Post on 21-May-2015
description
Understanding Social Media Privacy Risks to EnterprisesLouisa GaribLegal Services, Policy and Parliamentary Affairs
“Social Media is a conversation”• Online content generated by users
• Uses accessible technologies• Not organized• Not controlled• Many voices• Social dynamic• Mainstream – here to stay
It is a social dynamicIt is a social dynamic
Blogs
Wikis
Podcasts
RSS
Mashups
Social Networks
Features of Social Media that can give rise to Privacy Risks
• Users misunderstand privacy risks• Intimacy and immediacy– promotes
disclosures• Users underestimate scope of disclosures• Used for Work and for Fun – blurs line• Control once information is posted
How serious are the Risks to Enterprises?
• Don’t know full extent of risk • Just beginning to understand technology,
use by people, impact on privacy• Rapidly changing• Beginning to construct appropriate rules of
engagement to understand and mitigate risks
What are the Risks of SM?• Illegal/unauthorized/inappropriate disclosure
of personal or confidential information• The employment relationship – internal/discl.• Lack of policies, protocols, training, errors • Customer Relationship – external/collection• Malware, hacking - external/ breach
Consequences:• Liability under PIPEDA and other laws• Harm to corporate reputation
PIPEDA and Social Media• Collection, use and disclosure of personal
information• Course of commercial activity• Employment relationship if FWUB• Notice, Consent, Reasonable purpose
• BUT – other private or confidential information and situations not caught by privacy legislation
• Still risks to enterprise – Best practices• PIPEDA minimum standard - guidance
Disclosures by Employees using SM
• Personal or corporate SM • On or off duty – lines blurred• PI about other employees – examples• Unionized workplace – neg’n, elections• Human rights, harassment, defamation• Obscene materials, copyright • Clients / customers• Business partners• Confidential corporate information • Reputation and publicity
Collection, Use and Disclosure of Personal Information using SM
• Recruitment and staffing• Monitoring• Investigations• Change day to day management of the
employment relationship • Customers – service delivery, managing
relationship, marketing information• Requests from law enforcement; litigation
How to manage risks?
• Understand technology – aware of privacy implications for enterprise
• Aware of information flows – in and out• Express policy guidelines on SM and handling
PI; understandable; consequences of violation; disseminate widely - OPC Fact sheet
• Use allowed in the workplace? Will it reduce risks? Create other issues?
• Education – avoid privacy misunderstandings