Protecting Client Privacy on Social Media: 3 Tips to Minimize Risk

In nonprofits, clients are the top priority. They are the reason we exist. Many nonprofits worry about getting into social media, fearing that it will jeopardize client confidentiality. There are many risks but, with careful training and management, these risks can be minimized.

Here are three ways to minimize risk:

1)      Include social media in your general privacy/confidentiality trainings. You may have a basic privacy training or a training specific to legislation such as HIPAA and FERPA.  Either way, it’s time to include social media in the discussion. Remind employees that their responsibilities to privacy/confidentiality are the same online as in the real world.

Wherever possible, include real-life examples of exactly what is and is not appropriate. Examples help make the dangers more tangible. If you don’t have any examples of breaches of confidentiality, consider yourself lucky.

I also suggest reminding staff and board members that what they post on their personal sites is also subject to your confidentiality policies and procedures.

2)      Refer to your internal HIPAA policies in your social media policies. In our social media policies and procedures, it is important to refer back to established internal policies such as privacy/confidentiality. This helps ensure that employees think about their activities in social media with the same mindset as they use in their day-to-day work life.

Again, real life examples are very helpful.

Do you work with youth or at-risk populations? You may have some special concerns when it comes to clients attempting to ‘friend’ staff or posting their own personal information on your social media sites. These kinds of privacy/confidentiality issues should be addressed in your policies.

3)      Create what I call Community Standards. This is a public document usually shared via an organization’s website which outlines the values/standards you will expect/reinforce on your social media sites. You can link to this page on the website from your social media sites.

One of the goals of a Community Standards document is that it sets the tone. It establishes an organization’s desire to maintain a social media site that is __________ (you fill in the blank: respectful, informative, ??). It articulates what types of comments/interactions are unacceptable and will be removed.

This document also protects you. It is an opportunity for you to make it clear that clients are responsible for the information they post. It is an opportunity to remind clients that while you will protect their information according to your P&P, they have a responsibility in regards to what they choose to post on your site. (Youth are a different story – we have added responsibility to protect youth’s personal information even if the youth themselves don’t choose to.)

Not sure what I mean? Here are some examples of Community Standards and Comments Policies. With a quick glance to these, you can see that tone makes a huge difference.

If you are trying to create social media policies for your nonprofit, my website has an entire page of resources you can use. There are several hundred sample policies available through the first two links on the page.

Do you have any questions? Ask them here! I’ll be happy to answer. If your organization has a social media policy, I’d love to see a copy. Email me at


One response to “Protecting Client Privacy on Social Media: 3 Tips to Minimize Risk

  1. Pingback: Moving Millennials to Donate: Easier than You Think | Jenny's Junction

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s