You are on page 1of 36

FCC DIGITAL MEDIA STYLE GUIDE

The FCC Digital Media Style Guide sets the rules of the road for content carried over the FCC’s
social media and digital channels in order to provide a clear, consistent and compelling online
presence for users.

This guide should be used as a reference for building out content that support major initiatives
and programs.

Target Audiences & Plain Language


Social media often presents challenges for communicators because the users don’t focus on a
single document. A reader often goes through tons of info, skims topics, and browses sites to
determine where to focus his or her attention. If content is dense, long, and jargon-filled, the
reader probably won’t find it appealing. To ensure that the reader does take the time to read
your messages, digital media content creators should…

· Understand the audience they are trying to reach.


· Follow plain language best practices.

Know Your Target Audience(s)


One benefit of using social media is audience segmentation. You can develop messages that are
specific to the concerns, needs, and desires of a particular demographic. Understanding what’s
important to your audience will increase the impact and effectiveness of your social media
efforts.

It is also important to understand your audience. This helps you select the best channels for
reaching specific audiences with your messages. The primary channels the FCC uses include:
Facebook, Twitter, Instagram, Storify, Flickr, blog posts, etc. Everyone accesses information in
different ways, at different times of the day, and for different reasons. Using market research,
metrics, and other data to define the FCC’s audience needs will be important in selecting the
most effective channels. Each social media channel is different in the way it engages
communities and manages content. Understanding how people use or participate in different
social media channels will help you determine the FCC’s engagement strategy.

Social Media/Digital Media Basics


Social media messages cover a wide-range of topics. For Facebook, Twitter and Instagram draft
messages that either offer:
● Timely information
● Interesting historical facts about the government
● Very clear calls to action, like filing a consumer complaint
● Friendly, conversational, and engaging
● Action-oriented
● Relevant
○ Relevant social media content makes people think “This matters to me.”
Relevant info can be based on… geography, audience, interests, etc.
Use of Images: Whenever possible, include a visual with your messages. Use government
sources like the Library of Congress (search for “Photos, prints, drawings to see what’s available
online) and the USA.gov search. Another good place to search for images is Hackpad.

Facebook: personal platform where people go to catch up with family & friends
● Uses: Organic posts, advertisements, more relaxed social content
● Pros: Post text can be long and users can include multiple images in one post
● Cons: Algorithm changes to timeline feeds are making more difficult for organizations to
reach audiences
● Writing Content for Facebook:
○ Facebook offers more space to create content than Twitter or text messages.
○ Each Facebook post can be a maximum of 420 characters plus a link.
○ However, a shorter length is recommended; FCC recommends that Facebook
posts be 250 characters (or shorter) to allow the post to be viewed completely in
the news-feed.
○ All posts written for Facebook should use consumer-friendly, action-oriented
messaging. The posts should be interesting and compelling and include a specific
call to action. Posts should include one link to a Web page, photo, or captioned
video.
○ Because Facebook is a platform for people to share what’s going on in their lives,
the tone is naturally casual but professional.
○ Use a consumer-friendly voice when crafting your messages. If your post is
directed toward specific people, then avoid or define jargon.
○ Facebook is used to highlight Commission initiatives from consumer tips,
upcoming events, photos, workshops, meetings etc.
● Tagging on Facebook: The next time you’re typing an agency or organization's name in a
post, add the @ symbol in front of it. This will trigger the tagging feature in Facebook,
automatically creating a link and displaying the post on the partner’s page. Encourage
partners to tag FCC, too.
● Hyperlinks: All fcc.gov or government hyperlinks posted on Facebook should be created
by using the usa.gov URL shortner. If a non-govt site needs to be posted on the channel
use the fcc’s bitly account to shorten the links. The goal is to have all links look
uniformed when publishing FCC content.
Twitter: a short message platform organized chronologically, not by user relevance
● Uses: Twitter chats, polls, short form postings (140 character max)
● Pros: Can tweet often because tweet lifetime is short, roughly 15-20mins
● Cons: Keeping posts within the character limits can be challenging and reaching
audiences can be difficult since post are arranged by time rather than relevance.
● Writing Content for Twitter: Although Twitter can be up to 140 characters (including
spaces and punctuation)
○ FCC recommends that tweets be less than that to allow for other text to be
added when the tweet is retweeted.
○ Keep tweets to 120 characters or less including a shortened URL (around 23
characters). This leaves about 100 characters for your message. Writing tweets
of 120 characters or less makes it easier for followers to retweet your message
without having to edit it to make it briefer.
○ To calculate the number of characters in a draft tweet, use the character
counting tool in Microsoft Word.
○ As with all social media, messages crafted for Twitter should be reader-friendly
and action-oriented. Ask a question, highlight a key statistic, or provide a specific
call to action.
○ Twitter is used to highlight Commission initiatives from consumer tips, upcoming
events, photos, workshops, meetings etc. It is also used to highlight other agencies via
“retweeting” their messages that relate to the FCC or have government content that
needs to be shared. The FCC official twitter account will retweet the Chairman or
Commissioners, if it is content that highlights the work of the Commission.
● Hyperlinks: All fcc.gov or government hyperlinks posted on twitter should be created by
using the usa.gov URL shortner. If a non-govt site needs to be posted on the channel use
the fcc’s bitly account to shorten the links. The goal is to have all links look uniformed
when publishing FCC content.
● Twitter Mentions: @mentions in tweets. If you put a period before someone's
username at the beginning of a tweet, everyone who follows you will be able to see that
tweet. If you start the tweet with someone's username, the only people who will be
able to read it are those who follow both you
Instagram: an image based photo-sharing network with over 100 million users
● Uses: Sharing fun and creative photos to show what your organization is about
● Pros: Rich media is amplified and the platform is popular with millennials
● Cons: Posts can only be searched by hashtag and most users only access Instagram via
mobile
● Instagram Mentions: @mentions allows you to tag a user or group in the post by “@”
their name.
● Writing Content for Instagram: Make sure you include a call to action because it
increases shares of your Instagram posts and engages your followers.
○ The only link to the web on Instagram, is the link in your bio of your Instagram
profile. That links to www.fcc.gov or whatever fcc.gov page you want people to
see/ from the FCC’s Instagram account.
○ Limit the number of hashtags per post to no more than 5.
○ Always use #FCCGov to brand the FCC on Instagram as the hashtag for our
account to make sure we’re participating in the conversation the FCC created.
○ Use hashtags use them at the beginning or at the end of the post or to place
emphasis on words.
○ Instagram is used to highlight telecom facts/ images, events/ trips of the
Chairman and initiatives at the Commission. Instagram is used primarily for
visual storytelling.
Flickr: an image hosting and video hosting website and web services suite
● Uses: photo-sharing website used to showcase pictures of events and workshops.
● Pros: easy to use and all the benches photos on fcc.gov link to the FCC’s flickr account
● Cons: Not as popular as instagram but a good medium for folks over 35.
● Flickr Content: Publishes pictures from various Commission events and outings of the
Commissioners. All Flickr captions must be in plain language and easy to read by screen
readers and the accessible community.
YouTube: a video platform used to share videos to billions of users
● Uses: video sharing website that makes it easy to watch online videos.
● Pros: Popular with millennials. More than 35 hours of video is uploaded to YouTube
every minute.
● Cons: it only specializes in video sharing and posting video content
● YouTube Content: Serves as a video repository for all filmed FCC events, workshops,
meetings & as the FCC;s channel to highlight special initiatives from various bureaus,
offices , etc that promote the mission of the Commission.
Storify: a video platform used to share videos to billions of users
● Uses: content from several digital media channels to craft a story about a particular
event, meeting, place or thing.
● Pros: You can integrate content from multiple platforms such as Facebook, Instagram,
Flick and Twitter to craft your story.
● Cons: it’s not as popular or as widely used as other digital media channels.
● Storify Content: Serves a way to capture the digital media stories of all those who
participate in an FCC events, workshops, meetings etc. It primarily serves as the FCC’s
channel to highlight special initiatives from FCC’s Connect to Health team and recap
twitter townhalls.
FCC Grammar Tips
Please avoid saying “the FCC is holding an XXXX mtg” when it is actually the XXXX advisory
committee that is meeting. See the example below on how to craft advisory and committee
meeting content:
EX: “The FCC’s Disability Advisory Committee meets today at 9 am EDT. “
When the Commission itself meets, use the active voice, which is always stronger if it doesn’t
get in the way of the message in the sentence. See example below for crafting Open
Commission Meeting Content.

