While 23 out of 24 major federal agencies now routinely use Facebook, Twitter and YouTube to interact with the public, a new report by the Government Accountability Office released Thursday warned that only seven of the 23 agencies had taken necessary safeguards to protect against malicious activities.

The new report highlighted what amounts to mixed progress in agencies’ effort to use social media to inform and engage the the public, citing concerns in managing and identifying federal records, protecting personal information, and ensuring the security of federal information and the systems that host that information.

Specifically, GAO reported that in the areas of:

Records management: 12 of the 23 agencies have developed and issued guidance that outlines processes and policies for identifying and managing records generated by their use of social media and record-keeping roles and responsibilities.

Privacy: 12 agencies have updated their privacy policies to describe whether they use personal information made available through social media, and 8 conducted and documented privacy impact assessments to identify potential privacy risks that may exist in using social media given
the likelihood that personal information will be made available to the agency by the public.

Security: 7 agencies identified and documented security risks (such as the potential for an attacker to use social media to collect information and launch attacks against federal information systems) and mitigating controls associated with their use of social media.

The report noted that agencies apply varying ranges of controls on social media. The Department of Health and Human Services, for instance, blocks the use of social media sites by employees except for those using them for business needs. The State Department, on the other hand, reported that it had no plans to assess the agency’s social media security because its internal policies did not require it.