Professional Documents
Culture Documents
IIT Delhi
7/16/2013
CERTIFICATE
This is to certify that Mr. Avinash Singh Bagri, pursuing Integrated
M.Tech course at Indian Institute Of Technology, Delhi in Mathematics
and Computing has undertaken a project as an intern at IDRBT,
Hyderabad from May 13, 2013 to July 17, 2013.
He was assigned the project Design and Development of Social
Media Strategies for Banking under my guidance.
I wish him all the best for all his future endeavours.
ACKNOWLEDGMENT
I express my deep sense of gratitude to my Guide Dr. Shakti Mishra, Assistant
Professor, IDRBT for giving me an opportunity to do this project in the
Institute for development and research in Banking Technology and providing
all the support and guidance needed which made me complete the project on
time.
I am thankful to my colleagues who constantly encouraged me for my project
work and guided me all along till the completion of my project work by
providing me all the necessary information.
I am also thankful to IIT Delhi for giving me this golden opportunity to work
in a high-end research institute like IDRBT.
CONTENTS
Introduction
3
5
7
10
11
15
15
20
20
25
26
31
32
35
36
Legal Issues
37
IT Act 2000
The IT (Amendment) Act, 2008
Article 66A
37
40
41
42
Usage Guidelines
42
42
44
44
45
References
45
46
48
Chapter I
Introduction
With the advent of internet the
way the things are done have
changed drastically in last decade.
The growing accessibility of
internet to all quarters of society
is
mirrored
everywhere
nowadays.
It
ranges
from
purchasing soap for domestic use
to booking a ticket to travel
overseas without even moving
your feet. The growth of internet
usage has been quite rapid if we
compare it to other tools available
to us at any point of time. This
was not the case when the
Netscape first introduced www
to the world but with the entry of Google followed by various other big names like
Yahoo, Facebook etc. the popularity of internet has increased drastically. Hence, it
would not be wrong if we attribute this growth to the uprising of social media sites.
Over the last decade social media has taken giant leaps forward and now has
become a part of life of almost every person who puts his hands on computer. There
are several type of social media sites like Facebook for connecting and sharing
almost all kinds of data, Flickr for sharing photos, LinkedIn for professional
connects, then there are many others serving different purposes to various sections
of the society across the globe.
The growing stature of social media is reflected everywhere in todays world. The
enormous increase in number of users in every facet of the social media has
attracted every policy maker across the globe to have social media as one of the
delivery channel. The power of social media can be seen by some of the figures show
below1:
Visiting social sites is now the 4th most popular online activity; ahead of the
personal email.
There are over 13 million articles available on Wikipedia.
As social media popularity among the people continues to grow, the interaction
between clients and investors continues to grow as well. But many banks and
financial institutions still struggle to incorporate social media within their
organizations. Few banks have established social media strategies, and those that do
tend to isolate social engagement to less than a handful of their employees.
In the BFSI sector, there are not many banks who have made their presence in social
media. In US there are a few banks who have started to interact with customers
through such tools but still there are reservations in the think tank of the banks who
are either worried about how public pages like Facebook will affect customer
security or simply dont know how to get started in the social media space. Its not
hard to empathize with banks that are struggling with this new form of customer
relationship building, branding, and online marketing. Operating in such a highly
regulated industry its no doubt that many banking executives are struggling with
giving up some control over their public image and placing it in the hands of those
they serve.
Social Network
Blogging and
Micro-blogging
Collaborative
Projects
Social Media
Tools
Content
Communities
Podcasts
Virtual World
Social Media technologies make presence in various forms like magazines, Internet
forums, weblogs, microblogging, social blogs, social networking sites, podcasts,
wikis, picture sharing platforms etc. Depending upon the wide range of such
websites Kaplan and Haenlein distributed social media into six different types:
1.2.4 Podcasts
A podcast is a type of digital media having a series of video, ePub, PDF or audio radio
files that are available through subscription or being downloaded through web
syndication or streamed online to a computer or mobile device. The word is a
coinage derived from words "broadcast" and "pod" from the success of the iPod, as
audio podcasts are often listened to on portable media players.
virtual game worlds, where the user playing a specific character is a main
feature of the game (World of Warcraft for example).
them to play a more dynamic role, or multiple roles (e.g. Second Life).
http://www.blogussion.com/general/uses-social-networking/
names, account numbers and contact information. But responding to the several
tweets posted by the customers, Citi Bank quickly arrested the slide and assisted the
aggrieved parties.
