With major web 2.0 socal sites automatically providing many sharing services, any information posted with these online tools could potentially be copied around the world, being viewed many thousands of times along the way. One critical concern for enterprises of both small and large calibre is – how do I gain a competitive advantage by using these tools, but limit and mitigate the risk of exposing company secrets at the same time.
So what risks are we talking about? Taking Westpac bank as an example, one of their employees could discuss a client relationship they have with Westpac. While this may seem like innocent discussion, there is potential there to find out more details such as – do they have a good or bad relationship with the bank? Do they take good care of their finances? The answers to these types of questions could actually empower third parties with information they should not have.
Who could be these third parties? Keyholders in either the company or Westpac (in our example), potential investors for both businesses, media journalists looking to build a story – each of these third parties could potentially gain with confidential information being leaked.
One example of this is NP Generations Pty Ltd v Feneley (2001) where a property manager had a dairy with key contact and business information, whom left the company, taking the information with her. When she was employed a few months later by a rival, she used the information contained with to gain an advantage at the cost of her previous employer. In this situation the court held that the customer information within the dairy was confidential to her previous employer, which should have been returned upon her leaving that employer.
If this was taken one step further, with a focus on web 2.0 social technologies, the person in question could have uploaded that data to her facebook account – in which many people would have had access to that information. Depending on the sensitivity and content of the information, it could be viewed a great many times before any legal injunction could take place. This may very well damage the company’s reputation and the employee.
This is an example that illustrates how important it can be for a company to have a social media policy. A social media policy should be constructed which defines what information is and is not allowed to be posted on the global, public web 2.0 social networking technologies like twitter and facebook. This policy should incorporate legal aspects where ever possible, so that corporate information is protected. Information Technology specialists should also investigate how to implement a social media policy to ensure it can be done effectively.
In the example of Westpac, they should have a social media policy built which provides limits on what information is allowed to be passed outside the company. In order to make this effective, their I.T. team should implement measures to ensure that the information is protected. Further more Westpac could hold company sessions to train their personnel on the importance of the social media policy, and reinforce that through reminders during their working week.
Web 2.0 social media provides an immense amount of connectivity between employees, employers and the world-wide public. With information so readily available to be uploaded to these tools, it is only prudent to consider the security aspect for these tools and generate a policy to protect the company interests.
-Mathew
References:
Brown, S. (2010, January). Safely ‘Friend’ Web 2.0 at Work . Retrieved August 23, 2010, from Workplace HR@Safety: http://www.imn-unlocked.com/wb-spartantec/e_article001633793.cfm?x=b11,0,w
LinkedIn – is your confidential client information not so confidential? (n.d.). Retrieved August 23, 2010, from Rostro Carlyle Solicitors: http://www.rostroncarlyle.com/legalarticles/social-media-law-articles/linkedin-is-your-confidential-client-information-not-so-confidential.html