Information Governance and Social Media: A briefing paper for Media & Advertising Agencies

Netbox Blue

Netbox blue. (c2015). Netbox Blue. Retrieved 6 June, 2015, from

Introduction: The Era of Information Governance

Last year DOMO, one of the top Business Intelligence Services companies in the US, published an infographic with the title ‘Data Never Sleeps 2.0’ (Domo, 2014) showing the amounts of digital data generated every minute. The numbers were impressive and it seemed hard for the reader to realize that all these massive amounts of data reported responded to only just one minute of an hour. In fact, the company’s founder and CEO Josh James mentioned at a blog post on the company site that when he and his team initially created this infographic back in 2012, they had reported that Facebook users were sharing 684,478 pieces of content every minute (James, 2014) whereas two years later this number exploded to 2,400,000 pieces of content.

It is true that the Internet explosion and the evolution of new technologies have resulted in this overwhelming growth of data (in fact, ‘Big Data’ as it is widely called nowadays). Big Data represents a marketing but also technical term connected to an organization of business’s precious resource, to wit, information. The more people find ways to share information, the more Big Data will expand. Forecasts for the expansion of the digital universe are actually dazzling. Between 2013 and 2020 it is projected to expand tenfold and less than two years after 2020, it will be double (InfoGov Basics, c2015). However, we should not be intimidated by the volumes of ‘Big Data’ but rather try to organize it, analyze it, comprehend its business value, convert it into strategies and insights, or even discover new business solutions.

In this data-centric era of Big Data, Information Governance (from now on referred as ‘IG’) has risen as a crucial and very complicated issue for organizations and companies that desire to organize their way of governing corporate information, reduce possible threats (like hacking or data breach) and be able to select this particular information that can help their business thrive. The notion of IG is multi-disciplinary and is defined in relation to a great range of practices of a company, like Information Technology, legal operations, information security and privacy, risk management and operational requirements.

It would be worth stating the Association of Records Managers (ARMA) and Administrators’ definition of IG as mentioned in Robert F. Smallwood’s book ‘Information Governance: Concepts, Strategies, and Best Practices’ (2014):

 ”IG is a strategic framework composed of standards, processes, roles and metrics that hold organizations and individuals accountable to create, organize, secure, maintain, use and dispose of information in ways that align with and contribute to the organizations’ goals”  (Smallwood, 2014: 6).

Data never sleeps

Why do we need Information Governance for Social Media?

To thrive in a world of Big Data and information explosion, companies must learn how to deal with the proliferation of all this information generated by individuals and groups within Social Media (Bunker, Ehnis, Seltsikas & Levine, 2013). From the low-level operations  department, to the highest strategic hub of business planning, information flows through vast quantities of data and the flow seems unstoppable.

These data, with the right management and strategy, can prove to be more valuable for business and even create more opportunities for the future. We are living at a time where we can quickly and effectively understand what makes large quantities of information useful and information can definitely be considered as a significant business asset. Therefore, it would be crucial for organizations (or individuals) to control the acquisition, management, retention and disposal of information in their business (Logan, 2011).

For an advertising agency that comes across a vast range of information every day, Social Media use is not optional any more. A corporate presence on sites like Facebook, Twitter, Instagram and LinkedIn is necessary not only for the company, but also for its clients. In fact, more and more clients have been asking over the last years for sophisticated consultation and services for this particular field, creating opportunities for a new and very cutting-edge area for development. Statistics show that a great percentage of Top Brands have adopted Social Media as a significant source of their business (Go-Gulf, 2014) while at the same time companies’ workforce uses Social Media for both personal or work reasons at the workplace (Richter, 2013).

The more agencies and their workforce continue using Social Media, the more Social Media should be considered a part of their corporate data and its content should become subject to IG. But as they continue using Social Media in growing numbers, the risk of data loss and their possible exposure as a company to legal liabilities increases. The list does not stop just there: a variety of possible risks related to lack of Social Media IG can threaten their business. Therefore, they must address the issue of the increased use of Social Media to both their employees and their agency corporate business and draw clear lines between personal and professional levels of usage, always in relation to the agency’s general IG strategy.