This excerpt is from one of the aggrieved customers:4
The fraudulent charges on my credit card were a result of this data breach.
Like many other Citibank victims, I turned to Twitter to relieve some
frustration. I composed a tweet about the fraudulent purchases on my credit
card, and also mentioned my disappointment with Citibanks fraud
prevention efforts. Ten minutes later, I received a mention from @AskCiti,
the official Twitter ID for Citi Customer Service:
@MeghanReilly314, Saw ur tweet re: fraud & Id like to ensure everything is
being handled. Pls DM ur ph# & best time to talk.
3. Business Networking
There is also the opportunity for business types to network and expand their
business on the social networking platform. This can take many forms, and take bits
of each of points 1 and 2.
Social media allows consumer opinions to spread like wildfire. Although Twitter
messages must be composed in 140 characters or less, tweets are easily searchable.
Businesses can be followed on twitter by customers, potential customers and even
competitors. By actively monitoring Twitter mentions, brands can quickly respond
to negative comments and reverse their image into a positive one. Message
dispersion via social media can really enhance a brands image and turn unsatisfied
shoppers into loyal customers. Companies have the ability to change an unhappy
customer into a satisfied brand advocate just like Citibank. Their effective crisis
control demonstrated the importance of businesses to actively monitor their
brands reputation via social media.
4. Marketing
Another Twitter success story is Dell and their recent Internet Marketing strategy.
Their outlet site sells refurbished PCs, and they post details about the newest ones
on their Twitter feed. They also post special offers just for Twitter users, and they
send information about sales, along with discount vouchers to their Twitter
followers. The company has generated $6.5million in revenue from this venture.
This shows the power of marketing on Twitter. This sort of strategy works well for
e-commerce sites especially as they can market to an already targeted audience.
http://www.walkersands.com/Blog/how-brands-can-use-social-media-for-crisis-management/
10
People would not follow the company or Bank if they werent interested in what
they have to say. It must be looked this way that the strategy works as an add-on to
the normal everyday operations and not as a new or the sole manner of marketing
for the bank, it should under no circumstances not be considered as a guaranteed
winning formula and is probably more inclined towards established brands like Citi
or RBS as they are more likely to get enough followers to make it effective in the
first place. It would probably not work for the banks which are not as established as
others like Rural Banks in India. Social Media Marketing is a trial and error business,
so it would be advisable to put into place experiments and do a lot of research
before putting all of your eggs into the social media basket.
5. Entertainment/Infotainment
Going hand in hand with the social element of Social Networking, people
sometimes go on purely for entertainment purposes. Myspace is a prime example of
this, as many famous artists have been discovered through these sites. Music is a big
part but also videos, such as YouTube viral offerings, are easily spread on social
networking sites. The newest craze is on Facebook, with all the game applications
that have appeared over the last couple of years. The most popular of these is a
game called Farmville which has managed to acquire 72.9 MILLION users per
month.
It is a very popular practice in such social networking sites. So, this is one aspect
which can be exploited to benefit of the banks. This may seem little boring for
grown-ups but putting some sort of game on such sites which not only entertains
the user but also teaches him about the various aspects of the banking can be the
boost needed by the banks in this sector. It will draw the interest of few users to
begin with but everything on networking sites being contagious will lead to chain
reaction and thus will definitely help the banks to find a ground among the internet
users.
11
Bank Executive
Face to Face
Bank
Online
Internet Users
Figure 2 Impact of Social Media on Customers
It is very important to know the different usage of Social Networking sites before
implementing a Social Media strategy as the impact is very deep as seen in the
figure. A wrong move targeting the wrong people could jeopardise an organisations
online reputation as well as time, effort and money.
12
13
Social
Social Media Monitoring: Listening is still the most important activity for any
company wanting to harness the social sphere. Social media monitoring has
evolved from the useful Google Alerts service into professional tools that
monitor an incredible array of information sources. Example: Radian6 and Scout
Labs.
14
Social Bookmarks: Provide a use with the ability to track, share, and organise
web based content. It may prove very useful for situations where user wants to
recall or use external content. e.g. Del.icio.us and StumbleUpon.
Social Learning: This is a new area that I started researching last month. The
idea behind social learning is creating a learning environment that includes the
various communities (internal and external). The core goal is to use technology
to help capture informal learnings/knowledge and then formalise this into the
organisation. Examples: Mzinga.
