The social media platform HootSuite announced a service that purportedly provides organizations with greater compliance controls over Twitter and the like. I'm wondering what kind of compliance problems are introduced by social media though. There are many social media accounts within my organization, but I don't think we've really given much thought to these possibilities.
The financial industry's obligations under the Sarbanes-Oxley Act are the most commonly cited requirements when considering social media compliance. After all, unless a user tweets credit card numbers or personal health information, it's hard to run afoul of most regulatory obligations on social media because the two don't commonly intersect. If your company is regulated by Sarbanes-Oxley, or has other restrictions on corporate communications, social media should definitely be integrated into the compliance plan.
Services offered by HootSuite and competitors including Smarsh and Globanet attempt to meet two important compliance requirements for social media accounts. First, they create a searchable archive of social media activity, allowing firms to meet regulatory requirements to permanently store communications. Second, they allow for the use of a separation-of-duties approval process, where social media communications may be reviewed and approved by compliance staff prior to release. This reduces the likelihood that an inadvertent tweet from a staff member will jeopardize the firm's compliance.
Think that social media compliance isn't a major risk? Mark Grimaldi, president of Navigator Money Management, Inc. would disagree. In January 2014, the Securities and Exchange Commission determined that he was making false and misleading claims about his investment firm on Twitter and slapped him with a $100,000 fine. That's some serious cash!
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
For more advice on social media compliance, see this expert's answer!
Developing social media compliance policies? This article can help.
Dig deeper on Social media security risks and real-time communication security
Related Q&A from Mike Chapple, Enterprise Compliance
PCI DSS requirement 6.6 demands application security compliance through one of two options: an application firewall or a code review. Expert Mike ...continue reading
Are HIPAA-compliant hosting services a better option for compliance than a secure storage API? Expert Mike Chapple analyzes.continue reading
Metadata tagging is not just for security. Expert Mike Chapple explains how tagging tools can be used to achieve PCI DSS compliance.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.