BLOG

See the latest news and insights around Information Governance, eDiscovery, Enterprise Collaboration, and Social Media. 

All Posts

9 Rules for Government Social Media & Website Archiving Compliance

The need for clear communication at all levels of government has never been greater. Governmental bodies must ensure transparency, trust and professionalism with their colleagues and, more importantly, with the public. Getting this right isn’t just a case of better public relations—it is a matter of compliance.

Social media managers and information officers must be completely up to speed with the latest letter of the law to ensure total transparency and the correct organization of online and social media channels.

rsz_2adobestock_166991371

So, how to ensure best practices are put in place for government social media accounts and websites. Here are the nine rules you must follow to maintain communication, Open Records, and archiving compliance in the public sector.

1. Only Make Use of Official Accounts 

Government bodies must create and use designated official social media accounts. Official business communication and statements must come from official accounts in order to convey trust and ensure compliance. 

Private accounts should be kept entirely separate. Providing separate devices for official usage can be beneficial when it comes to keeping communications clearly separated and facilitating the division of professional and personal conversations. It also prevents employees from accidentally posting under an official account, instead of a personal one...

It is essential to ensure that all staff members are fully aware of and briefed on the importance of this requirement. It applies to all digital channels, from social media to mobile text messaging.

Government bodies need to carefully control these accounts, implement a clear usage policy, and train the staff on best practices. Access to these channels is another consideration; only authorized people should have access to official accounts, and these permissions should be carefully calibrated to give the right levels of control.

2. Beware of BYOD 

Involving personal devices when it comes to official government communications can bring risks. It offers less security, with information more vulnerable to exposure and alteration—and it also makes it harder to keep track of conversations across multiple channels. Bring-your-own-device (BYOD) environments risk the blurring of personal and professional lines and can make it difficult to keep track of official records.

If official information held on personal devices is required, it can legally be requested, and many will feel that this is an infringement of their privacy. Ideally, it is better to have government-issued devices to keep things very clear cut in this area.

If BYOD devices are deemed a requirement, ensure that at a minimum, electronic device management or mobile device management (MDM) applications are installed to mitigate the risks. Be sure to have a clear policy and training for all staff regarding the use of BYOD devices.

3. Collect All Communications 

Meeting Freedom of Information Act (FOIA) or Open Records requirements goes far beyond archiving emails—obligations extend to text messages, social media accounts, website content, and beyond. Essentially, all communication channels utilized by federal bodies can be considered business records, meaning archiving is required by law. As a result, all types of communication should be preserved and those records protected from alteration or deletion. 

Running a complete audit of all your communications channels can be helpful to ensure that you are aware of your full liability, and can take steps to ensure that everything is being correctly captured and archived to meet the required compliance standards. 

In addition to archiving this information, government bodies need to monitor communication channels for inappropriate content, especially in public-facing feeds. Thorough archiving practices can help to keep track of any necessary moderation.

4. Know the FOIA/Open Records Laws 

As mentioned, government bodies and public-sector organizations need to meet FOIA and state-level Open Records requirements. These are obligations related to the record-keeping of online channels, including website, social media, enterprise collaboration and mobile text content. 

These laws demand that accurate records are kept and that Open Records requests can be met in a timely fashion. It’s important to maintain clarity around the requirements surrounding public records, how they need to be archived, required retention periods, and when they can be permanently deleted.

In 2019, US federal agencies reported that they processed nearly 878,000 FOIA requests for government information. This represents an increase of 32% since 2012, so the need to meet this obligation is pressing. Non-compliance or violation of these laws will result in severe penalties and can even damage the government’s reputation. Without the ability to quickly pinpoint and access information, you risk costly external eDiscovery processes, which can eat up a lot of time and precious resources. 

5. Always Consider the First Amendment 

Comments posted by the public to official government websites and social media accounts are generally considered protected by the First Amendment. As a result, modifying, deleting, or even hiding comments can land an organization in hot water. 

To protect themselves, organizations should have a policy that clearly outlines what unacceptable use looks like, such as spreading profanity, racism, homophobia, threats of violence, etc. It is essential to have a policy in place and clarify that inappropriate comments will be deleted. 

Organizations should also keep a complete archive, which includes edited and deleted comments, that they can use in the event of First Amendment challenges.  

6. Store Data in Original File Formats

Highly-regulated sectors such as the government must adhere to strict requirements when it comes to storing data.

Many organizations believe that screenshots or backups from a Content Management System (CMS) are acceptable for record-keeping requirements. However, they simply do not meet the high regulatory requirements for the public sector.

Instead, records should be stored in original file formats.  For example, a JPEG will not have the necessary associated metadata to help prove its validity as evidence, and government bodies will not meet the required record-keeping compliance.

