Digital "Best Practices" require transparency, access and information. They also require that
your backend matches your promises on the frontend.
click here to download the Socially Safe Overview
Best practices is all about risk
management from the user and from the enterprise perspective. Risk management is knowing the risks, the likelihood of each
and how to eliminate or reduce their occurrences. For every Socially Safe Seal applicant, WiredTrust audits their practices
to inform them of the risks and how they need to address them effectively. The extensive audit process helps the
applicant understand the risks of their community technologies and be proactive in avoiding them or lessening their frequency.
Educating the enterprise is as important as educating their users. Their users must be educated as well, and in the case of
sites safety information for minors, parents, caregivers and educational institutions is a crucial component of risk management.
Socially Safe Seal holders must have cybersafety content on their publicly-facing pages teaching the users how and what to
report as abusive and when they should ask for help. WiredTrust works closely with the world's largest and oldest cybersafety
charity, WiredSafety, to provide the latest and best cybersafety information and resources for its Socially Safe community.Most privacy policies and terms of service that are written (and sound like they were written)
by lawyers in Ivory Towers and range upwards of 12 pages of fine print don't tell you very much. They are all about covering
the legal disclosures in a language few can understand and fewer even try. Most click "I accept" without ever knowing
what they have agreed to or understanding that that box checked constitutes a legal contract. Socially Safe changes that.
If they have a long and boring terms of service, they need a short code of conduct to make it easier for users to understand
their rights and what is expected of them.
Privacy tutorials, guides and settings must be designed to inform and
empower the users to take steps to protect themselves and understand and implement their choices. When someone reports an
abuse or problem, they should know what will happen to that report and when they should expect to receive a response. Emergencies
should be routed differently from "lost password" inquiries, whenever possible. And when emergency and serious abuse
reports are received, the customer service or moderation team members receiving it should have the training and support they
need to handle it efficiently.
Hiring practices are covered as well. The Socially Safe participant must do background
checks on all customer/user-facing support personnel and all data-management personnel. They must conduct probes of their
security systems, using reputable security advisors. And new features must be reviewed for safety, privacy and security before
Content management systems and monitoring technologies must be in place to ensure that users are complying
with the terms of service or codes of conduct, or a carefull designed report abuse/abuse management system must be in place to permit users to self-police.
(With technologies designed for preteens, content management and monitoring systems must be in place. They may not rely entirely
on user self-policing for safety.)
Legal compliance is crucial to best practices as well. Entities actively conducting
business in countries outside of the US much comply with all applicable laws of those countries. Local privacy and legal rights
disclosures must be made as well. And technologies dealing with sensitive issues and vulnerable audiences and user groups
must customize their practices to take those risks into consideration.
Id data is being transferred, users must
be informed and given choices. And if there is a change in control, notification must be given to all registered users by
the most effective means available. Offline contact information must be provided and confidentiality agreements must be in
place for all third-party processors or suppliers that have access to data to perform services for the participant.