The majority of organizations utilize social media to market their products and services, interact with consumers, and manage their brand identity. Many mobile applications and websites even permit users to sign-in with their social media accounts to purchase items or use the applications’ services.

While using third party social media websites has significant advantages for businesses, it also raises distinct privacy concerns. Specifically, the terms of use that apply to social media platforms may give the platform the right to share, use, or collect information concerning your business or your customers. To the extent that the social media platform’s privacy practices are not consistent with the practices of your own organization, they may contradict or violate the privacy notice that you provide to the public.

How would a data breach of social media platforms affect your organization? Do you have a plan if your social media account is breached?What to consider when evaluating your organization’s use of social media:

  1. Does your organization share information with an intermediate service provider, such as a social media analytics company, to provide or analyze social media services?
  2. Is your internal data or customer personal information protected under your agreements with third parties, including social media platforms?
  3. What types of customer personal information are solicited, collected, maintained, or disseminated via your social media platforms (e.g., geo-location)?
  4. Do you display information or images of users or other people, including your employees? Did the people in the images give their permission and/or sign a release?
  5. Is your client list private? Do your employees connect to your clients on social media?
  6. How is information about your customers that is collected from social media sites being stored? Do any third parties have access to that information?
  7. Do users log-in to your services or make purchases through a social media platform?
  8. What type of personal information do your customers share with you on social media platforms? Does your use comply with the platform’s policy for collecting data from users? Do you review the platform’s policies regularly?
  9. Does your organization have a social media policy governing employees’ use of social media, particularly pertaining to sharing confidential customer and organizational data on the platform?