Social Media Guidelines to Safeguard Personal & Unit Information

Article 8 min
Whether you are posting as the voice of your unit or you're using your own voice on your personal page—there are rules and guidelines to follow in and out of uniform. 

Security is everyone’s responsibility. If you see classified, sensitive, personal or operational information on the internet, report the matter immediately to your security manager within your chain of command to take mitigating action.

The DoD published DoDI 5400.17, which guides social media managers and public affairs (PA) professionals within the DoD on the official use of social media for PA purposes. Additionally, the policy outlines that acceptable use policy agreements must be in place between social media managers and their local information technology (IT) security office. DoD personnel managing or accessing an official social media account will coordinate with their local IT offices and sign an acceptable use policy agreement for tracking purposes.

The mandatory acceptable use policy agreement statement must contain the following:

"I will use official DoD social media accounts on non-DoD-controlled social media platforms (e.g., Facebook, YouTube, Twitter, Instagram) only as authorized by my job or duty description and to conduct official business, including to release official agency information or other official communication. I will not use personal social media accounts to conduct official business except as authorized in accordance with DoDI 8170.01."

Regardless of profile, you should always safeguard:
 

Details About Your Work

Information such as establishment/unit locations, telephone numbers, ranks, unit strength, position details or role could be used to target your workplace. Do not post details concerning security procedures. Ensure photos do not contain ID cards/official passes, keys, computer screens and other potentially sensitive materials or equipment.

Operational Information

In operations and during missions, information protection becomes critical, and attempts to gather information by adversaries may become more determined. Never release information about operational programs, deployment details, mission-specific information, capability shortfalls, casualty details or morale online.

Additionally, it is a DoD requirement for military members, DoD employees and contractors to pass annual training on Operations Security (OPSEC) awareness. Check with your local command to ensure you are up to date with your OPSEC training!

Know the Guidelines

Social media is a gateway into your life and provides details that can compromise your safety. Think about what you post and who can see it.

Explore the following guidelines for safeguarding the information you share personally, on behalf of your unit or both. You can look to the DoD Guidelines for more information.

Click a target to reveal more in-depth information.

Safeguard Privacy & Information

Illustration of a path through clouds with various social media icons
Shield icon

1. Exercise Caution

with Personal Social Media Accounts

Exercise caution in offering personal opinions that could be interpreted as an official position. Clearly indicate the separation by using a disclaimer. DoDI 5400.17, Figure 2 provides a sample disclaimer for personal social media accounts that states:

"The views and opinions presented herein are those of the author and do not necessarily represent the views of DoD or its Components. Appearance of, or reference to, any commercial products or services does not constitute DoD endorsement of those products or services. The appearance of external hyperlinks does not constitute DoD endorsement of the linked websites, or the information, products or services therein."

Refer to the OGE Legal Advisory LA-14-08 for more information.

Know Your Lane

2. Know Your Lane

with Personal & Unit Social Media Accounts

Avoid any area of expertise where you do not have first-hand experience or knowledge. Also, acknowledge the existence of different perspectives. Do not guess or assume information. Refer any questions outside your expertise to your Public Affairs Office or Communication Specialist.

Shield icon

3. Understand Your Role

with Unit Social Media Accounts

Avoid stating personal opinions on politics or policy matters related to your unit. Also, do not comment on work-related legal matters. Your office should be resourced with the industry standard equipment, training and personnel to manage social media accounts, especially over multiple social media platforms, including public web activities, pursuant to DoDD 5122.05.

The Office of the Secretary of Defense (OSD) and DoD Component heads, in consultation with PA, will review and determine the criteria for establishing an external official presence (EOP) for elements within their responsibility to operate and execute their PA activities. PA representatives should assess establishing an EOP based on mission or operational needs, and support approved communication plans and campaigns.

EOPs at all levels must follow the procedures, policies and guidelines outlined in this issuance. Organizations that establish an EOP will guide social media managers to effectively direct activities and properly maintain the organization’s public presence.

Reference Section 4 of DoDI 5400.17 for more information on establishing an official DoD presence online.

Shield icon

4. Rely On Policy

with Personal Social Media Accounts

Avoid personal opinions on politics or policy matters related to your unit. Know that there are actual policies and directives that help you distinguish what you must operate by and what you should operate by. The policies and directives are provided, but the onus is on the member to appropriately follow them.

For more information, refer to:

Shield icon

5. Correct Errors

with Personal & Unit Social Media Accounts

When you see misrepresentations about your unit in social media, you may identify and correct the error but always do this courteously and with facts. Avoid heated arguments and be respectful.

Section 3f of DoDI 5400.17 has specific guidance regarding transparency on social media. You must never remove social media content from your official DoD accounts unless there is a factual/typographical error, a violation of law, policy, or user service agreement, or an operations or security concern.

Removing content from an official DoD account must be publicly acknowledged to your audience and followers while providing additional information about why the content was removed. You should never remove content to avoid embarrassment or shut down a discussion about a controversial topic, as this can reflect negatively against the DoD brand.

