Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Vision User Conference Blog

Found in Translation: Overview of Regulations Affecting Social Media Usage

Created: 04 May 2011 • Updated: 19 May 2014
Yunsun Wee's picture
+1 1 Vote
Login to vote

You can’t argue the positive potential impact of social media to an organization. It’s allows a company to have conversations with current and potential customers, helping to sway buying decisions. It helps to build relationships, brand trust and ultimately helps to create advocates for a company’s brand.

Social media ever present and simply blocking is no longer an option.  As IT professionals, you’re going to have to effectively manage the challenges of social media in the workplace and ensure that corporate data is protected and stored to comply with new government regulations. 

But how do you make sense of all it? For those you who missed our Vision session: How Social Media is Influencing Your IT agenda, here's a quick recap of the regulations we reviewed.

FINRA:The Financial Industry Regulatory Authority provided guidance on applying their communications rules to social media sites. FINRA released regulatory notice 10-06 on Jan. 25, 2010, which provides guidance on applying the communications rules to social media sites.  The notice states that communications conducted online including those on social networks are considered the same as in person or written communications. This redefines what is considered advertisement, correspondence, and public appearance, sales literature, which must be monitored, logged and archived for specified periods of time and otherwise comply with rules.  Applies to:Publicly traded companies, broker dealers, financial services companies and employees

FTC:The Federal Trade Commission, started to monitor social media back in December 2009. As companies use social media to influence more buying decisions, the FTC wants to make sure that individuals are who they say they are and aren’t concealing their true identity. The relationship of any individual who has a relationship with a company must be disclosed if the individual is making statements that could be taken as influencing a buying decision of a product or solution. This deals mostly with transparency, monitoring and engaging.  Applies to:Any organization, employee or other individual who communicates online

SEC:The Security Exchange Commission, issued what is known as the Sweep letter. The letter, like the FINRA rules, emphasizes the need to archive all social media activity and provide training on policies and procedures.  Applies to:Any publicly traded company and its employees

HIPAA:The Health Insurance Portability and Accountability Act mainly deals with the privacy of customers. Healthcare professionals should not do anything that would be used to damage the privacy of patients. Friending customers on Facebook is currently a gray area.  Applies to:hospitals, physicians, insurance companies, heath care providers and associated organizations

GLBA:  The Gramm-Leach-Bliley Act also deals with online communications and privacy of customers, including identifying them and the control of their information. The bill requires a secure backup media is maintained of customer information and archived data is kept secure.  Applies to:Financial services organizations and professionals

FDA:  The Food and Drug Administration has made it clear that their rules and regulations governing communications apply to social media. This includes recall information, product claims about products, nutritional information and more.  Applies to:pharmaceuticals, nutraceuticals, food companies, supplements and cosmetics

Resources: Most of these rules and regulation bodies have issued guidance telling organizations they need to (1) have a policy in place to govern employees online behavior; (2) create training programs to educate employees in regard to policies; and (3) monitor for violations of the policy and post corrections to any statements or rogue behavior that violate such policies.

ISACA customizable audit program: 

Social Disclosure Toolkit: 

All these new and revised bulletins, notes and regulations make it clear that online communications, including social media, is the same as in-person or written communications. What does that mean to the IT administrator? It means that all social media content needs to be archived, needs to be discoverable, and needs to be supervised. Which means Social Media needs to be integrated into the IT agenda.