EX: “Reminder: the FCC holds its June Open Meeting on 6/30.”

When referring to time in any post on social media, please make sure you use the appropriate
abbreviation. EX: EDT= Eastern Daylight Savings Time ET= Eastern Standard Time

Writing Tips
Content must be accessible and usable to the widest possible audience. Writing for accessibility
goes way beyond making everything on the page available as text. It also affects the way you
organize content and guide readers through a page.

Write for a diverse audience of readers who all interact with our content in different ways. We
aim to make our content accessible to anyone using a screen reader, keyboard navigation, or
Braille interface, and to users of all cognitive capabilities.
As you draft content, please consider the following:
· Would this language make sense to someone who doesn’t work here?
· Could someone quickly scan this document and understand the material?
· If someone can’t see the colors, images or video, is the message still clear?
· Is the markup clean and structured?
· Mobile devices with accessibility features are increasingly becoming core
communication tools, does this work well on them?

Avoid directional language


Avoid directional instructions and any language that requires the reader to see the layout or
design of the page. This is helpful for many reasons, including layout changes on mobile.
· Yes: “Select from these options,” (with the steps listed after the title)
· No: “Select from the options in the right sidebar.”

Employ a hierarchy
● Put the most important information first. Place similar topics in the same paragraph,
and clearly separate different topics with headings.
● Starting with a simple outline that includes key messages can help you create a
hierarchy and organize your ideas in a logical way. This improves scannability and
encourages better understanding.

Use descriptive links


http://www.gsa.gov/portal/content/10525
Links should provide information on the associated action or destination. Try to avoid “click
here” or “learn more.”

Use plain language


Write short sentences and use familiar words. Avoid jargon and slang. If you need to use an
abbreviation or acronym that people may not understand, explain what it means on first
reference. Most importantly make sure everything is 508 compliant.

Make sure closed captioning is available


Closed captioning or transcripts should be available for all videos. The information presented in
videos should also be available in other formats.
Be mindful of visual elements
Aim for high contrast between your font and background colors. Tools in the resources section
should help with picking accessible colors.
Images should not be the only method of communication, because images may not load or may
not be seen. Avoid using images when the same information could be communicated in writing.

Popular Hashtags for Throwback & Following Users:


· #FF = Follow Friday. A trend that recommendation to follow other twitter users on Fridays
· #TBT = Throw Back Thursdays
· #FBF= Flashback Friday

Most Frequently used FCC Hashtags:


*Either custom hashtags or ones we use frequently in messaging
· #Broadband= broadband
· #C2HFCC= Connect to Health FCC
· #Consumers= consumers
· #CSRIC= Communications Security Reliability Interoperability Council Meeting
· #DAC= Disability Advisory Committee
· #EAS= Emergency Alert System
· #eRate= eRate
· #FCCAuctions= FCC auctions
· #FCCGov= FCC Gov primarily used with Instagram
· #FCCLive= FCC live for all live events/ events accepting livequestions@fcc.gov
· #FCCNetNeutrality #NetNeutrality= Open Internet/ Net Neutrality comments/ complaints
· #FCCmaps = Follow Friday. A trend that recommendation to follow other twitter users
· #FCCtips= FCC Consumer guide tips or helpful information
· #Health= health
· #HealtIT= heath IT
· #IncentiveAucton= Incentive Auction
· #InmateCallingRates= Inmate calling reform rulings & workshops
· #Internet4schools
· #NG911- Next Generation 911
· #OpenMtgFCC= FCC Open Commission Meeting
· #PublicSafety+ Public Safety
· #ProtectingConsumers = Protecting Consumers
· #SaynotoJamming= illegal jammers
· #StayingConnected= used for Consumer Tips w/ CGB guides
· #StopRobocalls= stop robocalls
· #TAC= Technical Advisory Committee Meeting
· #TFOPA= Task Force for Optimal PSAP Architecture meeting
· #TxtTO911= Text to 911
· #Wifi4schools= wifi for schools (eRate)

Technical Abbreviations
· CC = Carbon-copy. Works the same way as email
· CX = Correction
· CT = Cuttweet. Another way of saying partial retweet
· DM = Direct Message. A direct message is a private tweet that only the sender and
receiver can see. To send a DM click on the envelop icon at the top-right of the page.
· MT = Modified Retweet. This means that someone has retweeted someone else’s tweet,
but has modified it from the original tweet. MT is a manual process. Signify by writing “MT”
then write text.
· PRT = Partial Retweet. The tweet you're looking at is the truncated version of someone
else's tweet. PRT is a manual process. Signify by writing “PRT” then shorten the text.
· RT = Retweet. This means the tweet you are reading was not original to that Twitter user.
You can use the Retweet button or signify by writing “RT” then copy text.

