I'm putting together an updated social media policy for my company and I'm trying to incorporate all the relevant...
compliance mandates. Is there anything defined in SOX that I should be aware of that might dictate parts of the policy?
Social media is an important communications vehicle for many businesses and should be considered carefully when building a Sarbanes-Oxley (SOX) compliance program. One of the major provisions of SOX is publicly traded companies must make timely disclosures of material information about their businesses. This raises two social media compliance concerns for regulated businesses.
First, if an organization regularly uses social media to disclose business information, then it should ensure those channels are used for SOX-required disclosures. Similarly, organizations should make sure information posted on their social media accounts or websites is accurate and updated promptly. In 2011, FINRA fined Credit Suisse $4.5 million for misrepresenting information, including inaccurate website disclosures.
Second, organizations must ensure any posts made by company officials that may be considered material disclosures are also distributed promptly through other communications channels. Netflix CEO Reed Hastings learned this the hard way in 2012 when he became the subject of an SEC investigation after posting on his personal Facebook page that Netflix monthly viewing had reached one billion hours. The investigation focused on whether this was an improper disclosure and, although it failed to reach a conclusion, it has companies reconsidering the way executives engage on social media.
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
Mike Chapple details how to avoid social media compliance pitfalls.
Dig Deeper on Security audit, compliance and standards
Related Q&A from Mike Chapple
Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between ... Continue Reading
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading
The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.