Is Social Media too Risky for Your Company?
|Subscribe to receive updates when new Debates are released:|
|Receive emails | RSS (What is RSS?)|
An inadvertent social media post containing sensitive information can land a company in hot water with regulators and inflict considerable damage on the business. Given this exposure, is it possible for organizations to govern social media in ways that effectively manage risk?
If an account manager inadvertently includes sensitive firm information in an update to his own profile on a professional or personal social networking site, will regulators find out? If they do, will they really care? The answer to both questions is yes. For all of its potential value, social media exposes regulated companies to increased risk. Some may argue that this increased risk is manageable. Others, however, feel that the potential risks are just too great—the damage that regulatory non-compliance could inflict far outweighs social media’s value to the enterprise.
Explore all sides below by clicking on each button:
|We don’t worry about increased risk. After all, we have a broad social media policy.
All employees are required to review and comply with company rules for social media use. This should be sufficient to manage regulatory risk.
|Having a social media policy is not enough.
Employees may understand what the social business policy says, but do they understand why it is important and will they remember to apply it?
|We don’t use social media. No risk here.
Our company does not engage in social business. Also, we block employee access to social media sites.
|Social media affects your company whether you currently use it or not.
Your customers use social media and you can bet your next generation of employees use it, too.
|There are no regulations in place that govern the use of social media in my company.
How can there be increased regulatory risk if regulations don’t specifically address social media?
|Current regulation is broader in scope than you may think.
Existing regulations that apply to your company could be interpreted to include social media.
|Our employees only use social media outside of work.
What an employee posts on a personal social media site outside of work hours does not really concern the company.
|Any social media communication referencing your company can raise your risk profile.
Discussions by your employees or others about their professional background, their service experience with you, or your company’s information may have regulatory consequences. Remember, regulators are watching.
Wallace D. Gregory, Jr., Partner, National Risk Management, Deloitte LLP
Social media is just another communications vehicle that organizations deploy to help them advance a strategy. As such, all of the standard regulatory and contractual obligations of confidentiality apply. What makes social media riskier than other communications vehicles like telephones or email is its extreme viral and permanent nature: Information posted on social media platforms can potentially reach millions of people in a matter of minutes. For regulatory bodies like the SEC, the FDA, FINRA and HHS that are charged with enforcing rules and regulations, one careless reference to a client’s confidential business goals or performance in a social media post may be just as problematic as inside information shared between two friends over lunch.
Some might argue that the risks associated with social media are just too high and that regulated companies should shut down their current social media initiatives. This is somewhat unrealistic. Social media is here to stay. To ignore it or shut it down is to miss out on all of the value it can bring to the enterprise. Companies deploying social media tools can manage regulatory risk effectively by working closely with employees to understand the role that social media will play in the company and the ways that it can be leveraged to help achieve goals.
But beyond setting out policies listing procedural dos and don’ts, employees should “own” their social media usage. What does this mean? They should understand how the inappropriate use of social media tools can affect them. For example, someone posting negative comments about a client can negatively impact his future promotions, raises and other opportunities at the company. Violating rules of confidentiality or other professional obligations can lead to regulatory non-compliance and legal difficulties that can impact the company as a whole and impact them personally.
As used in this document, “Deloitte” means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.