eGovernment Resource Centre - Victoria, Australia

Victorian
Government
Contact Centre
1300 366 356

Main Menu

Categories, RSS and More

Main Categories

Shorten URL

Please enter the URL that you'd like to shorten or click here to shorten current:


What's this? loading...

Rate this Site

Thanks for visiting. To help us help you find what you need please take our 1 minute Visitor Survey.

Members Forum

The Forum is the place for members to post their opinions and exchange ideas.

Social Media: What's the Risk?

Risk Insight. Report from VMIA Risk Roundtable, VMIA, November 2010

Introduction

The use of the internet as a platform for collaboration is already transforming our economy and our lives. Where it was once a source of information, with users taking a passive role, the paradigm of 'Web 2.0' has fundamentally shifted the dynamics of internet usage. The central premise of Web 2.0 is that the internet is a shared public space where content creation, distribution and usage are intermingled.

Social Media: What's the Risk? Roundtable

On 19 August 2010 the VMIA convened a roundtable, to discuss "Social Media: What's the Risk?" The VMIA roundtable series is designed to highlight emerging issues in risk management. These forums have been specifically developed to enrich the thinking and promote the flow of ideas in an informal and robust setting.

Drawing together 16 Victorian Public Sector leaders, consultants and content experts, and facilitated by Micheal Axelsen, Director of Applied Insight, roundtable participants were asked to discuss the impact that social media has had on government policy, how to manage the associated risk and leverage the benefits of social media.

Jeff Floyd, General Manager Strategy & Risk at the VMIA, opened up the roundtable noting that "social media is a new toy, it's like when the dot com boom took off, we realised we were out of bricks and mortar and into a 'new world'. "

The term "Social Media" represents a group of internet-based applications that builds on the ideological and technological foundations of Web 2.0 and includes tools such as Twitter, Facebook, Skype, MySpace, LinkedIn, Flickr, wikis, blogs and other social networking sites.

These tools enable communities of interest to develop rapidly, to share information, collaborate on projects and solve problems as they emerge. Web 2.0 also encompasses the way in which the internet has become a platform for the distribution of vast quantities of data and the way in which it has empowered people and organisations to access and transform data into useful information via a myriad of new means. These new tools and the culture of open collaboration which distinguishes the culture of Web 2.0 present important new challenges and possibilities for government. They offer new opportunities to refresh and deepen the enduring principles and values of government, while providing the impetus to improve the quality and responsiveness of government policy making and service delivery.

The challenges for government are to:

  • keep up with the way citizens are now finding information and networking
  • be prepared for key risks that social media presents
  • educate and train public service staff about their obligations in the social media world
  • analyse and capitalise on the opportunities that social media provides.

Social Media: What's the risk? Q & A Session

Social Media: Is it a tool or a toy?

Jeff's opening remarks lead into our first question, is social media a tool or a toy?

Facebook recently claimed its Australian users have reached 9.15 million members, almost 42% of the population. Neilsonwire1 confirms Facebook is the most popular social networking site, with mobile social networkers, followed by YouTube, Twitter and MySpace. ABS2 statistics released in late 2009 indicate that up to 72% of homes had access to the internet, which is likely to be closer to 80% or more now, and that 43% of Australians now own an internet-enabled Smartphone. These penetration figures will only grow.

The roundtable agreed that these platforms have become the primary communication channels to support social media and our lives are increasingly digital. Whilst this has arguably allowed us to achieve better work/life balance it is not uncommon for individuals to forget the context of the online forum, its accessibility and do 'regrettable' things.

Social media also amplifies some of these 'regrettable' things. Amplification depends on the 'interconnectedness' and 'interestingness' of the information. If the information is interesting, things can quickly go viral.

Roundtable facilitator, Micheal Axelsen, noted recent examples including a Young Liberal in Queensland who was expelled for slurring Barak Obama on Twitter, Catherine Deveny passing notes at the Logies and a Facebook invitation to a party going viral and reaching 35,000 members.

