Download Social Media (Facebook, Flickr, GitHub, Instagram, LinkedIn ... and more Schemes and Mind Maps Mass Communication in PDF only on Docsity!
Social Media (Facebook, Flickr, GitHub, Instagram, LinkedIn, Storify,
Twitter, Tumblr, and YouTube) Privacy Impact Assessment (PIA)
UNITED STATES AGENCY FOR INTERNATIONAL DEVELOPMENT
Office of the Chief Information Officer (M/CIO)
Information Assurance Division
USAID/LPA/PIPOS/Social Media
Approved Date: May 6, 2014
Additional Privacy Compliance Documentation Required:
☐ None
☐ System of Records Notice (SORN)
☐ Open Data Privacy Analysis (ODPA)
☐ Privacy Act Section (e)(3) Statement or Notice (PA Notice)
☐ USAID Web Site Privacy Policy
☐ Privacy Protection Language in Contracts and Other Acquisition‐Related Documents
☐ Role‐Based Privacy Training Confirmation
Possible Additional Compliance Documentation Required:
☐ USAID Forms Management. ADS 505
☐ Information Collection Request (ICR). ADS 505, ADS 506, and ADS 508 Privacy Program
☐ Records Schedule Approved by the National Archives and Records Administration. ADS 502
ii
- Date Approved: May 6,
- 1 Introduction Table of Contents
- 2 Information
- 2.1 Program and System Information
- 2.2 Information Collection, Use, Maintenance, and Dissemination
- 3 Privacy Risks and Controls
- 3.1 Authority and Purpose (AP)
- 3.2 Accountability, Audit, and Risk Management (AR)
- 3.3 Data Quality and Integrity (DI)
- 3.4 Data Minimization and Retention (DM)
- 3.5 Individual Participation and Redress (IP)
- 3.7 Transparency (TR)
- 3.8 Use Limitation (UL)
- 3.9 Third‐Party Web Sites and Applications
Date Approved: May 6, 2014
2.1.2 Describe the SYSTEM and its PURPOSE. GitHub is a U.S. owned web‐based hosting service for software development projects that uses the Git revision control system for collaborative development of software. Git is a source code revision management and development system that allows distributed programmers to perform software updates and modifications. Software developed using GitHub is open source software (OSS), which is openly available software that can be freely modified and redistributed. OSS, particularly when combined with an editing system such as Git and a popular hosting site such as GitHub, can have a number of important advantages over traditional means of software development in terms of quality, cost, and development cycle time, including: Review of software code, updates and edits by a broad range of programmers, thereby improving software function and reliability; thorough and rapid testing and debugging; and timely updates, allowing the software to continually meet user needs and remain current with prevailing trends. Under the Digital Government Strategy, USAID is required to set up a developer hub at www.usaid.gov/developer. As suggested, USAID will include on its /developer pages a link to a code repository, specifically GitHub, and create a USAID page on GitHub. GitHub is currently used by several federal agencies for the development of various software applications. GitHub is a software code repository, so any information that USAID posts will be in the form of publicly available computer code, or narrative text, much in the way that the Agency uses a social media tool like FaceBook. USAID will not be posting anything that is sensitive or not already made publically available. Information that the external community would post to the USAID GitHub site would be voluntary and can be made anonymously. USAID’s use of GitHub will promote public participation and collaboration and will increase government transparency by allowing the public to directly observe and participate in the design and implementation of certain USAID software projects. This will enable the public to understand more fully the software that USAID uses. In turn, USAID will benefit from the use of GitHub by obtaining higher quality software with reduced development time and lower development costs. Instagram is an online photo‐sharing, video‐sharing and social networking service that enables its users to take pictures and videos, apply digital filters to them, and share them on a variety of social networking services, including Facebook, Twitter, and Flickr. Instagram is one of the fastest growing social media applications in the world. The platform has more than 150 million users worldwide. Each day more than 55 million photos and videos are posted and shared using the platform. In total, over 16 billion photos and videos have been shared through Instagram. Instagram is particularly popular among younger audiences. The younger audiences are considered one the top audiences with whom USAID communicates. As this platform is becoming one of the largest and most effective tools to communicate visually with people, the Bureau for Legislative and Public Affairs (LPA) would like to use this as a tool to communicate the work the Agency does. LPA’s mandate is to communicate to audiences worldwide about U.S. assistance. LPA will use Instagram to share photos and videos of assistance efforts and the work USAID is doing around the world. By showing compelling photos and videos of the work USAID is doing, the Agency can garner more support for the Agency and for the work of international development. LinkedIn is an international social networking website for people in professional occupations with the mission to connect the world's professionals to make them more productive and successful. LinkedIn provides access to professional people and organizations, as well as related news, updates, and electronic conversations that can provide enhanced information sharing, collaboration, and horizontal communication among multiple users. In accordance with the President’s Memorandum on Transparency and Open Government and the Open Government Directive (2009), USAID will use LinkedIn to further engage the public. USAID promotes transparency by making information about the U.S. role in international development and disaster assistance widely available to international LinkedIn membership through the Agency’s LinkedIn page. Storify is a web site that provides a platform for users to tell stories by collecting updates from social networks, amplifying the voices that matter to create a new story format that is interactive, dynamic and social. LPA uses Storify to curate social networks to build social stories, bringing together media scattered across the Web into a coherent narrative about USAID activities. LPA searches social media networks, such as Twitter, Facebook, YouTube, Flickr, and Instagram, to find media elements about USAID.