7. Collect Metadata and Apply Timestamps/Signatures 

The rules about collecting metadata and the application of timestamps and signatures relate to the previous rule. Should a government agency get embroiled in a legal matter, records must be collected with the associated information enabling them to be deemed irrefutable as legal evidence.

Metadata and timestamps help link the record in question to the specific moment in time that it was created, and guarantee the original nature of the content. In doing so, this ensures that a document has not been edited or tampered with.

Governments must prove the accuracy of their records and ensure compliance, regardless of whether they are being requested in a litigation case. The organization must prove that the record is an authentic document and an accurate representation of what appeared on a website or social media account at any given time.

Public bodies should collect the data and keep it in its original format, as previously mentioned, and also collect all associated metadata and furnish the record with a timestamp and digital signature. 

By doing this, an organization can prove that the record is an accurate reflection of what appeared on a website or social media account on a particular day.     

8. Preserve in Non-Rewritable, Non-Erasable WORM Format and WARC

Formats such as WORM and WARC can help to guarantee the long-term preservation of digital data. 

The “Write Once, Read Many” format, or WORM, prevents the modification or deletion of data. Another useful format for the long-term preservation of digital data are Web Archive Format Files (WARC). WARC stores web pages and other digital resources, including images and meta information in their original source code. 

This specific format is vital for government agencies in their recordkeeping policies, as they are required to use the WARC format to comply with FOIA and Open Records laws. WARC also exports all of your social media records in a way that includes all the metadata, making it a valuable source for digital forensics investigations and legal authentication.

9. Serialize and Retain on Duplicate Media 

Government agencies must ensure that all information and archived records are securely backed up. All data must be serialized and retained on duplicate media to protect the information from an incident or a significant failure.

Serialization is the process of translating data into a format that can be transmitted (i.e. using a computer network), stored (i.e. in a file) and reconstructed.

Make sure you have faith in the vendor you’re relying on to store your records. Look for a partner that is  ISO 27001 certified and be sure to ask about “worst case scenario” recovery plans.

The Future Of Compliance For Government Social Media & Website Records Management

Public-sector organizations often find their online channels—such as official Facebook pages—becoming public forums for conversation and debate. This makes it both crucial and challenging to capture all these real-time ongoing conversations. This content is dynamic, not only are citizens constantly replying and adding to the conversation, but comments are also being deleted. Agencies are regularly forced to delete comments because of profanity, threats of violence, and other inappropriate behavior and users themselves choose to delete their comments. Open Records laws require that these comments be captured, preserved, and made available upon request, but how exactly can agencies archive this data?

Pagefreezer can capture all of your website, social media, enterprise collaboration, and mobile text content. In the case of social media and enterprise collaboration, this includes conversations like DMs in Twitter and Private Messages in Facebook. These captures ensure compliance with regulations and enable Pagefreezer archives to be used in the eDiscovery process. As long as the messages are under the same account, they can be archived and are in full FOIA/Open Records compliance.

Indeed, being able to respond to FOIA/Open Records requests is a major reason why organizations should be keeping detailed records of online data, but public sector agencies also have a responsibility to act as openly and transparently as possible. When it comes to online data like social media content, this means making all records—including edits to posts and deleted comments—freely available to the public.

Pagefreezer has developed a Public Portal specifically to meet transparency needs. A Public Portal makes the Open Records compliance process as easy as possible—share online data with your constituents on-demand, 24/7. Citizens can access records, perform keyword searches, and download content in PDF format.

Want to learn more? Download our Government Guidebook to Electronic Records Management for FOIA & Open Records Compliance, which discusses best practices for the management of website and social media data in the public sector.

New call-to-action

George van Rooyen
George van Rooyen
George van Rooyen is the Content Marketing Manager at Pagefreezer.

Related Posts

Why the $200 Million JPMorgan Recordkeeping Fine Is a Game-Changer

At the end of 2021, J.P. Morgan Securities (JPMS) agreed to pay $200 million to resolve charges from the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC). It would pay the SEC $125 million and the CFTC $75 million. 

SEC New Marketing Rule: How to Ensure Advertising and Recordkeeping Compliance

In the 1960s, marketing looked very different from what it is today. Billboards and magazine advertisements have been replaced by social media posts, emails, influencer marketing, and endorsements. Even hashtags and comments on social media posts can be used for marketing purposes. 

SEC/FINRA Books and Records Retention Requirements Explained

The Financial Industry Regulatory Authority (FINRA) is not afraid of issuing steep fines when it comes to non-compliance of SEA Rules 17a-3 and 17a-4 of Section 17(a)(1) of the Securities Exchange Act of 1934 (‘’Exchange Act’’ or ‘’SEA’’). We previously mentioned how FINRA fined 12 firms a total of $14.4 million for what it called “failing to protect records from alteration.” And while the technology exists to support brokerage firms in the securities industry (and one would expect non-compliance to slowly decrease), fines continue to be issued.