HOW TO ArchivE Social Media for Regulatory Compliance
At its core, the web, including social media, is built around links, videos, and interactive, interconnected experiences. The interconnectedness between sites is a key distinguishing feature of online communication, and while that’s great for consumer engagement, it’s replete with traps for the unwary when it comes to archiving and preserving digital experiences.
Whether you want to establish an archive of your social media presence and behavior to meet regulatory requirements, mitigate risks, or proactively capture and preserve essential data, here are a few key questions and facts to be aware of and keep in mind while auditing your existing archives or exploring potential technology providers.
1. Is my web archiving solution designed to capture the full context around the communications my organization is sharing online?
We’ve said it in the past and we’ll say it again in the future. Context is essential to understand any piece of data or information, and context matters in litigation and compliance too. You need to capture the full dynamic context of all communications for your archives to be complete, and FINRA even has specific regulatory notices covering the importance of context.
In the Instagram example below, taken from our existing archives, you’ll notice a few specific things in relation to capturing the context around data:
On Instagram, similar to modern web design and other social platforms, images can appear in a “carousel.” That means one post can contain layers of pictures and video, all related to each other. You’ll also notice that the comments and activity on a particular post, when it reaches a certain point of “engagement” (often beyond 10 likes or a few comments) become hidden, only visible when expanded upon.
From the perspective of a cat video, much of this seems harmless, but in relation to your organization, the information and data living in those “hidden” comments and likes, or layered within the video of your post itself, is extremely valuable and important for your own due diligence and investigations, as well as regulatory compliance expectations.
This one URL, archived in its native format with all of the functionality and data preserved as you see in the video, would take hundreds (if not more) of PDF pages to capture the full post, and navigating those pages would strip away the context of what the person using Instagram actually experienced.
Consider this situation:
You work for a financial services company, and on your brand’s LinkedIn account, the social media manager on your marketing team publishes a new, approved article with information on stocks and other financial investment opportunities that are “trending up” and trending down.” While the article itself poses no compliance or regulatory risk and contains the necessary disclaimers to suggest the information itself is not advice, people who follow your organization on LinkedIn begin to share their own thoughts on the market in the comments section.
The 11th comment on that post expresses a specific interest in a specific stock, and someone within your company who reads that post and agrees with that comment, without thinking twice about it, likes their comment. Your employee just unintentionally endorsed that trading suggestion and provided advice, but not just to that one person. LinkedIn’s algorithm now shows their followers they liked that specific comment, unintentionally signaling to their community a certain sentiment about the financial outlook of that particular stock.
In your PDF web archive of LinkedIn, which contains a static screenshot of that post and only shows the first 3 comments, this behavior is virtually invisible, keeping your legal and compliance team in the dark to an actual compliance violation.
As you can see, dynamic capture is hard enough, but financial service providers need even more from their archives, increasing the technical challenge of social media archiving.
2. Are my web and social media archives quality tested by experts and preserved in a robustly future-proof format?
Your legal or compliance team might be retaining archived digital experiences and the data they contain for just three to five years, or you might find that you need them for 10 years or more. With the ever-accelerating rate of change in technology, the last thing you need is to turn to your archives a year from now, or 10 years from now, only to learn that you can’t access them!
Under SEC Rule 17a-4, your archives must be maintained in a non-rewriteable format, commonly known as “write-once-read-many,” or WORM. This requirement ensures that archives cannot be changed or altered after capture—and it’s a common stumbling block for regulatory compliance, as evidenced by recurring violations and fines. Photo and document editing technology has gotten so advanced and easy to use that manipulating the text or images in a PDF-document is as simple as downloading a free iPhone app.
But even if you’re comfortable with the risk of non-compliance around WORM, or aren’t worried about your archives being manipulated and tampered with to delete or compromise precious evidence and data, there’s a level of risk around the quality of the information actually being captured if it isn’t being tested, and vetted, by your internal team or the vendor you work with to solve these problems.
For example, you have a PDF or screenshot-based archiving system in place to capture your homepage on a daily basis, but one month after establishing that system, you redesign the homepage or change the order information appears, in order to promote a new product or service offered by your company. Suddenly, the screenshots captured and saved as a PDF are missing essential information or don’t look as good as they did previously, and nobody realized until it was too late, and for months, you’ve been archiving and preserving an incomplete picture of your digital presence.
3. Are my web archives navigable and searchable by specific criteria and keywords?
To adequately supervise your communications, you need archives that are navigable and searchable. Collecting all of this data in the proper format and with the right context is essential, but you also need to be able to actually use that information when you need it without spending hours manually trying to find the right data. When you only capture a PDF or screenshot, you lose out on data, metadata, and keywords that exist on, and beneath, the surface of every digital experience.
With Hanzo’s dynamic website and social media capture, you can navigate and search an archived site the same way you would interact with a live site. You can scroll down a feed, clicking on links, expanding comments, playing videos, and even interacting with fillable forms and calculators. You can also look for specific keywords or pieces of data across thousands of archived pages to find exactly what you’re looking for.
With Hanzo Dynamic Capture, you can show who liked a post or a comment, establishing that your business communications have been proper. You can also explore the full context of any statement so it can’t be misinterpreted or taken out of context.
Our archives are captured and maintained in a future-proof Web ARChive (WARC) file format that works on any platform and any system, today and at any time in the future. The WARC file format is backed by ISO standard 28500 and is the file format preferred by the Library of Congress. Hanzo’s archives are also captured and maintained in a WORM format that complies with SEC Rule 17a-4.
Because they’re fully navigable, our archives are also searchable, making them easy to review both for eDiscovery and for regulatory supervision, and because our work centers around the needs of litigation and compliance professionals, we’ve built our archives to be both admissible and subject to authentication.
When you need to archive your online and social media communications, don’t waste your time and budget on vendors and technology providers that don’t understand what it takes to create defensible, workable website archives for regulatory compliance. Ask for a demo, see what they show you, and remember the three questions we’ve posed in this article.
The potential risks of non-compliance are easy to avoid, but it starts with making the right decision about who to work with. To learn more about how Hanzo can help, schedule a free consultation to discuss Instagram, your website, or other social media channels used by your organization today.