Governing social media and properly tackling social media security is a hot topic in the modern workplace. Social media is an important tool for communicating with customers and generating new business, but businesses need to ensure that the transparency of the Web does not create a security lapse. Meanwhile, personal social media use by employees continues to soar, forcing companies to make sure that sensitive information is not being leaked -- all while complying with employee privacy laws.
Social media inside companies can be tremendously useful for improving efficiency, information exchange and knowledge management.
SearchCompliance.com Editorial Director Scot Petersen recently sat down with Jeffrey Ritter, an attorney and recognized expert on technology law, to discuss governing social media security in the technology-driven 21st century, and steps companies can take to protect themselves.
Scot Petersen: Explain a little bit about how a company should go about governing social media information.
Jeffrey Ritter: One of my favorite anecdotes is from a C-level executive who brought on a new person, and he walked her in and showed her to her station, welcomed her to the company. She was immediately put to work on a development project of high importance to the company. Before lunch, he walked by and she had seven different IM windows open. She had five different browser windows open. She was interacting with people all over the 'net who were her friends or social or business contacts. He was aghast. She was actually corresponding with somebody in chat about how to develop a particular aspect of the project. He called her into the office and said, "What's going on?" She said, "This is how I work in the 21st century. I'm interactive. I'm real-time. I'm dynamic. This is how I give you the best possible work. So if you don't like it, fire me, but I can't work without being connected to my world."
Companies have a legitimate concern about how intellectually valuable and financially valuable information could leak out of the company. But it is such a compelling, powerful and useful way for people to interact. Social media inside companies can improve efficiency, information exchange and knowledge management. You can't shut it down.
Should technology solutions be employed to monitor, filter and observe what goes in and out of the company through social media?
The reality is that there is a perimeter around that business, and if all of the information inside the company is made available, then a lot of the competitive advantage inherent to the wealth and value of the company is disseminated. That's why we care. That's why digital information is the subject of governance today. Whether a particular monitoring technology should or should not be installed isn't a judgment that anyone can make as a generalization. You size your controls to the level of value that is ascribed in the level of risk.
How can companies find out about opt-in policies and privacy requirements?
There is an expectation that what we know about who we are and what we do with our personal lives is nothing to be shared with our employer. The employer may have an obligation to make email available and allow me to email and make phone calls as part of my personal life. So whether or not you opt in or opt out seems to be more and more part of the employment contract.
More on social media compliance
Companies have worked hard with their labor forces to build those controls in a way that balances the demands of the company for people to work hard in the business and still maintain a personal life. I think that's true with social media as well. Across all of these, the company does have this legitimate expectation that business assets in the form of digital information are staying where they belong. And if you want to use social media and the company wants to enable that, maybe that opt-in is a way of balancing the difficult interests here.
In part two of this Q&A, Ritter discusses how increased popularity of the cloud and bring-your-own-device programs complicates security compliance.