The concept of the 'wisdom of crowds' also garnered considerable support. Discussed by James Surowiecki in his book Why the Many Are Smarter than the Few and How Collective Wisdom Shapes Business, Economies, Societies and Nations, published in 2004, wisdom of the crowds refers to the aggregation of information in groups leading to decisions that are often better than could have been made by any single member of the group/

The VMIA roundtable generally recognised the power of social media and crowds although contrasting points were made that, whilst the crowd might be 'wise,' that does not make them experts. Dr. Leighton Vivian, Policy Officer Regulatory Reform from the Department of Primary Industries raised the point that "social media comes with the option of being anonymous and provides the opportunity for people to hide". Anonymity and the 'citizen journalist' approach, where we can blog whilst having a BBQ or on the train, is increasingly resulting in social media gaining a reputation for presenting half truths and innuendo.

Judy Backhouse, Executive Director Organisational Improvement, Department of Sustainability & Environment, was "interested from a public policy development perspective how we use Gov2.0 for policy development conversations across the community." She also asked what were the implications of this lack of credibility or the bias in the data?

Darren Whitelaw, General Manager Corporate Communications, Department of Justice sought to address the credibility concerns. "It's a numbers game," he said. "If you hold a Town Hall meeting and 100 people come along and all those 100 people are against what you're trying to do, then it's quite likely that that may be a pressure group. If you get 1,000 people along, it's harder for special interest groups to artificially inflate the results. If you get 100,000 people turning up, it's a pretty good indication that it's actually representative of what the public is thinking. So it becomes a numbers game." The roundtable continued this point into a discussion around having two personas on Facebook or other media as a method that can be used to keep professional and personal lives separate. Interestingly, this discussion centered around how the manner in which one used the social media tool in question affected its role as a 'tool or a toy'.

Dr. Leighton Vivian questioned "whether or not the key social media tools being used now are viable in the long term", citing Myspace as an example of a rapid rise and decline. Equally these tools are evolving at great pace. Traditional information technology tools or work platforms are not subject to constant change: a fact which may pose a challenge for technology managers across the sector. If we are to rely on these platforms as work tools we need to ensure they are viable and enduring.

The roundtable participants were mindful of the weaknesses with social media and the many opportunities it offered, however Wendy Pryor, Manager of Web Services for the Department of Innovation, Industry & Regional Development (DIIRD), provided a useful context as to whether social media is a tool or a toy. Quite simply, she said, "we need to go where the communities are".

There are a number of excellent examples of how social media can be used effectively across the VPS in serving our community.

A number of examples are noted below:

  • Twitter was used to keep the public informed during the 2009 Human Swine Flue (H1N1) outbreak in Victoria.
  • The Vital Valued Victorians website has user-generated content where anyone can acknowledge the contribution of Victoria's emergency services volunteers. There is also a Facebook page with over 10,000 fans.
  • The Department of Sustainability and Environment uses YouTube, Twitter and Flickr to showcase work in natural resource management.
  • Visual Place – a geospatial imaging service visualises Victorian government data and information to create customised maps.
  • The "Enough" campaign – a Facebook page where Victorians can support Victoria's policy to end family violence.
  • Problem Gambling – a site which uses blogs to gather ideas from the public.
  • The Departments of Justice, Transport and Treasury and Finance are using Yammer for informal internal communications.
  • VicPol is using Facebook for its members.
  • DASConnect (Disability Accommodation Services) is a pilot project using social media for staff working in group homes.
  • Joining The Chorus (the performing arts team of the Department of Education and Early Childhood Development) uses Facebook as a space for students, teachers and their friends and families to connect.
  • HealthSMART, Victoria's whole of health ICT strategy, is used to communicate between health professionals around the state.
  • The Premier has a YouTube account.

These are excellent examples of using Web 2.0 technology to serve the community. They support the roundtable view that social media can most certainly be used as a tool. Clearly however, it can also be used in a social or non-work environment.

In concluding this point it should be noted that the participants around the table were familiar with the topic at hand and could be deemed social media "converts". Whilst some were the voices of caution, had there been more naysayers, the group would have been perhaps more cautious in its endorsement of some social media activities.

Victorian Government policy context

One of the first areas the roundtable participants discussed was the Victorian Government policy context and guidance on the use of social media. This was very timely as the Secretary of the Department of Premier & Cabinet had released the Victorian Government 2.0 Action Plan at the ANZSOG Conference the week prior to the roundtable, on August 12.

