Your privacy, your responsibility says Ontario Privacy Commissioner

Facebook is Canada’s favourite social network, but it’s also in hot water over possibly breaching our privacy laws.
Ontario Privacy Commissioner Ann Cavoukain discusses her collaboration with Facebook.

While the incredibly popular network (just recently passing the 100 million user mark – half of which visit the site daily) is being investigated by the federal privacy commissioner based on a complaint from an advocacy group, they are working hand-in-hand with Ontario’s privacy commissioner, Ann Cavoukian.

The unlikely duo have been working together for about two years. They’ve produced pamphlets and tip sheets on how users can keep their privacy in tact on Facebook. Now they’re also released a video featuring Cavoukian alongside Chris Kelley, the chief privacy officer at Facebook. had the chance to catch up with Cavoukian recently at a youth privacy conference she hosted in Toronto on Sept. 4. Here’s what she had to say about working with Facebook, and some advice on using social networking while looking for a job – or just trying to do well in the job you already have.

You’re releasing a video today that you produced with Facebook. Tell me what we see in that video and why you wanted to produce that with Facebook.

About two and a half years ago, Facebook approached me and wanted to consult with me about their privacy practices – were they strong enough, what did I think?

But even having done all that, people still don’t get it. They don’t want to read. So I thought, let’s do a short video, about 10 minutes about Facebook and walking people through how to protect their privacy and here’s what you do to protect your privacy.

There’s the five P’s – looking out for predator’s obviously, and if you’re a university student, you’ve got a professor, you don’t want them checking out your profile. After that, you’ve got prospective employers, a third of them are screening their employees with social networks now.One third of them will reject candidates before they even see them because of what they see in their profiles. If you’re a child, you don’t want your parents going anywhere near your online profile. Then you have the police, who are now using social networks as another investigative tool.

I just want people to make conscious decisions about what they post on their profile. It’s not that social networks are bad. They’re not. Facebook is great, everybody loves it. But I want you to think before you post so you’re making a conscious decision and you don’t put information out there that might come back to hurt you.

You make an interesting point about prospective employers using social networks to screen employees. This is something we hear more about all the time. How popular is this practice amongst companies?

Early in the year, a recruiting company called ExecuNet did a study and it was a survey of major corporations. They found that over three-quarters, 77 per cent, of companies routinely check their canadidates to see if they are on one of the major social networks.

Over a third of them said that they checked the Facebook profile, and if they see something they don’t like – which they find in 33 per cent of the cases – they don’t even give the candidate a second look, they don’t even make it to the interview stage.

As you and I know, you post things on your profile that maybe you shouldn’t – party behaviour, things that aren’t really serious, but taken in the wrong context might suggest you’re an irresponsible candidate for this company. Companies don’t want to take a risk, there’s a lot of people to choose from, so they’ll reject you based on what’s on your profile.

So I always tell students to get someone you trust and get them to look at it with a third-eye view, to see if they find anything offensive. It’s not just for recruiting, it’s for opportunities for advancement, promotion in a company. If you’re a student, opportunities for getting a scholarship.

At every instance, there are things that can be harmful to you and it stays online forever. It’s becoming such a big deal now, that companies are coming out now as reputation finders. Parents will hire them to scour the Internet, see what’s on social networks out there and take information down. You can do this yourself, for yourself. Post information responsibly, and know that whatever you post, other people have access too.

So what sort of advice would you give to employees and job seekers who use social network Web sites?

Really obvious place to start – take down any pictures that you’ve posted that are suggestive of inappropriate behaviour or immature behaviour. It’s just not worth it. You know, everyone gets drunk and has pictures of parties. If you need to have them, put them in a scrap book or something, you don’t post them online to your profile. So make sure you scrub any pictures that depict you in an unflattering light.

Any information about you that is posted, other by others or yourself, that could characterize you as unkind, mean, and certainly anything that would make you look like a bully, you better not have that. Hopefully it’s not coming from you, but sometimes information can be linked to you.

You want to present yourself as the good, king human being that you. You want to project to employers that you’re going to act responsibly, you’re going to a good job, and you’re going to behave maturely. Anything that says otherwise, go back and take it down.

Sound advice. Now let’s talk more about your involvement with Facebook. Your focus has been with user responsibility for maintaining their privacy. But when you join Facebook, you have the most open settings possible by default. Shouldn’t it be the other way around, the most private as possible?

Maybe in a perfect world. But I’m always reminded by people on Facebook that the whole reason we join a social network is because we want to network. The whole raison d’etre of a social network is to connect people. So in that context, it makes sense that that default isn’t the strongest form of privacy, but the strongest form of getting information out there and sharing.

So what I do is I tell kids, and friends, and anyone that will listen, is I understand that you want to connect with people. Just do it responsibly and do it consciously. Go to your privacy settings and actually decide who you want to see what on your profile.

Now there are wonderful ways to restrict the sharing of information, even within your friends. You can create sub-sets of friends – who maybe you’d like some information to go to all your friends, but only this information to go to your work friends. So there are ways to refine the information that you share.

I don’t fault Facebook. Because remember, you are getting to use this service for free. You don’t have to pay for this wonderful service that connects people all around the world. People love it, that’s why there’s 100 million users, it’s amazing.

It’s up to you, the individual, to be responsible for your own actions and your own settings. It will take you two minutes to go and set your privacy settings.

Privacy is all about freedom of choice. You get to decide what you share and what you don’t share, no one else. But it means that you have to exercise responsibility and make those decisions.

Like you say, it only takes two minutes to change your settings. But only one-third of Facebook users have bothered to take that time. Is it possible that privacy controls could be presented more upfront, when you join Facebook?

Great idea. When you have ideas like that, send them in to Facebook. They’ve very responsive and open to working with members of the public. They’re very responsible to their users.

We’ve made a number of suggestions and they’ve been very responsive, so you work with them.

I always talk about positive sum, not a zero sum model. In a zero sum model, you have two interests, and the more you have of one the less you have of the other – one wins the other loses. So if you think of security and privacy, in the existing world, the more security you have the less privacy you’re going to have. That’s wrong, I don’t like that paradigm.

We’re changing that and shifting it to a positive sum paradigm, which means you have both – win-win, not win-lose. You want to have security and privacy? You can do that. You want to have social networking and privacy? You can do that.

We have technologies that can do that because we are teaching a new generation of engineers to embed privacy into the design of the technology. Don’t create the technology and then come back later and add the privacy in, it doesn’t work.

We can do it, we’ve just got to think it through and ask for these things to be built in to it.

To wrap-up, I wonder what other collaboration you see your office getting involved in the future with Facebook or other social networks.

Hey, we’re open to anyone. The reason we’ve worked with Facebook is because they’re the only ones that came knocking. It’s not like MySpace came beating a path to my door, or Friendster, or any of the other social networks.

Facebook took the initiative over two years ago and approached us. I think that says a lot about their interests in privacy.

Share on LinkedIn Share with Google+
More Articles