Conversational Social Media Abbreviations:


· BC & B/C = Because
· B4 = Before
· BGD = Background
· BTW = By The Way
· CHK = Check
· CLD = Could
· DYK = Did you know
· FB = Facebook
· Fr = From
● FWIW = For what it's worth.
● HOTD = Headline of the day
● HT = Heard through
· ICYMI = In Case You Missed It
· IDK = I Don’t Know
• IC = I see
• JK = Just kidding, joke
• LMK = Let me know
• LOL = Laugh out loud
• MM = Music Monday
• QOTD = quote of the day
• RE = In reply to, in regards to
· PPL = People
• SMH = Shaking my head
● SRS = Serious
• TFTF = Thanks for the follow
• TFTT = Thanks for this tweet
• TL = Timeline
● TT = Trending Topic
• TY = Thank you
• TYT = Take your time
● W or w/ = With
• W/E or WE = Whatever or weekend
YW = You’re Welcome
• YOLO = You only live once
• YOYO = You're on your own

Sources
http://www.businessinsider.com/a-guide-to-twitter-slang-lingo-abbreviations-and-
acronyms-2013-9
http://socialmediatoday.com/emoderation/512987/top-twitter-abbreviations-you-need-
know
http://marketing.wtwhmedia.com/30-must-know-twitter-abbreviations-and-acronyms

Federal Agencies’ Social Media and Writing Resources


· AIDS.gov: Using New Media–Guidance on audience, social media strategy, text
messaging, and Twitter.
· DoD Social Media Hub–Education and training section includes slides, videos, and
computer-based training.
· HowTo.gov’s Social Media Content–Types of social media, using social media in
government, challenges and contests, open government.
· Plain Language Action and Information Network’s Federal Plain Language Guidelines
· The Social Media Navigator: GSA’s Guide to Official Use of Social Media (PDF)–
Sections on writing in plain language and a Requirements Checklist When Using Social
Media.
· The “Ultimate” Small Business Guide to Social Media Marketing (SBA)–Guidance and
links to business-related articles on using social media.
· USA.gov & GobiernoUSA.gov Social Media Guidelines–Making Content Sociable (PDF)
–Advice on writing social media content in Spanish and English that is “Easy to
understand, Unbiased, Portable, and ‘Lightweight’."
Privacy Best Practices for Social Media

July 2013
Privacy Best Practices for Social Media

Table of Contents
1. Overview .................................................................................................................................... 2
2. Types of Use of Social Media ..................................................................................................... 3
3. Establishing a Social Media Program ......................................................................................... 7
4. Interacting with the Public......................................................................................................... 8
5. Information Sharing and Retention ......................................................................................... 10
6. Web Measurement and Customization Technologies ............................................................ 10
7. Use of Third Party Websites .................................................................................................... 11
8. Universal Resource Locator (URL) Shortening Technology ..................................................... 11
9. Cybersecurity Risks Associated with the Use of Social Media ................................................. 12
10. Summary ................................................................................................................................ 13
Appendix A: Definitions ............................................................................................................... 14
Appendix B: References ............................................................................................................... 16
Appendix C: Additional Resources ............................................................................................... 17

1
Privacy Best Practices for Social Media

1. Overview
“Social media,” also known as “Web 2.0” or “Gov 2.0,” are web-based tools, websites,
applications, and media that connect users and allow them to engage in dialogue, share
information, collaborate, and interact. Social media websites are oriented primarily to create a rich
and engaging user experience. In social media, users add value to the content and data online;
their interactions with the information (e.g., both collectively and individually) can significantly
alter the experiences of subsequent users.
Websites like Twitter, Facebook, YouTube, Flickr, and others make it easy to reach large numbers
of people. The Internet may be used to reach millions of people just by posting a blog, sharing a
video, or by tweeting an observation or question on Twitter. YouTube is now the second largest
search engine (after Google) in the world. Social media allows anyone who uses information to
also create it. Hence, this makes social media an ideal platform for sharing information, starting
conversations, and exchanging knowledge within and outside government. Billions of pieces of
content (e.g., web links, news stories, blog posts, notes, photo albums) are shared each month on
Facebook and other social media sites. These venues serve as a space where content is both
discovered and shared.
One of the Federal Government’s most important missions is to provide citizens, customers, and
partners with easy access to government information and services. As society increasingly relies on
social media as a primary source for information, it is clear that these platforms have an important
role to play in the Federal Government's communication strategy, including its move toward a
digital, open government.1 Social media allows an agency to post messages in places where
people regularly interact, and ensures it reaches interested audiences – including audiences
known to the agency as well as those that are unknown. In addition, social media enhances the
Federal Government’s situational awareness by enabling agencies to learn about problems and
issues being discussed by different audiences, and allowing agencies to react, respond, and assist
the public more efficiently and effectively. Government agencies also may use social media to
fulfill their operational missions, for example, detecting and preventing benefit fraud and abuse.
This paper addresses various ways the Federal Government can use social media for information
sharing, situational awareness, and to support agency operations, and the key considerations for
each.2 The paper also explains privacy best practices for establishing a social media program, from

1
Social media use ties into the Federal CIO’s Digital Government Strategy and the need to deliver better Government
services to the public at lower costs. The Government needs to be prepared to “deliver and receive digital information
and services anytime, anywhere and on any device.”
http://www.whitehouse.gov/sites/default/files/omb/egov/digital-government/digital-government-strategy.pdf. Social
media also will help agencies meet the goals of transparency, participation, and collaboration set forth in the
Administration’s Open Government Directive.
http://www.whitehouse.gov/sites/default/files/omb/assets/memoranda 2010/m10-06.pdf.
2
This paper is a snap shot and does not reflect all of the social media tools that are available. It provides information
on privacy best practices associated with the use of social media and does not specifically focus on technology. As the
technology continues to evolve, privacy best practices will need to evolve with it, and this paper will be updated as
necessary. This paper is not meant to authorize or prohibit and specific use of social media. The intent of this paper is
to provide privacy best practices for agencies to consider when deciding whether or not to use social media. All uses of
social media must be consistent with the agency’s legal authorities. In addition, although this paper focuses exclusively
on the privacy best practices associated with the use of social media, there are other considerations that should be

2
Privacy Best Practices for Social Media

pulling together an intra-agency team of experts to establishing internal social media polices and
ensuring transparency of social media uses through published privacy notices and documentation.
The privacy best practices also cover specific technological issues, including web measurement and
customization technologies, URL shortening technologies, and cybersecurity risks. When used
properly, social media can be an incredibly powerful set of tools, precisely because these tools
connect an agency directly to diverse audiences and opinions.3 As described below, appropriate
technical, administrative, and physical controls to protect data privacy and security can promote
transparency, participation, and trust in the use of social media to communicate and interact with
the public.4

2. Types of Use of Social Media


Before implementing any use of social media, an agency needs to understand its mission, and how
different uses of social media can advance that mission. There are various ways agencies within
the Federal Government can use social media in order to more effectively fulfill their mission. Each
different use of social media raises different considerations and requires different operational
policies, privacy documentation, and notices to the public, as explained below.
The main uses of social media to date include:
a. Using social media to communicate and share information with the public. Pursuant to
President Obama’s January 2009 memorandum promoting increased Government
transparency, public participation, and collaboration,5 agencies throughout the Federal
Government accelerated their efforts to identify new opportunities to interact with the
public, become more transparent, describe and promote agency activities, seek comment,
and disseminate timely information. Social media websites and social networking services
are well-suited to enable such interaction and information sharing. There are two main
categories of social media applications/tools that an agency can use to share information
with the public:
i. Interactive applications allow an agency to engage in dialogue and collaborate with
members of the public. These applications can be broken down into categories
based on the mode or method used to disseminate information:
1) Applications used to disseminate video and image content. These include, but
are not limited to, the use of third party social media providers such as
YouTube, Flickr, and Picasa.

taken into account when standing up a social media program, such as Section 508 of the Rehabilitation Act of 1973
and the Paperwork Reduction Act.
3
US General Services Administration, web page “Chapter 2. What is Social Media?,”
http://www.gsa.gov/portal/content/250041.
4
This document is intended to complement other guidance and recommendations prepared by this Subcommittee for
ensuring data privacy and security in the Federal mobile and digital space. See, e.g., Recommendations for
Standardized Implementation of Digital Privacy Controls (Federal CIO Council, Dec. 2012), https://cio.gov/wp-
content/uploads/downloads/2012/12/Standardized Digital Privacy Controls.pdf.
5
See Open Government Directive, supra note 1.

