Discover Performance

HP Software's community for IT leaders // November 2012

Creating a model solution for social media governance

Social media and data retention are a tough mix. Learn how to protect your organization against legal and compliance risk in a social media world.

For regulated entities, data retention is a constant concern. Rapid technological change only increases the burden. When email first entered the enterprise, regulators needed to decide whether it would be subject to retention requirements. Today, it’s the wide range of social media providing uncertainty in data governance.

As social media evolves and becomes more pervasive, businesses need to develop a governance model that’s mindful of the unique risks and the legal/regulatory challenges. A recent Autonomy white paper thoroughly surveys the landscape and includes four best practices through which organizations can establish a strong governance model with the flexibility to change as technology, regulations, and legal precedence evolve.

Danger: Private information ahead

U.S. federal law prohibits the interception of electronic communication without prior authorization. Organizations have addressed this issue by incorporating the right to monitor or capture communication in their employee contracts and handbooks. However, these rights usually extend only to interactions that rise on corporate networks or occur on corporate-controlled devices.

Social media communication takes place on a third-party site, often conducted through an individual’s private account. Thus, organizations attempting to monitor or capture interactions risk violating privacy laws. Many of the best practices for social media governance attempt to automate procedures to protect the organization against such violations.

Best practice #1: Wherever possible, create separate business identities for social media to minimize capture of personal or private information.

Inherently personal or private content is rarely valuable to an organization, but it does create new risks and obligations. For example, if an employee shares personal health data with his social network, this could create an affirmative obligation for the organization to protect this data through encryption. Further, exactly where posting or transmitting information moves from “personal” to “public” has not been settled. Thus, a business identity that is separate from purely personal interactions is best for its employees and the firm itself.

Best practice #2: Prepare to deploy solutions that can govern the three types of interactions: inside, moderated, and outside.

  • Inside-based interactions—This is social media activity that is initiated from within a corporate network or on a corporate-controlled device.
  • Moderated interactions—These are interactions that occur on a corporately maintained social media account. The organization owns the account and the associated interactions. This gives the organization, rather than employees directly, the right to establish governance mechanisms.
  • Outside-based interactions—For interactions occurring off an organization-controlled device or network, governance solutions should let individuals opt in or register a particular social media account. Registering the account grants the governance application the authority and credentials to see and capture content.

Best practice #3: Employ solutions that have the ability to capture additional approval on a site-by-site basis, to verify assent for capturing and monitoring.

There may be cases where it makes sense to capture/monitor data from an employee’s personal social media account with his or her explicit consent, such as when employees tweet exclusively about business-related news and trends. Organizations need to protect themselves against workers later claiming the data capture was unauthorized.

The capture of employee assent must be automated. Moreover, each site monitored represents a different set of relationships and entities, so each account/site combination must be managed individually.

However, capturing social media content simply for the sake of collecting it is of limited value. Today, lawyers and regulators are focused less on the form a piece of information takes and care far more about what it actually means.

Best practice #4: Focus on solutions that can establish what something means, and understand how it relates to potential risk for an organization.

Given the sheer volume of potential interactions, and also the fact that interactions may be very short (like a tweet) or much more complex (like audio), solutions must possess the ability to find relevant patterns or relationships in the information. This intelligence will give you solid footing for compliance obligations and litigation protection, without wasting effort on content identification.

For more details on the implications of social media on information governance, download the Autonomy white paper, “Social Media and Information Compliance” (.pdf).


IT leader assessment

This tool evaluates the correlation between IT attributes and business success and, based on how your answers compare with average scores, will advise you where to invest in IT.

It is based on data HP collected from 650 global companies about a range of IT characteristics (server capacities, approach to information management, security, BYOD, etc.) and how they correlate to revenue gain. This assessment will compare your answers to the average scores in that study.

There are 12 questions that will require an estimated 10 minutes of your time. You'll receive a summary of your rating upon completion.

Let's get started

Please select an answer.


Your answer:
Your score:
Average score:
Revenue leaders' score:


Please select an answer.



Your score:
Average score:
Revenue leaders' score:

Get detailed results:


Popular tags


Discover Performance Weekly

HP Software’s Paul Muller hosts a weekly video digging into the hottest IT issues. Check out the latest episodes.

Big Data as key to change management

Change is hard—and risky—in any IT organization. Learn how better analytics makes things smoother and more successful.

Enterprise 20/20

Marketing 20/20

Welcome to a new reality of split-second decisions and marketing by the numbers.

Mobility 20/20

Looking toward the era when everyone — and everything — is connected.

Introduction to Enterprise 20/20

What will a successful enterprise look like in the future?

CIO 20/20

Challenges and opportunities for the CIO of the future.

Dev Center 20/20

How will we organize development centers for the apps that will power our enterprises?

IT Operations 20/20

How can you achieve the data center of the future?

Employee 20/20

What the workforce of 2020 can expect from IT, and what IT can expect from the workforce.

Security 20/20

Preparing today for tomorrow’s threats.

Data Center 20/20

The innovation and revenue engine of the enterprise.

Read more

HP Software related

Most read articles

Discover Performance


Tweets @ HPITperformance