Organizational Data + An Internet Connection = A Recipe for Disaster

Organizational Data + An Internet Connection = A Recipe for Disaster

For many years, most organizations have had policies governing employees’ use of e-mail (e.g. no political solicitations, no profanity, etc.) and the Internet (e.g. don’t download or share information that’s offensive, illegal, discriminatory, etc.). And many organizations are in the process of implementing policies to guide employees on what organizational information/data can (and cannot) be shared in social media applications such as Facebook. In addition, many organizations have a Code of Conduct requiring employees to preserve the confidentiality and privacy of the organization’s information by not using or disclosing confidential/personal information other than in the performance of their jobs or as required by law.

However, despite such requirements, the combination of organizational data/information and an Internet connection is a recipe for disaster – and often a public relations nightmare – in the hands of some employees.

In a recent Maclean’s article entitled “Open Secrets” , Tamsin McMahon illustrates “. . . just how much power today’s workers have to spill the beans on their employer’s most sensitive information. From Twitter to Facebook to professional networking sites like Glassdoor and LinkedIn, any employee with an Internet connection now has access to a limitless array of tools to instantly – and anonymously – share workplace gossip and confidential corporate data with the world.”

While much of Ms. McMahon’s article focuses on how the law is catching up to provide legal consequences for employees who discredit their employers/bosses on social media or release confidential information, she provides several thought-provoking examples of the damage an unthinking employee can cause. For example:

  • A warehouse employee was fired after having uploaded to YouTube 93 videos taken at work over two years showing activities such as employees playing with insects on the warehouse floor and a video claiming that one customer’s foodstuffs were stored with sodium cyanide. The employer claims $250,000 in lost business from angry clients due to the videos.
  • An Ontario court allowed a company to fire two employees who had spread gossip and jokes about their boss on an employee’s private Facebook page. Despite the fact the page wasn’t public, the court ruled that the company’s reputation had been harmed because enough of their co-workers had read the posts.

Some of Ms. McMahon’s examples illustrate that many breaches are made unwittingly, and sometimes by an employee’s immediate family, for example:

  • An employee posted a picture on Instagram of a work-related trip, not realizing that he publicly revealed a site where his employer was planning to drill for oil.
  • US soldiers uploaded to the Internet photos of new helicopters not realizing that GPS coordinates are transmitted with most photos taken with cellphone cameras. The next day, four of the helicopters were destroyed in a bomb attack.
  • A high-profile executive’s children may compromise the family’s security by discussing their vacation plans on Twitter.
What does this mean for RIM professionals?

The need to keep tabs on their reputation and information will likely cause many organizations to implement web scanning whereby they (or their service providers) will sift through chat room conversations, Facebook posts, tweets, YouTube, etc. looking for inappropriate comments and inappropriately released information. The resulting collection of comments/information will constitute another group (or series) of information to be managed and retained for a suitable period. Because some of the inappropriate comments or inappropriately released information may be relevant in future litigation, it will be particularly important to document and manage the audit trail of the information’s collection, access, and storage and manage it according to the organization’s legal hold protocol if/when required.

RIM professionals working for organizations in competitive environments may also see an increase in the volume of competitive intelligence (i.e. information about their competitors) to be managed as their employers deploy web scanning for competitive purposes.

Leave a Comment

Your email address will not be published. Required fields are marked *

Related Posts


Privacy rights in the workplace

If you’re like me, you’ve read many e-mail and other records management policies stating that an employee should not expect any privacy when using a workplace computer (i.e. a computer owned by his/her employer). Many organizations are

Read More »

RIM shot — Finding the Humour in What We Do

(Please note: Some cartoons originally posted in this article caused some technical difficulties, so they have been temporarily removed and replaced with links. Hopefully we will be able to restore the original images soon.) I’m

Read More »
  • About the Author

  • Sheila Portrait
    Sheila Taylor
  • Sheila Taylor is a well known consultant, educator, speaker and writer with more than 25 years of experience in the information management (IM) field.

  • Recent Tweets

  • Company News

  • Search Site

  • Archives By Date

  •  Telephone


    (905) 702-8756




    Request A Call

    Case in Point

    That's A Lot of Records!
    Often the requirement for a needs assessment is driven by a specific initiative being considered or an immediate problem to be solved, rather than a general desire to establish a corporate (or organization-wide) IM program. We had a client wanting to improve its management of a specific group of critical records – thousands of member files in paper, microform and digital formats containing hundreds of unique document types.
    Assess, Plan and Schedule
    Ergo reviewed the organization’s current practices for managing those records, compared those practices to best practices, and identified risks and areas for improvement. From there we developed a strategic plan with a focus on records storage and retention. The plan identified the operational, financial and technological requirements for implementing the recommended changes, improvements and enhancements in the lifecycle management of the member records. Activities in the plan were classified as short term (next 6-12 months), medium term (next 12-24 months) and longer term (next 25+ months).
    Step by Step Success
    Implementation of the strategic plan enabled this organization to ensure its member records are properly identified, organized, accessible, protected and retained as long as necessary to meet operational and other requirements.
    Previous slide
    Next slide