Client Bulletin: Limits of Privacy on Facebook
With over 800 million users, there is a good chance that you, a family member or a business colleague uses Facebook. Many people assume that their posts and information viewed on Facebook is only available to their “friends.” Such an assumption would be wrong for several reasons.
First, your information is only private to the extent you affirmatively check certain boxes for your Facebook page. If you fail to select the appropriate settings, you will be allowing more than your “friends” to view your personal information. Remember that these settings involve not only limiting what the general public can see, but what advertisers and other websites you visit can see about your Facebook page (even if you are not logged on to Facebook at the time). Therefore, consider adjusting your privacy settings in the category marked “Apps, Games and Websites” and “How people bring your info to apps they use.” To maximize your privacy, turn off all platform apps.
Second, unlike Google+, Facebook does not make it easy to create different categories of “friends”, each of which only has access to limited information. Rather, once you make someone your “friend” – whether that person is a true friend, your boss or co-worker, someone you met last night, or even a celebrity you never met – that “friend” has the same access to your personal information that your best “friend” has. Though the user can block off certain “friends” from certain information, the process to do so is neither obvious nor simple. Such sharing of personal information would never occur outside of online social networking sites.
Fourth, several recent Court decisions have held that your Facebook page is not necessarily private. That is, litigants have obtained access to Facebook pages (among other social networking sites like MySpace) to prove their case. For example, in one case, a plaintiff claimed she was injured and unable to participate in activities she previously enjoyed. Against her objection, her adversary obtained access to her Facebook and MySpace pages to prove that the plaintiff was lying. The defendant was even able to gain access to “deleted” information from those pages. Similarly, other Courts have held that you have no “right to privacy” in your Facebook or MySpace pages because those companies do not guarantee complete privacy. As a result, employees have been terminated for information they posted online.
Fifth, your “friends” can share your information without your permission. Unauthorized sharing has also occurred as a result of viruses or hackers, both of which are rampant.
Sixth, never assume that what you delete is truly deleted. It is not. “Deleted” information is usually stored for an extended period of time with or without your knowledge.
Michael J. Feldman, Esq., is an attorney and partner at OlenderFeldman LLP (www.olenderfeldman.com) in Union, New Jersey, and a founding member of Acentris LLC (www.acentris.com), a privacy and data protection consulting firm. Mr. Feldman is also a Certified Information Privacy Professional (CIPP) and can be contacted at email@example.com or 908-964-2486.