Analyst Report: Can Enterprise Privacy Survive Social Networking?


The privacy furor stirred up over the past couple of weeks by the launch of Google’s social networking tool, Buzz, caused the search giant to make some fairly radical changes to the service. It also threw the issue of privacy in social networking into sharp relief. But Google’s stumble in this space is just the latest in a long line of privacy flubs from nearly all of the vendors in the market. It is worth considering whether traditional notions of privacy and social networking are basically incompatible, and if they are, what implications this might have for businesses.

The issue is that, at heart, social networking is basically about sharing stuff (links, status updates, photos, videos, your location, information). The more of “your stuff” you upload to various social networking sites, the less privacy you’ll have. While sites such as Facebook do have fairly sophisticated privacy controls to specify who can view your data, it could be argued that these controls are nothing more than an illusion of privacy. Once you upload your data to a social network, in reality you have little control over what happens to it, and changes like Facebook’s recent updates to its privacy policy can have a dramatic impact on how “private” your data really is. If you want something to remain truly private, it’s better not to upload it to a social network in the first place.

Facebook’s founder Mark Zuckerberg says that the age of privacy is over as we all share more of our “stuff” online. However, most folks have a reasonable expectation of privacy, and issue is further complicated because as our personal and professional lives become ever more greatly intertwined, there are implications for businesses, too.

How Privacy Leaks on Social Network Affect Businesses

Buzz’s botched launch provides a good example of how damaging privacy leaks affecting individuals can be for the enterprise. One of the complaints about Buzz was that it automatically followed everyone that a user communicated with regularly via Gmail or GTalk, revealing their contacts to the world at large. This could have revealed commercially sensitive information through no fault of the user — particularly as some people use private GTalk accounts for IM communication in the workplace.

Another good example of how privacy leaks on social networks affect businesses are supposedly “private” employee groups on large social networks revealing confidential or damaging information. This recently happened to large UK retail chain DSGi whose staff were caught insulting its customers via an employee Facebook group: a PR disaster.

What Businesses Can Do About It

So, if social networking and notions of privacy are basically incompatible, and privacy leaks from individuals can be hugely damaging to the enterprise, what can businesses do about it?  It is unrealistic (and would be unreasonable) for organizations to attempt to apply draconian controls on how employees use social networks. A better approach for minimizing the potential damage would be two-fold: providing tools and education.

Firstly, provide appropriate corporate-grade tools for communication, collaboration and networking, so that employees don’t turn to their personal social networking tools for this functionality. If businesses don’t provide an appropriate IM tool, for example, it is highly likely that employees will turn to their personal GTalk or Facebook Chat accounts for communication. Similarly, if collaboration tools are not provided, employees may be tempted to set up a “private” Facebook or LinkedIn group for the purpose. Internal, company-provided tools may still not provide absolute data privacy (for that, you’d need to ensure that no-one ever shared anything), but they will give the business greater confidence that commercially sensitive information isn’t being spread around uncontrolled via a mainstream social network.

Only tools that provide appropriate levels of security, data encryption and privacy controls should be selected. Where possible, businesses should choose a self-hosted solution, rather than a managed one, in order to maintain maximum control over their data.

Secondly, educate your employees about the limitations of privacy on social networks that I’ve outlined above. If employees have a better understanding of how limited online privacy actually is, they will be less likely to upload anything to a social network that could be damaging to either the company or themselves.

This education should be taken seriously, taking cues from the best practices already established in corporate IT security training: starting education early (from the employee’s orientation); repeated and varied training throughout the employee’s tenure; and keeping education simple and appropriate. Many businesses already have some form of official privacy training in place — broadening it to encompass the dangers posed by  personal social networking tools shouldn’t bee difficult or costly.

Unlike Zuckerberg, I don’t think we’ve necessarily come to the end of the age of privacy. Perhaps social networks will evolve to give us reliable, granular, context-sensitive privacy controls, such as those that ReadWriteWeb’s Marshall Kirkpatrick argues for. But until they do, we all need to be careful about who we share our stuff with, and where we share it.

Table of Contents

  1. Summary

Join Gigaom Research! Become a subscriber and get reports like these, plus full access to our collection of over 1,700 reports from world-class analysts.