The social media platform HootSuite announced a service that purportedly provides organizations with greater compliance...
controls over Twitter and the like. I'm wondering what kind of compliance problems are introduced by social media though. There are many social media accounts within my organization, but I don't think we've really given much thought to these possibilities.
The financial industry's obligations under the Sarbanes-Oxley Act are the most commonly cited requirements when considering social media compliance. After all, unless a user tweets credit card numbers or personal health information, it's hard to run afoul of most regulatory obligations on social media because the two don't commonly intersect. If your company is regulated by Sarbanes-Oxley, or has other restrictions on corporate communications, social media should definitely be integrated into the compliance plan.
Services offered by HootSuite and competitors including Smarsh and Globanet attempt to meet two important compliance requirements for social media accounts. First, they create a searchable archive of social media activity, allowing firms to meet regulatory requirements to permanently store communications. Second, they allow for the use of a separation-of-duties approval process, where social media communications may be reviewed and approved by compliance staff prior to release. This reduces the likelihood that an inadvertent tweet from a staff member will jeopardize the firm's compliance.
Think that social media compliance isn't a major risk? Mark Grimaldi, president of Navigator Money Management, Inc. would disagree. In January 2014, the Securities and Exchange Commission determined that he was making false and misleading claims about his investment firm on Twitter and slapped him with a $100,000 fine. That's some serious cash!
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
For more advice on social media compliance, see this expert's answer!
Developing social media compliance policies? This article can help.
Dig Deeper on Social media security risks and real-time communication security
Related Q&A from Mike Chapple
Vulnerability scanning tools are necessary to be fully compliant with PCI DSS, but the tools need to come from a PCI DSS Approved Scanning Vendor. ...continue reading
Healthcare clearinghouses like Mass HIway are a new trend in health IT, but what are the security implications? Expert Mike Chapple explains what you...continue reading
The FFIEC Cybersecurity Assessment Tool has faced harsh criticism since its 2015 release. Expert Mike Chapple reviews the tool and how it can be ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.