-compliant disciplinary process provides the strongest foundation for taking action where warranted.
The Harmful Digital Communications Act 2015 (HDCA) creates both a civil regime (administered through an approved agency, currently NetSafe) and criminal offences for harmful digital communications. In the workplace context, the HDCA is most directly relevant to workplace cyberbullying and online harassment between colleagues. Under section 22 of the HDCA, it is a criminal offence to post a digital communication with the intention of causing serious emotional distress to a specific individual, where the communication would cause harm to a reasonable person in the position of that individual. The maximum penalty is a fine of NZD $50,000 or imprisonment for 2 years. The HDCA also defines harmful digital communications broadly in section 4 to include communications that are threatening, menacing, grossly offensive, indecent or obscene, or that disclose sensitive personal information. In the employment context, the Health and Safety at Work Act 2015 also imposes an obligation on employers to manage psychosocial risks in the workplace, including online bullying. An employee who is subjected to harmful digital communications from a colleague may: complain to NetSafe, which can take steps to have the content removed; apply to the District Court for an order requiring the removal of the content or prohibiting further communication; or refer the matter to the New Zealand Police for investigation as a criminal offence.
The Fair Trading Act 1986 (FTA) applies to all conduct in trade in New Zealand, which includes social media marketing, advertising, and commercial communications. Key FTA obligations relevant to social media include: section 9 (misleading and deceptive conduct in trade) — any statement made on social media in a business context must not be misleading or deceptive or likely to mislead or deceive. This includes exaggerated product claims, selectively presented testimonials, and comparison advertising that misrepresents a competitor's products or prices; section 10 (false representations) — businesses must not make false representations about the nature, quality, or characteristics of their goods or services on social media; and section 11 (misleading conduct as to price) — prices advertised on social media must include GST and must be accurate. The Advertising Standards Authority (ASA) Codes of Practice supplement the FTA with specific requirements for advertising on digital and social media platforms, including requirements to clearly identify sponsored or paid content. Failure to identify paid or sponsored social media posts as advertising can constitute misleading conduct under the FTA. Influencer marketing arrangements — where a business pays an influencer to promote its products — must be clearly disclosed as advertising. The Commerce Commission enforces the FTA and can issue infringement notices, seek injunctions, and prosecute criminal offences. Infringement fees of NZD $1,000 per individual and NZD $3,000 per body corporate apply to certain FTA breaches.
The Privacy Act 2020 applies to all organisations that collect, hold, use, or disclose personal information about identifiable individuals, and this obligation extends to personal information posted or shared through social media channels. Key Privacy Act 2020 obligations relevant to social media include: Information Privacy Principle (IPP) 11 (disclosure limits) — employees must not disclose personal information about colleagues, clients, suppliers, or other individuals on social media without authorisation. This includes photographs, names, addresses, health information, and any other information that identifies or is likely to identify an individual; IPP 5 (storage and security) — organisations must take reasonable steps to protect personal information from unauthorised disclosure, including through social media channels. A Social Media Policy that prohibits disclosure of personal information on social media is an important component of this obligation; and the mandatory breach notification provisions in sections 113–116 — if personal information about an individual is disclosed on social media in a manner that is likely to cause serious harm, this could trigger the organisation's mandatory notification obligations. A Social Media Policy should expressly prohibit the posting of photographs, videos, or other content that identifies individuals without their consent, particularly in contexts where the photographs were taken in the workplace or at work-related events.
A social media crisis — such as a viral negative post, an online media story, or a coordinated negative campaign — can escalate rapidly and cause significant reputational and commercial damage if not managed effectively. A Social Media Policy should specify a clear crisis response process. Key elements of an effective crisis response plan under New Zealand law include: a designated spokesperson who is authorised to respond on the organisation's behalf — unauthorised responses from other employees can make a crisis worse and may expose the organisation to additional legal liability; a process for rapid escalation and decision-making, including engagement of the organisation's legal advisers where required; restraint on employee social media activity — the Social Media Policy should prohibit employees from making independent comments about any crisis, litigation, or regulatory investigation without authorisation; an assessment of whether any legal action is available, such as a defamation claim or a complaint to NetSafe under the Harmful Digital Communications Act 2015 if the content is harmful or defamatory; compliance with any applicable discovery or preservation obligations — if litigation is anticipated, documents (including social media posts and internal communications) must be preserved; and a communications plan for engaging with media, clients, and other parties involved consistent with the organisation's crisis communications strategy.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
Code of Conduct (New Zealand)
Create a comprehensive New Zealand Code of Conduct for your organisation, compliant with the Employment Relations Act 2000, Human Rights Act 1993, Health and Safety at Work Act 2015, Privacy Act 2020, and Companies Act 1993. Covers professional behaviour standards, anti-discrimination and harassment obligations, conflicts of interest disclosure, confidentiality and privacy, anti-bribery requirements under the Secret Commissions Act 1910, technology use, health and safety duties, whistleblower protections under the Protected Disclosures (Protection of Whistleblowers) Act 2022, and a fair ERA-compliant disciplinary process. Suitable for New Zealand companies, non-profits, and government entities.
Data Protection Policy (New Zealand)
Create a comprehensive New Zealand Data Protection Policy compliant with the Privacy Act 2020, including mandatory privacy breach notification requirements under sections 113–116. Designates a Privacy Officer as required by section 211, covers all 13 Information Privacy Principles (IPPs), overseas disclosure under IPP 12, individual rights of access and correction, health information under the Health Information Privacy Code 2020, data retention under the Tax Administration Act 1994, and security safeguards under IPP 5. Suitable for New Zealand companies, non-profit organisations, and public sector agencies.
Whistleblower Policy (New Zealand)
Create a comprehensive New Zealand Whistleblower Policy compliant with the Protected Disclosures (Protection of Whistleblowers) Act 2022. Covers internal and external disclosure channels, confidentiality obligations, investigation process, and statutory anti-retaliation protections. Designates an internal disclosure contact and alternate, references external appropriate authorities including the Ombudsman, Serious Fraud Office, and WorkSafe New Zealand. Compliant with the Employment Relations Act 2000 and the Privacy Act 2020. Suitable for New Zealand companies, non-profit organisations, and public sector entities.
Anti-Bribery Policy (New Zealand)
Create a comprehensive New Zealand Anti-Bribery and Anti-Corruption Policy compliant with the Secret Commissions Act 1910, the Crimes Act 1961 (sections 99–105C including bribery of foreign public officials under the OECD Anti-Bribery Convention), and the Financial Markets Conduct Act 2013. Covers gifts and hospitality thresholds, facilitation payments, political and charitable contributions under the Electoral Act 1993, third-party due diligence, record keeping under the Tax Administration Act 1994, reporting channels, anti-retaliation protections, and consequences of breach. Suitable for New Zealand companies, export businesses, and regulated entities.
Privacy Policy (New Zealand)
Create a compliant New Zealand Privacy Policy for your business or website. Our template is drafted in accordance with the Privacy Act 2020 (NZ) and covers all 13 Information Privacy Principles (IPPs), including IPP 1 (purpose of collection), IPP 3 (collection from subject), IPP 5 (storage security), IPP 6 (access), IPP 7 (correction), IPP 10 (limits on use), IPP 11 (limits on disclosure), and IPP 12 (unique identifiers and overseas disclosure). Includes mandatory privacy breach notification under sections 113-119 of the Privacy Act 2020, Privacy Commissioner complaint process, direct marketing obligations under the Unsolicited Electronic Messages Act 2007, and overseas data transfer provisions.