3
Privacy Best Practices for Social Media

2) Blogs, microblogs, or other applications that permit entries of commentary.


These include blog tools such as Twitter, Google Blogger, and Wordpress.
3) Social networking applications that facilitate two-way (bi-directional)
interaction and networking with the public. These include third party social
media providers such as Facebook, MySpace, LinkedIn, and GovLoop.
Any time an agency allows the public to comment or interact with the agency
through social media, it should implement a commenting policy, consider how such
interaction will be managed as “records” under the Federal Records Act, and if
retained, whether the Privacy Act of 1974, as amended, applies, as discussed below.
It is also important to clearly inform users whether the interaction on the social
media website will be free-flowing or moderated, and if the postings will be in real-
time or possibly involve a delay.
ii. Unidirectional or “push” applications are used for the purpose of one-way (non-
interactive) dissemination of information to the public. These include applications
such as widgets/RSS Feeds and audio/video files.
It is important to note that these types of applications can either be hosted by a third party
or on an agency’s domain or server. If hosted on a third party domain/server, the
responsible organizations within the agency should assess the third party’s Privacy Policy
and Terms of Service and work with legal counsel to make sure they understand the
implications before the agency agrees to use that application.
b. Using social media to enhance situational awareness. Note: In this discussion, the term
“situational awareness” means viewing social media content made available to the public,
and is not intended to include obtaining access to private networks or interacting on social
media sites. Monitoring social media sites to enhance situational awareness means
gathering mission-related information from a variety of sources, including
“crowdsourcing,” and then communicating that information to agency leadership to inform
decision making and responsiveness. Agencies with national security, emergency
response/management, and disaster recovery responsibilities may benefit most from this
use of social media. Using social media to enhance situational awareness can be done by
monitoring publicly available online forums, blogs, public websites, and message boards to
gather information related to specific search terms (excluding individual members of the
public unless there is an operational need and proper authority), events, or issues.
Through the use of publicly available search engines and content aggregators, an agency
can monitor activities on social media websites for information that the agency can use to
provide situational awareness. When monitoring publicly available sites, an agency should
extract only the pertinent, authorized information that is needed to fulfill the business or
mission need. The agency should limit its information gathering to facts surrounding the
event (what is happening), rather than who is either involved or reporting the information,
unless the agency has specific legal authority to collect information on individuals.
Personally Identifiable Information (PII) may be collected only in very limited situations,
and only when specifically authorized. For example, even though reporting should focus on
what instead of whom, in certain circumstances it may lend credibility if the names of key
government or political officials who are associated with the particular event or activity are

4
Privacy Best Practices for Social Media

identified. An agency should develop a policy outlining specific guidelines on when


collecting PII may be legal and appropriate based on the agency’s authorities, and who will
be allowed access to the PII.6
Uses of social media to enhance situational awareness should be approved by senior
leadership of the agency/organization, including, but not limited to, privacy officials and
legal counsel. To ensure transparency and provide notice on potential collection, detailed
information of the agency’s practices must be discussed in a publicly available Privacy
Impact Assessment (PIA). Also, if the agency decides to collect and retrieve PII, the agency
must be sure to follow the applicable provisions of the Privacy Act of 1974, as amended 7
and publish or update its applicable System of Records Notice (SORN) to cover the
information collection.8 Even when the agency is not maintaining or retrieving PII,
situational awareness activities may still need to comply with other applicable laws.
Agencies should also ensure that the program is in compliance with its policies by
conducting periodic program or privacy compliance reviews.
Communicating and sharing information with the public involves the posting of information
or some level of interaction between the agency and the public, while situational
awareness is limited to viewing publicly available information. As noted earlier, while
situational awareness may involve analyzing information posted by specific individuals, its
focus is on assembling or aggregating data and monitoring or identifying patterns, trends
or events, and not on monitoring individuals. Thus, when using social media to enhance
situational awareness, the agency should not:
i. Post information collected about specific individuals;
ii. Actively seek to connect with other internal or external personal users;
iii. Accept other internal or external personal users’ invitations to connect; or
iv. Interact on social media websites.
c. Using social media as an operational tool. An agency may use social media as an
operational tool to collect publicly available information for a variety of purposes, where
permitted by the agency’s legal authorities and mission. For example:
i. Investigatory purposes: Investigating an individual or company in a criminal, civil, or
administrative context to prevent fraud or other illegal activities (including
undercover investigations when an agency has legal authority to engage in such
investigations).

6
Whenever an agency expects to capture a record from social media that will be maintained in a “system of records,”
the agency should carefully consider the Privacy Act of 1974, as amended, e.g., whether the information is relevant
and necessary, and whether the record may describe how an individual exercises First Amendment rights. 5 U.S.C. §§
552a (e)(1), (e)(7).
7
For example, the Privacy Act of 1974, as amended, generally prohibits Federal agencies from collecting and
maintaining information about individuals except as relevant and necessary to accomplish a legally authorized
purpose.
8
See also Recommendations for Standardized Implementation of Digital Privacy Controls, supra note 4, for a discussion
and checklist of other laws and policies requiring notice of PII collection or maintenance in agency digital services and
programs.

5
Privacy Best Practices for Social Media

ii. Evaluation purposes: Making a benefit or eligibility determination about an


individual (member of the public).
iii. Employment purposes (existing employees): Making a personnel determination
about an employee.
iv. Hiring purposes (prospective employees): Conducting a background investigation
on, or adjudicating the security clearance of, a prospective employee. To the extent
possible, an agency must ensure that notice is provided prior to accessing or
collecting information, that consent is obtained, and that the individual is involved
in the process. (Note: Special consideration should be taken when using publicly
available information, and agencies should not require an applicant to provide
access to his/her social media accounts).
v. Intelligence purposes: Conducting authorized intelligence activities in accordance
with the provisions of Executive Order 12333, as amended.
Due to its sensitivity, operational uses of social media should be approved and documented by
senior agency leadership, including, but not limited to, privacy officials and General Counsel.9
Agencies must develop specific operational use policies and procedures, as well as PIAs/SORNs,
where appropriate, to cover operational use. Program and privacy compliance reviews should be
conducted on a routine basis to ensure the agency is in compliance with its policies and other
documentation.
It is important that the agency be transparent about uses of social media, especially those that
involve viewing publicly available information. By being transparent about what type of
information the agency is collecting and how it is collecting it, the agency can help minimize the
public’s concern that the Government is monitoring individual speech and actions on social media.
Before engaging in any use of social media, an agency should first evaluate the various ways that it
would like to use social media, and then develop and implement appropriate policies and
procedures to govern that use, including the development or revision of PIAs and SORNs, as
necessary, to cover the collection of information. All PIAs and SORNs must be approved by the
Senior Agency Official for Privacy (SAOP) as required by OMB Memorandum M-10-23, Guidance
for Agency Use of Third Party Websites and Applications, June 25, 2010.
At a minimum, an agency needs to ensure it has the proper authorities for all proposed use of
social media, and that clear guidelines exist which outline how and when information can be
collected about or from members of the public. Training and Rules of Behavior should be
developed and followed by all employees and contractors engaging in the use of social media for
official purposes.10 Agencies can help mitigate the risk of inappropriate collection or misuse of PII
by ensuring that all personnel are trained appropriately on guidelines and held accountable.

