Bright Matrices

Writings & musings of Mike Zavarello (a.k.a. brightmatrix), a "red mage" web developer.

Tag: Privacy

Corporate Social Media Monitoring, Privacy Settings, and Codes of Conduct

I came across a Forbes article in my Twitter feed yesterday that talks about how users of social media react to corporations monitoring their conversations or responding to comments they make online. It should come as no surprise to anyone that corporations are monitoring what is being said in public social media channels. Social media has become a massive communications tool for sharing experiences, insight, feedback, and criticism of how businesses and other organizations conduct themselves. We’re come to rely on rating systems and peer reviews to make decisions on where to go and what to buy, and this is valuable information for companies. It’s important to them to learn more about their customers (both potential and current), what they want, what’s working well, and what’s going wrong. Many corporations are using an array of sophisticated social media management and sentiment analysis tools to parse through the enormous amount of data shared every day on numerous platforms.

Now, while I agree with the basic premise that it may be unsettling for a corporation to just start talking to you out of the blue on social media, what got my attention most was this except (boldface is my edit):

… a recent survey from J.D. Power points to the risks associated with monitoring: 51% of consumers simply do not want companies to eavesdrop on their conversations and 43% believe that monitoring is an intrusion on their privacy.

Seriously? 43%? That, to me, is absolutely absurd, and it raises some issues about people’s perceptions of how far and wide their digital traffic can range.

First and foremost, there is absolutely no expectation of privacy on any social media channel if you are posting in a publicly available forum. “Public” means “public.” If you don’t have privacy settings enabled on your account, then you’ve opened your stream to anyone who can use a search engine. This includes corporations. There really should be no earth-shattering revelation here. Folks can use the “overhearing a conversation” argument for whether anyone should be paying attention to something that doesn’t involve them, but that’s not really how social media works. The people, or, in this case, corporations, who can “eavesdrop” on you is not just whoever is around you physically, but anyone in the world. Plus, everything you post publicly is likely indexed by Google, Bing, Yahoo!, and their kin for anyone outside your network to find. If you don’t want folks to listen in, and this includes corporations, take the conversation to private messages, lock down your settings, or don’t post certain things to social media at all. Plain and simple.

Second, this mentality is a symptom of what I’ve observed happening with social media and the workplace. Most businesses have what’s called a “code of conduct” that states how employees should present themselves in public. As employees of the company, they represent the company, whether they realize it or not. There is typically a paragraph or clause that refers to “online public forums” as a place where employees should practice restraint and decorum. This was pretty much limited to e-mail and bulletin boards back in the day, but now includes any form of social media. In my professional experiences, I’ve found that employees need an “interpretive statement” to connect those codes of conduct to their personal use of social media channels. Why is this? They don’t think of Facebook, Twitter, and other channels as something they need to be mindful of. They just post away without really giving careful thought as to how their words relate to their role as an employee. There’s been plenty of instances where folks have been fired from their jobs for what they post online, on or off the clock. Obviously, the privacy settings you put into place can affect what your company can learn about you and act upon should they believe it breaks their code of conduct, but you should still learn what those rules are and do your best to abide by them. Ask your boss. Ask your human resources folks. Use common sense. And, for heaven’s sake, never expect any sort of privacy when using work computers on work premises or work time. If you’re using company property for personal use, expect it to be monitored. All the time.

Counseling Your Clients About Twitter Use in the Enterprise

Over the past few months, I’ve noticed increased interest in standing up Twitter accounts for in-house corporate events where I work. As a local evangelist of Twitter, I’m pleased to see more visibility for this channel as a serious communication tool. At the same time, I’m concerned that clients don’t understand some of the risks of Twitter use in the enterprise and are wading into murky waters.

From my perspective, there are three risks clients should be counseled about whenever they approach you about Twitter for use in-house: content strategy, code of conduct, and internal security.

You need to have your clients think hard about their content strategy. Why are they using Twitter for this purpose (instead of other in-house networking tools)? What are their expectations? What are their goals? Do they want to engage or simply inform? What is the nature of the material that would be shared? How will the event and its presence on Twitter be marketed internally? Your clients also need to have someone (or more than one, if that’s possible) manning the feed who understands the topics of the event and can respond to questions, comments, and overall feedback in a timely fashion. You don’t want to promote use of Twitter and have no one tuning in, offer paltry content, or leave comments unanswered.

