Fortune 100 Social Media Accounts Struggle to Comply With Regulations

By   ISBuzz Team
Writer , Information Security Buzz | May 17, 2015 05:06 pm PST

Fortune 100 social media analysis highlights FTC, SEC, FFIEC, FINRA and FDA regulatory issues and the need for more dynamic compliance processes

Proofpoint, Inc., (NASDAQ: PFPT), a leading next-generation security and compliance company, today released the first social media study that exposes the compliance violations and incidents affecting Fortune 100 social media accounts.

Corporate investment in social media is on the rise, but most organizations still do not understand the scope and scale of the risks. Over the course of one year, the Proofpoint Nexgate research team used its patent-pending technology to examine and analyze a broad range of Fortune 100 social media pages—including Facebook, Twitter and LinkedIn—and identified how frequently regulated and sensitive information is exposed.

“Compliance violations pose a particular threat as they have serious financial and regulatory consequences,” said Devin Redmond, vice president and general manager of Nexgate for Proofpoint. “Nexgate is highly differentiated from any other social media security solution on the market. We have the unique ability to find and classify social media data—it is a core differentiator for us. Our combination of natural language processing, contextual analysis and regulatory research and expertise, is what allows Nexgate to understand, expose and stop these risks.”

The State of the Social Media Infrastructure, Part III report details how Fortune 100 social media pages are challenged to keep up with the fast pace of social communication while adhering to evolving FTC, SEC, FFIEC, FINRA and FDA regulations. These regulations are designed to protect consumers from misleading forms of public communication. The average Fortune 100 firm has more than 320 branded social accounts, thousands of employees and hundreds of thousands of followers—all interacting in dynamic, large-scale social media discussions. Compliance practitioners are struggling to adapt the compliance process to social media because it is exponentially more dynamic than other regulated communication channels. The issue extends beyond what an individual brand posts as compliance regulations also cover content posted by external commenters.

Key findings from the State of Social Media Infrastructure, Part III include:

  • The average Fortune 100 company had approximately 70 compliance issues on their branded social media pages. These incidents remained on public social pages and went virtually unnoticed by internal compliance staff. The informal, fast-paced nature of social media discussions create an environment where employees and customers are far more likely to unintentionally make misleading statements and share data that should not be shared.
  • Social media compliance issues come from both employees and commenters. Of the average 70 violations, more than 50 were generated by public commenters and more than 10 were often generated by the brand itself. FINRA financial service and FDA healthcare regulations are examples of standards with specific provisions covering commenter postings.
  • Compliance incidents triggered nine different types of U.S. regulatory standards risks. The FTC, SEC, FCA, FFIEC, FINRA, FDA, ABA and others have updated existing regulations to include social media provisions. However, research shows that organizations are struggling to adapt the compliance process to these more dynamic, larger-scale communication forums.
  • Financial Services firms accounted for the largest incident volume with more than 5,000 risks, more than 250 per firm.
  • Best practice social media compliance controls are inconsistently enforced. Only 47 percent of branded posts were routed through marketing and content publishing platforms despite the fact that most Fortune 100 brands own these tools. This suggests that employees are either unaware, ignoring or deliberately circumventing approved publishing workflow. These applications can warn employees of compliance violations and public relations mistakes prior to posting. Increased education and enforcement is also needed.

To uncover social media compliance trends, Proofpoint conducted an in-depth threat analysis on the social media presence of all Fortune 100 firms for the 12-month period extending from July 2013 to June 2014. Proofpoint’s three-part State of Social Media Infrastructure report is based on data gathered in conjunction and partnership with the social networks using the SocialDiscover™ technology and analyzed using the Deep Social Linguistic Analysis (DSLA) classifiers from Proofpoint’s Nexgate division.

To receive a copy of Proofpoint Nexgate’s State of Social Media Infrastructure, Part III please visit HERE. For more details on resources to implement automated social media compliance monitoring, please visit HERE.

About Proofpoint, Inc.


Proofpoint Inc. (NASDAQ:PFPT) is a leading next-generation security and compliance company that provides cloud-based solutions for comprehensive threat protection, incident response, secure communications, social media security, compliance, archiving and governance. Organizations around the world depend on Proofpoint’s expertise, patented technologies and on-demand delivery system. Proofpoint protects against phishing, malware and spam, while safeguarding privacy, encrypting sensitive information, and archiving and governing messages and critical enterprise information. More information is available at

Proofpoint, Nexgate and SocialDiscover are trademarks or registered trademarks of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.