9
For example, agency officials must consider whether the non-consensual collection or use of information about an
individual from social media for employment or hiring purposes is authorized by the Privacy Act of 1974, as amended,
Federal personnel laws governing prohibited personnel practices, and Federal policy currently under review on the
permissible scope of background investigations for security clearances and employment suitability determinations.
10
Agencies should also consider incorporating guidance on the personal use of social media to help employees and
contractors avoid inadvertently appearing to speak on behalf of the agency, or violating privacy, confidentiality,
ethical, criminal, or other restrictions on disclosure of PII or other information.

6
Privacy Best Practices for Social Media

3. Establishing a Social Media Program


Before using social media for any purpose, whether the websites or applications are hosted by the
agency or a third party, a federal agency should first understand its mission and how it seeks to
use social media to further that mission. The agency should establish a social media policy or
program, and engage key offices throughout the development and use of social media. A clear
owner for each social media websites should be established to ensure accountability, and that all
responsibilities associated with the social media program are being fulfilled. Key agency offices
involved in the development and ongoing use of social media may include (this list is not
exhaustive, and the office’s names, may vary among federal agencies):
 Privacy Office;
 Office of the Chief Information Officer;
 Information Security Office;
 Chief Security Office;
 Office of Procurement (Acquisitions);
 Office of General Counsel;
 Chief (Designated Agency) Ethics Officer;
 Office of Public Affairs;
 Records Management Office;
 Office of the Chief Human Capital Officer (including the Labor Relations Office); and
 Program/Mission Office.
Throughout the process of standing up a social media program, key agency offices should be
involved when and where necessary. For example, when negotiating extended or additional terms
of service with a social media website, the agency should involve its Office of Procurement and
Office of General Counsel, when appropriate.11 Likewise, while creating privacy policies specific to
the particular social media website or determining whether the agency should engage the public
on the social media website, the agency’s Privacy Office should be involved.
Irrespective of whether the agency has determined which social media website(s) to utilize,
federal agency policies should be broad enough to encompass all types of social media and should
be forward looking. At a minimum, these policies should include information about appropriate
access, acceptable use, use of third party websites, use of embedded applications, and agency
branding. Policies should include the inherent risks of social media and provide a mitigation
assessment for each risk.
As an agency is developing policies for the use of social media, the agency should also engage its
Privacy Office to develop (or update) relevant or necessary privacy compliance documentation
including PIAs, SORNs, and Privacy Threshold Analyses (PTA), as appropriate. Completing privacy
compliance documentation and posting that documentation on the agency’s public-facing website

11
See Appendix B, References, and Appendix C, Additional Resources, for information on Terms of Service (TOS) and
M-13-10, Antideficiency Act Implications of Certain Online Terms of Service Agreements, April 4, 2013.

7
Privacy Best Practices for Social Media

provides transparency to the public as to how the agency uses social media, with which agencies it
will share information collected, and how the information collected is protected and retained.
Moreover, OMB Memorandum M-10-23 requires PIAs be completed whenever an agency uses a
third party website or application that makes PII available to the agency.12
In addition to an agency’s Privacy Policy on its public-facing website, each agency should also
establish and post an appropriate Privacy Policy or Notice on the social media website or
application, whenever feasible. The Privacy Policy or Notice should explain that the social media
website or application is not controlled or operated by the agency, indicate if and how the agency
will maintain, use, or share PII provided on the social media website or application, make clear
that any PII provided on the social media website or application may also be provided to the
agency or that website or application, and direct individuals to the agency’s official website.
Additionally, the main page of the social media website or application and the social media Privacy
Policy or Notice should also contain a clear and conspicuous link to the agency’s Privacy Policy
found on its main website as required in OMB Memorandum M-10-23.
When an agency establishes an official agency presence on a social media website or application, it
is essential that the agency prominently display its agency seal and name on each individual
webpage so that an individual reviewing the webpage will be informed that it is an official website
associated with a federal agency. If an agency has a third party hosted social media website (e.g.,
an agency’s Facebook page), and it provides links on that social media website to any non-
government websites (e.g., a non-profit organization’s website), the agency must ascertain
whether the non-government website can display an affiliation to that federal agency by posting
its seal or name as an affiliated entity.
Finally, federal agencies should be cognizant of the use of embedded applications by certain social
media websites. These embedded applications may not only collect PII from individuals who have
posted or accessed the social media website, but can potentially contain malicious coding. If an
agency decides to use a third party application or website that uses embedded applications, then
the agency must disclose this information and describe this use in the agency’s main Privacy Policy,
along with the social media website Privacy Policy or Notice.

4. Interacting with the Public


It is imperative that agencies are transparent about their use of social media to avoid concerns
about over-collection of information or unauthorized surveillance of these websites, especially
when an agency is using a third party hosted social media website. Agencies should only engage in
the use of social media in a manner that protects privacy and respects the intent of users.
a. Disseminating information:
Generally, social media websites and applications are privately owned by third parties.
Each social networking website and application provides its own privacy policy, and while
users are typically required to submit some PII during the registration process, as a best
practice agencies should not solicit or collect this PII. Additionally, to the extent feasible,
the agency should post a Privacy Notice on its page on the social media website or

12
http://www.whitehouse.gov/sites/default/files/omb/assets/memoranda 2010/m10-23.pdf.

