privacy and social media for australian governments
DESCRIPTION
This presentation, given in both the Canberra and Adelaide Social Media conferences by Akolade, provides a view on the dangers and mitigations for privacy concerns when government agencies use social mediaTRANSCRIPT
Privacy & social media
Craig ThomlerManaging Director
Delib Australia & New ZealandApril 2013
Who am I?
What is Delib?
What is privacy about?• An individual’s control of their own virtual
personal space by,
• limiting when, where and how organisations can collect, make use of, or share personal data,
• without the permission of the individuals involved.
Why?Because information = powerOur society views individuals as the most important rights holders in most situations(this isn’t common to all societies) Source: http://lizprovasi.wordpress.com/2012/04/01/personal-space/
Privacy has grey edges• Each individual has different privacy tolerances.
• The right and expectation to privacy varies on the situation and the parties involved.
Privacy is constantly changing
• More personal data is captured and stored every day.
• Globalisation brings different privacy regimes into conflict.
• Digital channels challenge rights to privacy.
• Evidence of a generational shift in privacy views.
Can we mirror offline privacy online?Partially, but not completely
Nor do people want it…
Privacy Social media
Agencies
Social media versus NPPs1: Collection
Is it collecting personal information if a person voluntarily provides it on your Facebook page?
If an individual talks about someone else in your forum, do you have to ask the second person’s permission to capture it?
2: Use and disclosureWhen someone Likes your Facebook page, is that consent for them to receive updates from that page?
3: Data qualityHow can an organisation verify that information about an individual provided via a social media channel is accurate, complete and up-to-date?
4: Data securityHow can an organisation secure data held in a third-party system (social network, forum, group, etc)?
Social media versus NPPs5: Openness
How does your organisation keep track of what information it holds about an individual across a number of social networks, when the individual may use different identities?
6: Access and correctionHow can an organisation give individuals access to information held about them, when some is stored behind administration logins?
8: AnonymityHow can an organisation support anonymous transactions when services like Facebook and Google Plus enforce identity (part of their service)?
9: Transborder data flowsHow do organisations keep data within a jurisdiction when social networks are cloud based?
10: Sensitive informationHow do organisations avoid collecting it on social networks without consent?
The answer:
Reasonable and practicableFor example:
1.3 At or before the time (or, if that is not practicable, as soon as practicable after) an organisation collects personal information about an individual from the individual, the organisation must take reasonable steps to ensure that the individual is aware of….
Clarify internal versus external risksDifferentiate online platform risks versus your organisation’s use of these platforms.
To minimise privacy risks• Understand the National Privacy Principles (NPPs),
particularly relating to ‘practicable’ and ‘reasonable’ steps (you can’t control everything).
• Understand the privacy framework for the online services you plan to use (try them out first).
• Provide alternate avenues for engagement and contact, so people can select for their own privacy concerns.
• Provide clear context – what terms are participants bound by (social network, your own).
• Communicate how personal information will be captured and used.
• Moderate privacy breaches and offer alternative paths to people wishing personal and specific information.
Source: www.facebook.com/planmelbourne
Campaign/project practice
Guidance and training
Strategy & framework
Social media policy
Agency instructions and policies
Government policies and guidelines
Legislation and international agreements
Online infrastructure pyramid
Campaign/project practice
Guidance and training
Strategy & framework
Social media policy
Agency instructions and policies
Government policies and guidelines
Legislation and international agreements
Online infrastructure pyramid
Whole of
agency
Branch/Team
Whole of Government