The information below originally appeared on 1to1media.com; I am reposting here because I think it's a smart approach. Just want to get the info out there, analysis to come a bit later after the Gov 2.0 expo wraps up today.
Source: http://www.1to1media.com/View.aspx?DocId=32360&utm_source=1to1MediaSite&utm_medium=HomepageRotator&utm_campaign=rotator_onlineExclusive1. Data Map
Most privacy incidents boil down to
whether data practices diverge from regulatory requirements or stated
privacy policies. To this end, adopting a social media strategy may
introduce new data practices not already disclosed in your
strategy is on solid privacy ground, create a data map detailing the
demographics and geographical locations of your target social media
users, what data fields you would collect, ideally, from and about them,
which social media channels you would use to collect that data, how you
would use that data, how you would secure it, and how long you would
retain it. A good data map will not only identify the core privacy
questions, it should also help the marketing department see in a
granular way how to make the most effective use of the available data.
2. Privacy Process Integration
most likely operates processes for personal data access requests,
privacy-choice management, privacy-complaint handling, and personal data
deletion. Indeed, the EU and Canadian documents on social network
services revealed the importance those jurisdictions place on these user
'rights.' If your organization doesn't have these privacy processes
defined, you would be well-served to do so. If they're already defined,
your social media strategy will need to integrate with them. For
example, if you harvest user data from your social network channels and
store that data in a database separate from your other customer systems,
you'll want to determine how you'll respond to requests of those users
and customers to review copies of their data and to delete their data
across both platforms.
3. Site Monitoring and
The EU listed among its top concerns with
social networks the ability of users to post sensitive data about other
people without their consent. Users can also post their own sensitive
information, such as dates of birth and account numbers, that could be
used for account fraud. The trouble for organizations implementing
social media strategies is there is no easy way to prevent these
incidents. What are operators of Facebook fan sites doing? Some appear
to be manually monitoring their sites for inappropriate posts and
complaints and applying a policy for determining which to respond to and
how or which to simply delete.
Social media posts can also
provide an early warning of customer-service issues. During a review of
popular Twitter sites, for example, it became apparent that customers of
a financial institution regularly tweet their annoyance at being put on
hold by the call center. Privacy professionals tasked with developing
the social media privacy gameplan can show additional value by
incorporating customer service and antifraud processes.
After you've completed the
first three components, you'll be in a position to know if your existing
privacy notice specific to your social media channels. Facebook fan
sites, for example, include a default 'Info' tab that is tailorable for
this purpose. Canada's report on Facebook showed the high importance the
privacy commissioner places on detailed privacy disclosures.
Surprisingly, however, in our review of popular fan sites, few posted
privacy notices on their fan sites or detailed their social media data
practices in their main privacy policies.
EU regulators have determined that
operators of commercial social network services are 'data controllers.'
This is important because data controllers-compared to data
processors-have more compliance responsibilities with regard to EU
data-protection regulations. One of those responsibilities, for example,
is to register with local data-protection authorities the existence of
certain filing systems containing personal data. Depending upon how your
social media strategy is implemented, if it involves European users,
you may have additional compliance steps to take.
networks have created new marketing opportunities and introduced new
complexities into organizations' privacy policies and processes.
Marketing departments deploying new media strategies have a new reason
to get on the calendar of their privacy office.