8
Privacy Best Practices for Social Media

application. If an agency posts a link that leads to a social media website or application, the
agency should provide an alert to the visitor, such as a statement adjacent to the link or a
“pop-up,” explaining that visitors are being redirected to a non-government website that
may have a different privacy policy than that of the agency’s official website as required by
OMB Memorandum M-10-23.
If an agency decides to allow comments, viewpoints, and opinions on its social media
websites or applications (regardless of whether the sites/applications are agency or third
party hosted), the agency must respect the public's First Amendment rights. 13 However, an
agency should monitor and, generally speaking, may remove public comments that are
political or endorse a political candidate, target specific individuals or groups, are abusive,
contain sensitive PII, or are similarly unacceptable. In consultation with legal counsel,
agencies should develop and post a comment policy and/or a ”Rules of Use” policy
covering the social media websites or applications where the agency has a presence and
has allowed the public to post to the website or application. It is recommended that
agencies display a statement that indicates third party comments do not reflect the views
of the agency.
b. Collecting information:
The agency should collect only the minimum information necessary for the proper
performance of official agency functions. Additionally, official government accounts across
social media websites and applications should be identified by the agency or Department
seal (when possible or appropriate), and should provide a way for a visitor to link back to
the agency’s or Department’s own website, if necessary, to obtain official Government
information.
When an agency uses social media websites and applications, the agency:
i. Should consider carefully whether to actively seek PII, and should use only the
minimum amount of PII, which it receives, to accomplish a purpose required by
statute, executive order, or regulation;
ii. Should not search social media websites or applications for or by PII unless
authorized to do so, and legal requirements and representations in PIAs and SORNs
have been complied with;
iii. Should not “friend,” “follow,” or “like” public users proactively; however, an agency
may accept friend requests from public users14 (exceptions can be made for
“friending” other U.S. federal, state, local, and tribal government agencies,
professional associations, or other organization as appropriate based on your
agency’s policies); and

13
The Privacy Act of 1974, as amended, prohibits agencies from maintaining records that describe how any individual
exercises rights guaranteed by the First Amendment, unless certain exceptions apply. 5 U.S.C. § 552a(e)(7).
14
A statement should be included in the PIA and on the social media account page to inform users that the acceptance
of friend requests does not indicate endorsement. Agencies should also have policies that address “friending,”
“following,” and “liking” users.

9
Privacy Best Practices for Social Media

iv. Should adopt user names and profiles that are easily identifiable as agency
accounts, as well as establish secure passwords so that accounts can only be
accessed by administrators.

5. Information Sharing and Retention


When using social media to interact with the public or collect information, it is important to have
agency policies in place that provide guidance on the sharing and retention of such information.
a. Sharing with other parties (federal or non-federal): Information gathered by one agency
should only be shared with another federal, state, or local agency, or other organization
when the following criteria are met:
i. The sharing of the information is within the agency’s existing authorities;
ii. The sharing is appropriate and consistent with the Routine Uses listed in the
applicable SORN(s), or conducted through an interagency agreement (e.g.,
memorandum of understanding);
iii. The receiving agency or organization is authorized to receive the information and
even then, only the minimum data (or data elements) should be shared to fulfill the
authorized mission or business need; and
iv. The receiving agency agrees to protect the information and retain it only as long as
necessary; and to re-disseminate the information only in accordance with the
criteria listed above.
b. Retention: If PII is posted on a social media website or application, or sent to an agency in
connection with the transaction of public business, it may become a federal record.15 In
these cases, the agency is required to maintain a copy per the appropriate records
retention policies. Agencies should develop record retention schedules specifically to cover
information collected through social media that outline what information should be
retained and for how long. An agency should retain only the minimum amount of PII that is
necessary for the proper performance of official agency functions. An agency should also
ensure that retention policies and schedules are clearly described in, and are consistent
with, applicable PIAs and SORNs.

6. Web Measurement and Customization Technologies


Web measurement and customization technologies are used to remember a user’s online
interactions with a website or online application in order to conduct measurement and analysis of
usage, or to customize the user’s experience.16

15
National Archives and Records Administration (NARA), Bulletin 2011-02, Guidance on Managing Records in Web
2.0/Social Media Platforms, October 20, 2011, http://www.archives.gov/records-mgmt/bulletins/2011/2011-02.html.
16
Executive Office of the President, Office of Management and Budget, M-10-22,
http://www.whitehouse.gov/sites/default/files/omb/assets/memoranda 2010/m10-22.pdf.

10
Privacy Best Practices for Social Media

For example, persistent cookies are used for customization so that a user’s preferences on a web
page are remembered each time he or she visits. Web analytics provide a myriad of information,
including the volume of traffic visiting a web page or how many visitors clicked on an item, to
assist the web developer in customizing web content with the information users want to see the
most. Information is provided at an aggregated level so that no PII is available. Web analytics help
to keep content interesting and relevant to the user. Apps.gov provides information on vendors
that provide this type of service.
If an agency uses a third party platform to host its social media website, it is important that the
agency offer an alternative location (e.g., the agency’s .gov website) where the same information
can be found. In doing so, the user has the option to access the information without being tracked
by the third party that is hosting the agency’s social media website. Also, the agency should
include information regarding web measurement and customization technologies in its website’s
Privacy Policy.

7. Use of Third Party Websites


In many instances, federal agencies use third party websites, including social media websites, to
provide and collect information from individuals. Before an agency uses these websites to interact
with the public, the agency should first review the website’s Privacy Policy for potential risks (e.g.,
maintaining data posted by individuals, selling data posted on the website), and determine if it is
appropriate to use the third party website. If the agency chooses to use the third party website, it
is incumbent upon the agency to periodically review the website’s Privacy Policy for any changes,
and if found, determine if these changes give rise to a change in the agency’s posted Privacy
Notice or Privacy Policy.
Many third party websites, particularly social media websites, allow users to comment either
directly to the website or to postings on the website. In many instances, users looking for
assistance may provide their PII not realizing the risks involved. Agencies must determine before
and during the use of third party social media websites whether to allow individuals to post to
those websites, and if so, if monitoring of comments is appropriate. If the agency decides to
monitor comments, this fact should be included in the social media Privacy Policy or Notice, and
the agency should be prepared to respond to any public reaction that may occur if it decides to
delete particular comments made on the third party website.

8. Universal Resource Locator (URL) Shortening Technology


Federal agencies should weigh the risks before implementing any URL shortening technology on
public or third party websites, in emails, or in other electronic communications. URL shortening
technology allows federal agencies to substantially shorten the length of any URL, while still being
able to direct an individual to the requested website or webpage. URL shortening technology is
especially useful for federal agencies that use Twitter, which limits the number of characters in any
given message, to direct the public to pertinent websites easily. Risks that federal agencies should
address include the potential compromise of the shortened URL and redirecting of individuals to
illegitimate websites, which could lead to the dissemination of misinformation about the agency,
to cyber attacks mentioned in Section 9, or to identity theft.

11
Privacy Best Practices for Social Media

If a federal agency employs or redirects individuals to a third party website that uses URL
shortening technologies, the agency should provide clear and prominent notice to individuals
before redirecting them to that website. This notice can be included on an “exit” page, “pop-up,”
or in the electronic communication to the individual. Additionally, the third party website must
have clear and prominent notices on their website advising of the use of this technology.
If an agency wants to implement URL shortening technology, the U.S. General Services
Administration (GSA) has a URL shortener that creates short, trustworthy .gov URLs, along with a
tracking mechanism so that an agency can measure the impact and use of the shortened URL. The
service, which requires registration, shortens only government URLs including .gov, .mil, and
.fed.us. For additional information, or to register for the service, visit https://go.usa.gov/.

