OPC: Social Media Risks to Enterprises

286 views
223 views

Published on

Also posted at: http://www.priv.gc.ca/speech/2009/sp-d_090430_lg_e.cfm

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
286
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

OPC: Social Media Risks to Enterprises

  1. 1. Understanding Social Media Privacy Risks to Enterprises Louisa Garib Legal Services, Policy and Parliamentary Affairs
  2. 2. “ Social Media is a conversation” <ul><li>Online content generated by users </li></ul><ul><li>Uses accessible technologies </li></ul><ul><li>Not organized </li></ul><ul><li>Not controlled </li></ul><ul><li>Many voices </li></ul><ul><li>Social dynamic </li></ul><ul><li>Mainstream – here to stay </li></ul>It is a social dynamic It is a social dynamic
  3. 4. Features of Social Media that can give rise to Privacy Risks <ul><li>Users misunderstand privacy risks </li></ul><ul><li>Intimacy and immediacy– promotes disclosures </li></ul><ul><li>Users underestimate scope of disclosures </li></ul><ul><li>Used for Work and for Fun – blurs line </li></ul><ul><li>Control once information is posted </li></ul>
  4. 5. How serious are the Risks to Enterprises? <ul><li>Don’t know full extent of risk </li></ul><ul><li>Just beginning to understand technology, use by people, impact on privacy </li></ul><ul><li>Rapidly changing </li></ul><ul><li>Beginning to construct appropriate rules of engagement to understand and mitigate risks </li></ul>
  5. 6. What are the Risks of SM? <ul><li>Illegal/unauthorized/inappropriate disclosure of personal or confidential information </li></ul><ul><li>The employment relationship – internal/discl. </li></ul><ul><li>Lack of policies, protocols, training, errors </li></ul><ul><li>Customer Relationship – external/collection </li></ul><ul><li>Malware, hacking - external/ breach </li></ul><ul><li>Consequences: </li></ul><ul><li>Liability under PIPEDA and other laws </li></ul><ul><li>Harm to corporate reputation </li></ul>
  6. 7. PIPEDA and Social Media <ul><li>Collection, use and disclosure of personal information </li></ul><ul><li>Course of commercial activity </li></ul><ul><li>Employment relationship if FWUB </li></ul><ul><li>Notice, Consent, Reasonable purpose </li></ul><ul><li>BUT – other private or confidential information and situations not caught by privacy legislation </li></ul><ul><li>Still risks to enterprise – Best practices </li></ul><ul><li>PIPEDA minimum standard - guidance </li></ul>
  7. 8. Disclosures by Employees using SM <ul><li>Personal or corporate SM </li></ul><ul><li>On or off duty – lines blurred </li></ul><ul><li>PI about other employees – examples </li></ul><ul><li>Unionized workplace – neg’n, elections </li></ul><ul><li>Human rights, harassment, defamation </li></ul><ul><li>Obscene materials, copyright </li></ul><ul><li>Clients / customers </li></ul><ul><li>Business partners </li></ul><ul><li>Confidential corporate information </li></ul><ul><li>Reputation and publicity </li></ul>
  8. 9. Collection, Use and Disclosure of Personal Information using SM <ul><li>Recruitment and staffing </li></ul><ul><li>Monitoring </li></ul><ul><li>Investigations </li></ul><ul><li>Change day to day management of the employment relationship </li></ul><ul><li>Customers – service delivery, managing relationship, marketing information </li></ul><ul><li>Requests from law enforcement; litigation </li></ul>
  9. 10. How to manage risks? <ul><li>Understand technology – aware of privacy implications for enterprise </li></ul><ul><li>Aware of information flows – in and out </li></ul><ul><li>Express policy guidelines on SM and handling PI; understandable; consequences of violation; disseminate widely - OPC Fact sheet </li></ul><ul><li>Use allowed in the workplace? Will it reduce risks? Create other issues? </li></ul><ul><li>Education – avoid privacy misunderstandings </li></ul>

×