Sample Social Media Audit

What should your business do to comply with all of the rules and regulations associated with social media? Simply rolling out a new corporate policy on the use of social media is not the answer. In fact, a corporate social media policy might create additional risk for the employer. Before committing to any new policies or procedures you should take a good look at what you are already doing and what plans you have going forward.

By conducting a comprehensive review of your current and planned use of social media you can make intelligent and strategic decisions that are appropriate to your business. This will allow you to determine what steps your business must take to comply with the relevant laws and the best practices to minimize risk and maximize opportunities.

This audit should be expansive and additionally cover privacy, security, intellectual property, technology use, and e-commerce issues. This information gathering, along with a review of the appropriate federal and state laws, will help you identify the specific risks and opportunities based upon your current and planned use of social media. It may also be appropriate to consider laws of countries other than the United States especially if privacy and security of personal information is involved. If your business operates in a regulated industry such as financial services or health care then the audit should consider the specific regulations and compliance requirements for your business.

Here is a sample of the type of information you should gather as
part of this audit:

• Do you have proper data security procedures in place?
• Can employees access and download confidential and proprietary business information and customer data?
• How are smartphones and other mobile devices used?
• How are social media sites used to interact with customers, prospective employees, and the general public?
• Does your business have a corporate page on Facebook or other social media platform?
• Does your business operate a blog? Do your employees write for outside blogs?
• Do your employees use Twitter for business purposes?
• Is YouTube used to educate consumers on products and services?
• Do you use internal employee only wikis or blogs?
• Has employee use of social media had any effect on the business?
• How are employees trained on proper use of social media?
• What are your current policies regarding social media, privacy, intellectual property, blogs, mobile devices, email, text messaging, and other uses of technology?
• What about policies for use of technology outside the office?
• When were your formal corporate policies last updated ?
• Are your website terms of use and privacy policies appropriate for your business?
• Are e-discovery risks and compliance considered in record retention?

Upon completion of this audit you might be surprised to find that you can take some easy and relatively inexpensive steps to mitigate risk, such as updating your corporate policies, revising website terms of use and privacy policies, and employee training.

CREDIT: The content of this post has been copied or adopted from the Minnesota Department of Employment and Economic Development’s “A Legal Guide to the Use of Social Media in the Workplace” Guidebook

Leave a Public Comment