Actually - it is absolutely appropriate for an organization to define policies and procedures on the use of certain technology by its employees as it relates to the enterprise. There is nothing new here. Organizations have defined such policies concerning technology since the days of CompuServe and dial-up bulletin board systems as well as AOL, GeoCities and so on. Such policies provide a method to make employees aware of company expectations - especially necessary in certain regulated industries.
This is not about control, it's about establishing parameters beforehand to alleviate the need to deal with problems afterwards. The manner in which policies and procedures are established and evolve over time however should be re-examined in light of social computing trend. In fact, policies and procedures related to technology usage should be updated on a regular basis, or when a particular technology trend demands that such practices be modified. What should be avoided, and is perhaps what the post below is really addressing, is the knee-jerk reaction that some companies undertake to simply publishing a edict ("though shalt not use") rather than engage its workforce in a dialog about the need for certain types of tools. The short-sighted, command/control approach has numerous negative aspects in terms of culture, employee engagement and so on. But, as bad as the command/control perspective may seem, so is the opposite viewpoint that an enterprise does not have the right to govern use of its technology environment.
I don't think a responsible way to handle improper Facebook usage is to negotiate a conduct policy with employee representatives. Rather, employees should be trusted to use Facebook appropriately. In the cases where there are misuses, those issues should be resolved in a private manner between a manager and his/her direct report. Don't control unless there's an absolute need to control.