Centralizing Social Media Governance

DHS's IG, Chief Privacy Officer at Odds on Approach
Centralizing Social Media Governance

How much of a free hand should units within a large enterprise have in deciding social media policy? The Department of Homeland Security's inspector general and acting chief privacy officer don't always see eye to eye on how DHS should govern social media use.

See Also: Unlocking IAM - Balancing Frictionless Registration & Data Integrity

Frank Deffer, assistant inspector general for information technology audits, says in a report issued this month that the department should take further steps toward centralizing governance of social media to ensure that department leaders are aware of how social media are being used and to pave the way for sharing best practices. "Until improvements are made," Deffer says, "the department is hindered in its ability to assess all the benefits and risks of using social media to support mission operations."

Jonathan Cantor, DHS acting chief privacy officer, responds that there are instances where specific units should take on more responsibility on social media matters. For instance, Cantor didn't concur with an IG recommendation that DHS's Office of Public Affairs, in coordination with the Privacy Office, develop and maintain a list of approved social media accounts and owners throughout the department.

Cantor says such a list that contains information about account holders, passwords and intended use of the accounts is created by the Public Affairs Office but maintained by individual components with DHS to enhance security. "Maintaining such information in a departmentwide list compromises security and investigative integrity, leading to the potential for a breach of the information," Cantor says.

Benefits of Centralized Governance

Alan Brill, senior managing director at risk mitigation advisor Kroll, says large organizations such as DHS could benefit from centralizing social media governance.

"Unless there's a reason for policy diversity, you want to have it as uniform as you can because in many organizations people over time will move from duty position to duty position, and to the extent you can have uniformity, it makes it easier," Brill says. "People don't have to try to figure out if rules change because they changed jobs."

The IG conducted the audit to determine the effectiveness of DHS's use of social media to promote information sharing and enhance mission operations. Although social media can effectively engage the public and increase citizen involvement in government efforts, the IG says, they also pose challenges in protecting personal information and ensuring the security of information systems.

The IG, in its report, calls on DHS to establish a departmentwide forum where representatives from various components can jointly decide on what tools and venues they should pursue for public affairs and operational purposes. The seven DHS components are Citizenship and Immigration Services, Coast Guard, Customs and Border Protection, Federal Emergency Management Agency, Immigration and Customs Enforcement, Secret Service and Transportation Security Administration.


Diverse Priorities, Missions

Cantor expressed some reservations about a departmentwide forum. "DHS's seven operational components, while serving the DHS mission at large, have vast and diverse responsibilities, priorities and missions," he says. "For this reason, it is difficult to put seven operational components under the same umbrella for the use of Web 2.0 technology and to expect that component uses will be the same across the board. As social media are used at DHS for three very distinct purposes - public affairs, situational awareness and operational use - a generic forum for all social media practitioners fails to recognize the very different missions, needs and operations of DHS's diverse components and missions."

But Deffer says the IG's office heard from DHS headquarters and component officials that a working group on social media would be helpful. He says an earlier departmentwide working group was disbanded after organizational changes occurred in the Office of Public Affairs.

"Employees we spoke with said that the working group was beneficial as a method for sharing best practices on the use of social media," Deffer says. "Such a forum would enable components and headquarters staff to collaborate and enhance social media communication across DHS."

Kroll's Brill sees the advantage of a departmentwide forum as providing needed insights from different perspectives in a massive enterprise, citing the parable of blind men describing an elephant, where one man feels the trunk as says it's a hose, another touches the leg and identifies a tree trunk and a third man sensing a snake after feeling the tail.

"They're all looking at different aspects of the same thing," Brill says. "Bringing together those parties and saying how can that make it work and making sure we're not causing problems for company without making people crazy. While people differ about things, it does work out."


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.