The Government 2.0 Action Plan provides the foundation for a whole of Victorian Public Service approach to 2.0 technology and recognises that social media, wikis, and blogs can put the citizen in a more open and collaborative relationship with government. It also represents an opportunity to change how we work, with an increased emphasis on transparency and collaboration.

Maria Katsonis, Principal Advisor - Public Administration, Department of Premier & Cabinet briefed the roundtable on the key points of The Government 2.0 Action Plan which focuses on four priority areas:

1. Driving adoption in the VPS > Leadership - providing strong leadership and addressing whole of government issues to drive adoption in the VPS.

2. Engaging communities and citizens > Participation - using Government 2.0 initiatives to put citizens at the centre and provide opportunities for co-design, co-production and co-delivery.

3. Opening up government > Transparency - making government more open and transparent through the release of public sector data and information.

4. Building capability > Performance - managing risk and skilling up the VPS workforce in a digital age.

There are 14 initiatives under these four action areas, aimed at engaging and empowering citizens, making government more transparent and improving government capability.

Social media is more than just a tool for communication and engagement . . . it can be used to develop and deliver policy.

Is there a whole of government code of conduct?

When using social media, Victorian public servants need to maintain the same high standards of conduct and ethical behaviour that are essential to the relationship between the public sector and the government, the public sector and the community, and between those who work in the public sector. However social media has particular characteristics that need further consideration. This includes the amplifying nature of social media where information and views can be spread quickly and widely.

Social media also demands real time engagement, so forms of authorisation that apply to traditional communications do not translate easily in their application where fast approval is required. Additionally, social media is more than just a tool for communication and engagement with the public. It can be used to develop and deliver policy. As such it can be used by both policy officers and communications officers alike in the performance of their duties. In consideration of the above, the Public Sector Standard Commissioner has released "Guidance for use of social media in the Victorian public sector". It provides clarification for the Victorian public sector on existing obligations under the Code of Conduct.3

The guidance note helps clarify existing obligations under the Code of Conduct in the context of using social media. It is high level, principles-based, and addresses both official and private use. It makes it clear that participating in social media is subject to the same standards of behaviour set out in the Code of Conduct that apply when participating in any other media or public forum and is a reminder that ramifications of breaching the Code of Conduct when using social media may result in disciplinary action.

The guidance does not:

  • Modify the Code of Conduct or existing policies of any individual organisation.
  • Seek to regulate how social media is used as a work tool/ communications medium.

It is up to each organisation to develop their own policies and protocols in relation to social media and enforce them.

The sections of the Code of Conduct highlighted in the guidance note are reproduced below:

2.2 Remaining apolitical

Where staff are authorised to use social media relating to the administration of policies and programs of the elected government, they should avoid making statements or engaging in activities of a party political nature.

3.5 Making public comment

Use of social media for making public comment in relation to duties must follow the appropriate internal communications process and authorisation.

When using social media for official purposes it should not be used to express personal opinions.

When using social media for private purposes, staff must ensure that they make it clear that any comments relating to Victorian government activities are not official, and that they are speaking only on behalf of themselves.

Staff must ensure that any personal comments don't compromise their capacity to perform their public role in an unbiased manner.

3.9 Public trust

Whether using social media for official use, or in a private capacity, staff must not do anything that may adversely affect their standing as a public official or which could bring themselves or the public sector into disrepute. The nature of social media increases the risk of reputational damage through private activities such as:

  • posting images, information or links to images or information;
  • disclosing one's own and others' personal information;
  • engaging in a heated debate or argument.

5.3 Work resources

Staff must comply with employer policies regarding private use of work resources, including their use in engaging in social media. Those policies will have regard to not only the efficient and effective use of public resources, but also the risks associated with their use for private purposes (e.g. 'electronic footprints' which could identify the user as working for the public sector).

5.4 Open to scrutiny

Staff must maintain accurate and reliable records of their official use of social media as required by relevant legislation, policies and procedures.

6.1 Fair and objective treatment

All communication of an official nature should be objective and courteous in dealings with the government, community and other public sector employees.

6.2 Privacy and confidentiality

Staff must ensure the privacy and confidentiality of information acquired at work is protected at all times and treated in accordance with relevant laws and policies. The potential scope and ramifications of a breach of privacy or confidentiality when using social media are severe.

