Hello internet and welcome to my blog.
This week’s activity was centred around the legal risks that organizations must take into consideration regarding social media. For this week’s task we were asked to cover:
“create a blog post describing your selected organisation (its sector, their business, services etc…). Using the concepts introduced to you in the lecture, and also the reading and additionally those that you can find yourself, identify some of the applicable legal risks for your chosen organisation. Justify why those risks are particularly relevant (e.g. risks for QUT could be different than that of a Dental Practice) and provide scenarios of how some of these risks could apply and what the organisations Social Media Policy should attempt to address.”
Before I start on my analysis of the organization I’ve chosen I would like to cover the actual legal risks as briefly as possible. In all there are five different risks that need to be considered, confidential information, wrongful dismissal, statutory risks, occupation and organisation specific risks and reputation risks. For further reading on the subject refer to DUNDAS LAWYERS article on the subject. Now onto my analysis for this week.
For this week’s task I’ve chosen to cover an organization that deals with large volumes of both confidential and personal information on a daily basis.
The organization’s name is Healthscope, it’s a private health organization that has a presence through Australia. With more than fifty facilities throughout Australia, New Zealand, Malaysia, Singapore and Vietnam the sheer amount of sensitive information being generated and store is no joking matter.
So let’s start with confidential information. To begin with, in this case there are at least three different kinds of confidential information involved, the personal information of customers and patients, the billing details of customers and information pertaining to patients. Now considering the sheer amount of information involved, a breach of confidentiality could be potentially cataclysmic in many ways.
To begin with, with such a wide network of locations the volume of financial information is large enough that should its security be compromised you’re looking at possibly millions of dollars in losses. This would have a negative impact on public image/reputation. It would also require large amounts of time and resources to recovery lost assets, law suits and ensure such event can never transpire again.
The same can apply to confidential information pertaining to customers and patients. While there may not be a monetary impact initially, it will again affect public image/reputation. The same repercussions would ensue, time and resources for legal issues and fixing problems.
Next I will be covering the issues of occupation and organization specific risks and touch lightly on statutory risks.
Occupational risks will always be present and can never truly be defeated. There are two kinds of issues, those incurred by people and those incurred by technology. They can also work together to form a series of unfortunate events.
In this situation with such a large organization a wide network of computer will need to be in use. Here we have our two issues, the people and the computers.
The issues with people can range far and wide from unknowingly opening a malicious link in an email to deliberately misusing privileges to leak information. Statutory risks are created by the people, these involve legal matters such copyright, privacy, discrimination, etc.
The issues with technology can range from incorrectly configured security settings to providing users with access to potentially malicious websites. Many of these issues can be solved through staff training.
Finally we have the reputation risk. Now, how would you feel going to a hospital knowing that there have been issues with patients and malpractice? You would avoid it like the plaque. That’s why such an issue could be considered disastrous for Healthscope. With Health care and any other industry reputation is everything, you can’t continue with a great big X against your name.
This could arise through any number of channels, complaints from customers/patients, incidents being published in news, or users flaming you in online forums/social media for entire the world to see. Such events can be perfectly avoidable with appropriate business strategies.
Now for the all-important discussion about the use of a social media policy. A social media policy (SMP) is a set of standards used to convey the organizations expectations regarding employee’s use of and conduct within social media. By appropriately organizing a SMP Healthscope could potentially achieve a number of goals including: protect confidential information, limiting negative behavior of employees through social media both in an official and unofficial manner and address a number of other statutory risks.
So that’s it for this week’s blog. Feel free to leave any thought in the comments and I’ll leave you with this week’s food for thought
“Even the smallest person can change the course of the future.” – Galadriel