Nine out of 10 large UK firms have no rules to guide employees' use of Web 2.0 tools at work, even though more and more firms are using them to reach new customers and share information.
A Vanson Bourne study of 100 UK CIOs and IT managers at firms with more than 1,000 staff found that 89% had no dedicated guidelines in place to control the use of Web 2.0 social networking tools.
The study for information risk consultants Recommind found 44% using the tools to communicate and share information with colleagues around the world, while a quarter used them marketing and sales, business development and company research.
Recommind's VP and general counsel Craig Carpenter said communication was instant in a Web 2.0 world, but sensitive information could be divulged, co-opted or misconstrued very easily, exposing the organisation to information risk.
Just over half (51%) knew of the data leakage risks but most overlooked the risks posed by an increasingly stringent regulatory climate and the knock-on impact of investigations and eDisclosure requests, he said.
More than two thirds (70%) believed it was the IT department's job implement and enforce Web 2.0 usage policies; 17% thought it was up their legal department.
It was a shared responsibility, said Carpenter. "There needs to be more collaboration between the IT and legal departments," he said. Legal departments had to get involved in crafting and enforcing Web 2.0 policies because they often knew best what information could and could not be stored and/or shared, he said.
"We've already seen cases of employees being reprimanded for discussing proprietary information on sites like Facebook," Carpenter said. He said a major US media network was recently criticised when one of its journalists leaked off-the-record comments by President Obama via his Twitter feed. "While having a company policy in place is common sense, any such policy is only as effective as its enforcement," he said.