For many organizations, code of conduct dictates how employees are expected to use or avoid use of online forums, which includes social media channels. There’s always a legal angle here. If your goal is to throw up an internal Twitter account and expect employees to connect and converse with this feed, you need to think twice about you go about this. Folks who are new to Twitter or limited in their expertise may not understand how far their messages can reach. You don’t want to unwittingly get folks in trouble with your legal department just because they wanted to play along. Err on the side of caution and talk to your legal folks for their verdict. Involve the client so they can understand, too.

Let’s move to internal security. First and foremost is the illusion of privacy within Twitter, which I wrote about in more detail in a previous post. I can’t stress to clients enough that simply locking down a feed isn’t sufficient to keep the information they want to share within the organization. Plus, a locked-down feed can be a barrier to employees who are new to Twitter: the large yellow box and lock icon don’t exactly evoke feelings of openness. Then, there’s sensitivity of content. If you invite outside speakers to present at an in-house event, for example, as long as they keep the discussions based on their industry expertise vs. something tailored to your business, you should be OK posting highlights from the presentation. The slope becomes slippery for panelists or speakers from within the organization. Consider carefully whether their topics would stir up trouble for your organization’s reputation or bottom line if released to the general public. Now, of course, the folks manning the in-house Twitter feed could keep the tweets generic or simply avoid commentary on those sessions altogether, but the value gained by having the feed in the first place would be lost.

So, what about enterprise microblogging tools like Yammer? Well, that’s a great solution because everything stays within the organization: posts are limited strictly to employees of the organization and encryption is provided, which eliminates both the code of conduct and internal security risks. However, Yammer is not as well known (at least in my personal experience) and requires a more official process to get off the ground; anyone can get a Twitter account up and running within minutes. Still, I believe it’s a worthy effort to consider if you or your clients intend on using this type of channel for more internally-focused purposes in the long run.

Why Twitter Privacy is an Illusion

When I first talk with clients about standing up a Twitter account, invariably the question of “can we make it private?” comes up. Maybe they’re considering Twitter as a crisis communications tool limited to employees only, or perhaps they’re skittish about dealing with criticism from a public forum. After explaining to them that making a business-oriented Twitter account private is neither an effective nor trustworthy way of using the channel, I also elaborate on why privacy on Twitter is an illusion.

A private, or “protected”, Twitter account means your tweets can only be seen by followers you approve. Your tweets won’t show up in search results (either in Twitter or third-party tools), and they can’t be retweeted (quoted) by anyone who follows you. It doesn’t however, stop your followers from copying and pasting your tweets into their own posts, but the same could be said for any type of social networking account with varying levels of privacy.

So why are Twitter’s privacy settings less substantial? Let’s use Facebook as a comparison.

The walls are thinner. Protected tweets apply only to your timeline. If you have a conversation with someone whose account is public, outside observers can see their half of the discussion. Depending on the context, it could be quite easy to fill in the blanks. In addition, protected accounts still allow others to see who you’re following and who’s following you; outsiders could study your connections to learn more about you. Conversations within Facebook are somewhat more closed: as long as your privacy settings are configured correctly, people you’re not friends with can’t see when your friends comment on your wall posts. Also, Facebook’s settings allow you to block the list of your friends from those not in your network, so they can’t see who you’re connected to.

The audience is larger. Facebook has an upper bound of 5000 friends per standard account. If you’ve allowed someone to view your protected tweets, and they either have a dialog with you or post your content via copy-and-paste, those messages could potentially reach an audience of millions very quickly.

The privacy settings are more austere. You can either protect your tweets or make them public. That’s it. No friends-only, friends-of-friends, or any custom settings in between.

I think dispelling the illusion of privacy in protected Twitter accounts is helpful, not just from a business perspective, but also for folks who want to keep their tweets behind sealed walls. The best practice is to always assume you’re speaking in a public space, so be mindful of your privacy on Twitter by understanding what can be shared about you.

Keeping Your Private Life Private: Social Networks Only Know What You Tell Them

Between Google Buzz and Facebook, discussions centered on privacy and the implications of using social networks having been hot topics so far this year. The issue certainly isn’t new, but it’s reaching critical mass now because of the players involved. With over 500 million unique users, Facebook is sitting on an exceedingly rich vein of personal information and usage data, and Google, of course, pretty much knows everything you’d ever need to learn. Both have advertisers chomping at the bit to know as much about you as possible to make that next sale. What’s their only barrier? Your privacy.

