Navigating the minefield of new social media regulations, cyber security experts may hold the map…
Concerns over social media privacy came to fruition in early 2012, when the story of a Maryland corrections officer received major news coverage. To recap, the man complained that his employer had required him to provide access to his Facebook account as part of the process of being recertified for his job following a leave of absence.
The story opened a can of worms – other reports of employer abuse, which seemed particularly unfair given the poor economic climate and the millions of out-of-work Americans, who now added social media to the list of reasons why they might not get hired.
Around the same time this issue gained speed, a few members of the Liqui-Site team and Alan Heyman (Executive Vice President and Managing Director of Product Development & Technology Solutions, CSA2) took part in the first Social Media Institute – an open and interactive discussion series – with soon-to-be graduates and graduate students at Mount Saint Mary College in Newburgh, New York – who echoed the same concerns. They wanted to know to what degree their social media profiles were fair game for employers, and what to do if they found themselves in a similar situation.
The answer is still not exactly clear.
The debate over social media privacy has become even more complicated with people at the federal, state, agency, and individual level all weighing in.
Maryland became the first state to pass social media privacy legislation on May 2, 2012. Illinois soon followed suit and today California, Delaware, Massachusetts, Minnesota, Texas, Washington, New York and New Jersey are reviewing similar legislation.
Under the Maryland legislation state employers are precluded from requesting or requiring information such as the username or password to access current employee’s and/or applicant’s “personal” social media sites, such as Facebook and Twitter. The legislation also precludes employers from terminating or otherwise disciplining an employee who refuses to provide said information, and proposes injunctions or monetary fines for employers who violate the law. (There are two exceptions to the law: if the information indicates a potential wrongdoing that requires investigation, and if there is cause to believe proprietary information or financial data has been compromised.)
Federal legislators also issued the Password Protection Act of 2012 (officially filed May 9th), that makes it illegal for an employer to “compel or coerce access to any online information stored anywhere on the Internet if that information is secured against public access by the user.”
The new state and federal legislation should be commended for protecting the rights of American consumers, employees, and the business community. From a civil rights perspective, the legislation goes a long way to mitigate employment discrimination and privacy infringement.
But for broker-dealers (BDs), the legislation comes in direct conflict with its activity, mission, and principles.
BDs are responsible for trading securities, either for their own account or on behalf of customers. In addition to brokering deals, they provide financial counseling, organize and support turnover or liquidity, and generally voice market buying, selling, pricing and timing.
In the United States, BDs are regulated under the Securities Exchange Act of 1934 by the Securities and Exchange Commission (SEC), a unit of the U.S. government. Some regulatory authority is further delegated to the Financial Industry Regulatory Authority (FINRA), a self-regulatory organization.
BDs must disclose other “essential conditions” of the buy-sell contract of securities. To perform these actions effectively, BDs operate under a regulatory framework, overseen by FINRA, which permits the “supervision“ of certain social media and electronic communications that relate to their business and that help them comply with certain record-keeping requirements.
See the problem?
Under FINRA, BDs social media peeping extends to blogs, social networking sites, and personal/social websites. FINRA has published a number of notices on the use of the Internet and social media that further blur the line between necessary and illegal social media monitoring. There are policies by type of content and communication, online platform, interactivity level, archival lifespan for record keeping, risk level, and more. FINRA has tried to help by developing an “investor education outreach program”, but it is clear that broker-dealers require additional help navigating social media privacy laws.
One way BDs can stay in adherence of SEC, FINRA, state and federal legislation is to enlist the help of cyber security firms, like Cyber Security Auditors & Administrators, LLC (CSA²) – New York City-based experts in pre and post-breach scenario remediation. CSA² offers services and programs that help organizations comply with state and federal regulations; including cyber risk assessment, breach management, critical data security software, and even social media management. In fact, our friend and business partner, Alan Heyman, was the one who brought this issue to our attention, adding “ [We] will be important to companies that are required to be FINRA compliant, because these companies are required to monitor social media activities of their employees. Some professionals believe the new Maryland law may be counter to the FINRA published guidelines.”
Like broker-dealers, I’d be willing to bet that most individuals and small business owners struggle with many of the same issues: what qualifies social media as public or private, how much is too much exposure and who’s really listening, what are my rights and the rights of my employer, and should you censor your social media voice for the advancement of your career or company?
For the rest of us- employers, employees, and those looking- where do we stand in the debate over social media privacy?
This comment has been removed by a blog administrator.
It will be interesting to see how BDs handle state social media privacy laws while also balancing the rules that FINRA has in place.