Possible Risks for Consideration  

Reputational damage

Insensitive, ill-judged, offensive or unjustified comments left on Social Media sites may influence public or professional market opinion towards the agency or other connected individuals or companies (contractors, business partners and providers etc). They might also influence possible future clients and business partners and create danger for further legal proceedings.

Network complications from increased used of bandwidth

Excessive use of Social Media at work (and especially for personal reasons, non related to work) might lead to systems overload and threat the agency’s information infrastructure. The network bandwidth consumption can become critical especially because of the use of rich media (mainly video and audio) that has become mainstream on Social Media. Updates from social media sites like Facebook or LinkedIn do not take up great amounts of data, however the ‘bandwidth-hungry’ video links posted there do create many problems, especially for IT administration (Kelleher, 2009).

Potential confidentiality breach

Social Media can be an easy vehicle for confidential information leaks, whether this happens intentionally or not. From the moment that an employee will upload to a corporate social media site (or to her personal social media profile for that matter) any information concerning the agency, this information enters the public domain and can be analyzed, archived and reused anywhere in the world. Potential loss of valuable data but also potential reputational damage can lead to major crisis and severe business losses. Agencies often work with Confidentiality Agreement Contacts with their Clients, especially during pitches, which bond them with legal clauses even on market rumors. Of course, isolated Facebook posts or Twitter ‘tweets’ might not necessarily result in confidentiality breach. However, they might help rumor and speculation built-up (Linklaters, 2014). Knowing how to deal with the spread of information deriving from agencies’ workforce should be a priority for their business

Potential legal liability for inappropriate use of Social Media Sites

Inappropriate use of social media by organizations or employees can increase risks of legal liability. For example, members of workforce register with a website of their selection, from a work PC, laptop or mobile, for either personal or work reasons. This means that they will have to ‘accept’ terms and conditions of this particular website, full of complicated legal jargon that usually remains unread and unnoticed. However, these terms and conditions might give the site the potential to ‘own’ the content placed on it by its users. Should employees post derogatory, inflammatory or offensive comments on this site, there is always the potential for the site to consider that they are acting on behalf of the agency. Therefore, there is risk of legal prosecution or even greater risks if the site is subject to other legal jurisdiction abroad.

Potential of virus infections, malware exposure and other web based attacks

IT security firm Symantec reported earlier this year in 2014 there was a 40% increase in cyber attacks towards large companies (Flinders, 2015). Many social media sites, or even their third party business partners, might invite users to download and install additional code or software ‘for their own benefit or security’. However, employees are usually not well equipped to identify possible threats or check whether the sites of their choice have strong security controls. Risks pertaining to the agency’s exposure to viruses, trojans, hacking and/or gathering of sensitive information through bogus impersonation (i.e. ‘Phishing’, Microsoft, c2015) are high. Identity theft is also a great risk, since people often post large amounts of personal or sensitive information on Social Media (work details, nationality, ethnic origin, date of birth, addresses, telephone numbers etc) without a minimum protection from their end.

Addressing the risks  

Having surveyed all major risks, we conclude that social media data from inside and outside the firewall must become a significant part of an agency’s IG strategy. Having established the importance of Social Media in relation to IG, we will now need to investigate the ‘how’, to wit, the most important steps an agency will have to follow.

Set a clear and concise Social Media Governance Strategy

Data privacy and security should become a priority in order to develop a clear and well-structured Social Media governance framework. The agency needs to define very specifically its aims and objectives from social media use, including a) customer satisfaction b) business development c) enhancement of services d) reinforcement of customer relations. In this way, agencies will be able to govern social media data through its own life cycle, from creation, usage, archiving, transfer to destruction. Moreover, a comprehensive social media governance strategy will help both the agency and its workforce to protect valuable information assets and face the challenges that the use of a social media environment can hide.