Date Approved: May 6, 2014
2.1.2 Describe the SYSTEM and its PURPOSE. Tumblr is a microblogging platform and social networking web site and mobile application. Tumblr allows users to post multimedia and other content to a short‐form blog on a dashboard. Users can follow other users' blogs, as well as make their blogs private. The dashboard a live feed of recent posts from blogs that they follow. Through the dashboard, users are able to comment, reblog, and like posts from other blogs that appear on their dashboard. The dashboard allows the user to upload text posts, images, video, quotes, or links to their blog. Users are also able to connect their blogs to their Twitter and Facebook accounts, so whenever they make a post, it will also be sent as a tweet and a status update. Users are also able to set up a schedule to delay posts that they make and can spread their posts over several hours or even days. For each post a user creates, the user is able to help the audience find posts about certain topics by adding tags. Twitter is a social network that allows micro blogging. Tweets are limited to 140 characters. USAID will use Twitter to disseminate mission related links and information to the public. In accordance with the President’s Memorandum on Transparency and Open Government and the Open Government Directive (2009), USAID will use Twitter to further engage the public. USAID promotes transparency by making information about the U.S. role in international development and disaster assistance widely available to the general public through the Agency’s Twitter feed. YouTube is a social network that allows the uploading of video content. This content can then easily be shared with others by embedding in blogs, webpages, or other social media. In accordance with the President’s Memorandum on Transparency and Open Government and the Open Government Directive (2009), USAID will use YouTube to further engage the public. USAID promotes transparency by making information about the U.S. role in international development and disaster assistance widely available to the general public through the Agency’s YouTube channel. 2.1.3 What is the SYSTEM STATUS? ☒ New System Development or Procurement ☐ Pilot Project for New System Development or Procurement ☒ Existing System Being Updated ☐ Existing Information Collection Form or Survey OMB Control Number: ☐ New Information Collection Form or Survey ☐ Request for Dataset to be Published on an External Website ☐ Other: 2.1.4 What types of INFORMATION FORMATS are involved with the program? ☐ Physical only ☒ Electronic only ☐ Physical and electronic combined
Date Approved: May 6, 2014
2.1.6 What type of system and/or TECHNOLOGY is involved? ☐ Remote, Shared Data Storage and Processing (cloud computing services) ☐ Other: ☐ None 2.1.7 About what types of people do you collect, use, maintain, or disseminate personal information? ☒ Citizens of the United States ☒ Aliens lawfully admitted to the United States for permanent residence ☒ USAID employees and personal services contractors ☒ Employees of USAID contractors and/or services providers ☒ Aliens ☒ Business Owners or Executives ☐ Others: ☐ None 2.2 Information Collection, Use, Maintenance, and Dissemination 2.2.1 What types of personal information do you collect, use, maintain, or disseminate? ☒ Name, Former Name, or Alias: USAID does not collect names, but may disseminate names of subjects of photos in hashtags, etc. ☐ Mother’s Maiden Name ☐ Social Security Number or Truncated SSN ☐ Date of Birth ☐ Place of Birth ☐ Home Address ☐ Home Phone Number ☐ Personal Cell Phone Number ☐ Personal E‐Mail Address ☐ Work Phone Number
Date Approved: May 6, 2014
