Has the rise of social media changed the way your organization handles regulatory compliance and eDiscovery requests? If it hasn’t, it will.
Organizations large and small are learning the value of using social media to communicate with customers, partners, and employees. Social sites such as Facebook, Twitter, and LinkedIn are being tapped for everything from marketing programs to corporate communications to customer relationship management.
All this social media activity has IT departments worried—and with good reason.
According to a recent Symantec Social Media Protection Flash Poll
, the typical enterprise experienced nine social media “incidents” in the past year, with 94% of the respondents saying they suffered negative consequences as a result. More disturbing, these incidents cost the typical company upwards of $4 million in the period.
That’s why it’s more important than ever to have a strong social media strategy and controls in place to prevent the release of confidential information, comply with industry regulations, and respond promptly to eDiscovery requests. Continue reading to learn what steps your organization needs to take to enable the strategic use of social networking while minimizing the associated risks.
What were the top social media incidents experienced by the typical enterprise last year? According to the Symantec poll, they were:
- Employees sharing too much information in public forums (46%)
- Loss or exposure of confidential or proprietary information (41%)
- Embarrassment or damage to brand or reputation (40%)
- Increased exposure to litigation (37%)
- Violation of regulatory rules (36%)
Respondents who experienced a social media incident also suffered the following negative consequences: reduced stock price, litigation costs, direct financial costs, loss of customer trust, and lost revenue.
Just how pervasive has social media become within the enterprise? Consider: Gartner Inc. has predicted that, “by year-end 2013, 50% of all companies will have been asked to produce material from social media websites for eDiscovery.” ¹
That’s in line with the results of another recent Symantec survey, which found that email is no longer the primary source of information for an eDiscovery request. The 2011 Information Retention and eDiscovery Survey
, which examined how 2,000 enterprises worldwide are managing ever-growing volumes of electronically stored information, determined that both structured and unstructured information sources outranked email. As evidence of just how the eDiscovery landscape is evolving, nearly half of the respondents cited social media as being among their most frequently requested records.
The survey also found that companies employing best practices, such as automating the placement of legal holds and leveraging an archiving tool rather than relying on backups, fared dramatically better when it came to responding to an eDiscovery request. In addition, these top-tier companies were significantly less likely to suffer negative consequences than companies that lack a formal information retention policy. Specifically, top-tier companies were much less subject to court sanctions, compromised legal positions, and fines.
While there are many steps that can be implemented to address the challenges associated with social media, the following five are indispensable:
- As with all corporate communications, develop a global plan for how you will engage in social media. This initial step is particularly important for organizations that are just now exploring the use of social media.
- Educate and train employees regarding the social media plan. This should include instruction regarding what content may be posted to social networking sites and the internal process for doing so. Policies that describe the consequences for deviating from the social media plan should also be clearly delineated.
- Identify and understand the legal or regulatory requirements specific to your industry; implement policies to address regulations that call for retention of social media content.
- Consider deploying an archiving solution that enables the automatic capture and retention of social media content, especially if your industry is heavily regulated.
- Implement a data loss prevention solution to provide another layer of protection to prevent confidential and proprietary information from leaving the company.
Symantec works closely with several partners to capture social media communications and make it discoverable within the Symantec Enterprise Vault archiving platform and the Clearwell eDiscovery Platform. These partnerships provide customers with flexibility in the type of solution they choose (i.e., cloud-based vs. on-premise) and in the features that are offered. Depending on your needs, these partners—Actiance, CommonDesk, Globanet, Hanzo, and Socialware—are able to capture and/or control social content across Facebook, LinkedIn, Twitter, Google+, websites, YouTube, and many other social media vehicles.
For example, policies can be created to capture any communications from a corporate marketing Twitter account—sent and received. If more granular control is wanted, policies can be enforced that scan and check messages before being posted live to ensure end user and regulatory compliance.
Recent surveys confirm that social media use is on the rise for almost all organizations. But as these companies increasingly share business-related information on social networks to communicate with customers, partners, and employees, the risk of publishing confidential information also increases. By following the steps outlined in this article, organizations can continue to access and share information through social networks while capturing and preserving it for legal and compliance purposes.
- ¹ "Media Governance: An Ounce of Prevention,” Gartner, December 17, 2010