Set a detailed and comprehensive Social Media Guideline

Policies for acceptable use of social media need to be created in official ‘Policies and Standards’ guidelines. Accessing social media sites from the company’s Internet-connected devices, either from work or home, needs to be addressed in detail, so that workforce understands its obligations (but also its rights) on the issue. Possible consequences or implications for non-compliance with company’s guidelines must also be stated clearly. In this way, employees will be able to use social media without running the risk to expose the agency or themselves to potential threats.

Be in line with current legal and regulatory guidelines concerning social media

Agencies with wide range of multinational clientele cannot but take into account laws and regulatory guidelines that apply to Social Media usage, both in national but also in multinational level. Social Media Technology is continuously evolving and creating new possible risks for companies and individuals. Therefore, it is crucial for agencies to be in line with all latest legal and regulatory developments as reflected in

a) the Data Protection Act  b) the EEOC (Equal Employment Opportunity Commission c) FINRA (Financial Industry Regulatory Authority d) NLRA (National Labor Relations Act e) FCA (Financial Conduct Authority) Disclosure and Transparency Rules f) state-specific laws g) GCHQ (Government Communications Headquarters and h) any other social media monitoring law that might occur.

Data Monitoring for Social Media risk

There are plenty of tools and software available in the industry that can enable agencies to perform data mining across all social media platforms and look for specific pieces of information. Data mining and analytic tools can give form to the social media chaos and extract useful insights for a great deal of their departments, like marketing, business development or strategy. Web crawlers can extract user data from social media, identify market influencers, segment information and lead to better business decisions. Additionally, reporting and dashboard tools can provide a more time-efficient way of analyzing and using the data, giving the opportunity to the Business Development department and Management to often perform SWAT analysis, focusing especially on weaknesses and risks, in order to make better decisions.

IT Systems enhancement

Social media create challenges connected to storing data, malware and viruses, architecture and security.  These challenges can be very complicated, especially owing to the fact that social media data are mainly based on third party applications. In other words, agencies might not be able control the security of those applications. They will have to produce a clear strategy that manages technical risks, leverage new social media technologies effectively and also enhance their IT systems with improved technical controls for powerful and productive data management. Antivirus and antimalware controls should be installed and updated continuously and they will need to make sure that all relevant controls apply to any Agency-related mobile device as well, to avoid security breaches. Extra consideration should be given to download restrictions, browser settings, content-filtering technology and data leak prevention products.

Workforce education and training

The social media ecosystems require new skills, capabilities, knowledge and understanding. It is important to educate ad-agencies’ workforce about the potential risks connected to social media and make sure that people are aware of the agency’s policy and standards. Understanding how social media work, what the risks are, what the continuous changes are, what an appropriate use for the agency is and how this is related to workforce’s personal social media as well and what kind of information can (and cannot) be shared, should be top priorities for educational and training programs. Disclosures and disclaimers are also required in order to protect the agency, their clients but also their workforce as well.

Implications for Organizations and Individual & Possible Pitfalls

Implications for Organizations and Individuals

Widespread use of Social Media information governance has significant potential to transform corporate, business and employees’ agendas. Effective governance will not only help agencies to manage the risks that arise from the public (and global) accessibility of social media information flow, but it will also allow both  company and workforce to make the most of the opportunities it carries and be on top of change.

But a great Social Media IG program provides a large list of more benefits. First of all, an agency that invests on listening, measuring and monitoring Social Media can achieve unparallel access to information (Johnston, 2014) identify trends, provide extra services and insights to clients and stand out from competition. Secondly, agencies can achieve reputational protection by establishing confidence among all stakeholders (PWC, 2014). Moreover, they can reach information confidence by ensuring information integrity, validity, accuracy and quality (Smallwood, 2014) and confidence that they have followed the right steps to mitigate risks and implement good information governance. Finally, workforce can become more engaged in a cutting edge field of the digital environment, enriched with more knowledge on data privacy for their own protection as well and more competitive in the market as they will obtain optimal information for responsible use of resources to ensure social sustainability (Nüttgens, Gadatsch, Kautz, Schirmer & Blinn, 2011).

