Organisations walking the fine line between too much freedom and too many restrictions.
Part of the Critchsue blog series –Managing Social Media in Local Government
Privacy is defined as the ability to choose the information to disclose and the recipient of that disclosure (Schullich, 2012), yet in a local government setting, it is difficult to see how this definition could be true. These organisations are being hit from both sides – the digital native who does not know the meaning of privacy and the Local Government Information and Meeting Act (LGOIMA) that “gives everyone the ability to request access to official information from local authorities”.
Both the digital native and the central government seem to be on the same page – most of the information within local government is discoverable, yet there is also a social obligation to protect citizen personal information, commercially sensitive information and the like. This is a particularly large grey area, understood by only a few enlightened souls.
With both the digital native and the central governmentOn one hand, there is very little understanding of the repercussions of disclosing certain information (Schullich, 2012) – the digital native who is used to disclosing everything about their life. On the other there are rules and regulations in place indicating that much of the information within local government is discoverable
We suggest education, education and more education is the key. This education programme needs to be continual and address the ever evolving privacy issues as they emerge. This education needs to provide a good understanding of the repercussions of content published and know the implications can come back to haunt them (Schullich, 2012).
Organisations are Traditional
Many organisations are struggling to get to grips with traditional online functionality (email and web portals), without introducing the instant world of Social Media. How do we protect our privacy in this multi channel world while allowing the technology to be used to the benefit of the organisation?
In the traditional world (email and controlled online functionality) of not so long ago, firewalls, malware, antivirus and regular intrusion testing were all that was required. This ensured that only the correct people could get information in and/or out of the organisation safely. The security role within the organisation was easy then!!
Digital Natives
With the entry of digital natives to the workforce we have to handle a generation wanting instant gratification with information and services at their finger tips – find out anything or communicate with anyone without having to wait. Digital natives expect the work online environment to be at least as responsive as the home online environment where they live out their lives (when do you see one without at least a smart phone near at hand, if not the full gambit of laptop, tablet and smart phone).
Threats
Literature and online sites are littered with examples of breaches of privacy. Some examples of this are:
Twitter breach of 2013 – exposing the usernames, email addressed and passwords of 250,000 users. This was caused by what is believed to have been a professional attack.
Zendesk Breach – Zendesk is used by Twitter, Tumblr and Pinterest social media sites to send customer support messages. This was caused by a data breach that exposed thousands of email addresses.
Facebook Breach – Email addresses and phone numbers of six million users were exposed as a result of a security vulnerability.
Education
Restrictions put in place by organisational privacy policies are foreign to the digital native and mainstream to the traditional IT worker. With the gradual change in staffing towards digital natives there is an increasing threat to the organisation from staff simply ignoring these policies (Robinson, 2015) in favour of what is their norm – living online.
While there are still some traditional IT workers in charge of the technology environment, the digital native and traditional IT worker need to learn from each other. Digital natives need to be taught how to watch their backs online (Dickensheets, 2015) and the organisation management needs to relax a little, securing environments appropriately rather than using the blanket lockdown approach.
Digital natives in local government organisations need to be especially aware of the additional obligations to the freedom of speech rights in place for “state servants”. These obligations are in the areas of, reputation, disclosure, representation and political stance. The State Services Commission website has guidelines for both organisational and personal social media use that all state servants should be made aware of.
The GCN.Com website also holds a variety of resources that can assist with the education. These include best practices, risk assessments and guides for optimising the organisation privacy and security practices.
Conclusion
We have to find a way forward that is a happy medium between the digital native and the traditional IT Manager. Education and understanding can go a long way towards achieving this place. The frequency of breaches and number of threats indicates we can’t be too complacent. On the other hand we do not want to be bypassed by potentially advantages technology changes.
When finding this ‘happy place’ we need to remember “as humans, we can forget but the internet never forgets” (Schullich, 2012)
Other blogs in Critchsue – “Managing Social Media in Local Government” series
Social Media Fire and Storm Prevention, Preparation and Response
Social Media Risk Management – Is it needed?
Social Media Analytics – Makeover Time
References
Dickensheets, S. (2015, Nov 23). How do you teach digital natives to watch their backs online? Not easily. Retrieved Dec 05, 2015, from Nevada Public Radio: http://knpr.org/desert-companion/2015-11/privacy-be-safe-out-there
Robinson, B. (2015, Dec 04). CYBEREYE – Blog Archive. Retrieved Dec 05, 2015, from GCN: https://gcn.com/blogs/cybereye/2015/12/humans-network-edge.aspx
Schullich, R. (2012). Risk Assessment in Social Media. The SANS institute InfoSec Reading Room, SANS Institute.
critchsue 