Merge1 can help you gain compliance easily, by leveraging your existing infrastructure.
Does Your Enterprise Use Social Media to Conduct Business? You May Need to Archive Social Media Messages to Meet Compliance Regulations.January 12th, 2017 8:00 pm
Though popular with consumers, social media has also spread to business communications, and it looks like using social media to conduct business is a trend that is here to stay. According to Nielsen, 2/3 of the global internet population, many of them businesses, now visit social media networks. In 2013 Gartner noted that 50% of companies produced social media for eDiscovery and in 2014 over 20% of companies used social media as the primary vehicle for communication – replacing email. Morgan Stanley recorded that social network users surpassed email users, again, way back in July 2009.
How much higher are these numbers today in 2017?
Businesses must archive social media messages for various reasons including: data security, eDiscovery and regulatory compliance. Failure to do so can result in unwanted consequences for the business, such as: lost revenue, damaged brand/trust, litigation costs and, of course, the dreaded negative impact on its stock price.
Let’s take a closer look at the last driver. What are some examples of specific rules mandating business social media to be archived and retained?
First, let’s take a peak under the hood at the heavily regulated financial services sector. These folks must adhere to regulations promulgated by the SEC, FINRA, Dodd-Frank, NASD and the CFTC to name a few. For these firms, social media data must be retained for up to 6 years. FINRA’s Regulatory Notice 10-06 is clear on this obligation: “Every firm that intends to communicate, or permits its associated persons to communicate, through social media sites must first ensure that it can retain records of those communications.”
Furthermore, the SEC warns Registered Investment Advisor (RIAs) to “consider whether their retention policies account for the volume of communication and unique communication channels available to each particular social media site” so that “any required records generated by social media communications are retained in compliance with the federal securities laws, including in a manner that is easily accessible for a period not less than five years.”
State, Local Government, and Education Sector
Another regulated vertical is government, both state and federal. On the federal plane, FOIA and public records rules mandate public agencies to archive their records, this includes social media. NARA clearly states: “each agency is responsible for managing its records” in compliance with the Federal Records Act and NARA regulations. This is “whether they reside on a third-party social media platform or are housed within the agency.” This is true on the state level as well. Florida, North Carolina, Virginia, Ohio, Texas, Oregon, and Washington – all have explicitly updated their public records requirements to confirm the classification of social media as a public record. For example, Texas’ policy states, “Social media sites may contain communications sent to or received by state employees, and such communications are therefore public records.”
Did you know that HIPAA extends social media archiving regulations to healthcare? In fact, social media data must be retained up to 21 years in some cases. In a notable court case, two University of New Mexico hospital workers were fired for taking photos of injured patients and posting them on Twitter. This was deemed a violation to HIPAA, uploading the photos to Twitter were considered the hospital’s liability, even though the accounts were private.
Food and Drug Sector
The food and drug sector has similar regulations. The FDA and 21 CFR part 11 mandate social media data be retained for: food/drug folks for 2-3 years, biological products for 5 years after manufacturing, and clinical trials for up to 35 years.
Accounting and Auditing Sector
Finally, consider the public accounting and auditing industry. Companies subject to the Sarbanes Oxley Act must annually assess “the effectiveness of the internal control structure and procedures of the issuer for financial reporting.” Social media records management policies are included in this obligation and must be retained 7 years. Fines up to $15 Million dollars may result if these records are tampered with or destroyed.
If your business needs to archive social media messages to comply with a particular regulation – consider Globanet Merge1. Merge1 archives social media into a company’s existing infrastructure. For more information or to request a product demo, contact us today.
The views expressed in this blog do not serve as legal advice. Please contact an attorney for legal counsel on your specific matter and needs.