Applying Information Governance to Social Media
It almost sounds like a contradiction in terms. Social media and Information Governance in the same sentence doesn’t quite work, and sounds like a “lawyer meets marketer in a bar” joke. The reality is far from a joke though, and the very nature of social media, and the ability for blogs, tweets and shares to go viral, means that we must be extra vigilant in our creation and publication of this “new” media. This article draws heavily on records management practices and uses the ARMA Generally Accepted Recordkeeping Principles as a basis for developing a social media governance framework.
Accountability is a key aspect of Information Governance
Clear policies and procedures should be developed for organizational social media and on-line or internet based activities. A senior representative should be appointed with overall responsibility for the implementation, monitoring and oversight of the use of these technologies. Anyone given the mandate to be a voice of the organisation on these media must be appropriately trained (in the various technologies in addition to some form of media training), monitored, and supervised. The level of governance will be based on the perceived risk to the organisation, although this may be very difficult to determine until it is too late.
Communications should be monitored for accuracy, integrity and to ensure that they meet the ethical guidelines of the organisation. A designated person should be given the mandate to delete inappropriate content where needed, and systems need to be in place to record such activity. Ideally, an approval process should be implemented to prevent the wrong content from being published in the first place. A caveat is needed here, as a balance needs to be drawn between rigidity and the need for fast response to comments in the public eye. People should use their individual identities and must be authorized to speak on behalf of the organization.
Policies and procedures regarding confidentiality should be extended to include social media, to prevent the wrong content from being published. Intellectual property should not be published without authorization, and written consent should be obtained before publication of any information with value. Whilst the individual may be posting under their own name, policies must clearly state that the information belongs to the organization.
Content published on social media may be subject to laws and record keeping requirements for retention and destruction may apply. A clear understanding of the regulatory environment surrounding the organisation is required, and firm policies developed regarding whether these publications do form part of the records inventory of the organization or not. And of course copies of the records then need to be kept for the required period and under the appropriate conditions.
The publications should be indexed and searchable. This may not always be possible given that social media platforms are out of control of the publishing organisation. Wherever possible, service level agreements should be formed with the systems providers to ensure that information can be found and retrieved. Regardless of the choice of platform and service provider, the organization must develop the means to categorize, protect and retrieve information which falls under their records regime.
As with any other records system, retention rules need to be developed and adhered to. Input from key stakeholders is required to ensure that all considerations are included when developing the retention policies. Collation and storage of social media content should be automated as far as possible, and a system which aggregates and collates all social media activity is highly recommended. In this instance, a single social media management platform should be used, with secure authentication, to ensure that information is properly created, secured and retained.
Negotiations and agreements should be concluded with the social media platforms selected, so that publications can be deleted according to the organisations disposal policy. This may be far easier said than done, and even where an agreement is reached, it may be impossible to even find, let alone dispose of information which has been shared between multiple diverse social media platforms.
The power of social media may well prove the Achilles heel. Social platforms provide an opportunity for organizations to engage with clients and prospects in a real two-way dialogue. Organizations should be very clear regarding whether an option is the individual’s personal view or whether it is representative of the companies’ viewpoint. Real names should be used, and clearly state whose opinion it is.
This is a summarised view of what has already become a complex subject. As organizations grappled with managing e-mails as records for years, so this environment is going to create many opportunities for debate. The message is clear though, make sure that your information governance programme includes social media, and that you know what is being published, by whom, and if it is deemed to be official, that it falls under the same rules as any other record.