Nine out of 10 large UK firms have no rules to guide employees'
use of Web 2.0 tools at work, even though more and more firms are
using them to reach new customers and share information.
A Vanson Bourne study of 100
UK CIOs and IT managers at firms with more than 1,000 staff found
that 89% had no dedicated guidelines in place to control the use of
Web 2.0 social networking tools.
The study for information risk consultants Recommind found 44%
using the tools to communicate and share information with
colleagues around the world, while a quarter used them marketing
and sales, business development and company research.
Recommind's VP and general counsel Craig Carpenter said
communication was instant in a Web 2.0 world, but sensitive
information could be divulged, co-opted or misconstrued very
easily, exposing the organisation to information risk.
Just over half (51%) knew of the data leakage risks but most
overlooked the risks posed by an increasingly stringent regulatory
climate and the knock-on impact of investigations and eDisclosure
requests, he said.
More than two thirds (70%) believed it was the IT department's
job implement and enforce Web 2.0 usage policies; 17% thought it
was up their legal department.
It was a shared responsibility, said Carpenter. "There needs to
be more collaboration between the IT and legal departments," he
said. Legal departments had to get involved in crafting and
enforcing Web 2.0 policies because they often knew best what
information could and could not be stored and/or shared, he
said.
"We've already seen cases of employees being reprimanded for
discussing proprietary information on sites like Facebook,"
Carpenter said. He said a major US media network was recently
criticised when one of its journalists leaked off-the-record
comments by President Obama via his Twitter feed. "While having a
company policy in place is common sense, any such policy is only as
effective as its enforcement," he said.