privacy and social media for australian governments

Privacy & social media

Craig ThomlerManaging Director

Delib Australia & New ZealandApril 2013

Who am I?

What is Delib?

What is privacy about?• An individual’s control of their own virtual

personal space by,

• limiting when, where and how organisations can collect, make use of, or share personal data,

• without the permission of the individuals involved.

Why?Because information = powerOur society views individuals as the most important rights holders in most situations(this isn’t common to all societies) Source: http://lizprovasi.wordpress.com/2012/04/01/personal-space/

Privacy has grey edges• Each individual has different privacy tolerances.

• The right and expectation to privacy varies on the situation and the parties involved.

Privacy is constantly changing

• More personal data is captured and stored every day.

• Globalisation brings different privacy regimes into conflict.

• Digital channels challenge rights to privacy.

• Evidence of a generational shift in privacy views.

Can we mirror offline privacy online?Partially, but not completely

Nor do people want it…

Privacy Social media

Agencies

Social media versus NPPs1: Collection

Is it collecting personal information if a person voluntarily provides it on your Facebook page?

If an individual talks about someone else in your forum, do you have to ask the second person’s permission to capture it?

2: Use and disclosureWhen someone Likes your Facebook page, is that consent for them to receive updates from that page?

3: Data qualityHow can an organisation verify that information about an individual provided via a social media channel is accurate, complete and up-to-date?

4: Data securityHow can an organisation secure data held in a third-party system (social network, forum, group, etc)?

Social media versus NPPs5: Openness

How does your organisation keep track of what information it holds about an individual across a number of social networks, when the individual may use different identities?

6: Access and correctionHow can an organisation give individuals access to information held about them, when some is stored behind administration logins?

8: AnonymityHow can an organisation support anonymous transactions when services like Facebook and Google Plus enforce identity (part of their service)?

9: Transborder data flowsHow do organisations keep data within a jurisdiction when social networks are cloud based?

10: Sensitive informationHow do organisations avoid collecting it on social networks without consent?

The answer:

Reasonable and practicableFor example:

1.3 At or before the time (or, if that is not practicable, as soon as practicable after) an organisation collects personal information about an individual from the individual, the organisation must take reasonable steps to ensure that the individual is aware of….

Clarify internal versus external risksDifferentiate online platform risks versus your organisation’s use of these platforms.

To minimise privacy risks• Understand the National Privacy Principles (NPPs),

particularly relating to ‘practicable’ and ‘reasonable’ steps (you can’t control everything).

• Understand the privacy framework for the online services you plan to use (try them out first).

• Provide alternate avenues for engagement and contact, so people can select for their own privacy concerns.

• Provide clear context – what terms are participants bound by (social network, your own).

• Communicate how personal information will be captured and used.

• Moderate privacy breaches and offer alternative paths to people wishing personal and specific information.

Source: www.facebook.com/planmelbourne

Campaign/project practice

Guidance and training

Strategy & framework

Social media policy

Agency instructions and policies

Government policies and guidelines

Legislation and international agreements

Online infrastructure pyramid

Campaign/project practice

Guidance and training

Strategy & framework

Social media policy

Agency instructions and policies

Government policies and guidelines

Legislation and international agreements

Online infrastructure pyramid

Whole of

agency

Branch/Team

Whole of Government

Craig Thomlercraig@delib.net@CraigThomler

http://eGovAU.blogspot.com

www.delib.net/australia/@Delibaunz