Right now, the primary difference between Facebook and Google is the basic structure of their networks. Google, for the most part, is an open network: various and sundry details about you and your browsing habits are collected and retained as you go about your business on the web, but these remain generally anonymous. Buzz started off on the wrong foot by trying to mix this anonymous, open data set with the more closed network of Gmail. Facebook, on the other hand, started off as a more closed network, where your information stayed relatively safe within the confines of your personal network. Their privacy settings, however, have evolved towards making much of your profile public by default, often with little fanfare or notice. The shifting walls of security in both Buzz and Facebook have given their users and privacy advocates plenty of heartburn. It’s good to see a constant hum of awareness about what is truly private and public, as a lot of folks don’t seem to be aware of what’s happening to their data, but there’s one key observation that I see missing from these discussions: social networks only know what you tell them. If you don’t want your personal details to be shared under any means or circumstances, then don’t share them in the first place. You’ll cease to be concerned about your privacy if you don’t sacrifice it. Facebook is not magical; it won’t tell CNN what shows you watch and suggest articles without your intervention.

Of course, I understand that one of the main points of social networks is the sharing of information. You obviously can’t and shouldn’t be fearful of sharing, but you can be aware of how much you do share. The very nature of these networks will make people who follow you seem eerily clairvoyant about your comings and goings, but if you keep your details to a relatively general and innocuous nature, there’s neither harm nor foul. To that end, I’ve collected a few thoughts I hope will get you thinking more about your social privacy.

Always assume you’re talking in a room where you can be overheard. Closed networks like Facebook can be penetrated by those willing to be patient and creative, so don’t share things that would make you embarrassed, get you kicked out of your preferred religious place of worship, fired, or cause you to be incarcerated if it were suddenly made public to everyone. Stick to the facts. Don’t overshare. Be very mindful about broadcasting your location on tools like Fourquare. Folks running on the right side of the law are not the only ones being creative with these networks.

Never settle for the default settings. If you’re just joining a social network, check your surroundings carefully before you reveal anything significant about yourself. Is the network open or closed by default? Is there an all-or-nothing set of options, or can you customize? A great quote I read on Twitter this week made the analogy that leaving your default settings unchanged was “like streaking in public”.

Stay informed about your network. If there’s an option to receive e-mails whenever the network makes a change, sign up for it. Follow resources like the Electronic Frontier Foundation and Help Net Security to learn about changes in privacy policies or security incidents that you may need to worry about. It never hurts to review your account preferences on a regular basis to confirm that you’re sharing (or hiding) exactly what you want.

Avoid revealing “security questions”. Banking and financial websites like to ask you “security questions” they feel “only you can answer” should you forget your user name or password. They’re usually along the lines of “what was your first pet’s name?” or “what is your mother’s maiden name?”, and are intended to decrease the likelihood of someone getting access to your account. People tend to be nice and chatty on social networks, and it’s become much easier for scammers to learn more about you. Social engineers look at what you post, what you like, who you talk to and follow, and use these details to fill in the blanks. Avoid talking about the subjects of your security questions or pick ones that are more obscure. The same goes for passwords: find something memorable but ephemeral: What song has been in your head recently? Was state does last week’s Powerball winner live in? What’s your cat’s least favorite toy? You get the idea.

Keep an eye on your friends. In networks like Facebook, where you can be tagged to photos or videos taken of you, with or without your knowledge, it’s important to stay aware of what your friends and colleagues are doing with your data, and, to a larger extent, your reputation. Make sure your account notifications are set up so that you’re sent an e-mail or text whenever someone associates anything in their profile with you. Don’t be afraid to tell people you don’t want anything posted without your permission; it is you, after all. Also, don’t “friend” people who you think will be less than trustworthy with your personal information. Check to see how much they make public, and then imagine how much of your profile would end up there if they start tagging your posts.

The struggles with your public presence and what you choose to keep private will continue to change as social networks progress in their evolution, but you can stay ahead of the game with a dose of skepticism and some healthy common sense.

© 2020 Bright Matrices

Theme by Anders NorenUp ↑