Shield icon

6. Don't Spill Secrets

with Personal & Unit Social Media Accounts

Remember Operational Security (OPSEC)! Don’t post classified, sensitive, ‘For Official/Internal Use Only’ information or anything on a Critical Information and Indicators List (CIIL). Make sure information is releasable.

Additionally, DoD personnel must exercise caution in preventing unauthorized disclosure of non-public and unclassified information that aggregates to reveal classified information.

Shield icon

7. Respect Privacy

with Personal & Unit Social Media Accounts

Don’t post anything infringing on the proprietary, privacy or personal rights of others.

Shield icon

8. Keep It Classy

with Personal & Unit Social Media Accounts

Members should avoid doing anything that discredits themselves or their unit, including using inappropriate language or content. Members should avoid posting any defamatory, libelous, hazing (demeaning initiation rituals), bullying, stalking, vulgar, obscene, abusive, profane, threatening, racially or ethnically hateful or otherwise offensive or illegal information or material.

Think about potential consequences, and how the post would be received by others. Reference the Uniform Code of Military Justice (UCMJ) for more information and to ensure compliance.

Shield icon

9. Don't Promote

with Unit Social Media Accounts

Do not use your unit to endorse or promote products, companies or political or religious affiliations and refrain from any appearance of a DoD endorsement or sanction.

Shield icon

10. Avoid Impersonations

with Personal Social Media Accounts

Misrepresentation through manipulating identifiers in an attempt to disguise, or impersonate your identity, is prohibited.

Shield icon

11. Respect Copyrights

with Personal & Unit Social Media Accounts

Respect copyrighted and trademarked material. Posting or sharing music, logos, songs or other information protected by copyright, trademark or any other restriction is illegal. Follow national/federal law, service direction, instructions and unit policy.

  • Uniformed military members fall under the UCMJ.
  • Civilians would fall under the Hatch Act.

You should also familiarize yourself with the most recent Fair Use policies and procedures. Understand that Fair Use is a legal doctrine that has to be argued in court and decided on by a judge. The proper application of Fair Use promotes freedom of expression by permitting the unlicensed use of copyright-protected works in certain circumstances.

Additionally, reviewing and understanding the terms of service agreements for any platform you have an EOP is extremely important. For example, you cannot move sound libraries from one platform to another (YouTube to DVIDS). If the file you are moving carries that platform's terms of service, you violate the terms of service and the copyright.

Shield icon

12. Use Common Sense

with Personal & Unit Social Media Accounts

Once something is out there, you can’t take it back. Be careful and cautious when posting to keep from saying/posting something you shouldn’t. You bear the responsibility for what you post.

Shield icon

13. Restrict Pics in Uniform

with Personal Social Media Accounts

As DoD ambassadors, it is permissible to post pictures while in uniform. However, it is extremely important that if you post a picture of yourself or another service member in uniform, the picture does not accidentally or intentionally imply an endorsement of a product or service. You should never post pictures of uniformed service members at or near any political event or rally. A best practice is to keep politics out of it!

Check out DoDI 5400.17 to learn more about maintaining a clear distinction between personal and official DoD accounts.

Shield icon

14. Enforce The Rules

with Personal Social Media Accounts

Talk to your family and friends about what they should and shouldn't post. You can restrict your own settings but not theirs. Make sure they know what they can post.

Reference Section 8 of DoDI 5400.17 for more information on personal social media use by DoD personnel.

Shield icon

15. Choose Friends Carefully

with Personal Social Media Accounts

Restrict privacy settings and don’t add people you don’t know or haven’t met in person. Be circumspect in the information you share.

Shield icon

16. Change Your Passwords

with Personal & Unit Social Media Accounts

Carefully consider requests and permissions. Don’t share logins or passwords, and change passwords frequently. Ensure you are using passwords that cannot be cracked easily, and when available, set up two-factor authentication.

It is a best practice to create a "Hacked Account Plan" to implement if adversaries or bad actors breach any official DoD accounts. This plan could also be known as "Cyber-Hijacking Procedures" or "Social Media Brand Recovery Procedures" and should be documented in your social media strategy. This plan should include:

  • Recovery email information,
  • Standard, templated messages for quick dissemination on social streams and additional mediums and
  • Checklists for different types of adversarial situations on social streams.

Additionally, if you use a phrase as a password, ensure it is not a commonly used phrase throughout your office and substitute symbols for letters where appropriate.

Shield icon

17. Guard Personal Info

with Personal Social Media Accounts

Don’t publicly post your full name, rank, position, date or place of birth, addresses or ID information. There may be some situations where this information is necessary, but consider the risks and the possible combination of public information from multiple sources that could be used on standard password reset questions.

Shield icon

18. Beware of Geotagging

with Personal & Unit Social Media Accounts

Restrict location settings on your devices and understand the impacts of what you are posting. It is best not to post your specific location in real-time or geotag your photos.

Geotagging is prohibited in certain situations like deployments, areas of responsibility and other sensitive location-related data. This helps prevent adversaries from taking advantage of this information.