9. Cybersecurity Risks Associated with the Use of Social Media


According to the CIO Council’s Guidelines for Secure Use of Social Media by Federal Departments
and Agencies,17 social media technologies such as wikis, blogs, and social networks are especially
vulnerable to the following methods and techniques of cyber attacks:
a. Spear Phishing: Spear phishing targets a specific user or group of users, and attempts to
deceive the user into performing an action that launches an attack, such as opening a
document or clicking a link. Spear phishers rely on knowing a personal piece of information
about their target, such as an event, interest, travel plans, or current issues. Sometimes
this information is gathered by hacking into a targeted network, but more often it is easier
to look up the target on a social media network. Spear phishers use social media as an
alternative way to send phishing messages as the social media platform bypasses
traditional email security controls such as antivirus protection. Social media websites can
be used as a propagation mechanism to trick users into opening a document or clicking a
link.
b. Social Engineering: Social engineering relies on exploiting the human element of trust. The
first step in any social engineering attack is to collect information about the attacker’s
target. Social media websites can reveal many details of personal information, including
resumes, home addresses, phone numbers, birth dates, employment information, work
locations, family members, education, hobbies, interests, and photos. Social media
websites may share more personal information than users expect or need to, and attackers
are earnestly using social media to learn personal information about an individual. By
expressing interest in similar topics, the attacker builds a trust relationship with the victim.
This positions the attacker to influence the victim’s friends and co-workers, or even to
collect sufficient information about the victim to fraudulently pose as him or her.
c. Web Application Attacks: Social media websites are attractive to attackers who are looking
to slip in malicious code or to link to off-site content that contains malware (short for
malicious software) because malicious content is easy to disguise as valid content on social
media websites. There is also a risk that developers of user-generated games and
applications on some websites can have code approved and then inject malicious code at a

17
Guidelines for Secure Use of Social Media by Federal Departments and Agencies, Version 1.0, Federal CIO Council,
September 2009.

12
Privacy Best Practices for Social Media

later time. If an attacker hijacks the account of a federal user or a federal account, there is
an elevated risk that unauthorized posts, tweets, or messages may be seen by the public as
official messages, or may be used to spread malware by encouraging users to click links or
download unwanted applications (i.e., “web application attacks”) or malware.
Another common risk associated with the use of social media is the accidental or unintended
release of sensitive, For Official Use Only (FOUO), or classified information. This can be caused by
an exfiltration of the information by a hacker or by an employee who may not be aware that the
information should not be disclosed publicly.
All of the risks mentioned above can be mitigated by implementing both technical and non-
technical security controls, including role-based training for employees who are responsible for
managing social media accounts on behalf of the agency and through strong language in contracts
with third parties.

10. Summary
Social media websites have become a valuable tool for federal agencies to leverage in order to
engage customers, understand and address issues being raised by the public, and advance
operational missions. Social media is a critical tool for agencies to use as they move toward a
digital, open government. To ensure a successful experience and to adequately protect PII, it is
important for an agency to bring together the appropriate stakeholders before setting up a
website or application. The offices listed in section 3, Establishing a Social Media Program, should
be involved from the beginning and participate throughout the entire process of developing a
policy for the use of social media. In addition, privacy documentation, such as PIAs, should be
developed to maintain transparency along with strong Terms of Service Agreements with third
party vendors. Reaching out to agency partners and benchmarking privacy best practices will help
to ensure the process for implementing privacy protections for social media will go more
smoothly. This paper is one resource to help agencies take advantage of the benefits a vibrant
social media program can offer.

13
Privacy Best Practices for Social Media

Appendix A: Definitions

Cookies: a cookie is used to identify and customize web pages for a user. There are two kinds of
cookies: session cookies and persistent cookies. A session cookie is a line of text that is stored
temporarily in a computer’s random access memory (RAM), is never written to a drive, and is
destroyed as soon as the user closes his/her browser. A persistent cookie is saved to a file on the
hard drive and is called up the next time a user visits that website. This lets the website remember
what the user was interested in the last time he or she visited.
Crowdsourcing: soliciting data related to a specific topic, idea, or issue from a large population of
public users, traditionally an online community, who have knowledge of that topic, idea, or issue.
Malicious Code: a term used to describe any code in any part of a software system or script that is
intended to cause undesired effects, security breaches, or damage to a system. Malicious code
describes a broad category of system security terms that includes attack scripts, viruses, worms,
Trojan horses, backdoors, and malicious active content.
Malware: software programs designed by hackers to damage or do other unwanted actions to a
computer system to gather sensitive information or gain access to private computer systems.
Personally Identifiable Information (PII): per OMB M-10-23, the term “PII,” as defined in OMB M-
07-16, refers to information that can be used to distinguish or trace an individual’s identity, either
alone or when combined with other personal or identifying information that is linked or linkable to
a specific individual. The definition of PII is not anchored to any single category of information or
technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can
be identified. In performing this assessment, it is important for an agency to recognize that non-PII
can become PII whenever additional information is made publicly available — in any medium and
from any source — that, when combined with other available information, could be used to
identify an individual.
Phishing: the use of fraudulent email, websites, or text messaging to trick people into divulging
personal information such as credit card data, Social Security numbers, and other information
which can then be used for identity theft, extortion, or other crimes.
Privacy Impact Assessment (PIA): is an analysis of how information is handled by (i) ensuring
handling conforms to applicable legal, regulatory, and policy requirements regarding privacy, (ii)
determining the risks and effects of collecting, maintaining, and disseminating information in
identifiable form in an electronic information system, and (iii) examining and evaluating
protections and alternative processes for handling information to mitigate potential privacy risks.
Privacy Threshold Analysis (PTA): a document that serves as the determination by a privacy office
as to whether a system or website has privacy implications and if additional compliance
documentation is required (i.e., PIA or SORN).
Social Media: websites, applications, and web-based tools that allow the creation and exchange of
user-generated content. Through social media, people or groups can engage in dialogue, interact,
and create, organize, edit, comment on, combine, and share content.

14
Privacy Best Practices for Social Media

System of Record Notice (SORN): statement providing public notice of the existence of a group of
records under the control of any agency from which information is retrieved by the name of the
individual or by some identifying number, symbol, or other identifier assigned to the individual.
The Privacy Act requires each agency to publish notice of its systems of records in the Federal
Register.

15
Privacy Best Practices for Social Media

Appendix B: References

Guidance documents that should be reviewed include the following:


