Enterprises are quickly going beyond email for conducting business. Transactions processed and statements made via Facebook, LinkedIn and instant messaging need to be tracked to mitigate risks and allow new revenue opportunities. This poses a challenge for enterprise architects, risk managers and CFOs tasked with ensuring that these new channels are compliant with company policy and regulatory mandates.
"In the past, the information governance has traditionally been focused on email, which is primarily for data loss prevention," said Sean Pike, program director of e-discovery and information governance at IDC. "Social media is how organizations are starting to think about business in general." Business processes related to social media governance can include E-discovery, compliance, anti-fraud or monetization.
New business channels promise new opportunities
With the rise of social media, the percentage of business conducted via email has dropped from 80% to about 50%, said Pike. There are many ways that information can flow into, through and out of the enterprise, and it is important to make sure it is all tagged and classified in the right ways. All of these transactions have to be captured to make sure the employees are doing things in a compliant way, or are providing the best customer service they can provide, or to continue to monetize the products.
Kailash Ambwani, CEO of Actiance
Kailash Ambwani, CEO of Actiance, an information governance vendor, said, "Employees want to get on LinkedIn to connect with clients, build relationships and prospect. But they have to be careful with what they are doing on them."
One of the biggest mistakes, Ambwani notes, is employees inadvertently sending out SSNs or credit card numbers in an open channel of communication. Also, in industries such as financial services there are regulations around who can speak with whom. For example, traders are not supposed to talk to financial analysts.
The high cost of social media non-compliance
Take the case of the recent LIBOR scandal in which leading banks were fined over $6 billion. The underlying problem was that bank employees were conducting negotiations via social media channels that were out of compliance with bank policy and the law. None of these exchanges could be tracked via traditional information governance tools that only focused on email.
In general, Pike has noticed increased regulation and enforcement of regulation driving the need for better compliance. In the U.S. for example, 48 states have individual privacy laws, about half of which have private rights of action. Many disparate laws also exist in the U.S. at the state level, and outside of the U.S. at the country level. In addition, the SEC and FTC are getting more involved in regulatory action and issuing higher levels of fines. "This is driving a lot of companies to invest in better governance," Pike said.
New challenges for social media governance
One of the big challenges around social media governance and archiving is that as enterprises store more data, they also create a larger attack surface for hackers and breaches when they occur. Often this information is stored in disparate systems or geographic locations. Sometimes these repositories are not treated the same. One repository might be more vulnerable or not accessed as much.
Another big challenge lies in building compliance- and monetization-focused integrations into the various social media channels. Enterprise architects can streamline the ability to track information through social media using the equivalent of an enterprise service bus from vendors like Actiance and Hanzo Archives. Other tools from vendors like Sprout Social can also help when the focus is more on the monetization side.
Companies need to be sensitive in how they monitor employee usage of social media channels. The policies for tracking need to find a balance between supporting better business processes via social media while also respecting employees' private lives, Ambwani said.
Implement a social media governance strategy
A good practice is to create an information governance steering committee that includes enterprise architects, attorneys, the CIO and the CISO to craft a social media governance strategy. This should not be a paper committee. It needs to be something tied to the job descriptions of the participants.
"Their bonus needs to be tied to it," Pike said.
One approach is to create some sort of metric related to the governance program. Information governance is a broad reaching idea, but the enterprise needs to attack individual problems like e-discovery, consistent data views or better ability to search in an archive. Organizations need to ask if the platforms they are putting into place can be expanded later to help solve larger issues.
Larger organizations should also consider hiring a chief data officer. SMBs might just move an existing employee into this role. This person can assume bottom line responsibility for what information governance means for the organization. This individual need a unique skill set involving compliance and how to drive new monetization strategies.
Plan for the future
Down the road, Pike expects to see enterprises using sentiment analysis for social media channels. These tools make sure that employees are not getting out of control and can cut the conversation off or forward them to a manager to make sure the company's reputation is being protected.
It is important to understand if the enterprise's current platform meets the needs of social media channels and if not to identify a platform or tools that can. Pike said, "You don't want to be in the position two to three years down the road where attorneys are asking for this kind of information and it is not readily available."
Test your social media risk management IQ with this quiz
Learn about the growing significance of social media for HR efforts
Discover which metrics are most useful for social media analytics