The privacy furor stirred up over the past couple of weeks by the launch of Google’s social networking tool, Buzz, caused the search giant to make some fairly radical changes to the service. It also threw the issue of privacy in social networking into sharp relief. But Google’s stumble in this space is just the latest in a long line of privacy flubs from nearly all of the vendors in the market. It is worth considering whether traditional notions of privacy and social networking are basically incompatible, and if they are, what implications this might have for businesses.
Facebook’s founder Mark Zuckerberg says that the age of privacy is over as we all share more of our “stuff” online. However, most folks have a reasonable expectation of privacy, and issue is further complicated because as our personal and professional lives become ever more greatly intertwined, there are implications for businesses, too.
How Privacy Leaks on Social Network Affect Businesses
Buzz’s botched launch provides a good example of how damaging privacy leaks affecting individuals can be for the enterprise. One of the complaints about Buzz was that it automatically followed everyone that a user communicated with regularly via Gmail or GTalk, revealing their contacts to the world at large. This could have revealed commercially sensitive information through no fault of the user — particularly as some people use private GTalk accounts for IM communication in the workplace.
Another good example of how privacy leaks on social networks affect businesses are supposedly “private” employee groups on large social networks revealing confidential or damaging information. This recently happened to large UK retail chain DSGi whose staff were caught insulting its customers via an employee Facebook group: a PR disaster.
What Businesses Can Do About It
So, if social networking and notions of privacy are basically incompatible, and privacy leaks from individuals can be hugely damaging to the enterprise, what can businesses do about it? It is unrealistic (and would be unreasonable) for organizations to attempt to apply draconian controls on how employees use social networks. A better approach for minimizing the potential damage would be two-fold: providing tools and education.
Firstly, provide appropriate corporate-grade tools for communication, collaboration and networking, so that employees don’t turn to their personal social networking tools for this functionality. If businesses don’t provide an appropriate IM tool, for example, it is highly likely that employees will turn to their personal GTalk or Facebook Chat accounts for communication. Similarly, if collaboration tools are not provided, employees may be tempted to set up a “private” Facebook or LinkedIn group for the purpose. Internal, company-provided tools may still not provide absolute data privacy (for that, you’d need to ensure that no-one ever shared anything), but they will give the business greater confidence that commercially sensitive information isn’t being spread around uncontrolled via a mainstream social network.
Only tools that provide appropriate levels of security, data encryption and privacy controls should be selected. Where possible, businesses should choose a self-hosted solution, rather than a managed one, in order to maintain maximum control over their data.
Secondly, educate your employees about the limitations of privacy on social networks that I’ve outlined above. If employees have a better understanding of how limited online privacy actually is, they will be less likely to upload anything to a social network that could be damaging to either the company or themselves.
This education should be taken seriously, taking cues from the best practices already established in corporate IT security training: starting education early (from the employee’s orientation); repeated and varied training throughout the employee’s tenure; and keeping education simple and appropriate. Many businesses already have some form of official privacy training in place — broadening it to encompass the dangers posed by personal social networking tools shouldn’t bee difficult or costly.
Unlike Zuckerberg, I don’t think we’ve necessarily come to the end of the age of privacy. Perhaps social networks will evolve to give us reliable, granular, context-sensitive privacy controls, such as those that ReadWriteWeb’s Marshall Kirkpatrick argues for. But until they do, we all need to be careful about who we share our stuff with, and where we share it.