2.2.1 What types of personal information do you collect, use, maintain, or disseminate? ☐ Work E‐Mail Address ☐ Driver’s License Number ☐ Passport Number or Green Card Number ☐ Employee Number or Other Employee Identifier ☐ Tax Identification Number ☐ Credit Card Number or Other Financial Account Number ☐ Patient Identification Number ☐ Employment or Salary Record ☐ Medical Record ☐ Criminal Record ☐ Military Record ☐ Financial Record ☐ Education Record ☒ Biometric Record (signature, fingerprint, photo, voice print, physical movement, DNA marker, retinal scan, etc.) ☐ Sex or Gender ☐ Age ☐ Other Physical Characteristic (eye color, hair color, height, tattoo) ☐ Sexual Orientation ☐ Marital status or Family Information ☐ Race or Ethnicity ☐ Religion ☐ Citizenship ☒ Other: Hashtags of broad geographic locations of photos, such as country names. ☐ No PII is collected, used, maintained, or disseminated
Date Approved: May 6, 2014
2.2.4 Who owns and/or controls the system involved? ☒ USAID Office: ☐ Another Federal Agency: ☐ Contractor: ☐ Cloud Computing Services Provider: ☒ Third‐Party Website or Application Services Provider: See the names of the applications list on the title page. ☐ Mobile Services Provider: ☐ Digital Collaboration Tools or Services Provider: ☐ Other: 3 Privacy Risks and Controls 3.1 Authority and Purpose (AP) 3.1.1 What are the statutes or other LEGAL AUTHORITIES that permit you to collect, use, maintain, or disseminate personal information? 5 U.S.C. § 301, Departmental Regulations; 22 U.S.C. Ch. 32, Subchapter I, Foreign Assistance Act of 1961, as amended. 3.1.2 Why is the PII collected and how do you use it? LPA will not collect PII from the social media members or public users and will abide by the USAID Web Site Privacy Policy. The PII collected through these social media accounts, as identified in section 4.2.1, is limited in nature and scope. Through the social media accounts, USAID will post photos, video, and sound recordings of USAID’s work, which may sometimes include PII. LPA will not use geotagging at this time. The Agency will make a risk and privacy determination if and when geo‐ tagging will be enabled. In this circumstance the Deputy Assistant Administrator for Public Affairs will make the determination, after working with the Privacy Office to update the PIA, pursuant to ADS 508 Privacy Program Section 3.5.2, Privacy Impact Assessments.
Date Approved: May 6, 2014
3.1.3 How will you identify and evaluate any possible new uses of the PII? In the case that PII is in the photo, video, or sound recording or in the captions, LPA will make a determination as to whether or not the individual will be named and their general location will be included (Hashtags of broad geographic locations, such as country). The determination to post PII will be made by the Deputy Assistant Administrator for Public Affairs and will be based on risk and privacy concerns. If additional PII information becomes available or changes within the platform, LPA will contact the Privacy Office immediately to consult on the risks and privacy concerns associated with the change. After consulting with the Privacy Office, LPA will make a determination on the impact of the new PII. 3.2 Accountability, Audit, and Risk Management (AR) 3.2.1 Do you use any data collection forms or surveys? ☒ No: ☐ Yes: ☐ Form or Survey (Please attach) ☐ OMB Number, if applicable: ☐ Privacy Act Statement (Please provide link or attach PA Statement) 3.2.3 Who owns and/or controls the personal information? ☐ USAID Office:
☐Another Federal Agency:
☐ Contractor: ☐ Cloud Computing Services Provider: ☒ Third‐Party Web Services Provider: ☐ Mobile Services Provider: ☐ Digital Collaboration Tools or Services Provider: ☐ Other: 3.2.8 Do you collect PII for an exclusively statistical purpose? If you do, how do you ensure that the PII is not disclosed or used inappropriately? ☒ No. ☐ Yes:
Date Approved: May 6, 2014
3.4.4 What types of reports about individuals can you produce from the system?
LPA creates general reports to track the number of users who “follow”, “friend”, or “like” USAID
postings. These reports do not pull PII and are used for measuring the effectiveness of the social media
tool.
