Feds Can Watch You on Social Media, But They're Supposed To Tell You About It

Federal agencies may monitor social media to assess how the public feels about their programs but agencies should be transparent about it and keep the information gathering at a general level, not a personal one, according to social media privacy guidance published Wednesday.

For example, employees managing these “situational awareness” campaigns should not friend, follow or communicate with other social media users to draw out their opinions about a particular program, according to the Privacy Best Practices for Social Media guidance produced by the government’s Chief Information Officers Council.

Social media situational awareness campaigns should also be approved by an agency’s top leadership, including privacy officers and legal counsel, the guidance states. Final reports on these campaigns should be scrubbed whenever possible of any data that identifies individuals.

The guidance also recommends extensive training for anyone who manages social media sites about how and when to access information that identifies individual users.

“When monitoring publicly available sites, an agency should extract only the pertinent, authorized information that is needed to fulfill the business or mission need,” the guidance states. “The agency should limit its information gathering to facts surrounding the event (what is happening), rather than who is either involved or reporting the information, unless the agency has specific legal authority to collect information on individuals.”

The privacy guide does not discourage agencies from using social media to investigate individuals in certain instances, such as to determine if someone lied on a benefits application or to assess the professionalism of a prospective employee, provided those techniques comply with the agency’s own privacy policies.

The CIO Council also encourages agencies to use social media to crowdsource advice about government programs and to gather intelligence during a natural disaster, terrorist attack or other emergency.

“It is important that the agency be transparent about uses of social media, especially those that involve viewing publicly available information,” the privacy guide states. “By being transparent about what type of information the agency is collecting and how it is collecting it, the agency can help minimize the public’s concern that the government is monitoring individual speech and actions on social media.”

Much of the CIO Council guidance is aimed at using social media effectively while avoiding the sense of a federal Big Brother watching over the social media sphere. Public fears about government surveillance online have been compounded by recent revelations about National Security Agency spying programs that accessed some Americans’ social and online data.   

Even with social media sites aimed at disseminating rather than collecting information, agencies should not "'friend,’ ‘follow,’ or ‘like’ public users proactively,” the guidance states. Agencies may reciprocate if members of the public friend or follow them, the guidance says.  

Agency profiles should make clear at every possible point that they’re affiliated with a government agency, such as by putting an agency seal on profile pages and using the agency name as part of the profile’s handle, the guidance states.

The guidance recommends posting agency privacy policies both on agency websites and, whenever possible, on social media sites themselves, explaining how the agency will handle any personal information it encounters. Agencies should also duplicate any information they post to social media on a government website where people viewing it can be guaranteed that they won’t be tracked by a third party.