Dec
12
2011

Compliance in the context of social media

The advance of social media has reached a critical mass and is now an integral part of our professional lives. Many of us blog and tweet as if we had been doing it forever. While mostly beneficial, there are undeniably some drawbacks and risks. Many companies are beginning to wonder precisely what their employees are communicating and with whom they are exchanging information.

The primary concern is not whether employees are “misusing” social media for personal matters, but whether or not the company can retain control over which business-related information is shared and the form in which it is shared.

In order to retain (or regain) this control, it is important to distinguish between two different aspects: “technical control” and the ability to regulate the “content” of communication.

Social media monitoring

On the technical side, companies already have several options. These range from complete blocking of social media websites like Facebook (a highly questionable strategy in my opinion) to implementation of social media monitoring solutions. Software solutions help companies keep track of who is publishing what and where (which implicitly leads to a certain level of control). Our solution SAPERION ECM Web Content Archive can be an important tool in this type of strategy.

But an archive is only retrospective, of course. Once someone posts a sensitive message, you rarely have an opportunity to turn back the clock…

Social  media policies

For this reason, it appears that many companies urgently need new internal guidelines for how employees shall use social media. Or do they?

Humans use any means available to communicate with each other, and the medium does not determine the nature of the message.

Actually, we can make a strong argument that a new “social media policy” is unnecessary. After all, virtually all companies already have established guidelines about which employees may publish information externally and whether or not advance approval is required. Such policies have been in place for a long time. For example, inquiries from journalists are almost always forwarded to the public relation manager and not necessarily answered by the employee who just happened to pick up the telephone.

Personal use of social media during work hours is subject to similar restrictions. At most companies, employees are expected to keep personal telephone conversations during office hours to a minimum. I think it is fair to say that the purpose of these rules is self-evident. So it goes without saying that the same rules apply or should apply to social media (and private use of e-mail).

Without a doubt, internal regulations should at least be adapted to accommodate social media, even if only to remind employees of the existing communication guidelines.

Gartner’s Social Media Report

In any case, these communications policies should be clearly distinguished from the technology that is used for communication. Correspondingly, in the report “Do You Need a Social Media Security Policy?”, analyst firm Gartner Inc. recommends that “security managers should focus their governance efforts on the implementation of communications security policies that are technology-neutral.”

 

 

 

The advance of social media has reached a critical mass and is now an integral part of our professional lives. Many of us blog and tweet as if we had been doing it forever. While mostly beneficial, there are undeniably some drawbacks and risks. Many companies are beginning to wonder precisely what their employees are communicating and with whom they are exchanging information.

The primary concern is not whether employees are “misusing” social media for personal matters, but whether or not the company can retain control over which business-related information is shared and the form in which it is shared.

In order to retain (or regain) this control, it is important to distinguish between two different aspects: “technical control” and the ability to regulate the “content” of communication.

Social media monitoring

On the technical side, companies already have several options. These range from complete blocking of social media websites like Facebook (a highly questionable strategy in my opinion) to implementation of social media monitoring solutions. Software solutions help companies keep track of who is publishing what and where (which implicitly leads to a certain level of control). Our solution SAPERION ECM Web Content Archive can be an important tool in this type of strategy.

But an archive is only retrospective, of course. Once someone posts a sensitive message, you rarely have an opportunity to turn back the clock…

For this reason, it appears that many companies urgently need new internal guidelines for how employees shall use social media. Or do they?

Humans use any means available to communicate with each other, and the medium does not determine the nature of the message.

Actually, we can make a strong argument that a new “social media policy” is unnecessary. After all, virtually all companies already have established guidelines about which employees may publish information externally and whether or not advance approval is required. Such policies have been in place for a long time. For example, inquiries from journalists are almost always forwarded to the PR manager and not necessarily answered by the employee who just happened to pick up the telephone.

Personal use of social media during work hours is subject to similar restrictions. At most companies, employees are expected to keep personal telephone conversations during office hours to a minimum. I think it is fair to say that the purpose of these rules is self-evident. So it goes without saying that the same rules apply or should apply to social media (and private use of e-mail).

Without a doubt, internal regulations should at least be adapted to accommodate social media, even if only to remind employees of the existing communication guidelines.

In any case, these communications policies should be clearly distinguished from the technology that is used for communication. Correspondingly, in the report “Do You Need a Social Media Security Policy?”, analyst firm Gartner Inc. recommends that “security managers should focus their governance efforts on the implementation of communications security policies that are technology-neutral.”

[d1]

The complete report can be found here (put link under here).


 

[d1]Gartner does not allow paraphrasing of its research

Post to Twitter Post to Delicious Post to Digg Post to Facebook Post to MySpace

Download PDF
Written by Andreas Mai in: Compliance,english,social business | Tags: ,

No Comments »

RSS feed for comments on this post. TrackBack URL

Leave a comment


three + 5 =

Theme: TheBuckmaker.com Web Templates | Bankwechsel Umschuldung, Iplexx IT Solutions