A blog about Oracle Social Life

Preparing for Data Compliance with Oracle Social's Workflow & Automation Features

Today's blog was written by Sally-Anne Kaminski, Manager of Global Social Media Strategy at Zebra Technologies Corporation.


With offices in more than 80 countries worldwide, one of the things that has been top of mind for me for the past year is how we ensure our social media activity complies with GDPR. If you're not familiar with GDPR, it stands for General Data Protection Regulation, and it's been touted as " the most important change in data privacy regulation in 20 years." (No pressure, right?) The goal of GDPR is to protect the personally identifiable information, or PII, of individuals living in the EU. Enforcement begins on May 25, 2018. 

The thought of ensuring compliance may seem daunting, especially if that's not your day-to-day job, but it doesn't need to be. Within Oracle Social Cloud, there are many features and settings that we'll be using to design audit controls and workflows to help us take the utmost care in handling PII. Over the next few weeks, we’ll be sharing the nitty gritty of how we’ll use each console within Social Cloud.  Today, we’ll feature Workflow & Automation, where we control user access.

Workflow & Automation: Resources Tab, Bundles

We have one main Bundle that my team uses for visibility into global activity from one centralized location; we literally call this the "Main Bundle". All 22 of our Social Properties are authorized here.

Since Zebra has both global and regional marketing teams, we use Bundles to manage their access. 

  • Each region receives its' own Bundle, where only that region's Social Properties are accessible.
  • Within each region's Bundle, we create sub-Bundles for any agency partners that are activating social on the region's behalf. This helps us see exactly what each agency is doing and where. And, if we part ways with an agency partner, we simply deactivate their Sub-Bundle so no other users are impacted.

Workflow & Automation: Users Tab

We no longer grant access to our social networks directly; all access is granted through Social Cloud. Since Social Property access needs vary amongst users, we rely on User Roles to configure each individual user’s access to ensure they only see what they have a need to see. We call this concept "Least Privilege", where you can only access items on a "need-to-know" basis. While the name may seem restrictive, it's done by design to prevent unauthorized account access.

Here are the most common User Roles that we assign for Bundles. Our users have the exact same User Roles for the individual Social Properties, too.  

  • Editor: Used for content creators.
  • Author: Used for temporary employees like interns, who may need someone to review their work prior to publishing.
  • Moderator: Used for those handling customer support, who need access to review Engage for social mentions that need follow-up.
  • Media Manager: Used for agency partners who are creating dark posts for Facebook Advertising
  • Analyst: Used for employees or agency partners who are only doing social network-specific reporting. 

For example, if we have an agency partner that is only publishing and reporting on organic Twitter posts for our North American team, this is what their configuration would look like.

  • Bundle: North America
  • Sub-Bundle: Agency XYZ
  • Social Properties: Twitter
  • User Roles: Editor, Analyst

Workflow & Automation: Account Tab

There are several important settings within the My Account page that we have configured for users

  • Default Timeout Value: We leave this at Oracle's default value of 8 hours, so that users get logged out once a day. This helps us ensure that if someone ever loses a laptop, they'll have been logged out. And, if we see that someone has not signed in within the last 1-2 months, that's a good indicator that 
  • Password Expiration Value: Our company policy is to reset passwords every 90 days, so that is what we have configured. 
  • Add Unpublished Posts to Engage: Checking the box here allows our Moderators the ability to monitor dark posts created for Facebook Advertising within Engage, eliminating the need to grant access to Facebook Ad Manager. 

Workflow & Automation: Workflow Tab

We use Workflow for two primary use cases:

  1. As a way to proofread posts that Authors have created, prior to publishing.
  2. Route customer service inquiries from Engage to the appropriate call center contact, who has a login to the tool.

Using Workflows gives us the ability to create Threads within Social Cloud, where multiple users can collaborate on specific items within each Workflow. If an Author needs to change something in a post before it is published, that request is then documented within the tool. And for customer service inquiries, responses are stored securely within Social Cloud, versus being taken offline to e-mail where someone could easily forward on and mishandle customer contact information.

These are the main ways that we're using Workflow & Automation to keep personal information safe. Are there configurations you're using that we may not have covered? We'd love to hear how you're configuring your instance of Social Cloud for data privacy. Leave us a comment below!


Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha