See the latest news and insights around Information Governance, eDiscovery, Enterprise Collaboration, and Social Media. 

All Posts

The Most Commonly Overlooked Risks of Internal Social Media

The use of social media within teams has quickly become the new norm for workplaces, whether you’re working in tech, finance, recruiting or practically any industry across the board. Boasting improvements in productivity, collaboration and employee engagement, companies have jumped on board to implement enterprise social media networks like Jabber, Slack, Google Drive, Workplace by Facebook and Chatter throughout their teams. But while groups and chats may speed up employee recognition, knowledge sharing and daily decision making, internal communications also bring along a number of risks in compliance and litigation that can be easily overlooked.

Here are a few risks to keep in mind before rolling out enterprise social media in your workplace:

1) Sharing of personal information

Information can flow a lot more freely in group chats and private conversations, and can often skip a few security processes. An employee communicating a change of social security number, address, or private health concern with HR risks having that information stored within the platform, easily accessed in the case of a hack.

Recognizing the abundance of personal information online, new regulations like the GDPR are coming into play to protect the personal information of customers, clients and employees. Organizations can now face significant fines according to the law if they fail to put systems in place to protect personal data. 

Read more about how to comply the GDPR when using collaborative social media networks here.


2) Information leakage of confidential company/client/customer information

Just like personal information can be shared, this free flow of information between employees and departments can put confidential company, client, patient or customer information at the same risks. Credit card information, passwords, deal documents and sensitive information about unreleased products and services can live in chat conversations and be handled with far less security. This can lead to cases of IP infringement, credit card fraud, or other non monetary consequences like the loss of client trust.

To avoid the sharing of this sensitive information on internal social media, it is worth evaluating your internal social media policies to remind employees of the do’s and don'ts. It's also key to explore how technology can help you keep track of conversations. Some tools like PageFreezer can help you monitor keyboards and text patterns (like social security numbers, credit card information and addresses) within conversations, and notify you over when such information has been shared in your platform, flagging it for removal.

Learn more about our PageFreezer's social media monitoring feature by requesting a demo here.


3) Harassment, cyber bullying and inappropriate employee conversations

Communication is becoming more skewed over chat conversations, minimizing both verbal and physical cues in the workplace. Private chats and other online interactions between employees hidden from the public eye can open up avenues for the potential of harassment, cyber bullying, and other inappropriate conversations between employees that can easily go unnoticed (like the sharing of NSFW memes).

According to the Federal Rules of Civil Procedure and Federal Rules of Evidence even internal conversations are subject to eDiscovery in the case of litigation. Employers can face claims from potential employees, employees, contractors and third parties, with essential pieces of evidence found online for these disputes and hearings. If information from your chats, groups timelines is ever requested for a lawsuit, you must be able to turn around official copies of this data. Simple screenshots lacking metadata won’t do, so it’s important to invest in an capture solution that meets data authenticity and integrity standards by adding digital signatures and timestamps to all your online data.

To avoid these compliance and legal risks that can potentially cause serious fines and reputation damages, the following three approaches should be taken to ensure you have a solid information governance program in place when using enterprise social media communications : 


1) Implement and evaluate your internal social media policies
  • Dig up examples of existing social media policies and tweak to fit your company needs. We found the Hootsuite policy had a few good pointers!
  • Determine the do’s and don'ts when using internal social media platforms
  • Stress the kinds of information sharing that are prohibited on the networks used (i.e credit card information, addresses, personal matters, etc)
  • Be sure to include spotlights on cyber-bullying policies, anti-harassment policies and social media communications expectations in your code of conduct.  
2) Stay proactive in your compliance with general and industry-specific recordkeeping regulations
  • Stay on top of your industry’s record-keeping regulations (i.e for financial services, SEC Rule 17-a3 and 17a-4)
  • Use Google Alerts to subscribe to alerts on regulation updates and be sure to keep up on changes to the laws affecting you
  • Educate yourself on new regulations like the GDPR as they come into play
3) Use strong archiving technology to retain your online records as official evidence

Main takeaways? Check out our neat little infographic on this topic below. Cartoons always do it better! 

Collaborative Social Networks

Related Posts

Text Messages and eDiscovery: 4 Cases You Should Know About

Americans send an average of 26 billion text messages every single day—with the average person sending 15 texts per day.

6 Common Legal Issues Around Website Content

A well structured, informative website is an essential element of modern business. However, many organizations don't fully appreciate the legal responsibilities that accompany public communication through an official company website. 

What Is the Difference Between Data Retention and Data Preservation?

Is there a difference between data retention and data preservation? The terms retention and preservation are often treated as synonyms in day-to-day language but they aren’t the same thing.