GRC Roll-up: Mitigating Risk In Social Networks, A New Privacy Bill in the Works?

5 minute read
David Roe avatar

The growing use of social networks has received a considerable amount of attention this week from companies looking to mitigate the risk associated with the information that appears in them. There are also further moves in Washington to protect personal information.

Social Networking And Compliance

The Insurance Marketplace Standards Association (IMSA) has just announced that it has released a Social Media Policy Template for the annuity, life insurance and long term care insurance arenas to ensure that companies that wish to use social media can do so and still remain compliant.

Designed for companies who feel the prohibition of social media use is too great a commercial risk, itoffers guidance on how companies operating in these verticalscan effectively use social media and where they can’t.

The emergence of social media challenges proves clearly that compliance is not a static endeavor, but rather one that grows, changes, and requires evolving standards and policies,”Brian Atchinson, IMSA President and CEO said.

Future plans include:

  • Socialmedia monitoring and testing guidance that can be incorporated into an insurance company's supervisory programs.
  • Socialmedia training program for both life insurance company staff and the company's distribution partners.

Independent securities regulator FINRA's release of Regulatory Notice 10-06 earlier this year clarifies the responsibilities of broker-dealer firms to supervise the use of social networking sites, such as Facebook, Twitter, LinkedIn and blogs, to ensure that recommendations are suitable and customers are not misled. If you are interested in more youcan find the template at the IMSA website, but you'll have to subscribe.

Managing Social Network Risk

A new solution for messaging and social media governance and compliance has been launched by managed services company Smarsh and social network specialist Socialware.

The 360-degree solution combines Socialware’s policy enforcement, capture, moderation and analytics capabilities for third-party networking sites, including Facebook, LinkedIn and Twitter, with the message archiving and compliance platform from Smarsh.

Socialware’s Compass solution comes with preservation, supervision and policy controls that enable financial services firms to operate in compliance with SEC and FINRA regulations.

Using it, they say, enterprises can efficiently navigate the record-keeping, suitability and supervision challenges associated with social media which was outlined in the recently issued FINRA Regulatory Notice 10-06.

Social Network Users Give Too Much Information

According to Consumer Reports latest State of the Net survey, in the past year, 52 percent of adult social network users have posted personal information such their full birth date which can increase their risk of becoming a victim of cybercrime.

The Consumer Reports National Research Center conducted a nationally representative survey of 2,000 online households in January.They found found that 9% of social network users experienced some form of abuse within the past year, such as malware infections, scams, identity theft or harassment.

And cybercrime can be costly -- Consumer Reports estimates that Americans have lost US$ 4.5 billion over the past two years, including replacing 2.1 million computers compromised by malware. It also lists 7 things you might want to consider before putting information on social networks like Facebook. Want to know more?

New Privacy Bill?

New draft legislation making the rounds in Washington at the moment will give individuals more protection in respect of information that they pass on to companies across the web.

The legislation proposes to limit how companies can collect, use and dispose of information they collect from people through online forms. Included in the draft legislation are:

Learning Opportunities

  • Proposals to clearly publish how information was collected and used, and who has access.
  • Proposals to allow companies to collect personal information and wouldn’t make companies get consent to use operational or transactional data such as session cookies, unless the user specifically opts out.
  • Proposals to implement express consent criteria for the collection of personal information that’s considered more sensitive like medical records, financial accounts, social security number.
  • Proposals that require companies to get express permission to share personal information with third parties.

The purpose of the legislation is to encourage higher levels of trade on the internet by giving people express legal guarantees that their information will be safe, and specifically mentions the rise of cloud computing as one of the drivers.

It’s only in draft so it really could go anywhere from here, but watch this space. .

Origin Launches 'Self-Encrypted' Laptop

A “self-encrypted” internal laptop drive has been developed by Origin Storage to help firms more easily protect their company data.

The self-encrypted drive (SED) allows firms to use the highest levels of hardware AES 256-bit encryption.

With remote working at firms now widespread, organizations are issuing laptops in preference to standard desktop PCs. At the same time, Origin said, companies are putting at risk the security of sensitive and confidential information in areas outside their physical control.

The Enigma SED system provides permanent full disk encryption on the fly, which means no speed degradation when reading and writing data. The Enigma SED is a 100% compatible upgrade to corporate laptops, with each hard drive supplied with the correct fitting kit pre-mounted ready to fit straight into the laptop.

Governance Portal Extended

Business consulting company Protiviti (news, site) has announced the release of a new version of its Governance Portal for Internal Audit, adding a synchronization management engine that allows auditors to work anytime and anywhere even when they are disconnected from the network.

Synchronization management allows auditors to access complete consistent work more quickly no matter where they are are or their network status. Once an auditor reconnects to the network, synchronization with the central repository takes place automatically, informing the auditor of potential conflicts with any data changed during the offline period.

The Governance Portal integrates Protiviti's proprietary content and consulting background with commonly accepted governance frameworks to establish a comprehensive platform that gives organizations the visibility and insight they need to manage risk and compliance issues.

The Governance Portal for Internal Audit enables organizations to automate the audit process from risk assessment through reporting and identify and assess risks through integrated surveys.