DHS, IG spar about social media policy

Department of Homeland Security privacy officials told the DHS inspector general that they were working to ensure privacy and appropriate use of social media among its components and employees, but efforts to impose blanket Web. 2.0 use policies across its sprawling operations would be counterproductive.

The September IG report that included the privacy officials' assessment concluded that DHS hasn't adequately implemented rules for social media use across its component agencies.

Although the agency and its components have moved to manage the use of Web 2.0 technologies across operations ranging from investigations to public outreach, the IG said it still needs centralized oversight and management to make sure its employees use those capabilities appropriately.

DHS is using Twitter, Facebook, blog sites and YouTube to engage the public and increase its profile, as well as for investigative work. That dichotomy, said a response from DHS Acting Privacy Officer Jonathan Cantor, makes imposing blanket recommendations for Web 2.0 services.

Cantor also argued that establishing a forum for department-wide collaboration and discussions on the use of social media tools would be counterproductive because DHS's myriad component agencies do so many different things.

"DHS's seven operational components, while serving the DHS mission at large, have vast and diverse responsibilities, priorities, and missions," he said. "For this reason, it is difficult to put seven operational components under the same umbrella for the use of Web 2.0 technology and to expect that component uses will be the same across the board."

Social media, he said, is used "for three very distinct purposes -- public affairs, situational awareness, and operational use -- a generic forum for all social media practitioners fails to recognize the very different missions, needs, and operations of DHS's diverse components and missions."

In the report, the IG recommended DHS communicate formal processes that employees should use to get access to social media; set up a list of approved social media accounts used throughout the department; complete a department-wide social media policy outlining legal, privacy and information security guidelines for approved uses; make sure component agencies implement social media policies; and establish an intra-agency forum to make decisions on the use of social media tools.

Cantor maintained that DHS already has overarching social media standards that component agencies use for operational purposes while incorporating privacy protections. He said the agency "strongly disagrees" with the report's contention that component agencies don't have adequate guideline or policies to prevent unauthorized or inappropriate uses of technologies by employees.

He said the department has done extensive work to comply with a Privacy Office policy for department-wide operational use of social media created in 2012. Cantor said that policy, DHS Directive 110-01, provides standards for DHS components to use social media for operational purposes while incorporating privacy protections. Cantor also said DHS had conducted three privacy impact assessments on how the department uses social media, including one for the use of social media for situational awareness by the National Operations Center (NOC). Additionally, said Cantor, the privacy office has conducted five privacy compliance reviews that concluded the center's use of social media was appropriate.