YouTube, Flickr, iStockPhoto, Google Maps, etc. These services can be used to put
content out there for the public to find and consume. Example: YouTube, Google
Maps, Flickr etc.
Ratings and User Reviews: A lot of community sites now allow users to rate
content or add reviews. A powerful way to tap into the feedback loop. Example:
Digg.
Wikis: They are the user-friendly tools that allow users to collaborate around
content that might be business processes, project documents, procedures, or
sales/marketing content. Examples: Wikipedia.
Live Chat and Micro-Blogging: Live chat has been around for a while and is still
highly valued. Micro-blogging is the new black with Twitter dominating much of
the public discussion on social media. Examples: Yahoo Chat, Windows Live
(both now have video calling), and Twitter.
Following are some figures which reflect the presence of banks in Twitter and
what kind of response they have gotten so far6:
American Express has the most number of followers followed by BofA and
Chase.
6
15
Social Community: represents the holy grail of social media and social business
design. Social communities involve the coordinated use of the other 9 categories
of social media. Social communities are a key way to develop sustainable
competitive advantage. Examples: Awareness Networks, Ingage, Jive etc.
The first step is to help them understand that whatever product, tool or
service they hear about, it will fit into one of these buckets.
The second step is to then work with the industry to understand each bucket
and the relevance of this bucket to their business
The third step is to use those buckets that are identified as most relevant to
start building a social media strategy.
16
Chapter II
Social Media Applications for Banks
2.1 Employee Training and Recruitment
Employment exchanges, recruitment consultancies and classified advertisements
have become things of the past now. The majority of HR managers today look
towards the internet believing that social media platform is more effective
recruitment tool with a more direct and focused approach in contemporary
technologically-advanced era. Recruitment and subsequent employee training
through social media is becoming an effective way to make direct connections to
savvy individuals and attract employees that fit with the required company culture
and core values. It is often referred as Social Recruiting. Social recruiting is a
contested term which refers to the intersection of recruitment and the embryonic
field of social media. There are several other terms used frequently, signifying the
same, like social hiring, social recruitment and social media recruitment.
The most popular Social Media sites used for recruiting are LinkedIn, Facebook,
Twitter, Viadeo, XING, Google+ and BranchOut. Networking sites are affecting the
way that organizations manage their talent in several ways:
Firstly, organizations today are able to reach out prospective employees and
communicate to them in better and easier way, while building their employer
branding.
Secondly, they are also able to create a linkage with their own employees.
Thirdly, networking sites have become channels to observe and listen what
others are saying about the organization.
Following are the excerpts of few HRs from reputed firms on how social media has
helped and enhanced the process of recruiting7:
Avadhesh Dixit, head HR, CMC Ltd, says, We are targeting 20%-25% hiring through
various internet-based platforms, which include professional networks like
LinkedIn, the career page on our website etc.
17
Subrat Chakravarty, head HR, business services, HCL Technologies says, Social
media, comprising Facebook, Twitter, LinkedIn, etc. is the fastest growing
communication platform in the world. It has become a way of life for millions of
youth across the globe who want to remain connected to things that matter
irrespective of location.
Job portals like naukri.com, monster.com in India have brought about a revolution in
the recruitment process. The difference between a networking site and a job
portal is fundamentally the following8:
The intent for people to register to these sites is different from the intent to
register in a job portal. A person that registers in a job portal is looking for a
job versus a person that registers in a professional networking site might or
might not be interested in changing jobs.
The social media space is vast, with new platforms, like Pinterest or Highlight,
launching regularly. For companies willing to engage, just being present is not
enough. It is imperative to think as a unique employer brand. Instead of simply
latching on to the rise of Facebook, LinkedIn, Twitter or YouTube, a little target
marketing is required. Regularly published figures on social network traffic are a
good place to start. For instance, LinkedIn is the best site to reach executives
experienced in international business; while for a younger and less highly-qualified
target group, as well as localized recruiting in distribution or industry, Facebook
would be a better option. We can find the statistical distribution among various sites
in following table.
8
9
18
The table shows the statistical figures of social networking sites used by various
organizations to recruit employees.
One of the best ways to connect with candidates with specific skills is to tap into
interest groups or professional communities. Whether as a group within a big
social network, or completely independent, they bring together experts with
experience in a certain sector or with specific know-how. These represent niche
social networks. In the United States, they exist for a wide range of career groups,
from federal employees to healthcare workers. Similarly, certain niches are
geographical, for example Viadeo in France, Xing in Germany, Orkut in Brazil.
