Honor Data Privacy Day by taking action

I know – when you got up today, you just thought it was Thursday. You had no idea it is also Data Privacy Day!

Some quick background, per the Data Privacy Day website: “Data Privacy Day is a global effort — taking place annually on January 28th — that generates awareness about the importance of privacy, highlights easy ways to protect personal information and reminds organizations that privacy is good for business.”

So let’s talk about that from a social media governance perspective. Here’s the crux of the issue: Many companies – especially consumer-facing brands – rightfully spend a lot of time and effort worrying about the privacy and protection of consumers’ data. However, many of these same companies completely fall down on the job when it comes to protecting the data of their own employees who are managing all of their social media accounts. The bigger your company and the more channels being managed, the bigger the number of people involved and the bigger the problem.

Without boring you to tears, I will just summarize by saying that properly managing dozens or hundreds of social media accounts requires the collection of a fair amount of personal data from your internal people managing your accounts. This specific data set very often slips through the cracks of your company’s normal data privacy infrastructure as IT, Compliance and Legal often don’t even know it exists.

This type of data can include:

• Personal accounts: Facebook and LinkedIn require a company to grant administrative rights to a company or brand page through a person’s personal Facebook page. There is no other way to do it (which is moronic, but it is what it is). So by default, granting someone administrative access to one of these accounts requires a company to work through that person’s personal page – which means there are records and access to personal data.

• Personal login credentials: In some cases, companies may actually collect the login credentials for personal social media accounts. Most commonly, this happens when a staff is managing the social media presence for an executive or other leader. Very often these accounts are connected with tools that record everything happening on each account, both public posts and private messages – which could lead to additional privacy concerns.

• Personal cell phone numbers: Most social media accounts require a cell phone number to be attached to the account for security and two-factor authentication (2FA). Unless your organization provides cell phone numbers for this purpose, those numbers are part of your security footprint and should be part of your records.

• Other identifying information like address, DOB, SSN and even copies of people’s personal identifying documents: Social media platforms (specifically Facebook) sometimes require administrators to provide documentation of their identity to be able to run certain types of advertisements or use other features. These documents may be stored in team records, and you need processes, procedures and protocols for managing this information as it is sensitive like HR data.

In addition to all of that scary stuff, here are two more things that make this more important than ever:

1. Secure your social footprint. I have written a lot about social media governance and ways you to ensure your social media presence is as secure as possible. A lot of this comes down to knowing exactly who has access to which accounts at any given time (read my post on the four pillars of good social media governance or find all my governance posts here).

2. Regulations. Despite the fact that it’s not yet 20 years old, social media is still an emerging industry, and regulations overseeing it have not caught up. But we have seen a couple of key entries in this space – namely GDPR in Europe and the California Consumer Privacy Act here at home. My prediction is that there will be more of these regulations as scrutiny of social media platforms increases, and you need to be aware of these because some of the fines for violation are beyond hefty - $40 million or $50 million in some cases with GDPR.

If all of this seems totally overwhelming, I’d suggest starting by building relationships with your brand, audit, compliance, legal and IT teams. They are well-experienced in managing this type of sensitive data for other parts of the company and can likely help guide you in the right direction.

If you are a manager or executive in departments like brand, audit, compliance and IT – if your social media team is not on your radar, it should be. Reach out, make friends, learn about what they do. And ask them one very important question, “How can I help you?”

But – going back to the definition of Data Privacy Day above – there is absolutely no doubt that data privacy is good for business. It mitigates about six kinds of risk and keeps you safe. So today on Data Privacy Day, take actions to secure some of the data mentioned above. Be proactive and take the privacy of your social media data seriously. It will only pay dividends in the long run.