MI6 Facebook gaffe: lessons for businesses

Yet another disclosure of confidential information has highlighted why it is important for employers to have policies and procedures in place.

Yet another disclosure of confidential information has highlighted why it is important for employers to have policies and procedures in place regarding how confidential information is dealt with by their employees, writes Jimmy Desai, partner at Blake Lapthorn.

Details about John Sawyer (soon to be head of MI6) being put on Facebook prompted the government to insist that no state secrets had been revealed.

However, this is not an isolated incident.

There have been a number of occasions when information placed on Facebook have caused problems. For example, last year, a prison guard from Leicester was dismissed when it was discovered that he was Facebook friends with a number of current and former inmates of his prison. And Argos dismissed an employee for creating the Facebook group "I work at Argos and can't wait to leave because it's sh*t".

Employees have also been dismissed for making bullying or discriminatory Facebook comments, or posts which suggest employees are "pulling a sickie".

Employers should think about putting in place written policies which explain how employees should use the internet and social networking sites, or regarding what (if any) information employees can reveal about an employer.

However, employers need to be aware that monitoring of employees at work is subject to the Data Protection Act 1998 and an employee's right to privacy, since employee monitoring can include monitoring employees' telephone and e-mail usage as well as internet usage generally.

The Information Commissioner's Office gives detailed guidance as to how employers should approach the monitoring of their employees at work.

This is certainly not going to be the last incident where confidential information enters onto the internet. What is important is that employers consider how they hold confidential information, who has access to it and what policies and procedures are in place to protect that confidential information so that these incidents do not occur or, if they do, the employer has already thought about what it is going to do.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close