CIO Council outlines privacy implications of social media use for situational awareness, operations


Beyond simply broadcasting information or promoting their mission, agencies can use social media for situational awareness and for mission operations, but there are privacy issues agencies must consider, says the Federal Chief Information Officers Council.

Agencies with security or disaster recovery missions are best poised to use publicly-available sites to extract situational information, says a new guide for federal agencies and departments published (.pdf) July 24 by the CIO Council.

"The agency should limit its information gathering to facts surrounding the event (what is happening), rather than who is either involved or reporting the information, unless the agency has specific legal authority to collect information on individuals," says the guide.

It's possible that, in limited situations with the proper authorities, personally identifiable information may be collected, says the guide. An agency policy should clarify when collecting PII is permissible and, more generally, using social media to enhance situational awareness should be approved by senior leadership and outlined in a publicly-available privacy impact assessment, says the guide.  

"If the agency decides to collect and retrieve PII, the agency must be sure to follow the applicable provisions of the Privacy Act of 1974, as amended and publish or update its applicable System of Records Notice to cover the information collection," note report authors.

Agencies can use social media as an operational tool as well. For example, publicly-available information on social media can be for investigations to prevent fraud, making a benefit or eligibility determination about an individual, making a personnel determination about an employee, or for conducting authorized intelligence activities, says the guide.

"Due to its sensitivity, operational uses of social media should be approved and documented by senior agency leadership, including, but not limited to, privacy officials and General Counsel," add report authors.

Not only should ethics, privacy impact and records management be considered when using social media for investigations, it's important that agencies are transparent about how they're using social media, says the guide.

"By being transparent about what type of information the agency is collecting and how it is collecting it, the agency can help minimize the public's concern that the Government is monitoring individual speech and actions on social media," writes the CIO Council.

Agencies can also prevent inappropriate collection or misuse of PII through training and making sure that personnel are held accountable, authors add.

For more:
- download the guide, "Privacy Best Practices for Social Media" (.pdf)

Related Articles:
'Social listening' can prevent misinformation in disaster, says FEMA official
State Department bureau's Facebook fan push has dubious benefit
'Many misconceptions' in federal social media accessibility, says official