Last week one of my Facebook friends started a “friends only” discussion on his wall. It was a very interesting discussion, and one of his friends took the discussion, pretty much verbatim, and posted within a “public” (as in meant for the world to see) popular blog site. So the information on the Facebook page, where around 250 – 300 people could see the posts were now in a location where the bazillion (possibly a bit fewer) blog readers could see all the posts and the full names of those who made them. This is not the first time a situation like this has occurred. A lot of the information posted on people’s social media pages are really tempting to take and use as examples, or for business activities such as for marketing and promotions. However, doing so could get you into some personal and/or legal hot water. As organizations and individuals consider taking information they find on social media sites, they need to consider the reasons why doing so may not be a good idea after all.
Reason #1: It will likely upset the friend or customer whose information you copied
It is true, and I’ve said it MANY times within my blog posts and other writings, that once you post something onto any social media site, you should expect that anyone may take it and repost it in multiple other places. The situation described is a recent example of this. However, just because this is possible doesn’t mean that you should go ahead and take information you find online to reuse for your own purposes! If you do it is highly likely that you will upset the individuals whose information you took and spread to areas where they may not have wanted it to be seen. Do you really want to upset friends and customers in return for taking their information?
Reason #2: You could lose the friend or customer
Good friends will probably forgive you…at least the first time. However, others may be so upset that you will lose them as a friend. Or, if you took information from a customer, it is highly likely that you will lose their business. Probably rightly so. It could also impact their lives in irreversible ways. For example, colleges are currently looking online and using the information they find about applicants to make their admission decisions. I provide a couple of pointers to the evidence of this in my listing at the end of this article. Is your friend’s or customer’s information so irresistible that you will risk losing their friendship or business?
Reason #3: It will likely result in damaged reputation for you and/or your organization
Upset ex-friends and ex-customers are often more than willing to share their negative experiences; frequently through the same social media sites that resulted in the original breach of trust. Only this time they want their warnings about you and/or your business to spread far and wide. And if they do it in a way that gets noticed and goes viral, you and your business could quickly become the next online pariah. This blast of ill-will toward you or your business could very well hurt your reputation and brand value. Do you really want to take the information from others in return for becoming the next online privacy scumbag?
Reason #4: It may be violating copyrights
You may also be violating copyrights by taking information from a social media site and posting it elsewhere. Copyrights do not need to be registered to be enforceable. In the U.S., the U.K. and other countries copyright applies automatically when the creator has published it.
It is a widely held misconception that anything found online is in the “public domain.” This is an incorrect and legally dangerous belief. Unless the creator explicitly indicates that they are giving up their legal rights to the work they published online, or if the copyright has expired on it (commonly 70 years, but different types of work has different expiration periods), the creator will still be able to enforce their copyright. So if you take photos, videos, or other content from someone else’s Facebook, blog, or any other website, and reuse it for your own purposes, it will likely amount to an infringement of the creator’s copyright. Do you really want to risk costly fines and lawsuits in return for taking the information from others?
Reason #5: It may be violating other legal requirements
The possibilities here are endless. Here are a few of the activities I’ve seen firsthand on Twitter and Facebook:
- Doctors taking the posts of their patients and providing treatment discussions on their public Twitter and Facebook pages. Such actions likely violating HIPAA requirements.
- Businesses that provide cloud services to other companies taking information from their Facebook pages and using it within their own marketing and public relations activities. Such actions likely violating their contracts with their own clients, not to mention a variety of other U.S. and international data protection laws and regulations.
- A Reddit user that goes by the name Violentacrez “set up hundreds of sub-forums where users post links and images including bestiality, rape fantasy, under-age porn and upskirt photos. Violentacrez most recently joined “Creepshots”, a forum of stalking-style pictures of women taken without their consent.” The forum was recently removed. Ironically the guy behind Violentacrez, Michael Brutsch, “a 49-year-old employee of a financial services company in Texas” who was violating all these individuals’ privacy, in addition to likely breaking many pedophile, hate crime, underage sexual exploitation, and other laws, was very upset that his identity was revealed. I’m sure his victims were happy to have him revealed, though. His employer wasn’t; he was fired.
This list of examples could go on for many pages. Do you really want to risk huge fines and costly court cases in return for taking the information from others?
Bottom line for all organizations, from the largest to the smallest: Just because you can access information on social media sites (for individuals who are your target consumers, customers, friends and even family) it does not make it okay to take that information and re-use it for your own purposes. When you are tempted to take “found” information on social media sites and repost, or exploit, it for your own purposes, first pause and ask yourself these questions:
1) Will reposting break any laws or other legal requirements? See reasons #4 and #5 again. If in doubt, don’t do it.
2) Is the information you want to repost in a public area of your friend’s or customer’s social network site?
- If it is on a “Friends Only” wall, or a Twitter feed that is protected, don’t take it and repost without first getting explicit approval to do so from the individual. After all, if they had wanted it to be available to the public, they wouldn’t have put it in a restricted viewing area.
- If the information is in a public area of Facebook or Google+, you should still contact the content creators before reposting or otherwise using in some other way. If they indicate they don’t want you to take and use their information, then don’t. They may not want their information associated with the purposes for which you want to use it.
- It is pretty common to repost public posts from Twitter and LinkedIn to other Twitter and LinkedIn locations. However, if you want to reuse information somewhere else, you should contact them and see if they will have a problem with your plans.
Good additional information about using information from social media sites
Here are some other thoughtful and informative articles and news reports about taking content from social media sites and posting or using it elsewhere:
This post was written as part of the IBM for Midsize Business (http://goo.gl/S6P7m) program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.
Tags: awareness, breach, compliance, copyright, Creepshots, customers, data protection, e-mail, electronic mail, email, employees, employment, facebook, Gawker, hiring, HR, human resources, IBM, Information Security, information technology, infosec, IT security, job applicants, laws, LinkedIn, messaging, Michael Brutsch, midmarket, non-compliance, patients, personal information, personally identifiable information, personnel, PII, policies, privacy, privacy breach, privacy professor, privacyprof, Rebecca Herold, Reddit, reputation, risk, security, sensitive personal information, social media, social network, SPI, systems security, training, twitter, Violentacrez