Depending upon capabilities, skillset, job market, existing interest groups are
limited sources of quality candidates. But banks can attract target potential
employees by developing their own communities. A specialized blog, a collaborative
forum or a job information site can offer an authentic place to exchange opinions
and share experience. To be visible online, these community forums must make it
easy for interested visitors to find them: optimizing search engine visibility, using
relevant keywords, and creating links from the corporate site and career websites
and the companys page on Facebook, Twitter or LinkedIn. The point is not to
advertise vacancies. It is all about being proactive, engaging potential candidates in
dialog early on and forming a talent pool with an eye on positions that might not
even exist yet.
19
New HR roles
The employer brand is everyones business. Clearly, using social media pushes
boundaries and creates new roles for HR teams. In particular, it is up to them to
choose which social media platforms they want to use and to create optimal
conditions for a sustained, dynamic online representation of the company and its
employer brand. Naturally, the results of a companys digital strategy must be
measured. Consultants agree on the need to take time to set it up and make minor
readjustments before rushing into using indicators. Yet once a strategy has been in
place for a while, the number of spontaneous applications sent in by people who
have discovered the employers brand online or were attracted by it, is a sure sign of
social recruitment success.
Fake profiles, spammed inboxes and legal complications are cons of social media
recruitment. The biggest challenge is constant monitoring and evaluation of
responses and feedback from the customers, fans and followers. It needs the bank to
be little pro-active and respond to any query or comments in real time. Social media
is a long-term commitment and new HR managers are expected to have the
requisite technical competence. Its little difficult but they need to launch targeted
campaigns and keep the candidates engaged. The main challenge lies in finding the
20
authentic and best out of the vast information present on social networks which
could be helpful for the bank/organization.
On similar tracks social media channels can be very effective as well. While talking
about social media and employee training in the same sentence we must keep one
thing in mind, its not only training employees via social media but training
employees to behave in social media while representing the firm. So it becomes
increasingly important for the organizations, banks in our case to have social media
policy which would lay down some guidelines for the employees to behave in a
certain manner online.
Apart from this banks can use tools like content communities which include
YouTube, Dailymotion etc. to train their employees. These days availability of space
is becoming an issue for the industries so they tend to minimize the usage of such
infrastructure which could hamper their growth in other ways. Hence, its the need
of the hour to switch to such solutions to tackle the space and infrastructure issues.
Setting up a workspace for certain number of employees is one thing but with every
passing day he number is going to expand, so to train them and make them more
efficient in the way the firm wants them e-learning or e-training is one solution. It
could be done using Skype or giving lectures via uploading videos on YouTube.
21
that the vast majority of consumers simply click through the legal
agreements to get to the applications on a website, there is no real downside to
companies spending a little time and money to ensure that their privacy policy,
terms of use and other legal agreements reflect their current practices. Similarly,
updating these agreements should be a routine part of changing how the company is
collecting and using information from its users. It should be coordinated between
marketing, IT and legal with each checking off on the updates being accurate. And,
finally, the website should clearly indicate that the privacy policy and/or
agreements have been updated so users have the option to review any changes. If
experience is any indicator, virtually all users will continue to visit the website
notwithstanding the updated policy or agreements.
10
Ensure that the published policies on their websites for terms of use and
privacy reflect what information the businesses are collecting from
consumers, and that the disclosures are clearly stated without unnecessary
and lengthy legalese;
22
Apps should not ask for the more information then what actually they
require.
Since, banks carry high reputation and work on the confidence of the
customer only hence the apps shall not breach the code they agree to abide
by with the customer. For example if in Facebook they tell users that they
could restrict sharing of data to limited audiences for example, with
"Friends Only" then it should not allow their information being shared with
the third-party applications their friends used.
Its cheaper than acquisition. Its 8-10 times more costly to acquire new customers
than to sell additional products to ones you already have. Plus, cross-selling is also a
safe and stable way to generate core deposits, compared to more expensive liquidity
options.
23
It broadens the profit base: A significant feat, since only 1-2 percent of a
banks customers usually account for almost all its profitability. Clearly, a lot
of customers add very little to banks bottom line. Cross-selling can bring
diversity and strength to the group you rely on the most
2.3.4 Cards
Most Bank Cards are Chip and PIN Cards. To use them you will need the correct PIN.
Each card has a different PIN - a secret number just for the customer. If one finds it
difficult to use or remember a PIN, he can ask his Bank for a Chip and Signature Card
instead.
