Legislating Social Privacy

The Ponemon Institute believes a big part of addressing issues of consumer privacy as they relate to social media platforms has to come through education.

Recently, and in partnership with Experian’s ProtectmyID.com, we conducted a study entitled Identity & Privacy in Social Media. The results of this study were eye-opening and in many ways the challenges we uncovered fall beyond the reach of legislation. There were a number of troubling results from this study, and what they show strongly suggest a public eager to get in on the fun of social media, but less eager to take the simple steps necessary to protect against information shared through social sites being co-opted for the purposes of perpetrating identity theft.

Consider a handful of statistics that came out of our study:

·         Of 698 individuals surveyed, 40 percent said they take no steps to protect their privacy or security while online;

·         Only 8 percent said they have read the privacy policy of the social sites they’ve joined;

·         While 60 percent said their social media password is known only by themselves, that suggests 40 percent share their passwords; and,

·         Only 40 percent of those individuals we surveyed said they closely screen “friend” requests before accepting.

Sadly, we also surveyed a different set of 567 individuals victimized by identity theft and the numbers were not very different. Respectively the corresponding percentages were 41, 9, 62, and 41 respectively. Experience may be a harsh schoolmarm, but apparently not always an effective one.

This post is not meant to suggest that there may or may not be a need for some measure of legislation or regulation intended to reflect the realities of today’s online environment, but can Washington craft a law that will compel individuals to take better action on their own behalf to guard against misuse of personal information? The answer to that question is no. The human element will always be the weakest link in the security chain. This is reflected in fact that only 13 percent of social networking users said they believe they bear the primary responsibility for protecting their own privacy while using social media. Instead, they feel that responsibility lies with the social media service provider (41 percent) or even the government (34 percent) even though neither of those two parties are the ones updating statuses, posting photos, entering personal information into forms, “liking” posts or advertisements, or sharing any of the other kinds of information people choose to share in a highly public forum.

More needs to be done to help people understand the risks involved with sharing information online, to be more cognizant of the information they do share online, and to take better advantages of the tools made available to them to provide such protection. This has to be the responsibility of the social media entities themselves, but also that of each one of us who call ourselves privacy professionals.

What do you think?

Please let us know, and if you would like a copy of our study, drop us a line.