Social Media Policy (Singapore)

A Social Media Policy in Singapore establishes the rules and responsibilities that govern the conduct it addresses.

The Employment Act 1968 (Cap. 91) does not specifically address social media conduct, but the implied duty of fidelity owed by employees to their employers — recognised by the Singapore courts — requires employees not to act in a manner that damages the employer's reputation, discloses confidential business information, or creates a conflict of interest. The Protection from Harassment Act (Cap. 256A) makes it an offence to publish harassing, threatening, or false statements, including statements made on social media, and employers may be vicariously liable for harassing content posted by employees in the course of their employment.

The Competition and Consumer Commission of Singapore (CCCS) and the Advertising Standards Authority of Singapore (ASAS) regulate advertising content on social media. Employees who post promotional content about the company's products or services on personal social media accounts must comply with the Singapore Code of Advertising Practice (SCAP) and disclose any material connection to the company. The Info-communications Media Development Authority (IMDA) administers the Broadcasting Act (Cap. 28) and content regulation, and social media content that violates Singapore's laws — including the Sedition Act, the Maintenance of Religious Harmony Act (Cap. 167A), and the Foreign Interference (Countermeasures) Act 2021 — may result in criminal liability for both the employee and the employer.

Social media policies are particularly important in regulated industries. The Monetary Authority of Singapore (MAS) Guidelines on Fair Dealing and the MAS Technology Risk Management Guidelines require financial institutions to monitor and control employees' use of social media for business communications. The Health Sciences Authority (HSA) regulates social media advertising of health products and medicines under the Medicines Act (Cap. 176) and the Health Products Act (Cap. 122D).

The Foreign Interference (Countermeasures) Act 2021 (FICA), administered by the Ministry of Home Affairs (MHA), gives the government powers to detect, prevent, and counter foreign interference in domestic politics conducted through electronic communications including social media. FICA authorises directions to social media platforms and individuals to remove content identified as foreign interference. Companies whose employees inadvertently amplify such content may face reputational consequences, and the social media policy should address the prohibition on sharing content from foreign state-linked sources for political purposes.

The Online Safety (Miscellaneous Amendments) Act 2022 expanded the Info-communications Media Development Authority's (IMDA) powers to require social media platforms to implement codes of practice addressing harmful content — including terrorism promotion, self-harm, cyberbullying, and sexual exploitation of children. While the Act primarily targets platforms rather than individual users, employees managing corporate accounts must be aware of prohibited content categories, and the social media policy should prohibit posting any content violating the Online Safety Act.

A Social Media Policy is required in Singapore when an employer wants to establish clear rules governing employees' social media conduct in connection with their employment. The following situations create the need for a formal policy.

All employers with an online presence — including companies with corporate social media accounts, businesses that advertise on social media platforms, and organisations whose employees interact with customers or the public through social media — should have a social media policy. The Tripartite Alliance for Fair and Progressive Employment Practices (TAFEP) and the Singapore National Employers Federation (SNEF) recommend that employers include social media guidelines in their employee handbook.

Regulated industries — including financial services (regulated by the Monetary Authority of Singapore, MAS), healthcare (regulated by the Health Sciences Authority, HSA, and the Ministry of Health, MOH), and media and telecommunications (regulated by the Info-communications Media Development Authority, IMDA) — face specific regulatory requirements for employee social media use. Financial institutions must comply with MAS Notice on Technology Risk Management and the MAS Guidelines on Fair Dealing, which address electronic communications including social media.

Companies that handle personal data must address social media use in the context of the Personal Data Protection Act 2012 (PDPA). Employees who collect, use, or disclose personal data through social media — for example, by sharing customer testimonials, posting event photographs, or using social media for marketing — must comply with the PDPA's consent and purpose limitation obligations.

Workplace misconduct incidents involving social media — such as employees posting disparaging comments about the company, colleagues, or customers; sharing confidential business information on social media; or engaging in cyberbullying — trigger the need for a formal policy that sets clear boundaries and consequences. The Protection from Harassment Act (Cap. 256A) provides remedies for victims of online harassment, and the employer may face reputational and legal risk from employees' social media conduct.

