iQoncept - Fotolia
The social media platform HootSuite announced a service that purportedly provides organizations with greater compliance controls over Twitter and the like. I'm wondering what kind of compliance problems are introduced by social media though. There are many social media accounts within my organization, but I don't think we've really given much thought to these possibilities.
The financial industry's obligations under the Sarbanes-Oxley Act are the most commonly cited requirements when considering social media compliance. After all, unless a user tweets credit card numbers or personal health information, it's hard to run afoul of most regulatory obligations on social media because the two don't commonly intersect. If your company is regulated by Sarbanes-Oxley, or has other restrictions on corporate communications, social media should definitely be integrated into the compliance plan.
Services offered by HootSuite and competitors including Smarsh and Globanet attempt to meet two important compliance requirements for social media accounts. First, they create a searchable archive of social media activity, allowing firms to meet regulatory requirements to permanently store communications. Second, they allow for the use of a separation-of-duties approval process, where social media communications may be reviewed and approved by compliance staff prior to release. This reduces the likelihood that an inadvertent tweet from a staff member will jeopardize the firm's compliance.
Think that social media compliance isn't a major risk? Mark Grimaldi, president of Navigator Money Management, Inc. would disagree. In January 2014, the Securities and Exchange Commission determined that he was making false and misleading claims about his investment firm on Twitter and slapped him with a $100,000 fine. That's some serious cash!
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
For more advice on social media compliance, see this expert's answer!
Developing social media compliance policies? This article can help.
Dig Deeper on Social media security risks
Related Q&A from Mike Chapple
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading
The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ... Continue Reading
HIPAA regulations incorporate NIST guidelines and standards, so do healthcare organizations need to be compliant with both? Expert Mike Chapple ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.