6.4 Equity and diversity

Obligations on public sector employees to support an environment free of discrimination, harassment and bullying also apply to their use of social media.

Source: State Services Authority - Guidance for use of social media in the Victorian public sector, Published: 18 August 2010

The roundtable conversation then turned to one of the critical issues in social media, that of the blurring of private and public personas. Am I in this space as a public official, a professional person or private citizen and will my employer know which space I'm in at any particular time?

Paul Eate, Executive Director Standards & Equity, State Services Authority explained that the "guidelines provide people with what (they) need to be aware of when participating in the social media space. They're the same as they've always been. We've just put the social media context over it."

"The real issue is the risks associated with crossing the line and, if you do cross the line in this media, the ramifications will be amplified. It's not where is the line? That stays the same." "It's about behaviours and standards and frankly applying some commonsense," Paul Eate, SSA

From a whole of sector perspective, it's almost impossible to draw that line. Because depending on where you work in the sector, the type of job you are in, the line is going to be different. Thus it's up to the various employers to work within their organisations to set more explicit contextual guidelines for staff.

Maria Katsonis reinforced that "It's the same behaviour that guides your conduct as a public servant in the analogue world as it does in the digital. When I speak at conferences no-one vets my remarks before I get up in front of 200 people. However in the digital world, the social media world, I'm going to go global, particularly if I come up with something that's contentious."

Despina Babbage, Senior Policy Advisor from Information Victoria, was in agreement but emphasised that "commonsense is not all that common and there may be a need for some further training for some public servants".

Are organisations training staff in the appropriate use of social media as it relates to their private lives and their corporate duties?

The shifting relationships between governments, businesses, communities, citizens and other stakeholders are prompting a wholesale rethink of what governments are supposed to deliver and how. The move to a Gov 2.0 platform however is quite a significant technological and cultural change. It will require entirely new processes and tools and the development of a new culture of cooperation and skill set for many VPS employees. Whilst it can be argued that many younger generation employees are already adept at the use of social media technology there will be many late adopters who require training in the use of technology and protocols for use.

This culture will allow tomorrow's government to do more with less. But delivering on that promise will take more than good intentions. The internet's next generation of on-line collaborative tools and platforms will be critical to unleashing this potential.

Stephen Owen, Manager Strategic Risk, VMIA notes "the roundtable has focused on the use of social media and how it is fundamentally changing the way many of us interact and collaborate across government. This may well be the way of the future, however it is evident that whilst we are subject to the 'same standards of behaviour', many of us are unskilled in the use of the technology and the risks it may pose. It is essential that organisations take training and education seriously in order to manage the risks the use of social media brings."

Managing the risks

Social media like all technology applications needs to be appropriately managed and controlled whether used in a work or private setting. To support VPS employees the Department of Premier and Cabinet has updated and released DIIRD's

"Government 2.0 projects in VPS: An introduction to managing risk". The document articulates guidelines for public servants working in the Web 2.0 space. Four key areas of risk relating to Web 2.0 initiatives have been identified by the document:

1 The publication of damaging information
2 The need for moderation
3 Potential burdens on resourcing
4 Challenges for project management.

The document identifies that posting information on social media sites runs the risk of brand damage, hijacking of posted information and breaches of implicit trust. As part of the risk management approach, the Victorian Government has also released a "Risk register and management plan," a pre-populated spreadsheet designed to aid VPS employees in identifying risks related to strategy, reputation, cost, target performance, schedule, fit-for purpose issues and personal injury.

The Victorian Health Department also released in August 2010 a set of Social Media Guidelines which was similarly focused on managing risk. Federal agencies such as the Department of Finance and Deregulation, and the Department of Immigration and Citizenship have also recently released social media guidelines.

The increased risk associated with use of Web 2.0 initiatives is a major concern. Roundtable participants discussed a number of other risks across broad categories as below:

• Legal: The risk that the organisation will need to defend itself in a legal case due to the actions of employees online
• Reputation: Statements made by others may affect the business's/organisation's reputation
• Cyber: the risk of cyber attack (viruses, spyware)
• Privacy and identity theft: Using information released on social networking sites to commit acts of fraud, including social engineering fraud
• Records Management: Unintentional release of information onto social media websites.