Recruitment and talent acquisition teams that use social media platforms (LinkedIn, job boards, company career pages) to source candidates must comply with the PDPA and TAFEP's Tripartite Guidelines on Fair Employment Practices when collecting and using candidates' personal data from social media profiles.

Crisis communication preparedness requires a social media policy that designates authorised spokespersons and prohibits employees from making public statements on social media about the company during a crisis without prior approval.

A Singapore Social Media Policy must contain the following elements to protect the company's interests and comply with relevant laws and regulatory guidelines.

Scope and application must define which employees are covered (all employees, contractors, interns, and temporary staff), which social media platforms are covered (all public social media networks, professional networks, blogs, forums, and messaging applications), and whether the policy applies to personal social media use, professional use, or both. The policy should state that it applies to social media activity during and outside working hours if the activity relates to or affects the company.

Permitted and prohibited conduct must set clear boundaries. Permitted conduct typically includes sharing publicly available company content (press releases, job postings, approved marketing materials) with appropriate disclosures. Prohibited conduct typically includes disclosing confidential business information, trade secrets, or client data; posting defamatory, harassing, or discriminatory content in violation of the Protection from Harassment Act (Cap. 256A); making unauthorised statements on behalf of the company; posting content that damages the company's reputation; and sharing personal data of colleagues, customers, or business partners without consent under the PDPA 2012.

Confidentiality and intellectual property provisions must prohibit employees from disclosing proprietary information, internal communications, financial data, strategic plans, and client information on social media. Employees should be reminded that confidentiality obligations survive the termination of employment under their employment contracts and the common law duty of fidelity.

Personal data protection provisions must address the PDPA obligations. Employees must not collect, use, or disclose personal data through social media without the consent of the data subject, except where a PDPA exception applies. The Personal Data Protection Commission (PDPC) has issued advisory guidelines on the use of personal data in social media marketing, and the policy should reference these guidelines.

Advertising and disclosure requirements must address the Singapore Code of Advertising Practice (SCAP) administered by the Advertising Standards Authority of Singapore (ASAS). Employees who post promotional content — including endorsements, testimonials, or sponsored content — must disclose their relationship with the company. The CCCS guidelines on influencer marketing apply to employees who promote company products on personal accounts.

Consequences of breach must state that violations of the social media policy constitute misconduct under the company's disciplinary framework and may result in disciplinary action including verbal warning, written warning, suspension, or termination under Section 14 of the Employment Act 1968 (Cap. 91). The company reserves the right to remove or request the removal of offending social media content.

The forms-legal.com template includes all recommended sections with customisable fields for company-specific rules, authorised spokesperson designations, and industry-specific compliance provisions. The template addresses both personal and professional social media use and includes a signed acknowledgement form for employee records.

Monitoring and enforcement provisions must state whether and how the company monitors employees' social media activity. Under Singapore law, employers may monitor employees' use of company devices and networks, but monitoring of personal devices and accounts is subject to the PDPA and the employee's consent. The policy should state the monitoring scope clearly to avoid disputes.

Social media account ownership provisions must clarify that corporate social media accounts are company property, and employees managing these accounts do so in their employee capacity. Upon termination, the employee must hand over all account credentials and administrator access. The policy should address ownership of connections, followers, and content created on corporate accounts during employment.

Training and awareness programme requirements should mandate social media awareness training as part of onboarding and annual refresher training. The training should cover the company's social media policy, PDPA requirements, social engineering and phishing risks, incident reporting procedures for social media crises, and consequences of violations under the Employment Act 1968 (Cap. 91). The forms-legal.com template includes a training acknowledgement form that employees must sign upon completing the programme. Under Singapore law, the common-law requirements for a valid contract — offer, acceptance, consideration, and intention to create legal relations — and Section 169 of the Companies Act 1967 (Cap. 50) govern the core requirements for this type of document.