Laserfiche WebLink
The behavioral security concerns refer to those threats that result from employees' <br />intentional or inadvertent actions when engaging with social media sites and tools. The <br />Guidelines for Secure Use of Social Media by Federal Departments and Agencies by the <br />Federal CIO Council discussed the two major threats that rely on certain types of behaviors <br />by users— spearphishing and social engineering. For example, employees may <br />inadvertently post information about themselves or the agency on social media sites, which <br />attackers then use to manipulate users. A related concern is the inadvertent posting of <br />citizens' personal and protected information by agency employees. While these concerns <br />are not new, many of the reviewed policies mentioned the need to protect confidential <br />information that is personally identifiable or could endanger the agency mission. <br />7. Legal Issues <br />The use of social media tools raises the issue for many agencies about how to ensure that <br />their employees are abiding by all existing laws and regulations. Some policies take a <br />general approach to legal issues, using generic text that requires all employees to adhere to <br />all applicable laws and regulations without actually specifying which laws and regulations <br />are applicable. Others point to specific areas of law such as privacy, freedom of speech, <br />freedom of information, public records management, public disclosure, and accessibility. <br />A number of policies include language outlining <br />records management and retention schedules <br />for content posted to social media sites. The <br />policies that address this issue focus on <br />retaining social media records, but a few <br />include language related to the removal of <br />records (for example, see bullet 6 in the City of <br />Hampton, Virginia policy below). The State of <br />Massachusetts highlights the transitory nature <br />of records in its guidelines on Twitter and <br />provides instructions on how to download Tweets from Twitter to prevent loss of content <br />Some policies proactively address potential legal issues by requiring the use of various <br />disclaimers on social media sites. One example of a standard disclaimer is for use by <br />employees when engaging in social media activities and is intended to detach the opinions <br />and actions of individual employees from their employer. For example, The City of <br />Hampton, Virginia directs its employees who choose to engage citizens on social media <br />sites on behalf of the City to "Make it clear that you are speaking for yourself and not on <br />behalf of the City of Hampton. If you publish content on any website outside of the City of <br />Hampton and it has something to do with the work you do or subjects associated with the <br />City, use a disclaimer such as this: 'The postings on this site are my own and don't <br />necessarily represent the City's positions or opinions, "" Other standard disclaimers <br />concern public records, external links, endorsements, copyright, privacy, and offensive <br />behavior. <br />Sample disclaimer for comments being <br />treated as public records <br />"Posts and comments to and from me, in <br />connection with the transaction of public <br />business, is subject to the North Carolina <br />Public Records Law and may be disclosed <br />to third parties." <br />^- State of North Carolina <br />11 <br />80 <br />