Over the past few months I’ve been creating some social media marketing privacy guidelines and requirements for a couple of my large clients. Today I read a post from a fellow IBM Midsize Insider contributor, Jason Hannula, “Social Media: Enterprise Content or Customer Relationship Information?” It stated that “93% of marketers are using social media for business.” A large number of these are from small and midsize organizations. It is important for these organizations to not only keep Jason’s suggestions in mind, and follow the business’s data governance requirements, but also to make sure privacy is also appropriately addressed. Many, perhaps most, small to midsize businesses do not yet have social media privacy requirements in place.
As you make marketing plans that involve the use of social media, keep in mind that personal information includes, but is not limited to, any information that can be used to distinguish or be linked to an individual‘s identity, such as name, social media usernames and user photos, video, audio, personal website addresses, date and place of birth, mother‘s maiden name, biometric records or social media comments that are so unique as to be individually identifiable through an online search. Sensitive personal information is personal information that can be used to harm or otherwise negatively impact the individual, such as social security number, credit card number, often home address, and medical records just to name a few.
Here are fourteen things to keep in mind, and do, to protect privacy while doing marketing activities on social media.
- Always remember that information posted to and collected from social media sites is not encrypted.
- Never ask others to post information online during social media marketing research that is personal information or otherwise sensitive information. Learn from the mistake of Dairy Queen earlier this year when they were requesting babies’ birth certificates in exchange for free cake.
- Never post the personal information of others, such as names, photos, videos, addresses, and so on, to social media sites.
- Remember: there is no way to confirm whether the person providing information via social media sites is legitimately who they seem or profess to be. Keep this in mind when performing marketing research using information from social media sites. This could impact the integrity of the data you collect, and alter your research results.
- When using social media for marketing research, collect personal information, including email addresses, whether actively or passively, only with the associated individual’s awareness and permission.
- Be straight-forward and provide factual information when using social media for marketing research activities. Do not post lies, exaggerations, or mislead. With the wide array of information available online, it is likely you will be caught in your deceit.
- Do not take information found on social media sites and use for marketing research, or to use within subsequent marketing posts or other activities, without consent.
- Do not reveal personal information when discussing marketing research on social media sites.
- Implement a policy that does not allow employees to post customer invoices, receipts, photos or videos of them on to a social media site. Look at the reputation and marketing nightmare that happened to Applebee’s as a result of one of their servers doing just that.
- Protect social media accounts by using strong passwords that are not used for any other types of accounts, never share your password with anyone…that includes apps!!!…and change your password as soon as you have even the slightest suspicion that someone else may have obtained it. You don’t want others to be posting to social media sites from your company’s social media account. You wouldn’t want what happened to Burger King earlier this year to happen to you.
- As soon as a decision is made to terminate an employee or contractor who posts to social media on behalf of your organization, remove their access to their social media accounts. Some organizations, such as HMV, ended up in a very embarrassing situation because they did not do this.
- Do not be insensitive and use the tragedies of others as marketing opportunities, such as Celeb Boutique did.
- Do not use a social media marketing account to shame or criticize individuals.
- Assign a person or team that does not post using the social media accounts responsibility for monitoring posts so inappropriate ones can be removed as quickly as possible, and then any appropriate harm mitigation actions can be taken.
Bottom Line…
There is a lot of information available on social media sites that can be valuable to marketers. However, just because the information is viewable does not mean it is all free for the pickings when it comes to using it for marketing. Marketers in organizations of all sizes must ensure they are not violating their own business’s privacy notice, and not violating any applicable laws, when doing marketing activities on social media sites, and with information obtained from them.
This post was brought to you by IBM for Midsize Business (http://goo.gl/t3fgW) and opinions are my own. To read more on this topic, visit IBM’s Midsize Insider. Dedicated to providing businesses with expertise, solutions and tools that are specific to small and midsized companies, the Midsize Business program provides businesses with the materials and knowledge they need to become engines of a smarter planet.
Tags: data protection law, encryption, facebook, IBM, Information Security, information security risks, infosec, marketing, midmarket, privacy, privacy law, privacy professor, privacy risks, privacyprof, Rebecca Herold, social media, twitter