This presentation, given in both the Canberra and Adelaide Social Media conferences by Akolade, provides a view on the dangers and mitigations for privacy concerns when government agencies use social media
What is privacy about? • An individual’s control of their own virtual personal space by, • limiting when, where and how organisations can collect, make use of, or share personal data, • without the permission of the individuals involved. Why? Because information = power Our society views individuals as the most important rights holders in most situations (this isn’t common to all societies) Source: http://lizprovasi.wordpress.com/2012/04/01/personal-space/
Privacy has grey edges • Each individual has different privacy tolerances. • The right and expectation to privacy varies on the situation and the parties involved. Privacy is constantly changing • More personal data is captured and stored every day. • Globalisation brings different privacy regimes into conflict. • Digital channels challenge rights to privacy. • Evidence of a generational shift in privacy views.
Can we mirror offline privacy online? Partially, but not completely Nor do people want it…
Social media versus NPPs 1: Collection Is it collecting personal information if a person voluntarily provides it on your Facebook page? If an individual talks about someone else in your forum, do you have to ask the second person’s permission to capture it? 2: Use and disclosure When someone Likes your Facebook page, is that consent for them to receive updates from that page? 3: Data quality How can an organisation verify that information about an individual provided via a social media channel is accurate, complete and up-to-date? 4: Data security How can an organisation secure data held in a third-party system (social network, forum, group, etc)?
Social media versus NPPs 5: Openness How does your organisation keep track of what information it holds about an individual across a number of social networks, when the individual may use different identities? 6: Access and correction How can an organisation give individuals access to information held about them, when some is stored behind administration logins? 8: Anonymity How can an organisation support anonymous transactions when services like Facebook and Google Plus enforce identity (part of their service)? 9: Transborder data flows How do organisations keep data within a jurisdiction when social networks are cloud based? 10: Sensitive information How do organisations avoid collecting it on social networks without consent?
The answer: Reasonable and practicable For example: 1.3 At or before the time (or, if that is not practicable, as soon as practicable after) an organisation collects personal information about an individual from the individual, the organisation must take reasonable steps to ensure that the individual is aware of….
Clarify internal versus external risks Differentiate online platform risks versus your organisation’s use of these platforms.
To minimise privacy risks • Understand the National Privacy Principles (NPPs), particularly relating to ‘practicable’ and ‘reasonable’ steps (you can’t control everything). • Understand the privacy framework for the online services you plan to use (try them out first). • Provide alternate avenues for engagement and contact, so people can select for their own privacy concerns. • Provide clear context – what terms are participants bound by (social network, your own). • Communicate how personal information will be captured and used. • Moderate privacy breaches and offer alternative paths to people wishing personal and specific information.
Online infrastructure pyramid Campaign/ project practice Guidance and training Strategy & framework Social media policy Agency instructions and policies Government policies and guidelines Legislation and international agreements
Online infrastructure pyramid Branch/ Team Campaign/ project practice Guidance and training Whole of agency Strategy & framework Social media policy Agency instructions and policies Whole of Government policies and guidelinesGovernmen t Legislation and international agreements