SSilver - Fotolia
Nexgate released a report titled State of Social Media Infrastructure Part III: A Compliance Analysis Fortune 100 Social Media Infrastructure, in which the company analyzes social media compliance of Fortune 100 firms. What are the main takeaways from this report?
Social media creates a variety of compliance challenges for organizations in several different industries, particularly those involved in providing healthcare and financial services. The recent Nexgate report revealed some surprising findings, particularly around the extent of social media activity in Fortune 100 companies. The average Fortune 100 firm has a whopping 320 social media accounts and an average of 1,159 employees who make half a million posts per year on those accounts. With that number of people involved in such a massive information flow, there are bound to be enterprise social media compliance issues.
Financial services firms constituted the largest source of social media compliance issues uncovered in the Nexgate analysis. Compliance incidents for financial firms range from truth-in-lending disclosures to Fair Housing Act compliance. The largest issue, however, relates to Financial Industry Regulatory Authority requirements that financial institutions respond promptly to customer complaints. Financial institutions that maintain a social media presence must monitor consumer activity on those accounts for issues that allege theft, forgery or other misappropriations of funds and then respond to those complaints promptly.
Healthcare firms also accounted for a significant number of social media compliance issues, but those incidents came from a surprising source. HIPAA was not at the heart of healthcare compliance issues, as one might expect. Rather, almost a hundred cases emerged in the Nexgate analysis that were subject to FDA Adverse Event Reporting requirements. The FDA requires pharmaceutical companies to file reports each time they hear of a consumer or medical professional experiencing an issue with a drug. If someone tweets at a company's official social media account reporting such an issue, this is more than an informal communication; therefore, companies should consider whether such a tweet constitutes notice of an adverse event that triggers FDA reporting requirements.
Enterprise social media compliance issues are complex and companies operating in any regulated industry should carefully consider how participation in social media affects their compliance obligations.
Ask the Expert:
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today. (All questions are anonymous.
Check out what social media compliance regulations enterprises need to know
Learn how to ensure enterprise social media security
Learn some best practices for CISOs on social media
Dig Deeper on Data privacy issues and compliance
Related Q&A from Mike Chapple
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading
The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ... Continue Reading
HIPAA regulations incorporate NIST guidelines and standards, so do healthcare organizations need to be compliant with both? Expert Mike Chapple ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.