Social media privacy has been a hot topic in the last few weeks. But most issues with privacy and social media don’t make international headlines like Cambridge Analytica. Often, social media privacy problems involve honest mistakes, or over-enthusiastic companies sharing things that they shouldn’t. Here are four things you should consider to prevent a data protection headache from your organisation’s use of social media.
Protecting Social Media Privacy
Secure Your Profiles
If you handle queries from customers or members of the public on social media, access to your accounts and profiles entails access to a large volume of personal data. But many organisations can be lax when it comes to security.
For example, how many people in your organisation have access to manage your Facebook page? All of those people can see the private messages that people send to your organisation. So it’s not remotely appropriate if, for example, a former member of staff or loosely-vetted contractor can access the page. Similar concerns about social media privacy apply to other platforms like Twitter. You should change passwords for your company social media profiles regularly. Also keep a keen eye on the privacy settings for your social media profiles. You don’t want sensitive internal information leaking out somehow!
Staff Social Media
If your staff use social media, chances are that they discuss their work online. It’s unrealistic to imagine they don’t. But to avoid a social media privacy headache, your staff should know certain ground rules about those conversations.
In a very nasty recent case, staff at a major retailer shared CCTV footage of a colleague with a disability on a WhatsApp group. The Data Protection Commissioner and the Workplace Relations Commission got involved. The company in question had to pay a large amount in damages to employee, partly because it had failed to ensure adequate protections for the staff member regarding social media privacy. Review your social media guidelines to ensure that staff respect the privacy of both customers and colleagues online.
Get Permission, Not Forgiveness
A person’s picture is identifiable information. By any reading of the Data Protection Acts, therefore, it is personal data. So before you publish a photo of an attendee at an event, or even a staff member, you should have clear and informed permission to do that.
Make sure that social media privacy is on the agenda of your marketing team, especially as the GDPR deadline approaches. You need to tell people how their photo, testimonial or other personal information may be used, and get clear permission to do that. Otherwise, you’re risking a data protection complaint.
Not everyone on the internet is who they claim to be. Some people, in fact, may set up parody accounts – or deceptive frauds – to imitate your organisation online. Your customers could then make contact with those accounts, believing them to be legitimate. This would compromise their privacy, or possibly have graver consequences depending on your sector.
This would not be your fault, of course, and no reasonable regulator would hold you responsible for a social media privacy incident like this. But shutting down misleading accounts that purport to represent your business is easier than you think. It’s a good way to head off potential negative publicity, And it’s the right thing to do. If you see a misleading account representing your business, report it to the network in question.
Find out More
See what all staff should know about privacy.