The Chief Information Officer’s Council recently released an updated guide to social media best practices for agencies seeking to protect their online privacy. One of the CIC Council’s top recommendations to agencies was that they should avoid “friending,” “following” or “liking” public profiles or users on popular social media websites like Facebook, Twitter, and LinkedIn. The CIC Council also warned against the collection of identifiable, personalized information on social media websites.
- Create rigid internal policies that set out clear guidelines for friending, following, and liking other social media users and business or product pages.
- Specify in a privacy impact assessment message and with a disclaimer on the social media account page that the creation of a social media connection is not tantamount to agency endorsement.
- Make the public aware of agency efforts to protect its online privacy.
- Collect information from third parties only if it is absolutely necessary.
- Carefully monitor all comments on agency message boards and remove all comments that are deemed dangerous or otherwise unacceptable.
- Ensure all employees are properly trained in any and all newly created social media policies and usage guidelines.
The CIC Council’s final report also stated this: “Operational uses of social media should be approved and documented by senior agency leadership. Program and privacy compliance reviews should be conducted on a routine basis to ensure the agency is in compliance with its policies and other documentation.”
Finally, the CIC Council recommended the adoption of safer, more secure information sharing and record retention strategies. On this topic, the council made four recommendations on social media policy:
- Only information which is within the agency’s jurisdiction of ownership should be shared.
- The sharing of information is in accordance with internal policies.
- The agency receiving the information is entitled to it and is authorized to collect it.
- Receiving agencies should take action to protect all information thus acquired and get rid of all information and records that are no longer being actively used.
The CIC Council also advises agencies to create operational branches dedicated to privacy protection.