The following is an instruction accompanying DHS Policy Directive 110-01 “Privacy Policy for Operational Use of Social Media” that was enacted in June 2012. The policy directive itself is only three pages and provides little information, whereas this instruction for the policy is ten pages and includes rules for compliance with the directive. The policy was enacted following congressional hearings earlier this year that criticized DHS’ monitoring of social media. However, this privacy policy specifically exempts the use of social media for “situational awareness by the National Operations Center” which was the focus of the hearings.

DHS PRIVACY POLICY FOR OPERATIONAL USE OF SOCIAL MEDIA

10 pages

June 8, 2012

This Instruction applies throughout DHS regarding the access to and collection, use, maintenance, retention, disclosure, deletion, and destruction of Personally Identifiable Information (PII) in relation to operational use of social media, with the exception of operational use of social media for: (a) communications and outreach with the public authorized by the Office of Public Affairs; (b) situational awareness by the National Operations Center; (c) situational awareness by Components other than the National Operations Center, upon approval by the Chief Privacy Officer following completion of a Social Media Operational Use Template; and (d) the conduct of authorized intelligence activities carried out by the Office of Intelligence and Analysis, the intelligence and counterintelligence elements of the United States Coast Guard, or any other Component performing authorized foreign intelligence or counterintelligence functions, in accordance with the provisions of Executive Order 12333, as amended. This Instruction does not apply to the Office of the Inspector General; however, the OIG will comply with the spirit of the Instruction. …

D. Rules of Behavior: Component Privacy Officers or PPOCs, in coordination with counsel and Program Managers, or System Managers as appropriate, draft Rules of Behavior for operational use of social media (either separately or as part of a broader policy document) and submit them with the Template to the Chief Privacy Officer for review and approval. Personnel granted access to use social media certify annually that they have read and understand the Component Rules of Behavior. Where certification is not practicable, Component Privacy Officers and PPOCs maintain records of employee attendance at privacy training that includes training on Rules of Behavior. Rules of Behavior include requirements for operational use of social media and the consequences of failure to adhere to those requirements. Where a federal policy establishes guidelines that apply to a Component’s operational use of social media, the Component’s Rules of Behavior incorporate that policy and that fact is noted in the Template. Unless otherwise noted in the Template adjudication process, the Rules of Behavior provide, at a minimum, that DHS employees:

1. Use social media for operational purposes only when activities are authorized by statute, executive order, regulation, or policy;

2. Use only government-issued equipment, government accounts, and only government email addresses when engaging in the operational use of social media;

3. Use online screen names or identities that indicate an official DHS affiliation and use DHS email addresses to open accounts used when engaging in social media in the performance of their duties;

4. Access publicly available information through social media only by reviewing posted information without interacting with any individual who posted the information;

5. Respect individuals’ privacy settings and access only information that is publicly available unless the individual whose information the employee seeks to access has given consent to access it;

6. Collect the minimum PII necessary for the proper performance of their authorized duties;

7. Protect PII as required by the Privacy Act and DHS privacy policy; and

8. Document operational use of social media, including date, site(s) accessed, information collected, and how it was used in the same manner that the Department would document information collected from any source in the normal course of business. For instance, where information obtained through authorized operational use of social media is used in whole or in part to make decisions regarding an individual’s rights, benefits or privileges, employees document that fact in relevant records.

Share this: