Socially Safe Seal
How can your organization or company be Socially Safe?
Introduction
What does a company need to consider to be socially safe? At WiredTrust, our contention is that it’s not something that should be done alone but in partnership with experts.
WiredTrust currently offers two seals. The Socially Safe Seal and the Socially Safe Kids Seal, both of which cover cyber safety and best practices for Web 2.0 sites, interactive digital technologies, tools and features and their related services, games, products and networks (collectively known as a “Community Technology”).
The standard Socially Safe Seal is for general audience – (it can be directed at teens, but not primarily directed at tweens or preteens) Community Technologies and those that only permit users who are thirteen years of age or older. The Socially Safe Kids Seal is for Community Technologies directed primarily at tweens and preteens. Both seals also cover marketing companies involved in marketing and promotions to tweens and teens.
In order to qualify for the Socially Safe Seal and/or the Socially Safe Kids Seal, an applicant must demonstrate that they already meet, or must adopt and adhere to, best practices for their market segment.
Policies and People
From the perspective of the Community Technology this includes adopting and articulating internal operation policies and creating external guides for key stakeholder groups, as specified, for its Community Technologies.
Best practice compliance also includes vetting internal staff and outside providers to make sure that risk managers and customer service personnel are selected, trained, supervised and managed in the right way.
In addition, Seal applicants must provide certain information to WiredTrust and updates of that information throughout the term of the Seal.
The Socially Safe best practices guidelines require that the site, network or provider know its users and customers and how their Community Technologies are used.
Seal applicants must understand the stakeholders impacted by their site, network, product or service and identify and address their privacy, safety and communication needs.
Reporting Systems
Socially Safe seal holders must create formal processes and guidelines to ensure consistency in customer service and communications. (Too often the safety and security of users depends on which moderator or customer service representative addresses their problem or questions, rather than being a system-wide consistent response.)
Ideally, high risk issues should be handled by risk management personnel trained to address them in the appropriate manner, and escalation policies should be in place to make sure that reports and problems identified by the network are steered to the right high risk escalation team members.
Triaging of reports and identified risks must be built into moderation and abuse report systems.
Data must be maintained for a minimum time to permit responses to be audited and legal access to data for investigations and legal inquiries.
Law Enforcement
Each Socially Safe Seal holder must have a process in place for law enforcement investigations and inquiries and a written guide explaining how that process takes place.
Seal holders have addressed the issues of illegal activities and content and created a special communication process for confirmed members of law enforcement who are investigating active cases or who need information regarding the Seal holder’s practices, technologies and data retention for official inquiries.
The more interactive a Community Technology is, or the more user-generated content (UGC) the Community Technology permits to be shared at the site, the more stringent the standards to address the increased risks.
Practical Considerations
While the priority is always safety, WiredTrust is practical too. It takes into consideration the size and duration of operation of the Community Technology, as well as its projected risks. (Experts at WiredTrust have been advising the industry, government, law enforcement and the public in these matters since 1995 and can usually forecast risks, as well as identify solutions.)
Start-ups, especially when their user-base is low, have a lower “Threat Profile” by the nature of their size and reduced start-up activity. Once their user-base increases, their obligation to adopt more stringent policies and procedures does as well.
Established Community Technologies with smaller adoption rates and those that do not permit UGC or collect location or offline contact information from their users have fewer obligations than their larger counterparts.
During the Seal audit process, WiredTrust carefully reviews a Community Technology’s track record and relevant questions are asked.
- Have they been the subject of government regulatory action?
- Has a COPPA seal program notified them of COPPA violations?
- Have they had adverse media or attacks from non-profits or user groups?
Each of these is evaluated for the purposes of setting the right level of risk-management and best practices standards for each applicant.
Children and Vulnerable Groups
Community Technologies directed at children and preteens must be the safest of all, with those directed at teens a close second. Vulnerable demographic groups (such as sexual abuse survivors, cancer patients and special needs groups) and sensitive themes (such as racial or religious topics, abortion and birth control and political debates) are targeted online more frequently and Community Technologies used by or directed to them must have more rigorous risk management solutions as well.
Reports of high-risk activities, such as suicide threats, cutting and self-mutilation, eating disorders and bomb threats, must be handled with the assistance of subject matter experts and specially trained high-risk moderation staff.
WiredTrust Helps Find a Way Through
WiredTrust reviews the business models, operations, compliance and risks management history and target audience of the Seal applicant to help determine the right standards for each Community Technology provider and which levels of the best practices should apply.
Risks are balanced for each applicant in making that determination.
- Where and how are they operating?
- How large is their staff?
- What is the nature of their Community Technology?
- What is their target demographic?
- What data do they collect, how is it collected, and how long is it stored?
- Is the Community Technology provider an entity with a proven risk management track record, or new to the industry?
All of these questions are reviewed and evaluated and used to help identify the right set of best practice standards that apply to the Community Technology.
Contact us today and let us help you manage the risks you face operating online and create an outstanding and safe service for your customers.