The need to comply with a variety of legislation when using social media and other collaboration tools has always been there, but like the recent EU directive regarding cookies on websites, most organisations have chosen to bury their heads in the biscuit barrel. However, with the changes to the EU directive on data protection under discussion and the threat of fines up to 2% of global turnover to give the legislation some teeth, now is a good time for organisations to step back and consider the longer term issues of enabling collaboration technologies whilst remaining compliant.
Internet communication has changed beyond belief since the last revision of the Data Protection Directive in 1995. ICQ and Hotmail didn’t even exist until the following year, and few would have predicted that we would all be sharing our thoughts, pictures and interests so openly and that it would be used widely to boost business opportunities.
The new regulation is aimed at harmonising the different interpretations of the old directive by EU member states and lessening the administrative burden on companies that have a presence across Europe. For consumers, it’s the promise to make businesses more accountable for the way they process and protect their personal data. According to an EU study, 79% of social networking and sharing site users are likely to disclose their name, 51% their photo and 47% their nationality, but only just over a quarter of social network users (26%) feel in complete control of their data.
To help overcome this, the new directive is proposing to strengthen individuals’ right “to be forgotten” and organisations remove all trace of personal information pertaining to an individual upon request so long as it is not legitimately required. It all seems perfectly reasonable. Now place this requirement alongside other laws such as those that demand that conversations pertaining to contracts or price are kept for a set period of time, and the waters start to muddy, particularly if you are using Facebook or Twitter to communicate with customers.
Without a contextual archive of those conversations, it’s difficult to know which should be kept legally for other reasons and which might place an organisation in danger of breaking data protection laws. The problem is further acerbated by the complex multidimensional nature of today’s communications. For example, what happens if the conversation is taken to another medium such as from Twitter to email? A perfectly legitimate action when privacy needs to be afforded to the customer and a response is going to take more than 140 characters.
Meeting most industry regulations requires special controls around how data is captured, stored, searched and recovered. Being able to archive contextually is of significant importance. Without it, even if organisations have implemented rudimentary measures to capture social media conversations, all they are left with is snippets of content and no sense of what took place without a time consuming reconstruction. That is, of course, if it’s possible to retrieve all the content in the first place.
Although the final draft of the European Data Protection Regulation is a long way off, it is clear that for many organisations to comply will require a change to how they currently manage and archive conversations with individuals over social media and other collaborative tools. Starting to implement new policies and procedures now won’t just put businesses in a good position when it does come into force, but it will help ensure compliance with a host of other regulations too. Not to mention delivering a reassuring message to customers that the processing of their personal data is taken seriously.
David Oats is Vice President International at Actiance, which he joined with more than 25 years of sales and senior management experience in the software industry. He advises large enterprises and governments throughout the world about enabling the safe use of collaborative communications.