3.4.6 Does the system monitor or track individuals? (If you choose Yes , please explain the monitoring capability.) ☒ No. ☐ Yes: 3.5 Individual Participation and Redress (IP) 3.5.1 Do you contact individuals to allow them to consent to your collection and sharing of PII? Prior to posting PII, LPA will request consent from individuals to post their PII. This will be either through e‐mail, in person, or through the social media application. 3.5.2 What mechanism do you provide for an individual to gain access to and/or to amend the PII pertaining to that individual? LPA will provide in its profiles its contact information for an individual wishing to amend the PII that USAID has posted. LPA can remove or amend content from social media content posted and controlled by USAID. 3.5.3 If your system involves cloud computing services and the PII is located outside of USAID, how do you ensure that the PII will be available to individuals who request access to and amendment of their PII? LPA will provide in its profile its contact information for an individual wishing to amend the PII that USAID has posted. LPA can remove or amend content from social media content posted and controlled by USAID, but cannot provide a mechanism to provide access to or amendment of content that it posted but which has been reused by other social media users. A social media user may request the platform to amend content, but the platforms retain the right to remove, edit, block, and/or monitor content that it determines in its sole discretion violates the terms of use.
Date Approved: May 6, 2014
3.7 Transparency (TR) 3.7.1 Do you retrieve information by personal identifiers, such as name or number? (If you choose Yes , please provide the types of personal identifiers that are used.)
☒ No. USAID does not retrieve information by personal identifiers through its social media platforms. Instead,
users find USAID through search features, hashtags, etc., and follow, like, and subscribe to see the Agency's information. When using social media, USAID will use hashtags (#) and the “at” sign @ to tag keywords (such as #endpoverty) and principals (such as @rajshah) in posts to make USAID content more easily searchable and transparent.
☐ Yes:
3.7.2 How do you provide notice to individuals regarding?
- The authority to collect PII:
- The principal purposes for which the PII will be used:
- The routine uses of the PII:
- The effects on the individual, if any, of not providing all or any part of the PII: LPA will provide on all social media accounts an information link to the Agency’s Privacy Policy, which can be found at: http://www.usaid.gov/privacy‐policy. Prior to posting PII, LPA obtains consent from individuals directly for the use of their PII. USAID has also published a System of Records Notice entitled “USAID‐ 29 On‐Line Collaboration Records,” which provides notice to individuals on these issues. 3.7.3 Is there a Privacy Act System of Records Notice (SORN) that covers this system? ☐ No ☒ Yes: USAID‐ 29 On‐Line Collaboration Records, 75 FR 4526 (Jan. 28, 2010). 3.7.4 If your system involves cloud computing services, how do you ensure that you know the location of the PII and that the SORN System Location(s) section provides appropriate notice of the PII location? U.S. Government has amended terms of service with all of the social media outlets included in this document. They are found at: http://www.howto.gov/social‐media/terms‐of‐service‐agreements/negotiated‐terms‐of‐ service‐agreements.
Date Approved: May 6, 2014
3.9.1 What PII could be made available (even though not requested) to USAID or its contractors and service providers when engaging with the public? Flickr: Users do not have to sign‐up for Flickr to view USAID’s photos. However to comment, star, or subscribe to USAID’s page, users would need to create a Flickr account. The only PII that could be available through Flickr would be that which a user posts on their personal Flickr page and therefore is not under the control of USAID. GitHub: This is an external website managed and hosted by a private company with no relationship to USAID. USAID will post content on this page, but all content will have been previously made public. No sensitive information will be posted. GitHub requires users to register before posting a software project or viewing or editing software code posted by other users. To register, users must provide a username and email address. Users can create an expanded profile that includes a name, username, website URL, company name, location, professional biography, and a profile picture or avatar. USAID will not collect PII through its use of GitHub. USAID will be able to view the profiles of other GitHub users, including users who edit USAID software code posted on GitHub. If a GitHub user interacts with USAID through its official GitHub webpage, their name, username, email address, website URL, company name, location, professional biography, profile picture or avatar, or any other PII provided by the user might be made available to USAID. Instagram: There are millions of Instagram users world‐wide, including all types of people, government agencies, and private organizations. Instagram requires users to create an account before using the web site. To create an account, users must provide their username, password, and email address. Users may choose to provide a profile with additional information such as full name, photo, phone number, gender, location, descriptions of users’ skills, professional experience, educational