Not Keeping Records of Your Tweets at Work? 1 Big Reason to Start

In the blink of an eye, social media has become a must for business success. Even the ever cautious financial services industry has begun coming out of its social media shell. (Need to reach your trusted Morgan Stanley advisor ASAP? Tweet her!) And earlier this year, the Federal Financial Institutions Examination Council (FFIEC) published a first-of-its-kind comprehensive social media guide for banks. But despite such major advancements, there is still reason for organizations to tread with extreme caution.

For highly regulated sectors like finance, insurance, pharmaceuticals, health care and government, social media can be a legal minefield. In these industries, company communications are scrutinized by an alphabet soup of state and federal regulators. In many cases, all activity—every last post, tweet, check-in, and poke related to business—must be recorded and archived.

It gets worse. Firms can be held liable for tweets fired off from an employee's iPhone, outside the office, and after working hours. Even something as innocuous as clicking the Like symbol next to a Facebook post could run afoul of the SEC.

Complicating matters, social media in large companies is spreading at viral speeds—whether employers know about it or not. "Go to LinkedIn and do a search for people currently employed by your enterprise," says social compliance strategist and financial industry veteran Mike Langford. "You will likely see thousands of them... without any compliance process or technology in place."

The good news is that implementing an effective social media compliance process isn't rocket science. The combination of the right policy and the right technology can render even the most delicate of communications compliant.

The Right Social Media Policy

"Everything starts with a firm's social media policy," Langford says. "The company needs to outline how it wants to interact with the world via social media and how it will empower its employees to do so."

So how do you create an effective social media policy? The best policies are often a collaborative effort. Employees offer use-case input from the front lines. The marketing defines the scope of messaging. IT outlines social technologies and devices. Then, as the last stage of the process, the legal or compliance department ensures guidelines meet the necessary regulatory criteria.

Once a policy is in place, training is critical. "Employees, particularly those in the sales and marketing functions, need to know the rules of the road," Langford says. This isn't just lip service. Last year for example, a leaked letter from a New York state securities regulator sanctioned an investment firm for, among other things, failing "to provide sufficient and appropriate training to employees" using Facebook and LinkedIn. An socially savvy workforce isn’t just a competitive necessity—it’s a regulatory one.

Fortunately, social media compliance training has become increasingly accessible. Industry-recognized online certification programs, like those offered by HootSuite University, are taking off. Tens of thousands of students have enrolled in HootSuite University since its inception in 2012, and thousands have left certified to handle even the most complex social media responsibilities.

Furthermore, across the country, a growing number of college students are getting a headstart on social media training through the integrated Higher Education Program. For the 2013 spring semester, HootSuite University has partnered with 75 higher ed institutions, teaming up with MBA classes at Columbia and NYU and undergrad classes at Boston University, Syracuse University, Quinnipiac and elsewhere.

The Right Technology

Adopting technology that keeps pace with regulatory requirements is equally important.

Just what requirements are we talking about? In many regulated industries, all static content (such as Facebook and LinkedIn profiles) requires documented pre-approval before posting. Meanwhile, interactive content (the stream of updates to Twitter, LinkedIn, and other networks) must be “supervised”—sampled regularly after posting for compliance violations. These rules apply to all content of a business nature, whether from an official company account or an employee's own personal account.

And here’s the big one: In many industries, employee business communications on social media be archived for at least three years. This has become the golden standard, particularly with e-audits on the rise. Think it can’t happen to you? By the end of 2013, Gartner research estimates half of all companies will have to produce social media records for e-discovery. If you’re not archiving your social media already, it’s time to start.

Employees don't need to track all that activity by hand, of course. Specialized tools can now automatically capture social content from both desktops and mobile devices, storing it securely on cloud-based servers. Archiving leaders include Global Relay, whose products enable searching stored communications by keywords, date, and other variables across different social networks. Better still, some social media management tools (including my own, HootSuite) now come with these archiving tools already built in.

Meanwhile, other features focus on preventing rogue posts from ever reaching the web. For instance, HootSuite allows firms to assign limited permissions to certain employees. These users can draft tweets and updates. But before these messages are published, they’re fed into an approval queue for manager review. In this way, companies can rest assured that non-compliant messages sent by junior employees aren’t slipping out.

In the fast-evolving world of enterprise social media, this is a solution even financial services and other sensitive industries can bank on. The alternative—banning social communications altogether and hoping for the best—is hardly an alternative any longer. "Restricting communication, access to information and people networks is something I doubt you would champion as a sound business practice for the 21st century," Langford says. "You can resist, but your competitors and customers are moving ahead."

A different version of this article originally appeared in Harvard Business Review.