TRENDING:

CIOs Issue Social Media Privacy Practices Guide

Transparency Key in Proper Social Media Use Eric Chabrow (GovInfoSecurity) • July 26, 2013    
CIOs Issue Social Media Privacy Practices Guide

Federal government agencies must be transparent in how they use social media, especially those that involve viewing publicly available information, says new guidance from the federal Chief Information Security Council.

See Also: Managing Digital Risk and Compliance in Financial Services

"By being transparent about what type of information the agency is collecting and how it is collecting it, the agency can help minimize the public's concern that the government is monitoring individual speech and actions on social media," according to the just published Privacy Best Practices for Social Media.

The guide, which explains privacy best practices for establishing a social media program, addresses various ways the federal government can use social media for information sharing, situational awareness and to support agency operations.

Judicious Information Gathering

The new guide advises to limit information gathering to facts surrounding an event rather than who is either involved or reporting the information, unless the agency has specific legal authority to collect information on individuals.

Personally identifiable information may be collected only in very limited situations, and only when specifically authorized. For instance, even though reporting should focus on what instead of whom, in certain circumstances it may lend credibility if the names of key government or political officials who are associated with the particular event or activity are identified. An agency should develop a policy outlining specific guidelines on when collecting personally identifiable information may be legal and appropriate based on the agency's authorities, and who will be allowed access to the private data.

The guidance warns against posting information collected about specific individuals, seeking to connect with other internal or external personal users, accepting other internal or external personal users' invitations to connect; or interact on social media.

Social media proves to be a useful operational tool to collect publicly available information for a variety of purposes, when permitted by an agency's legal authority, including criminal investigations and determining the eligibility of a member of the public for a government benefit.

Vetting Prospective Employees

The guide says it is appropriate to use social media to make personnel determinations regarding a current employee. In vetting prospective employees, the CIO Council recommends that an agency must ensure that notice is provided prior to accessing or collecting information, that consent is obtained, and that the individual is involved in the process. "Special consideration should be taken when using publicly available information, and agencies should not require an applicant to provide access to his/her social media accounts," the guidance says.

Operational uses of social media should be approved and documented by senior agency leadership, including, but not limited to, privacy officials and general counsel. Program and privacy compliance reviews should be conducted on a routine basis to ensure the agency is in compliance with its policies and other documentation.

Federal agencies leverage social media websites to engage constituents, understand and address issues raised by the public and advance operational missions. Social media is a critical tool for agencies to use as they move toward a digital, open government. "When used effectively, social media can be an incredibly powerful set of tools, precisely because they can connect agencies directly to diverse audiences and opinions," says a blog posted on the CIO Council website.

Previous
Massive Fraud Scheme: How It Happened
Next
Will Indictments Curb Card Fraud?

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.