For many years, most organizations have had policies governing employees’ use of e-mail (e.g. no political solicitations, no profanity, etc.) and the Internet (e.g. don’t download or share information that’s offensive, illegal, discriminatory, etc.). And many organizations are in the process of implementing policies to guide employees on what organizational information/data can (and cannot) be shared in social media applications such as Facebook. In addition, many organizations have a Code of Conduct requiring employees to preserve the confidentiality and privacy of the organization’s information by not using or disclosing confidential/personal information other than in the performance of their jobs or as required by law.
However, despite such requirements, the combination of organizational data/information and an Internet connection is a recipe for disaster – and often a public relations nightmare – in the hands of some employees.
In a recent Maclean’s article entitled “Open Secrets” , Tamsin McMahon illustrates “. . . just how much power today’s workers have to spill the beans on their employer’s most sensitive information. From Twitter to Facebook to professional networking sites like Glassdoor and LinkedIn, any employee with an Internet connection now has access to a limitless array of tools to instantly – and anonymously – share workplace gossip and confidential corporate data with the world.”
While much of Ms. McMahon’s article focuses on how the law is catching up to provide legal consequences for employees who discredit their employers/bosses on social media or release confidential information, she provides several thought-provoking examples of the damage an unthinking employee can cause. For example:
- A warehouse employee was fired after having uploaded to YouTube 93 videos taken at work over two years showing activities such as employees playing with insects on the warehouse floor and a video claiming that one customer’s foodstuffs were stored with sodium cyanide. The employer claims $250,000 in lost business from angry clients due to the videos.
- An Ontario court allowed a company to fire two employees who had spread gossip and jokes about their boss on an employee’s private Facebook page. Despite the fact the page wasn’t public, the court ruled that the company’s reputation had been harmed because enough of their co-workers had read the posts.
Some of Ms. McMahon’s examples illustrate that many breaches are made unwittingly, and sometimes by an employee’s immediate family, for example:
- An employee posted a picture on Instagram of a work-related trip, not realizing that he publicly revealed a site where his employer was planning to drill for oil.
- US soldiers uploaded to the Internet photos of new helicopters not realizing that GPS coordinates are transmitted with most photos taken with cellphone cameras. The next day, four of the helicopters were destroyed in a bomb attack.
- A high-profile executive’s children may compromise the family’s security by discussing their vacation plans on Twitter.
What does this mean for RIM professionals?
The need to keep tabs on their reputation and information will likely cause many organizations to implement web scanning whereby they (or their service providers) will sift through chat room conversations, Facebook posts, tweets, YouTube, etc. looking for inappropriate comments and inappropriately released information. The resulting collection of comments/information will constitute another group (or series) of information to be managed and retained for a suitable period. Because some of the inappropriate comments or inappropriately released information may be relevant in future litigation, it will be particularly important to document and manage the audit trail of the information’s collection, access, and storage and manage it according to the organization’s legal hold protocol if/when required.
RIM professionals working for organizations in competitive environments may also see an increase in the volume of competitive intelligence (i.e. information about their competitors) to be managed as their employers deploy web scanning for competitive purposes.