BARCELONA, Spain—Companies should develop a clear, written policy on the use of social networking sites to shield themselves from increasing liability related to the sites, a panel of legal experts said.

Speaking this month at the International Assn. of Defense Counsel's annual meeting in Barcelona, Spain, panelists said that although much of the law in this area is ambiguous or undefined, companies with reasonable and specific written policies often are viewed favorably by courts.

“Ten years ago was the start of e-discovery and we were all trying to understand the rules...that's where we are with social media,” said Lana K. Varney, a partner at Fulbright & Jaworski L.L.P. in Austin, Texas. “There's an enormous amount of uncertainty in this as courts struggle to get their arms around it...and as regulatory agencies (come) to the realization that they're not going to be able to regulate every aspect of it. It's too enormous.”

Ms. Varney said that a company's written policy should spell out how employees are permitted to use social media sites during work hours, how the firm will train employees and monitor compliance, and what the consequences of violating the policy will be.

Ms. Varney said courts and regulators have struggled or declined to address a plethora of questions provoked by the widespread use of social networking sites, including: Who is responsible for defamatory posts from an anonymous user of a public site? Is a company liable for misinformation posted on its social media site by an outside user? How can companies fulfill disclosure requirements given the space constraints of sites like Facebook or Twitter?

Ms. Varney said the Food & Drug Administration, the Federal Trade Commission, and the American Bar Assn., among other groups, are expected to issue regulations soon on social networking usage.

She said companies with pages or sites on social networking platforms should consider country-specific sites, because laws vary by nation.

Takis Kommatas, founder and managing partner of law firm T.G. Kommatas & Associates in Athens, Greece, said laws in the European Union are more favorable to and protective of users than U.S. law, and more focused on data privacy.

Under European law, Mr. Kommatas said that any operation on personal data must be transparent, for a legitimate purpose and not excessive, among other guidelines, and those requirements now apply to social networking providers, such as Facebook, based outside the European Union.

“All these (sites) based in the U.S., since they are of course used in the E.U., can be held liable if they do not follow the principles of data protection,” he said.

Ms. Varney said U.S. firms should regularly monitor their social media sites, and respond to and counter negative comments rather than take legal action.

She said many companies hire third-party contractors to create their social networking sites; to screen potential new hires through social media sites, passing along only lawful and ethical information; and to manage their online reputation in part by pushing down negative sites and comments in search engine results.