Govt plans interactive web site; drafts rules for engagement
23 Aug 2012
The government has come out with draft new framework and guideless for engagement with citizens under which all accounts have to be created and operated in official capacity only.
Since social media are relatively new forms of communication, it is always better to test efficiency and efficacy of such an initiative with a pilot project, a government release said today.
As social media demands 24x7 interactions, the government plans to create a dedicated team to respond and monitor the contents.
Since social media is being used across the world by different government agencies, relevant provisions of the Information Technology Act 2000 and Right to Information Act must be adhered to, the release said.
Government departments have to mandatorily comply with the following conditions to claim exemption for any third party data information or communication link made available or hosted by them in connection with social media facilities made available by the said department:
Since the function of the government department is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored; or hosted, the department does not:
- initiate the transmission,
- select the receiver of the transmission, or
- select or modify the information contained in the transmission.
The government department should observe due diligence while discharging its duties under the Act and also observe such other guidelines as the central government may prescribe in this behalf.
The government department as intermediary must not conspire or abet or aide or induce, whether by threats or promise or otherwise in the commission of the unlawful act.
It must immediately, after receiving actual knowledge, or on being notified by the appropriate government or its agency that any information, data or communication link residing in or connected to a computer resource controlled by the government department is being used to commit the unlawful act, must expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner.
The government department must also comply with all applicable rules, regulations and notifications in regard to their activity of providing social media facilities on its network.
The department should comply with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
It should comply with the Information Technology (Intermediary Guidelines) Rules, 2011.
The department should implement reasonable security practices and procedures as envisaged under section 43A of the amended Information Technology Act, 2000.
Data security
The government's communication to citizens via social media should follow the same data retention policy as its communication through other electronic and non-electronic channels. Data portability compliance varies from one social media platform to another. Hence, privileged access may be mandated by the government along the same lines ''take down notices'' and ''information requests'' currently being sent to social media and other platforms for intellectual property rights infringement and other offences.
Personal information and security
The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 define provisions for personal information and security and what constitutes sensitive personal data. Sensitive personal data or information of a person means such personal information which consists of information relating to:
- Password;
- Financial information such as bank account or credit card or debit card or other payment instrument details;
- Physical, physiological and mental health condition;
- Sexual orientation;
- Medical records and history;
- Biometric information;
- Any detail relating to the above clauses as provided to body corporate for providing service; and
- Any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise: Provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.
For protecting such sensitive personal data, the government has mandated that any legal entity that is processing, dealing or handling sensitive personal data must implement reasonable security practices and procedures.
The government further stipulates that ISO 27001 is one acceptable standard of reasonable security practices and procedures. Thus, all government departments, which are providing social media facilities, must comply with ISO 27001.
Further, under the Information Technology (Intermediary Guidelines) Rules, 2011, since the said government department, which provides social media facilities is an intermediary, it has to comply with the Information Technology (Intermediary guidelines) Rules, 2011. Under Rule 3(4) of the said rules, the government department should act within 36 hours on receiving the written complaint form an affected person and where applicable, work with user or owner of such information to disable such information that is in contravention of sub-rule (2).
Further, the department should preserve such information and associated records for at least 90 days for investigation purposes.
In cases where the government department does not comply with any of the above requirements of law, then the said department as also the concerned head of the department who is responsible for the social media facilities and the concerned IT head would be liable for civil and criminal consequences.
The civil consequences could consist of being sued for damages by way of compensation up to Rs5 crore under summary proceedings before the adjudicatory authorities specially constituted under the Information Technology Act, 2000. Further, if persons want, they can sue the said government department for damages beyond Rs5 crore in a court of competent jurisdiction.
In case the concerned government department does not comply with all the aforesaid laws, the said department as also the person heading the department and the concerned IT head would also be liable for criminal liability which could range from imprisonment of 3 years to life imprisonment and fine which could range from Rs1 lakh to Rs10 lakh.
