recommended reading

Feds Can Watch You on Social Media, But They're Supposed To Tell You About It


Federal agencies may monitor social media to assess how the public feels about their programs but agencies should be transparent about it and keep the information gathering at a general level, not a personal one, according to social media privacy guidance published Wednesday.

For example, employees managing these “situational awareness” campaigns should not friend, follow or communicate with other social media users to draw out their opinions about a particular program, according to the Privacy Best Practices for Social Media guidance produced by the government’s Chief Information Officers Council.

Social media situational awareness campaigns should also be approved by an agency’s top leadership, including privacy officers and legal counsel, the guidance states. Final reports on these campaigns should be scrubbed whenever possible of any data that identifies individuals.

The guidance also recommends extensive training for anyone who manages social media sites about how and when to access information that identifies individual users.

“When monitoring publicly available sites, an agency should extract only the pertinent, authorized information that is needed to fulfill the business or mission need,” the guidance states. “The agency should limit its information gathering to facts surrounding the event (what is happening), rather than who is either involved or reporting the information, unless the agency has specific legal authority to collect information on individuals.”

The privacy guide does not discourage agencies from using social media to investigate individuals in certain instances, such as to determine if someone lied on a benefits application or to assess the professionalism of a prospective employee, provided those techniques comply with the agency’s own privacy policies.

The CIO Council also encourages agencies to use social media to crowdsource advice about government programs and to gather intelligence during a natural disaster, terrorist attack or other emergency.

“It is important that the agency be transparent about uses of social media, especially those that involve viewing publicly available information,” the privacy guide states. “By being transparent about what type of information the agency is collecting and how it is collecting it, the agency can help minimize the public’s concern that the government is monitoring individual speech and actions on social media.”

Much of the CIO Council guidance is aimed at using social media effectively while avoiding the sense of a federal Big Brother watching over the social media sphere. Public fears about government surveillance online have been compounded by recent revelations about National Security Agency spying programs that accessed some Americans’ social and online data.   

Even with social media sites aimed at disseminating rather than collecting information, agencies should not "'friend,’ ‘follow,’ or ‘like’ public users proactively,” the guidance states. Agencies may reciprocate if members of the public friend or follow them, the guidance says.  

Agency profiles should make clear at every possible point that they’re affiliated with a government agency, such as by putting an agency seal on profile pages and using the agency name as part of the profile’s handle, the guidance states.

The guidance recommends posting agency privacy policies both on agency websites and, whenever possible, on social media sites themselves, explaining how the agency will handle any personal information it encounters. Agencies should also duplicate any information they post to social media on a government website where people viewing it can be guaranteed that they won’t be tracked by a third party. 

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.