Best Practices

Best practices is all about risk management from the user and from the enterprise perspective. Risk management is knowing the risks, the likelihood of each and how to eliminate or reduce their occurrences. For every Socially Safe Seal applicant, WiredTrust audits their practices to inform them of the risks and how they need to address them effectively. The extensive audit process helps the applicant understand the risks of their community technologies and be proactive in avoiding them or lessening their frequency. Educating the enterprise is as important as educating their users. Their users must be educated as well, and in the case of sites safety information for minors, parents, caregivers and educational institutions is a crucial component of risk management. Socially Safe Seal holders must have cybersafety content on their publicly-facing pages teaching the users how and what to report as abusive and when they should ask for help. WiredTrust works closely with the world's largest and oldest cybersafety charity, WiredSafety, to provide the latest and best cybersafety information and resources for its Socially Safe community.

Most privacy policies and terms of service that are written (and sound like they were written) by lawyers in Ivory Towers and range upwards of 12 pages of fine print don't tell you very much. They are all about covering the legal disclosures in a language few can understand and fewer even try. Most click "I accept" without ever knowing what they have agreed to or understanding that that box checked constitutes a legal contract. Socially Safe changes that. If they have a long and boring terms of service, they need a short code of conduct to make it easier for users to understand their rights and what is expected of them.

Privacy tutorials, guides and settings must be designed to inform and empower the users to take steps to protect themselves and understand and implement their choices. When someone reports an abuse or problem, they should know what will happen to that report and when they should expect to receive a response. Emergencies should be routed differently from "lost password" inquiries, whenever possible. And when emergency and serious abuse reports are received, the customer service or moderation team members receiving it should have the training and support they need to handle it efficiently.

Hiring practices are covered as well. The Socially Safe participant must do background checks on all customer/user-facing support personnel and all data-management personnel. They must conduct probes of their security systems, using reputable security advisors. And new features must be reviewed for safety, privacy and security before going live.

Content management systems and monitoring technologies must be in place to ensure that users are complying with the terms of service or codes of conduct, or a carefull designed report abuse/abuse management system must be in place to permit users to self-police. (With technologies designed for preteens, content management and monitoring systems must be in place. They may not rely entirely on user self-policing for safety.)

Legal compliance is crucial to best practices as well. Entities actively conducting business in countries outside of the US much comply with all applicable laws of those countries. Local privacy and legal rights disclosures must be made as well. And technologies dealing with sensitive issues and vulnerable audiences and user groups must customize their practices to take those risks into consideration.

Id data is being transferred, users must be informed and given choices. And if there is a change in control, notification must be given to all registered users by the most effective means available. Offline contact information must be provided and confidentiality agreements must be in place for all third-party processors or suppliers that have access to data to perform services for the participant.