BLOG

See the latest news and insights around Information Governance, eDiscovery, Enterprise Collaboration, and Social Media. 

All Posts

How to Archive Facebook Information for Compliance

For many people, the most accurate record of their lives is Facebook. Pictures of their kids, significant events in their lives, or simply how they are feeling. With over one billion users, that means Facebook is the de facto memory of our online lives.

That has considerable implications, especially as it being a record of activities that are questionable, offensive and even illegal. Beyond the personal sphere, Facebook Pages are considered business records. And Facebook Messages, if they are business communications, are also business records.

Thus, using Facebook (and other social media) requires the same obligations and retention policies as any other business record. You want to keep accurate records of who said what, when for litigation protection, compliance, and corporate memory needs.

fb2

Relying on Facebook itself, is fraught with issues. They have no obligation to retain your content; FACEBOOK IS NOT RESPONSIBLE FOR THE ACTIONS, CONTENT, INFORMATION, OR DATA OF THIRD PARTIES. And, once posted, you've lost control of "your" content as their terms of service provide such broad control to them, Facebook can do as they wish; "you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (IP License)".

While Facebook does allow you to download your information, there's no guarantee of accuracy or authentication involved. This download won't satisfy Federal Rules of Evidence (Rule 901) if you want the archive to have legal standing, or compliance rules for FINRA, SEC, Open Records Laws, etc.

Specifically, Facebook compliance refers to the rules and regulations governing financial firms and advisors in regards to social media. In the US, FINRA has created specific guidelines (Regulatory Notice 10-06 and Regulatory Notice 11-39) for social media. If any Facebook communication is a business communication, it IS a business record and needs to be archived for three years. While any particular post, depending on its content and intent, can be debated if it is a "business record", you don't want to have to scramble to prepare for an audit, or have an audit show missing records.

In the financial sector? Download our Social Media Compliance Crash Course for Financial Services.

Download Compliance Crash Course

Anticipate audits and have proper social media policies and procedures in place BEFOREHAND. A simple, easy-to-follow social media policy should be in place, taught to all employees, and monitored on an ongoing basis. And, a proper archiving system that automatically handles the record-keeping aspect needs to be implemented as well.

For government agencies, Facebook archiving is necessary to comply with State Open Records Laws or FOIA (Freedom of Information Act) requests. In general, States already have laws that pertain to Facebook archiving. Some States already have laws specifically written about social media retention, but, if not, laws about Open Records apply. While the medium is new, the intent remains the same; the public has a right to know.

In the public sector? Download our Government Guidebook for FOIA and Open Records Compliance.

Download Government Guidebook

For other organizations, Facebook archiving is a smart risk mitigation strategy. More and more interactions with the public and with employees are happening on Facebook. HR might have to deal with situations of online harassment. Marketing might want to keep proper track of all their posts, in case someone tries to falsify claims. For public companies, investor relations should keep track of any news and announcements to demonstrate to the SEC what they have published.

Facebook archiving protects your organization. Ensure that your organization takes full advantage of the massive Facebook audience without additional risk and start archiving all your social media.

Want to see how easy automated archiving of Facebook content can be? Simply request a demo.

Schedule a Demo

Michael Riedijk
Michael Riedijk
With more than 20 years of experience building successful technology companies in Europe and North America, Michael Riedijk is recognized as a leading innovator in compliance technologies. Originally from The Netherlands, Michael relocated to Canada and launched Pagefreezer in 2010.

Related Posts

Diversity, Equity, Inclusion, and Belonging (DEIB) at Pagefreezer

Back in June, Pagefreezer’s CEO Michael Riedijk posted our Stance on Racism. In that post we made the following promises:

More Legal Lessons Learned: 5 Times Social Media Evidence Was Denied in Court

Digital content (like web pages, Facebook posts, and tweets) is increasingly being submitted as evidence during legal matters—but it isn’t always being admitted by courts. As with any other form of evidence, digital evidence needs to meet a certain standard in order to be deemed admissible—and in many cases this comes down to how the evidence was collected and authenticated. If the collection and authentication process wasn’t handled correctly—and the method employed didn’t prove authenticity beyond any reasonable doubt—the evidence typically would not be accepted.

Why You Should Use SHA-256 in Evidence Authentication

In a previous article, we discussed why hash values are crucial in evidence collection and digital forensics. Following on from that, it’s worth discussing why Pagefreezer specifically makes use of the SHA-256 hashing algorithm when applying a digital signature to one of our records.