Social Media Engagement: Feds Need Better Policies
Guidelines for use of Facebook, Twitter, and other social media are being developed by federal agencies, but the GAO says they must do more to address records management, privacy, and security.
The Government Accountability Office (GAO) examined how 23 key agencies are using social media and identified distinct ways that Twitter, Facebook, YouTube and other sites help them reach their respective target audiences, according to a report the office released this week.
More Government Insights
- Building a Hybrid Cloud in Government: It's not that Complicated
- Will Your State Deliver a Modernized Medicaid Program by 2014?
- Best Practices Guide for IT Governance & Compliance
- Mobile Data Center Brings the Mobile Cloud to Life: Portable, Mobile Data Centers Aligned with Army Operations
Multiple agencies, including the White House itself, use Twitter to post news updates and provide links that direct people back to government websites. The White House recently also began holding live online question-and-answer sessions with key staffers via Twitter in what it's calling "Office Hours."
Other ways the government is using social media include posting videos of Congressional hearings on YouTube and leveraging Facebook as a forum for news, public feedback, and for asking President Obama and various agencies questions.
All of this activity poses new challenges in records management, privacy, and security; agency progress in meeting these challenges has been mixed, the GAO reported.
Their challenges, however, are not for lack of trying, as many agencies have developed specific policies for how they use social media that already take into consideration these elements so they don't misuse the technology.
Still, according to the GAO, only 12, or about half, of the agencies evaluated have developed processes and policies for identifying and managing records generated by their use of social media or updated their privacy policies to detail whether any personal information is made available through social-media use. Moreover, only eight have conducted privacy impact assessments to identify potential risks that may exist in case personal information is released by an agency.
Security, too, poses a significant risk, one that a number of agencies are aware of but have yet to address, the GAO found. Only seven of the 23 evaluated have identified and documented security risks and controls associated with social-media use, they said.
The low number of agencies that have done so is particularly troubling because risks identified could make agencies vulnerable to malware, according to the GAO.
For instance, the Department of Health and Human Services is blocking the use of social-media sites except for specific business needs because of the potential for the sites to be used to transmit malicious software, according to a security report compiled by the department, the GAO said.
The GAO acknowledged that many agency officials said they are working to fill the gaps in their social media policies and in its report, it made a series of agency-specific recommendations to help them do so.
What industry can teach government about IT innovation and efficiency. Also in the new, all-digital issue of InformationWeek Government: Federal agencies have to shift from annual IT security assessments to continuous monitoring of their risks. Download it now. (Free registration required.)