Possible Pitfalls

It is important to mention that Social Media IG is not a one-off project, but, rather, an ‘always-on’ procedure, especially for organizations like advertising agencies that deal a lot with massive volumes of information. In this way, they will able to avoid specific pitfalls that hide risks that do not seem obvious at a first glance:

Little attention to the importance of social media

Many organizations tend to consider Social Media as ‘wasting time’ or as an entertaining digital media vehicle, that is relevant only for PR companies. This is a mistake that needs to be avoided at all costs. Appropriate use of social media information can lead to business transformation. Therefore, comprehension, integration and adaptation of corporate culture can be a key success factor.

Software will not work by itself

Even if agencies decide to make a major investment in Social Media IG technologies, software and tools, the most important element is to clarify the business value of their corporate information and develop strategy and procedures that will use it to the full. Technology alone is not a silver bullet.

Lack of specific training

Most of the employees in advertising agencies do have Social Media profiles. However this does not mean that they do not need training for understanding how to use them in a corporate environment. Although they have a broad familiarity with social media, they lack specific knowledge of data privacy issues, reputation management and/or technical expertise to implement social media.


Social Media is becoming a dominant field that has dramatic and transforming implications for the media and advertising market, companies and individuals alike. It offers a large range of opportunities for business development, enhancement of customer relationship, increase of competitive advantage and valuable insights. However, it involves important risks and opportunity costs, especially for those who believe that ignoring this new dominant force is the right way to stay safe. A much more viable approach for media and advertising agencies would be to engage all stakeholders in this new field and establish a Social Media IG strategy, structure, process and technology that will address all possible risks, will exploit opportunities, stand out from competition and help them form an innovative mindset that will make them thrive in the digital future.

Bibliography & References  

Bunker, D., Ehnis, C., Seltsikas, P., & Levine, L. (2013, November). Crisis management and social media: Assuring effective information governance for long term social sustainability. In Technologies for Homeland Security (HST), 2013 IEEE International Conference on (pp. 246-251). IEEE.

Domo. (2014). Domo. Retrieved 5 June, 2015, from

Flinders , K. (2015, 14th April ). Five out of every six large companies targeted by cyber attacks in 2014. [Weblog]. Retrieved 7 June, 2015, from

Go-gulf. (2014, 3oth Sep). Businesses on Social Media – Statistics and Trends [Infographic]. [Weblog]. Retrieved 6 June, 2015, from

InfoGov Basics. (c2015). InfoGovBasics. Retrieved 1 June, 2015, from

James , J. (2014, 23rd April). Data Never Sleeps 20. [Weblog]. Retrieved 2 June, 2015, from

Johnston, J. (2014). ‘Loose tweets sink fleets’ and other sage advice: social media governance, policies and guidelines. Journal of Public Affairs.

Kelleher , D. (2009). Information Management. Retrieved 7 June, 2015, from

Linklaters. (2014). Linklaters . Retrieved 7 June, 2015, from

Logan, D. (2011, 11th January). What is Information Governance? And Why is it So Hard?. [Weblog]. Retrieved 5 June, 2015, from

Microsoft . (c2013). Microsoft Safety and Security Centre . Retrieved 7 June, 2015, from

Nüttgens, M., Gadatsch, A., Kautz, K., Schirmer, I., & Blinn, N. (Eds.). (2011).Governance and Sustainability in Information Systems. Managing the Transfer and Diffusion of IT: IFIP WG 8.6 International Working Conference, Hamburg, Germany, September 22-24, 2011, Proceedings (Vol. 366). Springer Science & Business Media.

PWC. (2014, June ). Social media governance: Harnessing your social media opportunity. [Online Paper]. Retrieved 1 June, 2015, from

Richter, F. (2013). Statista. Retrieved 6 June, 2015, from

Smallwood, R.F. (2014). Information governance: concepts, strategies and best practices. (Electronic Resource, available online by the University of Sheffield Library).Retrieved 4 June, 2015, from

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s