Cash Card
If one has a Cash Card, he can only take out money from a cash machine, and
only as much as he has in his Bank Account.
Debit Card
With a Debit Card one can take out money from a cash machine, can use it to pay
for things such as online shopping or ticket booking etc. He can use the amount
available in his account only.
25
Credit Card
A Credit Card is a Bank Card with which one can purchase items without actually
paying for them at that moment. Its like owing money to the bank which is to be
paid back to the bank by the user within some specified time period.
2.3.4 Loans
The act of giving money, property or other material goods to another party in
exchange for future repayment of the principal amount along with interest or other
finance charges. A loan may be for a specific, one-time amount or can be available as
open-ended credit up to a specified ceiling amount. The terms of a standardized loan
are formally presented (usually in writing) to each party in the transaction before
any money or property changes hands. If a lender requires any collateral, this will
be stipulated in the loan documents as well. Most loans also have legal stipulations
regarding the maximum amount of interest that can be charged, as well as other
covenants such as the length of time before repayment is required. Loans can come
from individuals, corporations, financial institutions and governments. They are a
way to grow the overall money supply in an economy as well as open up
competition, introduce new products and expand business operations. Loans are a
primary source of revenue for many financial institutions such as banks, as well as
some retailers through the use of credit facilities.
Open-ended loans are loans that you can borrow over and over. Credit cards and
lines of credit are the most common types of open-ended loans. With both of
these loans, one gets a credit limit that he can purchase against. Each time he
makes a purchase, his available credit decreases. As he makes payments, his
available increases allowing him to use the same credit over and over.
Closed-ended loans cannot be borrowed once theyve been repaid. As you make
payments on closed-ended loans, the balance of the loan goes down. However,
you dont have any available credit you can use on closed-ended loans. Instead, if
you need to borrow more money, youd have to apply for another loan. Common
types of closed-ended loans include mortgage loans, auto loans, and student
loans.
2.3.4.1.2
Secured loans are loans that rely on an asset as collateral for the loan. In the
event of loan default, the lender can take possession of the asset and use it to
cover the loan. Interests rates for secured loans may be lower than those for
26
unsecured loans. The asset may need to be appraised before you can borrow a
secured loan.
Unsecured loans dont have asset for collateral. These loans may be more
difficult to get and have higher interest rates. Unsecured loans rely solely on
your credit history and your income to qualify you for the loan. If you default on
an unsecured loan, the lender has to exhaust collection options including debt
collectors and lawsuit to recover the loan.
2.3.4.1.3
Conventional Loans
27
DNA
28
Decide Who You're Going To Respond To--And Who You Can Ignore
As part of that plan, lay out the approach for the types of people and messages
which can be addressed online. Then determine the criteria for queries to be
ignored. Trying to chase down every single bit of chatter is probably not an
efficient strategy; the ignorance-is-bliss approach won't work out well, either.
Some companies use Klout or other tools to assess what kind of online influence
the unsatisfied consumer wields before responding. Some use sentiment
analysis and other metrics to guide their decision-making.
The culture of social media demands that you are addressing the issue. That
doesnt mean you have to discuss every detail in public. So tweet or comment
back and say something like please e-mail me more info or looking forward to
helping you. Can you DM/message me more? Also when its resolved, tweet that
back as well. Try Thanks so much for letting us know. I hope the issue has been
resolved for you? Follow up is the key here. If its on Facebook, make sure the
reply is on the original stream where the complaint was written.
12
13
29
Dont delay
While replying to complaints online one must keep one thing in mind that they
are still dealing with a person. The confrontation may not be usual like a
telephonic call or face to face but it still deserves same kind of attention.
The public nature of many social platforms adds pressure to negative social
interactions. The official pages of organizations themselves only complicate the
matter. Consider offering particularly upset customers the chance to address
their issues in a different forum, such as a phone call, email, or feedback survey.
Just don't make it inconvenient or difficult to do so. Otherwise, one might be
making a tough situation worse.
Chances are the customer is not seeking to defame the organization on the social
sites. They just want to vent out their frustration and ultimately seek the
organizations attention towards the issue. So its important for the
organizations to make sure they publicize other options for customers to
converse. Then follow through and get back to the customer quickly.
14
30
The site enables customers to engage and carry-out transactions with employees
through video, audio or text chat. In addition to regular banking features,
Android and iOS mobile apps have also been developed for Alior Sync to enable
customers to check their finances, transfer funds and pay bills using their
handsets cameras.