NARA Guidance on Managing Web Records, January 2005. This guidance assists agency officials
with managing web records properly. http://www.archives.gov/records-mgmt/pdf/managing-
web-records-index.pdf
CIO Council, Guidelines for Secure Use of Social Media by Federal Departments and Agencies,
Version 1.0, September 2009. This document is intended as guidance for any federal agency that
uses social media services to collaborate and communicate among employees, partners, other
federal agencies, and the public. https://cio.gov/wp-
content/uploads/downloads/2012/09/Guidelines for Secure Use Social Media v01-0.pdf
OMB Memorandum, Social Media, Web-Based Interactive Technologies, and the Paperwork
Reduction Act, April 7, 2010. OMB’s Open Government Directive, this memorandum responds to
that requirement by the goal of promoting flexible and open interactions between federal
agencies and the public.
http://www.whitehouse.gov/sites/default/files/omb/assets/inforeg/SocialMediaGuidance 04072
010.pdf
OMB Memorandum M-10-22, Guidance for Online Use of Web Measurement and Customization
Technologies, June 25, 2010. This memorandum establishes new procedures and provides updated
guidance and requirements for agency use of web measurement and customization technologies.
http://www.whitehouse.gov/sites/default/files/omb/assets/memoranda 2010/m10-22.pdf
OMB Memorandum M-10-23, Guidance for Agency Use of Third Party Websites and Applications,
June 25, 2010. This memorandum requires federal agencies to take specific steps to protect
individual privacy whenever they use third party websites and applications to engage with the
public. http://www.whitehouse.gov/sites/default/files/omb/assets/memoranda 2010/m10-
23.pdf
OMB Memorandum M-13-10, Antideficiency Act Implications of Certain Online Terms of Service
Agreements, April 4, 2013. This memorandum recognizes that internet-based social media
products and services are among the tools that Federal agencies are using to promote openness,
transparency, and citizen engagement. This memorandum explains that when choosing which
social medial tools to adopt it is important for agencies to exercise diligence in reviewing the set of
terms of that governs access to and use of these products and services.
http://www.whitehouse.gov/sites/default/files/omb/memoranda/2013/m-13-10.pdf

16
Privacy Best Practices for Social Media

Appendix C: Additional Resources

HowTo.gov: using Social Media in Government: http://www.howto.gov/social-media/using-social-


media

Social Media Metrics for Federal Agencies: http://www.howto.gov/social-media/using-social-


media/metrics-for-federal-agencies

Social Media Registry: this project is a GSA database that allows the public to verify the URLs of a
federal agency’s social media pages. Public users will be able to copy-and-paste the URL into the
database and learn whether the URL matches a URL that has been registered by the agency
(http://www.usa.gov/Contact/verify-social-media.shtml). Agencies are encouraged to register all
of their social media URLs and should identify a point of contact, who will receive email updates.
Agencies should contact GSA at Socialmediaregistry@gsa.gov if they have a large number of social
media URL and would like to enter them in bulk.

GSA has negotiated Terms of Service Agreements with several social media providers. These
agreements can be found at http://www.howto.gov/web-content/resources/tools/terms-of-
service-agreements/negotiated-terms-of-service-agreements. To find out an agency point of
contact, go to http://www.howto.gov/web-content/resources/tools/terms-of-service-
agreements/agency-points-of-contact.

Terms of Service model agreement template: http://www.howto.gov/sites/default/files/model-


amendment-to-tos-for-g.pdf.

Apps.Gov (https://www.apps.gov): a service provided by GSA that allows agencies to purchase


business solutions.

17
Transitioning Official Social Media Accounts

• FCC Associated Social Media


o General Information:
 All of the digital assets under the FCC tab, will remain with the institution. The FCC will continue
to post on these mediums, as instructed once the new administration takes power. These
digital assets reflect the mission of the Commission. If a digital asset was created specifically for
a position at the Commission, it must stay with the Commission along with its followers. That
asset would get passed onto the next person/persons to hold those various roles, such as:
Commissioner, Press Secretary, FCC CIO, if they don’t already have accounts associated with
their names prior to becoming employees of the Commission.

o FCC
 Facebook
 Instagram
 YouTube
 Flickr
 FCC Blogs
 Storify

o Chairman/Commissioners:
*Chairman Wheeler’s account will remain frozen, in time… once he leaves his position as chairman he will
no longer tweet in his official capacity from the account listed below. All of his tweets will be archived and
stored on the K Drive to comply with NARA’s record retention policy. We will make note of the Chairman’s
new twitter handle on his legacy page and 1 of his last tweets will indicate where he can be followed. These
rules apply for incoming Chairman, existing Commissioners with FCC specific accounts that were created
during their time at the FCC and have @FCC in their handles. In the case of Commissioners or Chairman that
already had existing handles before taking roles at the Commission, they keep their accounts and their
followers once they leave. However, we must archive and keep records of the digital content they published
while serving the Commission.

 Tom Wheeler- @TomWheelerFCC

o Commissioners
 Mignon Clyburn- @MClyburnFCC
 Mike O’Rielly- @MikeOFCC
 Ajit Pai- @AjitPai
 Jessica Rosenworcel- @JRosenworcel (twitter) switched as of 1/4/17
 @JRosenworcel (Instagram/ not FCC managed)

o Staff
 FCC CIO David Bray- @FCC CIO
 Account gets archived and whoever becomes the next FCC CIO keeps the handle and the
followers associated with @FCC CIO.

 Senior Advisor to Chairman Gigi Sohn- @GigiBSohnFCC


 Account will no longer be in use/ frozen as of Gigi Sohn’s departure. The account will
indicate where you can find her non FCC twitter handle. The tweets published will be
archived and stored on the K Drive at the FCC to meet NARA record retention policy.
o Staff Continued
 FCC Press Secretary Kim- @khart
 Account was created before she started working at the Commission, therefore her
account and followers belong to Kim. The account will indicate she is a former
employee of the FCC and the FCC website link will be removed from her twitter bio. All
tweets published during her tenure at the Commission will be archived and stored on
the K Drive at the FCC to meet NARA record retention policy.

• Other: Rules, Limits, etc.


o NARA Guidelines for records retention
o NARA Best Practices for Capturing Social Media Records
o NARA on how to handle outgoing FCC Accounts
 All Twitter accounts posted by Chairman Wheeler under the Obama administration will live at
@TOMWHEELERFCC
 The FCC will maintain an archive of all tweets sent from official FCC accounts.
 Whenever the FCC receives a new FCC CIO, David Bray doesn’t get to keep the account or the
followers. The name and the followers stay with the job title, similar to how the White House is
handling @POTUS & @FLOUTUS.
 When the newly appointed FCC CIO takes office his or her administration would then handle
access of the twitter account and be responsible for the content.
 When new Commissioners’ come to the FCC, OMR will handle setting up their twitter accounts
and getting tem verified if the person doesn’t already have a twitter account or would like one
specifically for their role at the FCC.

• OGC
o Provides guidance on what each entity can and cannot do with their social media accounts once they
leave their positions at the Federal Communications Commission.

• Archiving of Official Accounts


o The FCC maintains on the K Drive, per records retention requirements under NARA an archive of all
social media content and the accounts associated with the Obama Admiration.
o This includes all FCC Twitter, Facebook, Flickr, Instagram accounts. Additionally any senior official FCC
related account: Chairman, Chairwoman, Commissioners, CIO, senior advisors, press secretary, etc.

• Next Steps for FCC Staff for Digital Transition:


o Making all staff aware of the FCC’s policy regarding digital transition
o The Commissioners and Chairman will update twitter bios to reflect that they are former
“Commissioner/Chairman” of the FCC with link to their legacy page.
o Archiving all the appropriate accounts by 1/27/2017.
o Confirming with OGC that all digital media accounts are in compliance
o Making sure we have all passwords associated with inactive accounts as of 1/20/17 associated with the
Obama administration
• Additional Resources for Guidance:
o The Digital Transition: How the Presidential Transition Works in the Social Media Age
o The Obama Administration Digital Transition: Moving Forward