A 12-month study of the social media pages of Fortune 100 companies found an average of 69 probable violations of U.S. regulatory standards, more than 80 percent affecting financial firms, according to a report published on May 12 by security provider Proofpoint.
The report, State of Social Media Infrastructure, Part III, found that the average company in the Fortune 100 had 320 different social media accounts accessed by more than 1,150 employees. Consumer comments on companies' social media pages, from fraud complaints to complaints about drug side effects, accounted for the lion's share of violations, an average of 57, while posts to corporate-branded social media pages by employees accounted for only 12 potential violations, Proofpoint stated in the report.
The rapid adoption of social media and the difficulty in managing the platform means that some violations inevitably get published online, Michael Lee, director of social media solutions for Proofpoint's Nexgate group, told eWEEK.
"It is a very new, but much more complex communications channel," he said. "What makes it great—the frictionless creation of the voice of the company—also poses a danger."
The study tracked the branded social media accounts of companies in the Fortune 100, including posts and comments, for potential violations of nine different regulatory standards. Most of these violations, 71 percent, represented comments posted by customers to the brand's social media accounts.
"Most of these companies still are not able to monitor comments to their social media pages," Lee said. "The regulators want to see a process on the back end to monitor the policy. Just training people is not enough."
The study used the mean of all Fortune 100 companies to represent the average business, but the data showed that not all companies are created equal in terms of social media risk. By far, most of the compliance risks—some 81 percent—were potential violations of financial regulations, impacting only 21 percent of the firms. Indeed, the largest single category of risk was failing to respond to customers' financial complaints—including allegations of fraud, forgery or theft—a violation of the Financial Industry Regulatory Authority (FINRA), according to Proofpoint. More than 70 percent of all violations fell into this one category.
Another 13 percent involved personally identifiable information (PII), mostly usernames and passwords. Cross-industry standards, confidential corporate activity and life-sciences standards each accounted for about 2 percent of potential violations.
Utilities, energy firms and manufacturers tended to have fewer social media accounts than companies with many branch offices or stores. Such companies tended to have fewer violations and social media accounts.
On average, Fortune 100 firms had to triage a half million messages in a year, posted by 1,159 employees and 213,000 commenters, according to Proofpoint. While many social media marketing platforms allow companies to streamline the workflow and authorization of posts to branded corporate sites, they cannot automate the compliance checking of posts and comments, Proofpoint said.
"Yes, there are content publishing tools and applications that they can use to help their employees do a better job," Lee said. "Employees, however, will often go around them."