Legal risk

The legal risks facing organisations using social media are many and varied. It is possible in certain circumstances, for website owners to have a duty of care to their users and individuals can now be served via their Facebook profile if they can't be located. In Australia, an individual's profile page can also be used in evidence. Legal risks are many and may include:

• Loss of confidential information
• Trademark infringement
• Misleading and deceptive conduct
• Discrimination
• Employer liability for employee acts of defamation.

There are a number of actions organisations can take to manage these risks, some of which include:

• Having a social media strategy as a first step to managing risk
• Limiting access, use and terms through employee and other contracts
• Introducing a social networking policy to provide guidance to employees in both public and private settings
• Conducting training in social media legal issues to increase awareness.

A theme flowing from the roundtable was that the legal risk to government was high in areas where timely and accurate information was available to the public in emergency situations, such as bushfires. There are examples where Twitter and Facebook have had more timely and up-to-date information than the official channels.

Having a real-time social media reputation monitoring service may also be of benefit. Although Darren Whitelaw added that whilst they monitor social media at DoJ "it's very difficult to monitor when people are saying bad things about us without having a big brand such as NIKE or Virgin Air where key words can be picked up."

Legal risk was a complex area for the roundtable to consider. Managing legal risk is a specialist area and needs to be treated as such. Generally discussion focused on applying the same standards, protocols and disclaimers you would in producing material for public release.

Jeff Floyd noted that "online or off-line is irrelevant. It is about commonsense, ethics and values".

Darren advised that he has a disclaimer on his Twitter profile. "It says 'the views are my own and don't represent my employer'. So I'm being very clear that I'm speaking on behalf of me and not the organisation and that's a common cultural norm in the social media space."

Isabel Parsons, Special Counsel, Victorian Government Solicitors Office, continued talking about disclaimers, "You have to understand what's the limit of them, how do they fit with the technology, can they be imbedded in your distribution or do you just have to say there's some kinds of information we won't authorise will be released in this way."

Isabel also noted that in the US, the Federal Government had "negotiated overarching terms and conditions which were designed to sit on the top of the standard terms of providers like Facebook and a number of others who agreed to be bound by them … it's an elegant, two or three page document in plain English which basically replaces the provider's terms with others that reflect government contracting standards - on issues like indemnities. I'd like those for Victoria."

Kathy Phelan, Director, Small World, felt that the "most important thing is to know what to do when things go wrong, understand the nuances of media and if you are using social media, develop content plans in advance".

Recognition of the context, private or public and consideration of real time releases such as emergency warnings versus more considered statements such as policy releases and moderation featured strongly.

Reputational risk

Reputation refers to the standing of a person or organisation and, in its broadest sense, reflects what is generally thought or said about that person or organisation. Reputation is dynamic, people can change their perceptions with every new piece of information they acquire.

In today's environment of 24x7 media and proliferating electronic technologies such as social media in which bad news seems amplified, reputational risk can resist containment and instead requires proactive management.

Stephen Owen from VMIA notes that "some would argue that reputation damage is itself the result of another risk occurring. Thus it is the effect, rather than the cause. This may be true however as reputational damage is often ranked in the top five risks in local and international surveys. It warrants active management in its own right."

Deloitte LLP's 2009 Ethics & Workplace Survey shows that there is great reputational risk associated with social networking as 74% of employed Americans surveyed believe it is easy to damage a brand's reputation via sites such as Facebook, Twitter, and YouTube.

More worrying still:

"58 percent of executives agree that reputational risk and social networking should be a boardroom issue, but only 15 percent say it actually is".

Greg Daniel, Executive Chairman, SR7, noted that very large corporates are worried about information leakage. "Companies that are very security conscious couldn't understand how information was getting out there. One of the great sources of the problem is LinkedIn. Senior managers will go on LinkedIn and quite innocently say, 'I've just been promoted to be the new head of Japan and I've got 400-odd people reporting to me. We've also had instances where marketing departments have divulged their budgets for the year."

Kathy Phelan concurred and added that recently a client she was working with "had given out the whole marketing plan of what we were doing, to 38,000 professional communicators around the world." These examples reinforce a number of points around data protocols one of which is the need to classify information.

