Social media allows companies to communicate and share information with ease.
Gartner defines social media as “an online environment where content is created, consumed, promoted, distributed, discovered or shared for purposes that are primarily related to communities and social activities rather than to functional, task-oriented objectives. In this context, media represents an environment characterized by storage and transmission, while social describes the distinct way these messages propagate in a one-to-many or many-to-many fashion.”
Enter social media governance. Enterprises must govern and manage all their information, including social media, in compliance with business requirements, laws, and regulations. Retaining records of social media activities is just as important as maintaining records of any business decision regardless of format - paper, e-mails, Word documents and much more.
Failing to preserve social media is like failing to preserve records that are email or ESI.
The legal precedence comes from cases such as Arteria Prop. Pty Ltd. v. Universal Funding V.T.O., Inc., where the judge ruled: This court sees no reason to treat websites differently than other electronic files. The Federal Rules of Civil Procedure Rule 26 requires organizations to be able to produce all potentially responsive information for e-discovery purposes.
Are you keeping your social media safe?
Here are three steps for helping your organization use Information Governance to benefit from the advantages of social media while protecting against the risks of failing to comply with federal laws and regulations and over-retention of information.
Establish Governance and Policies
The risks are too high to simply stand by and wait for a problem. Be a leader in the adoption of social media applications within your enterprise by developing policies that provide the ability to appraise new social media services and determine if they are a good fit for your organization. Guidelines, policies, and procedures should outline roles & responsibilities, identification, acceptable use, classification, retention & disposition, litigation holds, and eDiscovery for social media.
An electronic message is a business record if its content, structure, and context confirm or support a business decision. Therefore even a tweet can be a business record as long as it meets these qualifications since it is the content not the media type that drives the classification, retention, and disposition of records.
An Information Governance (IG) program must be aware and knowledgeable about the different types and uses of social media by its organization in order to create effective policies. Before creating and putting policies in place it is important to determine how your enterprise uses social media.
Work with communications, marketing, PR, and any other necessary departments to determine their official and unofficial use of social media. Most companies have a presence on sites such as Facebook, Twitter, LinkedIn, YouTube, company blogs, and more, so determine which social media services your organization utilizes to publish information - and for what purposes. Is there an approval process for publishing official company content and who is responsible for doing so? If social media content is currently being retained what technologies and processes are in place?
Policies regarding employee personal and work related social media use are now common. However, there must also be policies that define, govern, and establish guidelines and procedures for social media records created by an organization on Twitter, YouTube.
Keep in mind internal enterprise social networking services that your company may use such as Wikis, Yammer, Chatter, Jive, Jabber, etc. There may not always be official records here as they are often used for collaboration. However, there is still a huge need for governance to protect information and avoid over retention of transitory records past their business use that could be discoverable in a lawsuit or leaked in a data breach.
Ensure Capture of Content for Compliance
The use of social media creates business records that must be captured and managed for compliance with federal laws and regulatory requirements. However, the majority of social media services systems make it clear in their user agreements that it’s not their job to manage or preserve your business records and information. This means that it is your responsibility to manage capture, retention, and disposal even though the content exists outside the control of your enterprise on Twitter or Google Plus.
Maintaining compliance with all applicable regulations governing social media and electronic messaging is vital to a company’s continued success and operability. This is particularly important for the financial industry which has new and updated regulations for electronic information and communications. Understanding the various regulatory requirements from FINRA, SEC, FTC etc. can help Financial Services firms maintain their legal position in the modern financial marketplace - with social media in financial services an escalating concern.
Once you determine whether or not information constitutes a business record according to your organization’s records and information management policy you can capture what is needed for retention.
Think about how frequently you will need to capture information. This depends on how often the content changes, the amount of content, the stability of the social media site, and available tools for extracting information from the site. It’s important to keep classification and metadata in mind during capture so that you can find these records and know their retention period. Does your records retention schedule have existing categories that apply to content created in social media or does your schedule need to be updated? Social media records often involve more than just posts such hyperlinks to YouTube videos or a PDF of a white paper from another website. These links and attachments must be captured and preserved as they are part of the record and provide added meaning like an email with attachments.
Preservation & Improvement
Records must be retained and accessible for their retention period as required by laws and regulations. Since most social media sites, such as LinkedIn, are not responsible for managing or preserving your information, you will need to manage records in your own environment. Many social media records have short retention periods or are easy to retain and manage such as content uploaded to a blog or YouTube. However, preservation of social media pages such as Facebook can be more difficult to capture data from without an archiving tool to extract and preserve information.
Preservation of social media, like any type of information, includes easily accessibility and retrieval. Be aware of digital preservation best practices such as migration and open formats to deal with the challenges of social media being complex, collaborative, and often in non-standard and proprietary formats.
Robust search capabilities of preserved content are needed for access and retrieval. Some organizations have many different Twitter accounts for each country or location they are active in, especially in the pharmaceutical and hotel industries. These organizations would need to capture the associated metadata with these social media records to have them easily findable when needed to be retrieved for an audit or during the discovery period of a lawsuit.
Be sure to audit your progress.
- Are employees aware of and following the policies you put in place?
- Use change management practices so that your policy is not just in place but being used.
- Make updates as needed to keep up with evolving technologies, trends, and regulations.
- Can you leverage your business’ social media information and use to derive value from data analytics?
- Strategic IG decisions need to be made to ensure the policies are in place and being followed to govern your high risk/high value social media content.
Effective information governance of social media, powered by social media policies, will allow records to be available and accessible to the necessary people as required by your organization and legal and regulatory requirements - keeping your organization on the safe side of social media.