Policy Brief: Social Media, Security and Privacy Preparing Extension for Social Media and Creating a Cyber

Safe Environment Executive Summary Our organization uses social media to achieve our mission. Professors use it to communicate with their classes and to engage in open discussions, extension educators use it to contact stakeholders and announce upcoming events and to report recent happenings, staff uses it to share resources in content area. Social media is not going away. Three fourths of all 7th-12th graders have at least one social media profile. (Read more at the Kaiser Foundation: http://www.kff.org/entmedia/entmedia012010nr.cfm) We know that social media uses technology for the digital exchange of ideas and for interactions. A quick poll of coworkers identified numerous forms of social media that are currently used: Facebook, Twitter, YouTube, Blogger, Word Press, Foursquare, various Google products like Google.docs, Dropbox, LinkedIn, PBWorks, Delicious, Diigo, Ning, and Plone, to name just a few of the sites from that small unscientific sample. To deny the usefulness of social media would equate to the naysayers speaking out against Alexander Graham Bell when he invented the telephone. Instead of fighting the realities, we must proactively move to guide its use as a tool for the exchange of ideas. In the article, National Cyber Security Alliance Announces New Agreement with the U.S. Department of Education, NIST and National Cybersecurity Education Council to Promote Formal Cyber Security Education Programs Nationwide. Wall Street Journal/Market Watch: http://tinyurl.com/3sn5zrn Our children live in an interconnected technology-based world with a growing need for digital skill sets," said U.S. Secretary of Education Arne Duncan. "Our future depends on a digital citizenry that can use the Internet safely, securely, ethically and productively," said Michael Kaiser, executive director of the National Cyber Security Alliance. Not only do experts in the field realize the need for youth using technology, they show that the development of skills in the area is important. Another expert supports that fact and expands it to address the need for security and safety. Context and Importance of the Problem (Critique of existing policy) Social media has opened doors of communication for our society and for our workplace. We must work to become stewards however, of what enters and what leaves through the door in relation to our organization. There are general overriding policies in place to deal with the umbrella issues. Just as social media has evolved, so too must our guidelines for protecting our stakeholders and our organization. Because we work with youth, 4-H has developed both process and policy to ensure the safety of minor children. To hire staff, the University conducts a screening process to check the background of anyone working with children. Because we are a youth serving organization that relies upon the services of a volunteer workforce, we have an intense screening process (http://extension.psu.edu/4h/leaders/factsheets/FactSheet5.pdf/at_download/file) that includes checking references, state police and Childline background checks and, and an interview process of anyone applying to volunteer with our organization. We also conduct training for new volunteers to specifically address the policy on Reporting Child Abuse and Neglect (http://extension.psu.edu/4-h/leaders/factsheets/FactSheet9.pdf/at_download/file)

in order to deal with actions that must take place should they sense that a child has been a victim of abuse or neglect. Because of the focus on the adult (volunteer and staff) and child relationships, and the importance of protecting our youth, these protections need to be expanded to address the growth of social media and the use of technology for interactions with our youth. Internet security and privacy is another important concern for any organization. Penn State has numerous policies and guides in place to address cyber-security issues (http://its.psu.edu/be-safe) in relation to our workplace. As I reviewed several of the policies and guides, I quickly realized whether many of my peers are really aware of the measures of protection we are required to take, and why they are in place. The issue in this case is not whether there is guiding policy, rather it is an issue of knowledge (or lack thereof), and understanding the need to secure. This deficiency has to be addressed. Policy Recommendation I: Develop a policy that outlines appropriate digital communications and interactions with adult staff and volunteers with minor children for the protection of all parties. Standards should include setting expectations for interactions to take place in public forums that can always be viewed by others. An example of this would be a public group on Facebook, or a community discussion forum. Pro Con Can help protect adult and volunteer staff from false accusations It will give adults an excuse to tell minors that they are not permitted to engage in private interactions Prevent minors from seeing age-appropriate adult behaviors that may not be a good example for minor youth First amendment right issues in regards to adult volunteer interactions with minors have to be considered. (http://www.huffingtonpost.com/2011/10/21/missouri-repeals-law-rest_n_1025761.html)

Policy Recommendation II Establish core competencies for employees of the organization and create a process that new employees must learn and implement the necessary preventative steps to protect the University, the networks, and equipment from outside entities when using the Internet, World Wide Web, and social networking sites. In Social Media and Privacy: Best Practices for Managing Your Personal and Professional Identities, Andrew Heller from NTEN (Nonprofit Technology Network) outlines steps that can be taken for managing identities, including: Knowing the risks Privacy settings for sites like Facebook, Twitter, LinkedIn Develop a Social Media Guideline for Your organization (For the complete article: http://tinyurl.com/2ehmtvd) Pro Con Security measures are already identified and listed in Information Technologies site Standard level of expectation to all employees and can be tracked and reviewed for performance evaluation Educators will be able develop educational program for their stakeholders with their knowledge Tracking and managing orientation and tracking Updating security strategies in a timely fashion then refreshing employees to new measures

Tracking changes of web and social networking sites in terms of their security changes and changes in their Terms of Service (TOS) as it relates to how information is collected and used

Sources consulted http://www.onlineuniversities.com/blog/2011/09/using-social-media-in-the-higher-education-classroom/ http://www.nten.org/blog/2010/04/28/social-media-and-privacy-best-practices-managing-your-personal-andprofessional-identities http://www.marketwatch.com/story/national-cyber-security-alliance-announces-new-agreement-with-the-usdepartment-of-education-nist-and-national-cybersecurity-education-council-to-promote-formal-cybersecurity-education-programs-2011-10-28 http://www.crn.com/news/security/231602450/study-organizations-waking-up-to-social-media-securityrisks.htm;jsessionid=ETPzMLXJbJGknkoAsXiarQ**.ecappj01 http://its.psu.edu/be-safe http://www.huffingtonpost.com/2011/10/21/missouri-repeals-law-rest_n_1025761.html http://extension.psu.edu/4-h/leaders/factsheets/