background, honors, awards, professional affiliations, LinkedIn Group memberships, networking objectives, and companies or individuals that users follow. Users may choose to provide such information in order to be “found” and therefore connect with other users. If an Instagram user interacts with USAID through its official Instagram account (including commenting on a USAID photo), requests information, or submits feedback through Instagram, their Instagram username will become available to USAID. Other PII provided by the user, including first and last name, profile photo, images, and contents of postings, may also become available to USAID. However, USAID does not collect, use, maintain, or disseminate PII through its use of Instagram. USAID will only track the number of users who “follow” or “like” USAID photos. If users “follow” or “like” a USAID photo, the fact that the user made that selection will be publicly available. USAID does not record which users “follow” or “like” its photos. Whenever possible, USAID elects not to have non‐public information made available to it. LPA is under the impression that Instagram does not make non‐public information available to USAID based upon a user’s “following” or “liking” USAID photos. USAID will not “follow” or “like” other photos posted by other users. USAID will only note the number of actions taken in regard to USAID photos. This will be a mobile application that is available on phones, however only LPA staff will have access to the USAID Instagram account. LinkedIn: This is an external website, managed and hosted by a private company with no relationship to USAID. USAID will post content on this page, but all content will have been previously made public. No sensitive information will be posted. LinkedIn requires users to create an account before using the website. To create an account, users must provide their name, email address, and password. Users can provide additional information such as gender and location. In addition, users may choose to provide a profile with additional information such as photos, descriptions of users’ skills, professional experience, educational background, honors, awards, professional affiliations, LinkedIn Group memberships, networking objectives, and companies or individuals that users follow. USAID will not collect PII through its use of LinkedIn. USAID will be able to view the profiles of LinkedIn users, including users who chose to join the USAID group. If a LinkedIn user interacts with USAID through its official LinkedIn webpage, their name, photo, and professional and educational history, or any other PII provided by the user might be made available to USAID. Storify: Users can post private updates from Facebook publicly on Storify. By using their curation tool, someone in a private or secret Facebook group (where only members can view content) can share something meant for a limited audience for the whole web to view on Storify.
Date Approved: May 6, 2014
3.9.1 What PII could be made available (even though not requested) to USAID or its contractors and service providers when engaging with the public? Tumblr: Users can view USAID’s Tumblr page without having a Tumblr account. However to follow, like, or repost anything from USAID the user would need to have their own account. It is possible for USAID to repost a Tumblr users post, that could potentially include PII. If USAID wants to repost something from Tumblr that includes PII, we will seek permission from the user before reposting this information. Twitter: Users do not have to subscribe to Twitter in order to view USAID’s Twitter feed. In order to “follow” USAID, users may choose to set up an account with Twitter. Information provided in the account set up process is owned and managed by Twitter and subject to Twitters privacy policy. USAID will not seek out or collect account information held by Twitter. Some Twitter users choose to reveal their actual name, photo, or other personal information in their profile or Tweets. Some Twitter users may also append their location to their Tweets. USAID does not intend to collect, maintain, or disseminate personally identifiable information (PII) from the individuals who visit or follow USAID’s Twitter account. USAID will, however, occasionally gather publicly available information on Twitter for internal reporting purposes. This may include Tweets that mention USAID or users who re‐Tweet the Agency’s posts. The Twitter handles of organizations, journalists, and influential bloggers may be collected and distributed for use in the daily news clips. For instance “@gatesfoundation and 7 others re‐Tweeted our post leading to 750,000 additional views” These will be maintained in the same manner as press clips. Other than the press clips mentioned above, USAID will not be collecting, sharing, storing, or maintaining any PII. YouTube: Users do not have to subscribe to YouTube in order to view USAID’s YouTube channel. In order to comment on the USAID channel, some users may choose to set up an account with YouTube. Information provided in the account set up process is owned and managed by YouTube and subject to YouTube’s privacy policy. USAID will not seek out or collect account information held by YouTube. Some YouTube users choose to reveal their actual name, photo, or other personal information in their profile or comments. USAID does not intend to collect, maintain, or disseminate personally identifiable information (PII) from the individuals who visit or comment on the Agency’s YouTube channel.