Be aware to prepare.

The accuracy of reported information is also a reputational concern. It was noted that many newsrooms have shrunk by 50% over the last 10 years. With half as many journalists writing twice as much, their ability to research stories is limited. Greg suggested "the first place they go is to social media and we've got lots of examples of journalists now simply lifting quotes, attributing quotes to people that they don't even know exist."

Jeff Floyd was concerned that reputational impact is more than short term embarrassment. "So my worry is it's all about reputation rather than saying, we've got critical intellectual property, private information, commercial information going out and we amplify that, that's the big risk to me, rather than the amplification of embarrassment."

Despina Babbage also raised a concern over orphaned sites "that just float around in cyberspace which makes us look half alive, like we're not paying attention to what we've created. Kill them off if they're no longer valuable. These can do significant reputational damage"

Allowing the publishing of on line content on a website or social media forum subjects the organisation to increased risk of reputation damage. However because reputation is not fixed but is ever-changing, purely reactive approaches to reputational threats are both hard to implement and in themselves insufficient.

It is therefore essential that an organisation has tools and processes in place to mitigate reputational damage. Such tools include sound policies and procedures around content management, site use and formal education and training programs for staff.

Paul Eate, State Services Authority, Dr. Leighton Vivian, Department of Primary Industries, Kathy Phelan, Small World

The first place many journos go now for a story is social media . . . they simply lift quotes and attribute them to people that they don't even know exist.

Cyber risk

The roundtable conversation then moved to the cyber risk theme. The technically minded professionals amongst the group were more content with the password, firewall, authentication type controls across government to the point that this risk "was overstated". The traditional IT risks were largely viewed as "under control".

Darren Whitelaw suggested that "the fear is the bogeymonster that doesn't exist, it's actually holding us back because I think generally speaking, people are more mature than that." Peter Hughes, Director, On-line Consulting, Deloittes, felt that "The key message in a lot of this is that we can't limit innovation over this fear of risk, but you can't ignore it either. So as you're going through development of social media plans or policies include IT early on, include the risk people and the security folks.

The technology folks are going through their own maturing process right now, recognising that they intelligently need to let down their guard. They can't be fearful of everything, but they do need to manage the assets of our organisations."

Conversely the less technically minded were less confident. Instead noting that as humans we are fallible, we do use passwords multiple times and people do continue to get scammed time and time again. The Nigerian banking scam was used to demonstrate this point. This group, the voice of caution and reason, favoured supporting the IT environmental controls with technical awareness training.

Cloud computing came in for a mention. Disclosure of what jurisdiction your data is being stored in is very important, particularly where most hosts are overseas, in the US or India.

Anthony Bendall advised that "government agencies should tell people where they're sending their information. If we were to audit an organisation and they hadn't done that and actually were sending your information off to Texas and weren't telling their clients, that would probably be a breach of the Information Privacy Act."

"You have to take on board, if you're going to send it over there and there's no way for anybody to enforce, well then you take the liability. If they can't recover against your outsourcer, they'll recover against you. And if you can't wear that, don't do it."

Peter Hughes noted that "In Canada we have the Access to Information Act and it effectively means that unless something is classified we have access to probably as much information as we want to have. We're talking about a delivery mechanism here as opposed to a policy around access to information. Governments shouldn't hide behind the fact that there is this risk of losing control of data that policies already say we have access to anyway."

As you develop social media plans or policies make sure you include your Risk and IT staff.

Privacy and identity theft

Micheal Axelsen provided an example of a CPA who has up on her Flickr website a copy of the letter promoting her to an Associate of CPAs, a copy of her resume, saying what university she went to, what languages she speaks, her Hong Kong Identity Number and a photograph of her.

"What are the implications around privacy and identity theft for the Victorian government? Do you need to do something about it?" he asked.

Identity crime is an international problem and while the true extent of it is unknown, the ABS has estimated that it costs Australians at least $1billion a year. There are also more pervasive sides to social media such as cyber-bullying or grooming.