Transfer money through Facebook
Alior Sync also enables customers to transfer money directly to friends through
Facebook photos without having to leave the page. The transactions are
authorized using one-time codes, and PayPal payments can also be made via emails and four billion zloty in deposits within four years. The only requirement
of the transaction is that the recipient has to use the same application, and then
money can be transferred to any bank account in Poland. The safety of the
Facebook money transfer is protected by captcha and a one-time transaction
signing SMS password.
Innovative social media campaigns
Alior Sync has an entertainment area where customers can watch films, listen to
music and play games. Users can also get discount deals, and free movie tickets
by recommending the bank on Facebook.
Azimo
Azimo15 is a new money transfer app that removes the need to physically queue at a
bank or Western Union desk. It is also
the first money transfer service that
integrates social media, enabling you to
transfer money directly to Facebook
friends. Using Azimo to send money via
Facebook works as follows: The sender
invites their intended recipient to sign
up to Azimo via an automatically sent
Facebook message. The recipient then
logs into Azimos Facebook app and fills
out their details, including where they
want the money sent to, which could be
one of the 150,000 payout desks in the
125 countries supported, a mobile
Source: TechChurch
phone top up, or a bank account. And since the recipient fills out that crucial
information, those details are kept hidden from the sender, while the company
claims that less mistakes are likely, too.
15
Watch My Wallet
31
32
Chapter III
Risk Assessment and Security
The use of social media brings many risks to the enterprise. One common attribute
of Web 2.0 and the social media is the user generated content. Any website that
allows a visitor to post content makes the organisation vulnerable to such risks.
Although there are many social media sites and they have incorporated features to
counter those risks but its still not foolproof. With the rapid increase in use of social
media tools, the companies ought to be at par with tools to tackle the associated
risks growing at even faster rate.
According to a September 2011 survey, 63% respondents indicated that employee
use of social media puts their organizations security at risk while 29% say they
have the necessary security controls in place to mitigate or reduce the risk
(Ponemon Institute, 2011). In another study 49% of executives surveyed said that
they feel that the use of social media could damage company reputation, yet in that
study only one in three companies addressed those concerns (PRNewswire, 2009).
These two studies indicate that social media poses a substantial risk to the
organization but the risk itself is not being adequately addressed. For these types of
risks the organization has less control because they do not own, manage or
controlled the systems involved.
34
3.1.1 Legal
The legal risks associated with social media should be carefully considered prior to
engaging in a social media strategy. The main risks include: employment, privacy,
security, intellectual property and media risks. Business managers who want to
implement a social media legal strategy should consult with inside and outside
counsel who understand information technology law. While these legal risks can be
significant, with forethought and planning, they can be managed. In this part of the
paper, we will provide an overview of the key risks. The following are some
common situations in which social media can be the occasion for legal action:
other contractual and tort claims. Companies are generally legally responsible for
any financial statements on social media sites made by them, or on their behalf,
through the antifraud provisions of securities laws. Employees who praise or
promote their organizations products and services may create legal liability. It may
be regarded, positive statements by employees (when their relationship to the
company has not been revealed), as improper advertising.
Defamation is yet another common claim that may result from social media
activities, and companies need to be aware that they face potential liability for
defamatory statements made by their employees about competitors, and for
defamatory statements made by the public on the companies third-party social
networking pages.
Companies may have an obligation to protect the privacy of members of the public
who join their social networking pages on third-party sites, or who provide personal
information through social media sites just as they do, in many cases, when the
public provides personal information on the companys own website. For example,
not only do companies need to guard against violating the Childrens Online Privacy
Protection Act (COPPA in US), they need to conform to the privacy regulations and
terms of use of those third-party sites. Facebook, for instance, has stringent
guidelines surrounding company promotions on their site. Finally, companies may
run into legal trouble if their social media activities violate their own privacy
policies. There are several ways in which social media activity might compromise or
leak sensitive company information (or client information) that could have legal
consequences.
Determine the threats that apply to the organization's social media environment.
Once the threats and vulnerabilities have been identified it is time to determine
the internal controls that are in place. Internal controls are the practices and
processes that will keep the vulnerability from turning the threat into a reality.
There are some common controls related to these risks. It is not likely that every
organization will have every control listed. The greater the number and breadth
of controls in place, the less likely the threat will take place. Each control should
be listed on the risk assessment.
Based upon the internal controls in place and the nature of the threat and
vulnerability, the organization must determine the likelihood that the threat will
take place.
