Organizational Data + An Internet Connection = A Recipe for Disaster

Organizational Data + An Internet Connection = A Recipe for Disaster

For many years, most organizations have had policies governing employees’ use of e-mail (e.g. no political solicitations, no profanity, etc.) and the Internet (e.g. don’t download or share information that’s offensive, illegal, discriminatory, etc.). And many organizations are in the process of implementing policies to guide employees on what organizational information/data can (and cannot) be shared in social media applications such as Facebook. In addition, many organizations have a Code of Conduct requiring employees to preserve the confidentiality and privacy of the organization’s information by not using or disclosing confidential/personal information other than in the performance of their jobs or as required by law.

However, despite such requirements, the combination of organizational data/information and an Internet connection is a recipe for disaster – and often a public relations nightmare – in the hands of some employees.

In a recent Maclean’s article entitled “Open Secrets” , Tamsin McMahon illustrates “. . . just how much power today’s workers have to spill the beans on their employer’s most sensitive information. From Twitter to Facebook to professional networking sites like Glassdoor and LinkedIn, any employee with an Internet connection now has access to a limitless array of tools to instantly – and anonymously – share workplace gossip and confidential corporate data with the world.”

While much of Ms. McMahon’s article focuses on how the law is catching up to provide legal consequences for employees who discredit their employers/bosses on social media or release confidential information, she provides several thought-provoking examples of the damage an unthinking employee can cause. For example:

  • A warehouse employee was fired after having uploaded to YouTube 93 videos taken at work over two years showing activities such as employees playing with insects on the warehouse floor and a video claiming that one customer’s foodstuffs were stored with sodium cyanide. The employer claims $250,000 in lost business from angry clients due to the videos.
  • An Ontario court allowed a company to fire two employees who had spread gossip and jokes about their boss on an employee’s private Facebook page. Despite the fact the page wasn’t public, the court ruled that the company’s reputation had been harmed because enough of their co-workers had read the posts.

Some of Ms. McMahon’s examples illustrate that many breaches are made unwittingly, and sometimes by an employee’s immediate family, for example:

  • An employee posted a picture on Instagram of a work-related trip, not realizing that he publicly revealed a site where his employer was planning to drill for oil.
  • US soldiers uploaded to the Internet photos of new helicopters not realizing that GPS coordinates are transmitted with most photos taken with cellphone cameras. The next day, four of the helicopters were destroyed in a bomb attack.
  • A high-profile executive’s children may compromise the family’s security by discussing their vacation plans on Twitter.
What does this mean for RIM professionals?

The need to keep tabs on their reputation and information will likely cause many organizations to implement web scanning whereby they (or their service providers) will sift through chat room conversations, Facebook posts, tweets, YouTube, etc. looking for inappropriate comments and inappropriately released information. The resulting collection of comments/information will constitute another group (or series) of information to be managed and retained for a suitable period. Because some of the inappropriate comments or inappropriately released information may be relevant in future litigation, it will be particularly important to document and manage the audit trail of the information’s collection, access, and storage and manage it according to the organization’s legal hold protocol if/when required.

RIM professionals working for organizations in competitive environments may also see an increase in the volume of competitive intelligence (i.e. information about their competitors) to be managed as their employers deploy web scanning for competitive purposes.

Leave a Comment

Your email address will not be published. Required fields are marked *

Related Posts

Text Messages as Evidence
e-discovery

Yes, text messages can be evidence

Bloomberg Businessweek reports that a former BP engineer, Kurt Mix, was charged with two counts of obstruction of justice for intentionally destroying evidence requested by US authorities about the size of the 2010 Gulf of Mexico oil spill

Read More »
business processes

Digital Notetaking: Friend or Foe?

Traditionally, you’d show up to a meeting toting a paper notebook in which you’d jot down comments, ideas, decisions, and action items.  Then, after most meetings, you’d return to your desk and transcribe your notes, issue e-mails

Read More »
cloud

From Here to E-ternity

I can’t take credit for the title of this blog post because it comes from the title of a recent, thought-provoking article in TIME Magazine (US Edition, Feb. 11). In “From Here to E-ternity: What Happens to

Read More »
  • About the Author

  • Sheila Portrait
    Sheila Taylor
  • Sheila Taylor is a well known consultant, educator, speaker and writer with more than 25 years of experience in the information management (IM) field.

  • Recent Tweets

  • Company News

  • Search Site

  • Archives By Date

  •  Telephone

     

    (905) 702-8756
    1-877-857-7111

     

    Email

     

    info@eimc.ca

    Request A Call

    Case in Point

    That's A Lot of Records!
    Often the requirement for a needs assessment is driven by a specific initiative being considered or an immediate problem to be solved, rather than a general desire to establish a corporate (or organization-wide) IM program. We had a client wanting to improve its management of a specific group of critical records – thousands of member files in paper, microform and digital formats containing hundreds of unique document types.
    Assess, Plan and Schedule
    Ergo reviewed the organization’s current practices for managing those records, compared those practices to best practices, and identified risks and areas for improvement. From there we developed a strategic plan with a focus on records storage and retention. The plan identified the operational, financial and technological requirements for implementing the recommended changes, improvements and enhancements in the lifecycle management of the member records. Activities in the plan were classified as short term (next 6-12 months), medium term (next 12-24 months) and longer term (next 25+ months).
    Step by Step Success
    Implementation of the strategic plan enabled this organization to ensure its member records are properly identified, organized, accessible, protected and retained as long as necessary to meet operational and other requirements.
    Previous slide
    Next slide