Fortunately, governments are taking such matters seriously with the Standing Committee of Attorneys-General agreeing to a coordinated national approach to combat cybercrime including establishing a National Cybercrime Working Group and enhancing coordination between Commonwealth, State and Territory law enforcement agencies. This work complements the Australian Government's international efforts to combat cybercrime, including the recent announcement that Australia will seek to agree to the Council of Europe Convention on Cybercrime.

Anthony Bendall suggested that identity theft aside, "privacy risk is more inadvertently releasing personal information that's held by the agency, and not the risk to an individual within the agency". The roundtable participants agreed that there are plenty of existing laws and we just need to look at what laws already exist to protect people, it's not any different with social media. It was also generally agreed that risks around privacy and identity theft were more of a private nature than a professional one although individuals still need to be careful.

Kathy Phelan felt we should be aware of our social obligations as well. "We've got products like Foursquare, to teach young people that you don't say that you're home on your own or that you're going somewhere now and that the house is going to be empty."

Darren Whitelaw felt there is an opportunity help identify fraud and identity theft. "The challenge is to use this for good instead of evil and potentially use data mining to confirm whether or not there is identity fraud going on. What Delloitte does, is rather than having the 100 point ID check, Deloittes invented a technology that effectively does a 1000 point ID check in an anonymous way that the Privacy Commissioner has given a thumbs up to, because it doesn't involve the transmission of personal information."

The roundtable concensus was that privacy risk and identity theft is more of a private risk. Regardless, policies and procedures around content management, site use and formal education and training programs for staff which would address overall use of social media will also be of benefit to individuals in managing this area of risk.

Records Management

Moving onto records management, Micheal Axelsen gave an example of someone collaborating using Wiki and inadvertently leaving it open to public access. It's in the cloud, it's Google indexed, it's now in the wild. Are there implications around where the document's stored in social media repositories and improper access?

Anthony Bendall suggested that "it seems to me working out what it is you're holding and what's appropriate to do with particular types of information and also training staff properly are the key things. As Deputy Privacy Commissioner that hasn't really happened even a decade after the Privacy legislation around the obligations you have now, regardless of the technology."

The roundtable agreed that most of the major privacy disasters we've had in Victoria in the last few years appear to have been with paper records. Filing cabinets being sold with records still in them or workers leaving files in their cars overnight outside in the driveway. The occasional laptop may also go missing but that's not really a social media issue.

"There's a whole lot of concern around information security when it's electronic information but the backdoor gets left open with paper records," Anthony Bendall, Deputy Privacy Commissioner

The roundtable noted that there are some categories of documents you would never take on the train or leave in the car. Some of these are not stored digitally anywhere. Nor should they be open to social media access.

Micheal noted that "records management, the information management framework that applies to the physical world of records should also operate in the on-line world."

The roundtable discussed Kathy's earlier example of inadvertent document release. Kathy explained "that we pulled it down, but I think in posting it she had every good intention because she wanted to ask her peers for ideas, but she didn't understand the commercially sensitive details that she'd put up to competitors."

The use of social media aids collaboration across government. However when you consider the development of sensitive policy information, this may be more concerning. Judy Blackhouse, Executive Director, Organisational Improvement, Department of Sustainability & Environment felt that "the policy officer who is trying to do the research just thinks, we'll go out to the community of experts and see what people think about these options, and it's possibly a policy proposal that shouldn't have gone outside of the walls of the agency. It might be inadvertent but it's a real possibility."

This is where the VPS Hub with closed groups can help. With the VPS Hub you can share ideas and resources, form communities of practice, and find out about what's going on in government in an appropriate safe and controlled environment.

Concluding remarks

There were three primary points of interest, worthy of final note:

1. The 'two personas discussion' relating to tactics that can be used to keep professional and personal lives separate.

2. Amplification, which related to the way in which social media might 'amplify' items of interest in a viral and potentially damaging manner.

3. 'Wisdom of the Crowds' also garnered considerable support as a topic for future discussion, although contrasting points were made that, while the crowd might be 'wise', that does not make them experts.

By way of general observation, the participants around the table were familiar with the topic at hand. Some were more enthusiastic than others who represented voices of caution. This topic bias has naturally influenced the roundtable discussion. Had there been a few more doubters present, it is possible that the group would have been more cautious in its views around the risks presented by social media activities.

