Social Media for the CIO, Part 3: Social Media Compliance


In the first two parts of our series, “Social Media for the CIO”, we explored how a CIO can consolidate governance over social media assets and then lock down social media security across an organization. In Part 3, you’ll learn 6 steps a CIO can take to ensure policy compliance for all social media activity.

Download Secure Your Social Organization With HootSuite Enterprise to find out why HootSuite Enterprise is trusted by CIOs for social media compliance.

Download Now

As organizations rely more and more on technology to meet their compliance obligations, CIOs are becoming vital partners to chief compliance officers (CCOs) and chief risk officers (CRO). The typical CIO can offer a valuable overall perspective on the enterprise’s operations and help compliance professionals integrate new modes of communication like social media into existing systems for compliance workflow, policy enforcement, and archiving.

Here are 6 ways the CIO can make social media compliance a reality:

1. Protect Social Media Assets

There’s a reason social media compliance is the subject of our third CIO post and not the first: no compliance policy can work without stable enterprise governance over social media accounts or comprehensive security measures to protect them. If an enterprise doesn’t have centralized control over user access levels to social media assets or the ability to keep hackers on the outside looking in, it’s impossible to ensure compliance with non-disclosure regulations, consumer privacy laws or even brand use guidelines.

The SEC has ruled that publicly traded companies may use Twitter, Facebook, LinkedIn and other social networks to communicate with shareholders, as long as they are “recognized channels of distribution.” To keep compliant with fair-disclosure rules, an organization must publicly identify the specific social media accounts it intends to use to disclose material information. But it’s also critical that these social media accounts are brought under the governance of an organization’s social relationship platform and publishing approval process.

2. Maintain Compliance Workflow

A CIO can remove an enormous stumbling block to an organization’s social media programs by bringing social media publishing into the organization’s regular compliance workflow. When all regulated social media accounts are managed by a single social relationship platform, any outbound messages can be held in a publishing queue until approved by a compliance officer. Compliance officers can review social messages from within the same system the organization uses to draft, schedule and publish its content, eliminating tiresome email threads between content producers and compliance officers. By deploying technology that’s as easy to use for compliance professionals as it is for marketers and salespeople, the CIO can accelerate publishing turnaround and allow the organization to scale up its social activity.

HS Security Slide Lock
Extra security measures in the social media publishing process, like two-step verification, help compliance officers maintain proper accounts.

3. Enforce Policies with Automated Tools

In addition to providing a smooth compliance workflow for manual publishing approvals, the CIO can implement technology for automated content filtering:

  • Data classifiers can be used to identify non-compliant language in outbound social messages and alert compliance officers of potential policy violations.

  • Anti-malware scans on URLs in social content can ensure that no bad links are sent out from designated accounts.

  • Non-compliant social content can be flagged for a compliance officer or removed immediately and archived for future auditing or ediscovery.

  • User-generated spam, hate speech or other undesirable content on a Facebook wall or Youtube comment section can be filtered out, keeping the organization’s brand reputation intact.

Every organization will find its own balance between manual and automated policy enforcement, but the CIO is vital to both approaches.

4. Archive Social Communications

Enterprises are already archiving electronic communications for compliance purposes. The challenge is to incorporate social media into existing archiving procedures. When the CIO takes leadership in consolidating social media governance, it becomes much easier to maintain a universal, auditable record of the organization’s social activity.

The CIO should choose a vendor-neutral social relationship platform that supports whichever archive the enterprise already uses.

5. Create a Compliant C-Suite

One of the biggest compliance opportunities for CIOs is in the C-suite, where many of their peers are becoming personally active on social media. When leadership teams participate on social media, they humanize and enhance their organization’s brand image. Recent research has shown that social CEOs are more far more likely to be described as inspiring and trustworthy than their non-social counterparts. And an overwhelming majority of people believe that CEOs who engage in social media make better leaders.

An executive’s social messaging can also have immediate and significant business impact. For example, when Netflix chief executive Reed Hastings announced on his Facebook account that his company’s monthly online viewing had grown to over 1 billion hours, Netflix shares jumped 6.2 per cent. However, the compliance risks of a socially active C-suite must be deliberately  managed.

In 2012 Gene Morphis, the CFO of clothing retailer Francesca’s carelessly revealed non-public information in a Tweet from his personal account: “Board meeting. Good numbers=Happy Board.” Although his Twitter page was public, the SEC took the position that his message provided his 238 followers with insider information. He was quickly fired for “improperly communicating company information through social media.”

Had Morphis’s social message been reviewed by a compliance officer before being published, the entire affair could have been avoided. Fortunately, CIOs are well positioned to inform their C-level colleagues of proper social media security and compliance procedures.

6. Use Technology to Educate the Organization

Grad Owly HootSuite University 150
HootSuite University provides on-demand social media education courseware.

Of course, the need for social media education extends beyond the C-suite and into the workforce at large. Employees must be aware of social media policies and best practices for security, whether the organization is in a regulated industry or not. The sheer number of active social media users in a typical enterprise demands a scaleable education solution. CIOs are able to help organizations meet this need by deploying technology for social media education, such as on-demand HootSuite University courseware.

Enterprises are already leveraging technology to train workers in compliance procedures. In April 2013, PriceWaterhouseCoopers surveyed hundreds of senior executives with responsibility for compliance, and found that 71% of them rely upon technology to conduct training for risk and compliance initiatives. Bringing social media into existing training programs is the next logical step.

The full guide, Secure Your Social Organization with HootSuite Enterprise is available for download. To learn more about how HootSuite Enterprise is an effective solution for your social media security and IT requirements, request a demo today.