Records Management: Creating a Social Media Success Story
August 1, 2012
Regulations including FRCP and FINRA call for new ways to manage blogs, tweets and similar digital content. Records managers can take these steps to create and maintain create a successful social media retention plan.
In response to the numbing volume of social media content, many companies simply save it all; they’re too afraid to delete even the most inconsequential items.
If you think of your data sources as siblings, paper records might be the well-mannered, conscientious children who follow the rules. Social media, on the other hand, might be the wild child who requires some tough love.
Any employee with a smartphone and a tendency toward procrastination can create their own blinding blitz of postings. That said, your current records retention practices could probably stand some tweaking to ensure that they’re in step with both compliance demands and the ever-increasing ease of creating social media content.
Navigating a New World of Data
Thanks to SEC Rule 17a-4, which requires firms to surrender internal communications to fulfill government requests, many enterprises now adhere to strict rules for managing not only email but also other types of fleeting communications. For many years this rule was underused, but the government has applied it to email in some high-profile, headline-making cases. As a result, the email archives of some prominent Wall Street firms were entered into legal discovery.
Now social media joins the mix. As companies use major social media hubs and blogs as a way to interact with their customers and business partners, data volumes are skyrocketing. In 2011 alone, 1.8 zettabytes (that’s 1.8 trillion gigabytes) of data were created and replicated worldwide.
Gartner Research predicts that by 2014, 20 percent of all businesspeople will use social networking services—instead of email—as their primary mode of interpersonal communications.
Taming Social Media Records
In response to the numbing volume of social media content, many companies simply save it all; they’re too afraid to delete even the most inconsequential items. But in truth, you need only review paper-based records management best practices to realize that an overflow of data coupled with the lack of a retention schedule is bound to impede the fulfillment of time-sensitive e-discovery and financial audit requests—and it can also compromise your company’s cost management, efficiency and compliance efforts.
Audit and discovery needs call for on-demand retrieval of archived data—including social media. Here’s how to ensure that happens.
1. Identify vital information. Whether it’s email, blog posts or tweets, you need to get a handle on what forms of information a litigator or regulator most typically wants, and then give that top priority in your information management scheme.
2. Control your information. E-discoveries wait for no one. When you receive a subpoena, you must be able to quickly navigate all of your records—physical or digital, email or social media-based. This calls for smart indexing and identification processes, with your workflow built around those structures.
3. Develop a social media policy. Determine how your company should handle social media information, with provisions for archiving. Write it, refine it, and then distribute it throughout your firm.
4. Build retention and destruction schedules. Develop and implement a sensible and legally credible schedule for each type of record your business handles. It’s also essential to provide for the secure destruction, as required by law, of many legal, medical or financial documents. A well-laid plan accounts for all legal, regulatory, business and compliance obligations.
5. Ensure a secure chain of custody. In some legal cases, litigators may ask for proof that you’ve been preserving email and social media consistently.
Partnering for Success
Now that you have a blueprint for creating a social media records management plan, consider bringing in some extra resources to make it happen. A trusted third party offers the technology and regulatory knowledge you need to rein in your data, while also limiting your liability and enhancing your compliance profile.
Fine Tune Your Compliance Profile: A Sampling of Do’s and Don’ts
To establish an effective social media policy, you’ll need to be familiar with any and all federal and state regulations applying to businesses, as well as your specific industry. For instance:
- The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 requires all transaction records to be kept for five years. It also calls for internal communications to be archived but easily accessible for regulatory inquiries. This set of laws should be a major focus, given its extensive scope across many business sectors.
- The Federal Rules of Civil Procedure (FRCP) rule 34(b) considers social media as electronically stored information on par with email; a business must produce it (generally in native form along with metadata) in response to an e-discovery request.
- The Securities and Exchange Commission’s Rule 17a-4 requires businesses to store all check registers, bank statements, canceled checks and cash reconciliation records for at least three years.
- The Financial Industry Regulatory Authority (FINRA) Notice 10-06 advises financial services firms to maintain systems for supervising, retaining and retrieving social media and email communications.
- The Gramm-Leach-Bliley Act says that a business must designate which of its employees may access certain types of customer data. You must also explain the reason(s) behind these privileges.
- The Sarbanes-Oxley Act of 2002 establishes a rigorous set of standards for the auditing and reporting of corporate financial records, among other provisions.
Do you have more questions about your firm’s records management best practices? Read additional Knowledge Center stories on this subject, or contact Iron Mountain’s consulting services team. You’ll be connected with a knowledgeable product and services specialist who can address your information management challenges.
Bring Your Business Together with Smarter Information Management
Information Management: Six Steps for Getting (and Staying) Compliant
New Regulations, Litigation and Audits: Are You Ready?