GAO recently did a study of Federal agencies using various social media sites. Since many agencies have started to explore how to use social media to achieve the objectives of the agencies mission, the GAO wanted to explore how social media services may pose risks to both personal and government information.
The GAO was tasked with studying the following:
- Describe how federal agencies are currently using commercially provided social media services
- Determine the extent to which agencies have developed and implemented policies and procedures for managing and protecting information associated with this use.
To achieve these goals, GAO examined Facebook, Twitter and YouTube accounts of 24 major federal agencies. The GAO aso reviewed pertinent policies, procedures, and guidance. GAO also interviewed agency officials who are using social media on behalf of the agency.
Some of the key findings of the report where that agencies ensure appropriate record management, privacy and proper security measures. A brief summary of the findings is below:
- 12 of the 23 agencies have developed and issued guidance that outlines processes and policies for identifying and managing records generated by their use of social media and record-keeping roles and responsibilities.
- 12 agencies have updated their privacy policies to describe whether they use personal information made available through social media, and 8 conducted and documented privacy impact assessments to identify potential privacy risks that may exist in using social media given the likelihood that personal information will be made available to the agency by the public.
- 7 agencies identified and documented security risks (such as the potential for an attacker to use social media to collect information and launch attacks against federal information systems) and mitigating controls associated with their use of social media.
The GAO broke down the findings by agency.
How are you agencies covering records management, privacy and security?