Rules for privacy and data collection
While social networking enables greater transparency, it is equally important to ensure the protection of people from exposure to inappropriate or offensive material.
Since profiles on social network are linked more often to individuals and not organisations, for the organisation's site/page, a separate work profile may be created, which can then be linked to a general email address that is accessible to anyone in the team, enabling them to administer the social networks without compromising on individual privacy.
It is critical that social media policy for the government is compliant with existing law governing data protection and privacy. Each department of the government may recommended to publish their own set of additional protections to safeguard privacy of citizens while maintaining highest levels of transparency of government bodies.
If the departments/agencies are collecting personal information on a social media platform, the same must be stated upfront. For example, while seeking inputs on a particular policy, it may not be necessary to save the email ID of each and every respondent and just saving the responses may suffice.
Identity management
Identity management refers to management of identities of individual/s who seek to engage with government agencies on social media platforms. Such management relates specifically to registration mechanisms, delineation of personal identity from official identity of government officials and need to engage in a non-anonymous manner in such consultations. Towards this end, the departments may use the following or any other suitable mechanism:
- Provide for activation of registration for engagement by seeking confirmation of email addresses;
- Send acknowledgement/responses to queries to registered email addresses; and
- Provide official email IDs and accounts to each and every government official authorised to engage on behalf of the department and permit use of only official accounts for engagement.
However, while applying the above, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 must be complied with. In addition, the users may refer to any other relevant legislations, provisions and rules notified.
Communication strategy
Some of key aspects of communication strategy include – integration of social media into routine, connection with existing networks, sharing content across sites and publicising use of social networking through traditional media.
Social media can only be used by the government to communicate existing government information and propagate official policy to the public.
While the social media tools allow everyone to become a creator, for the official account, content will have to be specified and tailored to the site on which it is being published.
Great care must be taken to avoid propagation of unverified facts and frivolous misleading rumours which tend to circulate often through miscreants on social media platforms.
It must be reiterated here that social media should only be one of the components of the overall citizen engagement strategy and government departments must desist from using only social media to communicate with their stakeholders.
Initially, the departments may just aim to post information regularly. For example, if it is a Facebook page, postings may be done at least a couple of times a week and on Twitter slightly more frequently.
- Ideally, none of the sites should be left more than a week or two without new content.
Since social media are relatively new forms of communication, it is always better to test efficiency and efficacy of such an initiative with a pilot project. Some of principles of creating such a pilot are given below:
- Focused objective setting: Initiate interaction for a limited objective or limited to one topic
- Begin Small: It is always better to start small and it is advisable to begin with one or two platforms.
- Multiplicity of access: The chosen platform should typically permit inputs from or linkages through multiple access devices. This will ensure wider participation.
- Content management: It is not enough just register presence on a variety of platforms. It is essential that content provided is topical and up to date.
- Community creation: On any social media platform, creation of a community is essential to generate buzz and sustain interaction.
Social media monitoring must be an integral part of any social media strategy. Social media data is different from other data or information because organisations have no control over its creation or dissemination on the web and in order to understand and analyse the data a structure has to be imposed externally on it.
Today a multitude of tools offer solutions for measuring conversation, sentiment, influences and other social media attributes. They help in discovering conversations about project and organisations and can be used to proactively engage with stakeholders.
The social network analysis (SNA) software facilitates both quantitative as well as qualitative analysis by mining the raw data and combining it with individual and socio matrix. Many social media monitoring platforms offer demographic information such as age and location. This information can be used to expand the reach of your platform by creating a geo-targeted campaign focused on areas that generate the most traffic to your social media site.
Institutionalising social media
The final step in ensuring that the pilot is scaled and integrated is to link it to existing administrative and communication structure.
The Framework and guidelines have been formulated with a view to help government ministries, departments and agencies to make use of social media platforms to engage more meaningfully with their various stakeholders.
Social media's characteristics of connectedness, collaboration and community have the potential of ensuring broad based consultation, and can help agencies reduce the duration of consultation process and receive immediate feedback on services delivered.