How to Safeguard the Privacy of Your Social Network Users
There’s a lot of buzz these days about the question of privacy and social networks. As individuals, we may be feeling an increased need to protect our privacy; who gets to see specific updates, what information we’re okay making public, and conversely, what we feel strongly about keeping private.
Networks are changing settings frequently, and it takes a concerted effort to stay up-to-date on the privacy settings of the various social networks where we engage. As a result, more and more users are looking into the data use policies of networks such as Facebook and Twitter.
In this post, I’ll introduce you to individuals and organizations who are particularly tuned into the privacy interests of businesses and their social network users with a number of excellent tips that you can put to immediate use.
Social Media Privacy Policies
Joanne Furtsch, Policy & Product Architect at TRUSTe provides privacy advice for companies using social networking tools. She writes, “Your privacy considerations should start with an understanding of how the social networking feature works, including what information your website passes to the social network and vice versa.” She suggests:
- Depending on your privacy promises and the information being transferred (personal, sensitive, etc.) you may need to provide a specific opt-out or opt-in option for consumers to feel comfortable.
The Direct Marketer’s Association provides three recommendations to businesses:
- Advise individual users about your privacy policies, data deletion policy and the steps users should follow to change their privacy settings, to deactivate or to delete their accounts.
- Prevent games, quizzes and other applications developed by third parties from accessing personally identifiable information from an individual user without their knowledge and advance permission.
Add Social Media Specifics to Existing Internet Privacy Policies
Chris Apgar, CISSP, president of Apgar and Associates, suggests that organizations already have an Internet and e-mail usage policy in place, and social media specifics can simply be added to this policy. For ideas about policies and guidelines, check-out Cindy King’s post.
Privacy Do’s and Don’ts
Marilyn Prosch, Associate Professor and co- founder of an online data privacy lab at the W.P. Carey School of Business at Arizona State University, provides ten tips for companies:
- Don’t collect data just because you can. It could very well become a liability if you lose it.
- Don’t keep data longer than you need it for a business purpose just because data storage is cheap. Again, it can become a potential liability.
- Be honest with your customers about what data you collect and how you do (or don’t) protect it. The Federal Trade Commission will hit you with unfair and deceptive trade practices if you say one thing and do another.
- Know what laws (international, federal, state) and regulations apply to your business and make sure you are in compliance.
- Appropriately destroy all forms of personal information, including hard copies. Many a company has been fined for inappropriately placing forms, prescription bottles and other items into dumpsters, where dumpster divers have retrieved them.
- Appoint a person or team in your organization, regardless of the size, to be responsible and accountable for protecting personal information.
- Before you decide to collect a piece of information, determine its shelf life, so you don’t keep it forever. If you don’t define this, then it very well may become data pollution (unnecessary data that’s potentially toxic).
- Periodically review your data practices and update them when needed.
- Make sure the security practices are also up-to-date, appropriate and being followed.
- Train your employees on what is and is not appropriate access, use and disclosure of personal information residing in your database. If you don’t train them, they can’t possibly know and will likely inappropriately disclose data.
Adherence to Internet Laws
Joy Butler, attorney and author of The Cyber Citizen’s Guide Through the Legal Jungle: Internet Law for Your Online Professional Presence cautions about four activities:
- The use of collecting personal data from children under 13 with their parents’ consent.
- Neglecting to tell customers when their sensitive data has been breached.
- Failing to honor US-EU Safe Harbor Commitment.
Privacy Tips for Marketers
Jay Cline, CIPP, president of Minnesota Privacy Consultants provides advice for marketers who may be feeling caught between a rock and a hard place–waiting for their IT or legal departments to brief them on the privacy aspects of their planned campaigns. He provides five tips for marketers:
Change the mindset
Be curious about the privacy interests of your target audience. Start adding privacy-related questions to your research of target audiences. Tap into the data and use it to your advantage to generate higher engagement and retention. Lead with privacy instead of ducking from it.
Build a Privacy Impact Assessment into your Brand
Convert your target audiences’ privacy interests into a “privacy impact assessment” (PIA). A good PIA is a decision-tree-based checklist of questions that asks you how your product or campaign is going to collect, store, use, disclose and destroy personal data.
Add a micro-notice to that micro-site
One-page micro-sites have become the crossroads of social media marketing campaigns. They’re the landing pages for consumers who’ve clicked on a link, and they bring them one step closer to completing the call to action. Add a short privacy notice or “micro-notice” to that landing page. Tell the consumer why you need the data you’re asking for and that you won’t share it with others for marketing purposes, and include a link to your full privacy notice.
Create privacy self-service
Offer your audience members privacy as a service. This could include options such as just-in-time privacy notices; a personal profile and permission-management center, and live chat for privacy questions.
Test and refine
Run “A/B” tests, where you take one privacy approach with audience segment A and another with audience segment B. Document your findings and lessons learned, and keep them available in a shared area so that your future campaigns can start a leg ahead.
What social media privacy policies does your company have in place? How have they helped your business? Let us know your comments in the box below.