Social Media Online

Nick Hayes' Blog

Nick serves Security & Risk Professionals. Learn more ».
Analyst bio | Nick on Twitter

Five Common Legal & Regulatory Challenges With Social Media

 It should come as no surprise that regulators and organizations alike struggle to set and enforce guidelines for social media activity. It’s not just that the rise of social media is rapidly transforming the way we interact with people, customers, and brands; but also how many ways this transformation is happening.

The core issue is that social media alters the way we as individuals share who we are, merging our roles as people, professionals, and consumers.  As we share more of ourselves on a growing number of social networks, questions quickly surface:

• How frequently and on what social networks should we post?
• When should we present ourselves in our professional role versus sharing our personal opinions?
• Is it okay to be social media friends with co-workers, clients, or your boss?

These are complicated matters for individuals, and absolute conundrums for organizations concerned with how employees behave and interact with others in, and outside of, the workplace. Their questions are even more complicated:

• Can organizations dictate how their employees use social media?
• Can they monitor social media conversations or use it to learn more about prospective job applicants?
• When does the personal connection allowed by social media tools cross the line from business to personal?

With it now clear that social media is here to stay, regulators are playing catch-up to address these new layers of complexity. Forrester identified over a dozen regulations in North America and Europe that have direct implications for how organizations manage social media. What’s more, new rules from the FDA and others are also likely on the way.
Across these laws and regulations, there are five common categories of requirements controlling how organizations manage social media:

1. Data protection and privacy: Laws and regulations that ensure customers’ rights to privacy are covered (and appropriately stated in public privacy statements) when organizations collect, store, and use social media data. Example regulation: The proposed EU General Data Protection Regulation, including the “right to be forgotten” provision.
2. Employee rights: Guidelines that dictate how companies can construct social media policies as well as to what extent they can monitor the activity of current employees and prospective hires. Example regulation: The National Labor Relations Act, which the NLRB has cited to push companies such as Target and Costco to rewrite their social media rules.
3. Disclosure and third-party endorsement: Proper protocols for product marketing, endorsements, and disclosure of corporate financial information, ensuring these activities take place in a “clear and conspicuous” manner on social media, and that social features, such as Facebook “likes” and Twitter “re-tweets,” are appropriate. Example regulation: The FTC’s updated .COM Disclosures Guidance.
4. Governance and oversight: Rules that require companies to establish proper processes, controls, and monitoring for worker business use of social media. Example regulation: FFIEC’s proposed Social Media Consumer Compliance Risk Management Guidance.
5. Information archiving and retention: Parameters that specify how and in what circumstances organizations should capture and retain social media conversations for the purposes of legal holds and investigations, treating social media as another form of electronic communications. Example regulation: FINRA Regulatory Notices 10-06 and 11-39.