Next, the organization must determine the severity of the effect of the threat if it
were to manifest based upon the existing controls.
Finally, the organization uses both the Likelihood of Occurrence and the Impact
of Severity to determine the Risk Level.
It is generally a good idea to summarize the risk assessment process and deliver a
report to the organization's Audit Committee and possibly the Board of Directors.
Along with the report may be recommendations or action items that will be taken to
increase the number of internal controls to reduce the overall risk. Once such action
items are completed the organization can again perform the risk assessment to
determine if the internal controls have been effective in reducing the risk level.
37
17
38
Chapter IV
Legal Issues
Information technology is one of the important law relating to Indian cyber laws. It
had passed in Indian parliament in 2000. This act is helpful to promote business
with the help of internet. It also set of rules and regulations which apply on any
electronic business transaction. Due to increasing crime in cyber space, Govt. of
India understood the problems of internet user and for safeguarding the interest of
internet users, this act was made.
4.1.1 Provisions
Information technology Act 2000 consisted of 94 sections segregated into 13
chapters. Four schedules form part of the Act. In the 2008 version of the Act, there
are 124 sections (excluding 5 sections that have been omitted from the earlier
version) and 14 chapters. Schedule I and II have been replaced. Schedules III and IV
are deleted.
Information Technology Act 2000 addressed the following issues:
Legal Recognition of Electronic Documents
Legal Recognition of Digital Signatures
Offenses and Contraventions
Justice Dispensation Systems for Cybercrimes
4.1.2 Objectives
It is objective of I.T. Act 2000 to give legal recognition to any transaction which is
done by electronic way or use of internet.
39
To give legal recognition to digital signature for accepting any agreement via
computer.
To provide facility of filling document online relating to school admission or
registration in employment exchange.
According to I.T. Act 2000, any company can store their data in electronic
storage.
To stop computer crime and protect privacy of internet users.
To give legal recognition for keeping books of accounts by bankers and other
companies in electronic form.
To make more power to IPO, RBI and Indian Evidence act for restricting
electronic crime.
4.1.3 Scope
Every electronic information is under the scope of I.T. Act 2000 but following
electronic transaction is not under I.T. Act 2000
Information technology act 2000 is not applicable on the attestation for creating
trust via electronic way. Physical attestation is must.
I.T. Act 2000 is not applicable on the attestation for making will of any body.
Physical attestation by two witnesses is must.
A contract of sale of any immovable property.
Attestation for giving power of attorney of property is not possible via electronic
record.
4.1.4 Highlights18
There are 13 chapters in law and all provision is included in this chapters:
Chapter II
18
Business Education
40
Chapter III
This chapter explains the detail that all electronic records of govt. are acceptable
unless any other law has any rules regarding written or printed record.
Chapter IV
Chapter V
This chapter powers to organization for securing the electronic records and secure
digital signature. They can secure by applying any new verification system.
Chapter VI
This chapter states that govt. of India will appoint controller of certifying authorities
and he will control all activities of certifying authorities. Certifying authority is that
authority who issues digital signature certificate.
Chapter VII
Chapter VIII
This chapter tells about the duties of subscribers regarding digital signature
Certificate. It is the duty of subscriber to accept that all information in digital
signature certificate that is within his knowledge is true.
Chapter IX
Chapter X
Under this chapter, cyber regulation appellate tribunal can be established. It will
solve the cases relating to orders of adjudicating officers.
Chapter XI
For controlling cyber Crime, Govt. can appoint cyber regulation advisory committee
who will check all cyber-crime relating to publishing others information. If any fault
is done by anybody, he will be responsible for paying Rs. 2 lakhs or he can get
punishment of 3 years living in jail or both prison and penalty can be given to cybercriminal.
41
Chapter XII
Police officers have also power to investigate dangerous cyber-crime under IPC
1860, Indian Evidence Act 1872 and RBI Act 1934.
42
also have a detailed Business Continuity plan (In case of any natural/manmade
calamity the organization must have a detailed backup process so as to continue its
business). Other applicable procedures of separation of duties of key personals,
background checks of employees before employing, etc. Not only Banks, but the
BPOs/KPOs, hospitals, and various other businesses which deals with sensitive
personal data, need to comply with this act.
4.3.1 Explanation
For the purposes of this section, terms "Electronic mail" and "Electronic Mail
Message" means a message or information created or transmitted or received on a
computer, computer system, computer resource or communication device including
attachments in text, image, audio, video and any other electronic record, which may
be transmitted with the message.
