AFP Information Exchange Facebook Privacy for Nonprofit Organ izations Written by: Chris Bernard, Senior Editor,, Idealwaree ~ Provided by: http://www.idealware..org info@ @idealware.org 4300 Wilson Boulevard, Suite 300 Arlington, VA 22203-4168 800-666-3863 (U.S. & Canada) 703-684-04100 001-866-837-1948 (Mexico) 703-684-0540 fax www.afpnet.org afp@afpnet.org
Facebook Privacy for Nonprofit Organizations By Chris Bernard (December 2010) Courtesy of Idealware, www.idealware.org There's a lot of talk these days about privacy issues on Facebook. What does that mean for you as an organization? The issues for an organization are different than those facing an individual but still absolutely something you should be thinking about. This article was funded through the Idealware Research Fund. Facebook seems to generate a lot of discussion about the way it handles privacy and security, and not without reason personal data protection is worth some scrutiny, and Facebook has a questionable track record in this area. However, these issues don t apply in the same way to nonprofits who have an organizational presence on Facebook. Organizational data is, by definition, far less personal than the information an individual might trust to the site, so you re much less likely to want to keep it private. But there are other privacy concerns for nonprofits that use Facebook even if your own privacy isn t a big concern, it s important to think of your constituents privacy. What does that mean for you? We talked to a few experts and condensed their advice into this article. We ll take a look at the issues you most need to be concerned about one at a time. What s the Deal with Facebook and Privacy? Facebook began as a way for users to communicate with a select group of people they chose to add to their networks. Six short years later, it s become a nearly indispensable utility with more than 500 million users and its own Hollywood movie. As it grew, its privacy settings evolved and, in many ways, eroded. The first changes made a lot of user information public by default, forcing users to be savvy enough to notice and change them. More recent changes have made additional user data public and shared it with partners to target ads without giving the option to change it. While it s still possible to adjust individual user settings to keep a great deal of personal data private, it s not always easy to do so, and with regular, ongoing changes, Facebook keeps moving the goalposts. However, most of this doesn t apply to organizations. Organizations that choose to have a public Fan Page usually are very interested in reaching people they don t yet know. If they want to have a more private conversation, they can set up a private Group, for which the privacy settings are relatively straightforward. And the truth is that Facebook is far more interested in
information about individual users who are prime targets for promotions and ads than organizations, which are more difficult to target with advertisements. Constituent Privacy However, constituent privacy is another thing altogether. Before you post anything about the people who interact with your organization, it s important to consider a few things like whether or not you have their permission. And whether your post might say more about them than they would want, either intentionally or not. For example, are you mentioning things done by someone outside your organization and referencing them by name? Are you displaying photos or videos of people, or tagging photos with their names? It s a good idea to get permission from them first. At an event, this can be relatively easy post signs, or a note on the invitation or tickets, letting attendees know you re taking pictures, and asking them to let you know if they don t want to be included. Many schools and organizations that work with children already ask families to sign waivers giving permission to use photos in print and on the Web. It s a good idea to add Facebook and other social media into those waivers and if you re not already using such waivers, give them some thought. But even if you have permission, consider each picture or video. Is it something a constituent would want family or employers to see? If not, think twice before posting it. That picture of your donor dancing on the table with a drink in her hand might be a great illustration of the good time had by all, but may well not be the image she s trying to portray at work. Sometimes simply mentioning someone s name can be an invasion of their privacy. HIPAA guidelines, for instance, which apply to health related organizations who receive funding from Medicare or insurance companies, prohibit disclosure of any information related to diagnosis even general information that someone is enrolled in a program. In this case, it s clear that mentioning someone s name in conjunction with your program is a violation of not just privacy, but of the law. But even if HIPAA doesn t apply to you, consider what you might be saying about constituents when you publish their names. One expert we spoke with cited a New York based nonprofit that makes one time