My son was born at the end of the Millennial generation. He is 11 years old and owns an iPod and a MacBook Pro. (When I was 11, I had a set of walkie-talkies and an Etch-A-Sketch.) It's fairly easy to punish my son when he's not behaving like he should: I simply take away his Apple products. Works every time. The prospect of being without mobile Internet connectivity strikes more fear in my son than anything else I know.

I have also observed that my son is very open about his opinions on politics, teachers and the dinner his mother cooked. I would say that those two traits—personal transparency and inter-connectedness—fairly sum up the Millennial generation.

Which brings me to social media policies. I'm not responsible for the social media policy at my company, and I'm very glad I'm not. Companies can easily trip over themselves drawing up rules for employee conduct online. There are several stakeholders in corporate social media policies, each with their own objectives. The marketing department smacks their lips over the opportunity for placing targeted, personalized product messages on social media sites. Human resources wants to attract young, well-educated, tech-savvy job candidates.

In contrast, ethics and compliance officers gird themselves for 20-something employees gone wild, posting internal documents and blogging about the evils of the corporate world. Managers are tempted to turn into Captain Queeg, scanning the Internet for mutinous acts amongst their direct reports.

The difficulties for in-house lawyers in coming up with social media policies don't end there. Starting last August, the acting general counsel of the National Labor Relations Board (NLRB) has issued several memoranda on what are and are not legally acceptable provisions in these policies. The memoranda boil down to a few points:

• Social media policies need to specify what employees are prohibited from posting
• Broadly phrased prohibitions like “inappropriate discussions” chill legally protected worker organization
• Policies cannot require employees to hide their employment when participating in social media
• Nor can policies burden employees with a requirement to include disclaimers in all of their posts.

Not surprisingly, law firms have jumped on the waves created by the memoranda and started cautioning in-house lawyers to bring their social media policies into compliance.

While the NLRB GC's memoranda have a major impact on how social media policies are written, the business and legal implications of the policies far outnumber any singular concern about employees using the Internet to unionize. Relying on the memoranda as the sole guide for drafting social media policies is like looking at the Grand Canyon from a single vantage point. You will only ever have one view.

In the pre-Dot Com days, employees venting about bosses and airing company dirty laundry were limited to after work, brick-and-mortar venues like the corner bar, the health club and the softball field. Back then, the workforce was made up of Generation Xers like myself (think Bud Fox, Charlie Sheen's character in the movie “Wall Street”). We Gen Xers have always been a self-contained lot, careful about what we say. The working world has since changed.

Millennials, who now dominate the workforce, grew up with the Internet, which was (and still is) largely unregulated and available to anyone. We feel free to say things online that we wouldn't say anywhere else. Many Millenials have never had a physical office; they work anywhere they can get cell reception. The space between work and personal time has vanished.

How, then, can in-house lawyers develop coherent, effective social media policies? Simply applying existing employee workplace policies to Facebook, blogs, etc., isn't enough. For me, a good social media policy achieves a few basic business objectives, while at the same time recognizing both the Millennial generation's sensibilities and the disappearance of boundaries in the age of the Internet:

1. Don't forget at-will employment. Over my career as an in-house lawyer, I have been amazed by how reluctant companies are to exercise their rights under the common law doctrine of at-will employment. Any written policy on employee conduct automatically detracts from the company's right to fire anyone at any time for any reason (subject to the obvious statutory and public policy limitations). In other words, you don't need to put something in a policy in order to terminate or reprimand an employee for doing it. Social media policies should be succinct, straightforward and specific about what they govern.

2. Protect company property. Physically and technologically safeguarding the confidentiality of company information has always been a difficult task. In the context of social media it seems overwhelming. Compounding the situation, I find that many employees today fundamentally do not know what is and isn't confidential information and don't understand why unauthorized disclosure of confidential information is equivalent to setting company office equipment on fire. Social media policies should prohibit employees from transmitting confidential information by any means other than a secure company email account or company website. Policies must also prohibit employees from paraphrasing or otherwise describing the contents of confidential information in online posts.

3. Avoid liability. Any employee who has established an online presence is likely to have a profile or bio, either linked or searchable, that identifies the company where he or she works, creating potential liability for the company under agency theory. Exposure to liability increases where employees are encouraged to use social media on the company's behalf. In response to the NLRB's position that policies cannot require individuals to hide their employment or use disclaimers, some commentators have suggested requiring employees to obtain company approval before posting comments or before friending or connecting with others.

A pre-approval approach just isn't workable. Social media policies must itemize all potential torts and violations of statutes and public policy that can be committed online, in plain language and using examples, and absolutely prohibit employees from doing them. The list of online don'ts can end up being fairly lengthy, but it is nevertheless essential.

4. Win business. No company should tolerate posts from employees that disparage company products and services or question the business judgment of executive management. Dissing the company has nothing to do with whistleblowing, poor working conditions or public policy.

5. Build brand personality. Companies spend exorbitant amounts of money on building their brand. While social media presents an enormous potential for companies to turn employees into ambassadors, social media also poses significant risks to company reputation. One tasteless comment posted by an employee can end up being read by millions in a matter of hours. I don't know if there is any way to govern the use of good taste and common sense online that can be reduced to written policy.

Many polices currently in place attempt to guide employees on how to wisely use social media but do so in a tone that doesn't sound like Big Brother from George Orwell's “1984”. The resulting language is confusing and undercuts the authoritativeness of the policy as a whole.

One oft cited social media policy at a well-known technology company includes the old adage that you should never discuss politics and religion in public. I'm not sure censorship like that is a good approach either. As a rule, programs to encourage employee generated buzz about products or to exude a positive corporate image on social media sites should be defined separately and outside of the social media policy document.