Discover PerformanceHP Software's community for IT leaders // November 2012
Creating a model solution for social media governance
Social media and data retention are a tough mix. Learn how to protect your organization against legal and compliance risk in a social media world.
For regulated entities, data retention is a constant concern. Rapid technological change only increases the burden. When email first entered the enterprise, regulators needed to decide whether it would be subject to retention requirements. Today, it’s the wide range of social media providing uncertainty in data governance.
As social media evolves and becomes more pervasive, businesses need to develop a governance model that’s mindful of the unique risks and the legal/regulatory challenges. A recent Autonomy white paper thoroughly surveys the landscape and includes four best practices through which organizations can establish a strong governance model with the flexibility to change as technology, regulations, and legal precedence evolve.
Danger: Private information ahead
U.S. federal law prohibits the interception of electronic communication without prior authorization. Organizations have addressed this issue by incorporating the right to monitor or capture communication in their employee contracts and handbooks. However, these rights usually extend only to interactions that rise on corporate networks or occur on corporate-controlled devices.
Social media communication takes place on a third-party site, often conducted through an individual’s private account. Thus, organizations attempting to monitor or capture interactions risk violating privacy laws. Many of the best practices for social media governance attempt to automate procedures to protect the organization against such violations.
Best practice #1: Wherever possible, create separate business identities for social media to minimize capture of personal or private information.
Inherently personal or private content is rarely valuable to an organization, but it does create new risks and obligations. For example, if an employee shares personal health data with his social network, this could create an affirmative obligation for the organization to protect this data through encryption. Further, exactly where posting or transmitting information moves from “personal” to “public” has not been settled. Thus, a business identity that is separate from purely personal interactions is best for its employees and the firm itself.
Best practice #2: Prepare to deploy solutions that can govern the three types of interactions: inside, moderated, and outside.
- Inside-based interactions—This is social media activity that is initiated from within a corporate network or on a corporate-controlled device.
- Moderated interactions—These are interactions that occur on a corporately maintained social media account. The organization owns the account and the associated interactions. This gives the organization, rather than employees directly, the right to establish governance mechanisms.
- Outside-based interactions—For interactions occurring off an organization-controlled device or network, governance solutions should let individuals opt in or register a particular social media account. Registering the account grants the governance application the authority and credentials to see and capture content.
Best practice #3: Employ solutions that have the ability to capture additional approval on a site-by-site basis, to verify assent for capturing and monitoring.
There may be cases where it makes sense to capture/monitor data from an employee’s personal social media account with his or her explicit consent, such as when employees tweet exclusively about business-related news and trends. Organizations need to protect themselves against workers later claiming the data capture was unauthorized.
The capture of employee assent must be automated. Moreover, each site monitored represents a different set of relationships and entities, so each account/site combination must be managed individually.
However, capturing social media content simply for the sake of collecting it is of limited value. Today, lawyers and regulators are focused less on the form a piece of information takes and care far more about what it actually means.
Best practice #4: Focus on solutions that can establish what something means, and understand how it relates to potential risk for an organization.
Given the sheer volume of potential interactions, and also the fact that interactions may be very short (like a tweet) or much more complex (like audio), solutions must possess the ability to find relevant patterns or relationships in the information. This intelligence will give you solid footing for compliance obligations and litigation protection, without wasting effort on content identification.
For more details on the implications of social media on information governance, download the Autonomy white paper, “Social Media and Information Compliance” (.pdf).
Register for HP’s premier event for inspiration from industry leaders, the HP inside scoop, and a deep dive into tomorrow’s enterprise IT trends.
HP Software VP Paul Muller brings in HP and industry-wide experts each week for challenging discussions about trends in Big Data, mobility, IT security and more.
Senior executives from HP Vertica and HP Autonomy explain the next steps in really understanding your customers and building a profitable relationship with them.
Join an analyst from the Digital Clarity Group to discuss leading trends in delivering the customer experience that will increase ROI.