With all the media and legislative attention on Facebook's privacy practices, it makes sense to consider the impact that may have on your brand if you participate on the network. Is there a reputational risk? Is that risk higher than the perceived rewards? How can you manage those risks?
While Facebook has a rocky track record on privacy, it seems to be moving in the right direction by writing clearer privacy policies and providing more choices regarding users' level of sharing. Because there are multiple ways for your brand to interact with users through Facebook, the privacy implications will vary. The good news is that you can choose a path with privacy risks that best meet your goals.
The first thing to consider is, what do you want to do? What is your overall brand strategy and how does Facebook support that strategy? How much interaction will you need with Facebook users to meet your marketing goals?
A Facebook Page is the least invasive method of interacting with consumers, allowing you to directly communicate with fans—those who "like" you—post news and events, generate dialogue and drive traffic to your website. No personally identifiable information (PII) is exchanged. This is a "privacy-safe" choice. Your Facebook Page should have a stated comment policy (usually in the "info" section or a custom tab) written in user-friendly terms. This should not be written by your lawyers.
Facebook for Websites gives you the ability to connect your website to the Facebook experience. Facebook users can "like" your brand from your website through a social plug-in or log onto your website using Facebook credentials. The login (or Facebook Authentication) gives your site access to users' basic information—name, profile picture, gender, networks, user ID, list of friends and any other information they share with everyone. To receive additional information, such as email, you will have to request additional permission from the user through Facebook.
Only request and retain the user data that you really need, and clearly communicate to the user, at the point of collection, about how the data will be used and what the value exchange will be. If you collect user data through Facebook, also post your notice of collection along with your comment policy on Facebook and on your own website.
Apps on Facebook are the highest level of tie-in to the social networking site, integrating with the user's Facebook News Feed and Notifications. The user will be asked to give your application access to Facebook, providing you the basic information shared with everyone. Additional permissions must be requested for more functionality, such as posting information to the user's news feed.
Clearly communicating how you will interact with users' news feeds, with their "friends" via personalized ads, and how you will use any other data is critical. Remember, once you begin to compile consumer data, you are obligated to provide a secure environment and protections around its use. Make sure you are prepared to deal with all the responsibilities surrounding PII. Consider what you will do when something goes wrong. Prepare for the "negative event" when an unflattering story or comment goes viral. Facebook must now be a part of any corporate communications plan.
Technology is changing quickly and businesses like Facebook often have to address privacy implications in new products/service offerings without the benefit of experience or relevant guidelines. This shouldn't scare us. As you weigh your participation in social media, strive to behave in ways that generate trust and build confidence with consumers. Direct marketers should always be striving for a win-win solution.