Surveys suggest that organisations are quite willing to accept risk in the abstract before it is realised, but once a risk has been realised our risk-averse natures are less inclined to be happy with our earlier choice. In that sense there was discussion of some items that were considered 'bogy men' and 'not really worth worrying about' that, if the risk is realised, might be considered to be more problematic than the roundtable suggested.

The discussions relating to legal risk, reputational and records management risk were particularly instructive. However, cyber, privacy and identity theft did not receive strong recognition and were considered personal rather than professional concerns. Another challenge identified was the general vibrancy of the tools and sites that make up social media. These tools and sites are constantly changing with the result that any response by the VPS needs to focus on codes of conduct first, and specific rules and requirements relating to individual tools second.

Overall, the roundtable discussion supported the use of social media as a legitimate tool of government. Whilst there are risks, these can and should be managed in order to release the myriad of opportunities available. Participants were generally supportive of policies and procedures around content management, site use and formal education and training programs for staff which would address overall use of social media. The technical risks were seen as less of a current concern than the behavioural or cultural aspects of moving the VPS workforce to the social media age.

As part of the Victorian Government 2.0 Action Plan there are many current resources and future projects underway to support the VPS in the social media space. Some of these include:

  • Have Your Say is a website that will promote online discussion between citizens and government and act as a forum for consultations about government programs and services.
  • The Public Record Office Victoria (PROV) will create Web-2.0 spaces for activities, material and projects to enable community participation in describing and accessing the State's records.
  • A regulatory governance wiki will be created as an accessible on-line repository of publicly available information about improving the operational performance of regulators.
  • The Department of Health is looking at the use of blogs and wikis to reach more citizens with crucial health information.
  • The Department of Justice is seeking to harness the usability and personalisation of Web 2.0 to ensure that Victorians are ready to meet the summer bushfire season with the development of FireReady i-Phone and Facebook applications.
  • Following the success of the inaugural VPS Hack Day in February 2010, the event will be held every six months, opening up public sector data to teams across the VPS and the local ICT.

A range of resources, toolkits and templates will be developed to support the uptake of Government 2.0 in the VPS. This includes a social media primer, risk management toolkit, sample business cases and strategies, and evaluation guides.

We would like to thank those participants who gave graciously of their time, experience and intellect to this engaging topic.

Thank you to the following participants

  • Micheal Axelsen (Facilitator) Director Applied Insight Pty Ltd
  • Despina Babbage Senior Policy Advisor Information Victoria
  • Judy Backhouse Executive Director Organisational Improvement Department of Sustainability & Environment
  • Greg Daniel Executive Chairman SR 7
  • Paul Eate Executive Director Standards & Equity State Services Authority
  • Jeff Floyd General Manager Strategy & Risk VMIA
  • Peter Hughes Director, On-line Consulting Deloittes
  • Leona Jorgensen Acting Deputy Director Department of Planning & Community Development
  • Maria Katsonis Principal Advisor - Public Administration Department of Premier & Cabinet
  • Stephen Owen Manager Strategic Risk VMIA
  • Isabel Parsons Special Counsel, Commercial and Property Victorian Government Solicitors Office
  • Kathy Phelan Director Small World
  • Wendy Pryor Manager, Web Services Department of Innovation, Industry & Regional Development
  • Anthony Bendall Deputy Privacy Commissioner Privacy Victoria
  • Dr. Leighton Vivian Policy Officer Regulatory Reform Department of Primary Industries
  • Darren Whitelaw General Manager Corporate Communications Department of Justice

© VMIA 2010 www.vmia.vic.gov.au

Disclaimer: This document provides general information, current at the time of production. The information contained in this communication does not constitute advice and should not be relied on as such. Professional advice should be sought prior to actions being taken on any of the information. The VMIA disclaims all responsibility and liability arising from anything done or omitted to be done by any party in reliance, whether wholly or partially, on any of the information. Any party that relies on the information does so at its own risk.

This Report from VMIA Risk Roundtable, VMIA, November 2010 is avaliable for printing in pdf format (766kb). (This document requires the use of Adobe Acrobat Reader).

Bookmark and Share

Added: 22 November 2010 Page views: 1,950 Rating: 0 Votes: 0
Review and rate this Article
Last updated: 22 November 2010