Gartner, a leading IT research and advisory firm, tells us Big Brother will be getting busier. But we already knew that. Today, less than 10% of companies actively monitor their employees use of social media. Gartner calculates by 2015 that number will have grown to 60%.
This is a good-news/bad-news situation. The good news is increasing numbers of organizations are becoming smart about protecting their assets in this digital age. Andrew Walls, the Research Vice President of Gartner, explains:
Given that employees with legitimate access to enterprise information assets are involved in most security violations, security monitoring must focus on employee actions and behavior wherever the employees pursue business-related interactions on digital systems. In other words, the development of effective security intelligence and control depends on the ability to capture and analyze user actions that take place inside and outside of the enterprise IT environment.
This means of course an employees personal use of social-media sites such as Facebook, LinkedIn, YouTube, and others is all potentially activity of interest. We dont need to think too hard to recall many situations in which personal digital data became incriminating evidence in a professional or corporate scandal or lawsuit.
The bad news is these same organizations will find themselves confronted with complicated legal and ethical dilemmas. Social media by its very nature predisposes itself to revealing a tremendous amount of personal information that lacks relevance to the monitoring organizations legitimate concerns. This might include personal information on religion, marital status, relationships, sexual preferences, and political affiliations. Walls acknowledges the quandary:
While automated, covert monitoring of computer use by staff suspected of serious policy violations can produce hard evidence of inappropriate or illegal behaviors, and guide management response, it might also violate privacy laws. In addition, user awareness of focused monitoring can be a deterrent for illicit behavior, but surveillance activities may be seen as a violation of legislation, regulations, policies or cultural expectations. There are also various laws in multiple countries that restrict the legality of interception of communications or covert monitoring of human activity.
My take on this is no easy answers exist. Social media repeatedly puts us into situations in which the personal and the professional bleed into each other. Companies will need to maintain a strict focus on maintaining boundaries and protocols for everyones protection. Liability issues have enlarged and will continue to do so. Smart companies will give increasing attention to the ethical and legal dilemmas.
Nevertheless, with fundamental ethical and legal principles in place, I believe these choppy waters can be successfully navigated. Continual policy and program assessment is a must because the virtual world and its associated qualities can change instantly. Some of those changes might require a top-down overhaul; other changes might only require minor adjustments. The important thing is that organizations remain vigilant and responsive.
style=”border:none; width:450px; height:80px”>