CIOs Issue Social Media Privacy Practices Guide
Transparency Key in Proper Social Media UseFederal government agencies must be transparent in how they use social media, especially those that involve viewing publicly available information, says new guidance from the federal Chief Information Security Council.
See Also: 2024 Threat Landscape: Data Loss is a People Problem
"By being transparent about what type of information the agency is collecting and how it is collecting it, the agency can help minimize the public's concern that the government is monitoring individual speech and actions on social media," according to the just published Privacy Best Practices for Social Media.
The guide, which explains privacy best practices for establishing a social media program, addresses various ways the federal government can use social media for information sharing, situational awareness and to support agency operations.
Judicious Information Gathering
The new guide advises to limit information gathering to facts surrounding an event rather than who is either involved or reporting the information, unless the agency has specific legal authority to collect information on individuals.
Personally identifiable information may be collected only in very limited situations, and only when specifically authorized. For instance, even though reporting should focus on what instead of whom, in certain circumstances it may lend credibility if the names of key government or political officials who are associated with the particular event or activity are identified. An agency should develop a policy outlining specific guidelines on when collecting personally identifiable information may be legal and appropriate based on the agency's authorities, and who will be allowed access to the private data.
The guidance warns against posting information collected about specific individuals, seeking to connect with other internal or external personal users, accepting other internal or external personal users' invitations to connect; or interact on social media.
Social media proves to be a useful operational tool to collect publicly available information for a variety of purposes, when permitted by an agency's legal authority, including criminal investigations and determining the eligibility of a member of the public for a government benefit.
Vetting Prospective Employees
The guide says it is appropriate to use social media to make personnel determinations regarding a current employee. In vetting prospective employees, the CIO Council recommends that an agency must ensure that notice is provided prior to accessing or collecting information, that consent is obtained, and that the individual is involved in the process. "Special consideration should be taken when using publicly available information, and agencies should not require an applicant to provide access to his/her social media accounts," the guidance says.
Operational uses of social media should be approved and documented by senior agency leadership, including, but not limited to, privacy officials and general counsel. Program and privacy compliance reviews should be conducted on a routine basis to ensure the agency is in compliance with its policies and other documentation.
Federal agencies leverage social media websites to engage constituents, understand and address issues raised by the public and advance operational missions. Social media is a critical tool for agencies to use as they move toward a digital, open government. "When used effectively, social media can be an incredibly powerful set of tools, precisely because they can connect agencies directly to diverse audiences and opinions," says a blog posted on the CIO Council website.