financial grants to individuals and families in need for instance, to pay medical bills, or to cover mortgage or tuition during a particularly lean period. Because grant recipients probably don t want to publicize their economic hardships, that organization chooses to not mention them when promoting the good work it does on Facebook. Instead, it uses the opportunity to thank donors and supporters for their assistance, and to encourage others to give. Things get even more complicated when it comes to organizational staff members personal Facebook pages. If one of your social workers friends the kids she works with, does that publicize that your organization providing them with services? Maybe one of the experts told us about a nonprofit that serves at risk teens. Its social media policy was for staff to not friend
anyone who might be a constituent, and for the organization page s administrators to never post on those users walls. Why? Because associating a teen with the organization might imply a need for the services the organization provides, and that could be a breach of privacy. Another expert told us about a Maine school for children with autism spectrum disorders that adopted a similar policy to prevent legal action. In the past, the school administration encouraged teachers to interact with families of students and alumni on Facebook, but fearing a potential lawsuit by a parent who felt that this disclosed too much about their child, recently required staff to unfriend parents. This is a murky area, because employee Facebook profiles are their own, and not strictly affiliated with your organization. The lines, however, are not clear. When creating a social media policy, make sure to think about your constituents and how your staff s Facebook activities may affect them. It s not always clear cut or easy to see. Wrapping Up To most people, Facebook is a harmless way to keep in touch with friends, families and other groups and people with shared interests. That s certainly true of the site, but it s worth a reminder that it s also a business, and that means it s revenue driven. That revenue comes from advertisers drawn to Facebook for the same reason so many new users are because of the vast numbers of people already using the site. The negative press about privacy concerns has people talking about the issues, and Facebook s founder has also made public statements that reveal his fundamental belief that the age of privacy is over. But the site is so popular now that many people feel they d be missing out if they were to cancel their account, which makes it more and more difficult for people to vote with their feet. Privacy issues are likely to continue evolving. Users need to stay abreast of them to ensure their data is protected in the way they believe it to be. Of course, they always have the option of not using the site at all, but for most people the pros outweigh the cons. As long as they continue using Facebook, chances are your organization will, too, as a good way to be part of the conversation. Whether you re thinking about creating a page, or already have one, sit down and think through a policy to make sure your organization and constituents are protected. The issues aren t black and white. The best thing you can do is to stay informed, and adapt your policy as you learn more. Thanks to John Haydon of Inbound Zombie, Amy Sample Ward of NP Tech and Andrea Berry of Idealware.
Facebook Privacy for Nonprofit Organizations By Chris Bernard, Senior Editor,, Idealware http://www.idealware.org info@idealware.org About Idealware: Idealware, a 501(c)(3) nonprofit, provides thoroughly researched, impartial and accessiblee resources about software to help nonprofits make smart software decisions. Nonprofits maintain a complicated relationship with technology. Most know that software can streamline their processes and help fulfill their missions more efficiently and effectively, yet lean staffing and tight budgets mean they re unable to devote the time necessary keep up with new technologies and find the right tools. From the most basic questionss (like how to use software to help manage emailing hundreds of people at once), to the more complex (like understanding the role of social networking and mobile phone text-messaging in fundraising strategy), organizations need a trusted source for answers. Idealware provides an authoritative online guide to the software that allows U.S. nonprofits especially small ones to be more effective. By synthesizing vast amounts of original research into credible and approachable information, Idealware helps nonprofits make the most of their time and financial resources. And, our reach is expanding! Our reports have been downloadedd hundreds of thousands of times. Who's behind Idealware? Idealware is made up of a small, growing staff - aided by a community of experts, including content partners and contributors - and overseen by a remarkable board and set of advisors. 4300 Wilson Boulevard, Suite 300 Arlington, VA 22203-4168 800-666-3863 (U.S. & Canada) 703-684-04100 001-866-837-1948 (Mexico) 703-684-0540 fax www.afpnet.org afp@afpnet.org