EDITORIAL: Confidentiality in an age of social media
Barbadian social media platforms were buzzing this week because everyone wanted to know who released a questionable document containing the names, addresses, and statuses of over a hundred COVID-19 cases in Barbados. This list entitled “Outstanding Notifications” exposes not only confidential medical information but brings to the surface the emerging issue of social media and the breach of workplace confidentiality.
Most people have social media accounts and often their comments, posts, videos, and photos are public. Everyone is not aware of the risk or danger of using this form of communication. Many online users may be comforted by the ability to block, restrict and delete on social media but this is a false sense of security. This applies to online messaging applications like WhatsApp, Facebook, Instagram, and LinkedIn. Your privacy is compromised the day that you use a mobile, laptop, tablet, or computer. It is for this reason that businesses in the private and public sectors are most concerned about privacy and confidentiality. But sensitive information cannot be disseminated on its own as the culprit (outside of hackers and malicious malware) is usually found in the workplace.
Exposing confidential information can get you fired
Few businesses have a strong social media policy but that does not mean employers do not have a specific code of conduct that could penalise those who breach it. With social media, all employers and employees are brand ambassadors. If people go online and use abusive language, post offensive, racist, or sexually suggestive content, these are all legitimate reasons to end a work contract. This also applies to sharing company information eg. Contacts or account details of a client. A company’s reputation is priceless and if tarnished could result in litigation, loss of business, loss of suppliers, clients, or closure.
In Barbados, it is not strange to find internal communications posted on online blogs and being mentioned in news articles. This was evident in January when several businesses closed due to a COVID-19 positive employee. Management shared the information with the idea that employees would be aware of what is happening. The employee was not permitted to act as a public relations officer for the business especially since management was not given ample time to post the notice on social media, radio, or in newspapers.
This also brings into question trust in addition toconfidentiality. How would employees feel if management made their information public or businesses that held sensitive information about their health, finances, or buying habits published this in a public domain?
It must work both ways and for management, it is imperative to formulate a social media policy that is enforced. Employers must also invest in data protection software and also restrict employees from having access to information that is classified.
‘The List’ and the Computer Misuse Act 2005
In Wednesday’s press conference, Health Minister, Lt. Col Jeffrey Bostic told the media and the Barbadian public that the matter relating to the list of names is under investigation. Many people particularly those identified on the list may believe that they can only take civil action but there is also the criminal side found in the Computer Misuse Act. In this document, under offences, there are stiff penalties of $10,000 and up or/and imprisonment of two years. But with the rapid evolution of social media and its definition, amendments will be needed in the Act. Social media is complicating the lines of public and private information but all should remember that some information should be private and confidential as it may result in harm to others.