43
Chapter V
Social Governance Frame Work
According to the Altimeter Group, almost two-thirds of companies say that social
media is a significant or critical risk to their brand reputation. Forrester Research
tells us that 64% of large companies have no social media policy in place, or if they
do, they lack tools to sufficiently enforce and support the policy.
Operating Strategy
Companies must define and implement an enterprise-wide social operating strategy
that (1) ensures consistent customer experiences across channels and (2) integrates
with existing strategy and planning processes.
Business Process
They should infuse social media into business processes in ways that maximize the
lifetime value of customers while synthesizing the diverse perspectives of affected
internal process owners.
20
44
Marketing Quality
Ensure that marketing tactics in social and digital media are consistent with the
companys definition of quality marketing. Then, as social media accounts
proliferate and as brands begin to empower their employees to represent the brand
in social media, align accounts and content with audiences.
Solution Architecture
Develop, deploy, and maintain an enterprise solution architecture that allows the
company to optimize the technology costs required to achieve social business goals.
In addition, some companies create more restrictive guidelines that apply when
employees post comments about the company or its products, spelling out
requirements such as protecting confidentiality, privacy and security. If the
company runs its own social site, such as a blog, the company should also create
acceptable use policies for external users who post comments. Although social
media policies will vary somewhat depending on the type of company and industry,
some common employee guidelines apply to most companies21:
21
Employees should always disclose that they are employees of the company
when commenting on matters related to the company
Unless employees are company spokespeople, they should make it clear that
their opinions do not represent the company
45
Employees should think before they post, knowing that once information is
published online it essentially becomes part of a permanent record, even if it
is removed or deleted later
22
46
Chapter VI
Usage Guidelines
As discussed in previous chapter due to the risks associated with social media a
proper framework and guidelines are required to direct the organisation to make
apt use of social media. As cited by Government of India while discussing the policy
regarding social media that many apprehensions including, but not limited to issues
related to authorisation to speak on behalf of department/agency, technologies and
platform to be used for communication, scope of engagement, creating synergies
between different channels of communication, compliance with existing legislations
etc. It was therefore felt that Guidelines for use of Social Media were required which
would enable project owners/implementers to effectively use these platforms.
47
24
48
Vendor Management
A due diligence process for selecting and managing third-party service provider
relationships in connection with social media;
Training
An employee training program that incorporates the institutions policies and
procedures for official, work-related use of social media, and potentially for other
uses of social media, including defining impermissible activities;
Monitoring
An oversight process for monitoring information posted to proprietary social media
sites administered by the financial institution or a contracted third party;
Compliance
Audit and compliance functions to ensure ongoing compliance with internal policies
and all applicable laws, regulations, and guidance; and
Reporting
Parameters for providing appropriate reporting to the financial institutions board
of directors or senior management that periodically evaluate the effectiveness of the
social media program and whether it is achieving its stated objectives.
49
Chapter VII
References
Social Media and Banking
Reputational Risks Deloitte
Shwayri, R. N. ,The Risks Associated with Financial Institutions Use of Social
Media
Merill T., Latham K., Santalesa R., Navetta D., Social Media: The Business
Benefits May Be Enormous, But Can the Risks-- Reputational, Legal,
Operational -- Be Mitigated?
A practical guide to risk assessment* - PwC
SANS Institute- Risk Assessment of Social Media
ISACA- Social Media RIsk and Mitigation Guide
Yurcan B., The Compliance Risk of Social Media
The Financial Brand
DNA
IBNLive
Wikipedia.org
FFIEC.org
CGI, Implementing social network analysis for fraud prevention
Accenture, Empowerment with Accountability
Social Media: Consumer Compliance Risk Management Guidance
Framework and Guidelines for Use of Social Media for Government
Jeremy Epstein, vice president of marketing at Sprinklr
Social Media Strategy, Policy and Governance, Ernst & Young
[Yearbook] Information and Technology Act: Salient Features and Provisions
Managing the risks of Social Media-Deloitte
Business Education
Watch My Wallet
Sales Force Marketing Cloud
International Week SMB
Pennstate College
Social Media Law Blog
Companies now hiring through social media
Role of networking sites in recruitment and talent management
Recruiting Through Social Media
http://www.walkersands.com/Blog/how-brands-can-use-social-media-forcrisis-management/
http://www.blogussion.com/general/uses-social-networking/
Antony Mayfield, what is social media?
Nielsen, Global Faces and Networked Faces, 2009
50
51