Data Protection, the Law and Social Media: Keeping Your Boat Afloat

 [ File # csp10560861, License # 2907340 ]
Licensed through in accordance with the End User License Agreement (
(c) Can Stock Photo Inc. / buchachon

Paul Gibbons writes…

Social media have been good for me. Without my FOIMan blog and Twitter feed, I would never have been asked to deliver training for Act Now Training, or indeed offered many of the wonderful opportunities that have come my way in the last few years. I’ve made a whole new career off the back of them. Not only has my profile been raised by my use of these tools, but I’ve been able to learn from a whole range of knowledgeable people online – expanding my awareness and horizons way beyond anything I’d have considered possible just five years ago.

But even if I remove my FOIMan cape for a moment, social media has had a significant impact on me. I keep in touch with old friends via Facebook. My CV is widely available to hundreds of business contacts via LinkedIn. Before I book a holiday or dine out, I check Trip Advisor. If I want to know how decisions are made by my local council or indeed the Ministry of Justice, I can submit an FOI request via WhatDoTheyKnow. With an election on the way I can find out my MP’s voting record by consulting TheyWorkForYou, and perhaps write to them to ask what their position is on a particular issue. If I feel particularly strongly about that issue I might add my details to an online petition. Social media in their many forms pervade our lives. Many of us would be lost without them.

And it’s not just individuals that are becoming reliant on it. These tools provide novel ways to engage with the people who use them. Businesses have not been slow to exploit them for marketing and public relations purposes. Politicians – often accused of being remote from their electorate – have, with varying success, used them to speak directly to parts of that group. Academics conduct surveys, then disseminate their research, both via social media. A recent study found that 40% of students use social media as their primary form of communication with lecturers. Journalists also use it to research and report on stories. No television broadcast is complete these days without a hashtag allowing the viewers to interact. The police have used them to investigate or prosecute criminal acts. Central government encourages civil servants to embrace Twitter as a tool to communicate about public policy and gain insights into people’s reaction to it. Local government too, has found social media a productive way to interact with local citizens. We’re only beginning to see the ways in which social media can benefit our businesses, government, work and lifestyles.

However, as with most things, there are downsides. There are the trolls lurking not under a bridge but under assumed names on Twitter, ready to spread their malice. It’s easy to get carried away and post in haste – repenting at our leisure. Just as social media can make careers and boost reputations, it can destroy them overnight. It empowers individuals, and many companies and public bodies have been keen to use it to give a human face to their corporate image. But those same individuals can use it intentionally or not to disfigure that public face. They can disclose confidential information more easily, expose the business to liability for breach of copyright or defamation, and breach the Data Protection Act by discussing personal matters relating to clients, customers or colleagues.

Don’t believe me? Take the social worker who posted information on Facebook about a child protection court case she was involved in, potentially allowing the family to be identified. Or the companies at the centre of Twitter storms. Or sued for using a photographer’s images without permission. In a recent post on my FOIMan site, I highlighted an academic who posted internal correspondence relating to an FOI request on WhatDoTheyKnow, in the process potentially damaging the institution’s reputation, relationships with their colleagues, and almost certainly causing their employer to breach the Data Protection Act’s first data protection principle (to handle personal data fairly and lawfully) in the process. Even those organisations whose employees should know better have had to take disciplinary action: between 2009 and 2014, 519 disciplinary actions were taken against police officers for social media related transgressions, and the Crown Prosecution Service reported that nine of its staff had been disciplined for similar reasons over that period. Not for nothing has the Ministry of Defence warned its employees that “Loose Tweets Sink Fleets”.

The temptation in the face of this litany of institutional and individual disaster is to adopt the ostrich position. Ban your employees from using social media altogether. Avoid their corporate use. This won’t work. For a start, you will miss out on all the benefits highlighted at the start of this piece and more. But besides, it’s way too late for that. Pandora is not just out of the box but is running the show. You could impose contractual obligations on your staff requiring them not to use social media, or at least not to discuss their work there. If you do though you may find yourself losing staff who choose to work for a more progressive employer. In any case, it may be too late, as the Kent Police and Crime Commissioner discovered when she appointed a 17 year old to the post of Youth Police and Crime Commissioner.

You can’t stop your customers or the public writing about you on social media, but if you’re not using it, you’ll only find out what they’re saying about you too late. You’ll have no way to react to adverse comment online save through the traditional media which may not go to press until your business has collapsed clothed only in the tatters of its reputation.

So if you can’t avoid the risks of social media altogether, what can you do? The next best thing is to mitigate those risks. Like any other tool that you use, you need policies setting out acceptable use. You need to secure your most valuable and sensitive information. You need to raise awareness of your policies and legal restrictions so that your employees understand what they are allowed (or even encouraged) to do using social media, and also what they shouldn’t do – and what the consequences of doing it will be.

Where can you find out more about the risks that social media poses to your organisation? Or indeed the opportunities it offers? What should you include in a social media policy? Do you need to keep records of your social media use, and if so, how?

Well, social media itself will offer many solutions if you’re brave enough to jump in. But if you want a guide, my new training course on Data Protection, the Law & Social Media will provide answers to the questions above, and will point you to resources to help your organisation and its employees use social media effectively whilst avoiding the pitfalls. The course runs for the first time in Manchester on 20 April, and in London on 22 April 2015, and can also be run as an in-house course for your Data Protection, Communications and other staff. Get in touch with Act Now Training now for more details or book through their website.

Author: actnowtraining

Act Now Training is Europe's leading provider of information governance training, serving government agencies, multinational corporations, financial institutions, and corporate law firms. Our associates have decades of information governance experience. We pride ourselves on delivering high quality training that is practical and makes the complex simple. Our extensive programme ranges from short webinars and one day workshops through to higher level practitioner certificate courses delivered online or in the classroom.

One thought on “Data Protection, the Law and Social Media: Keeping Your Boat Afloat”

Leave a Reply

%d bloggers like this: