THE Internet has spawned a world of people drunk on self-expression. For CIOs over a certain age, or who can’t type, the phenomenon may seem a bit bewildering.
Blogging is everywhere, and whether or not you know it, your employees (especially those under 40) may be up to their necks in it, possibly blogging about you, your IT department or your company.
Company-sponsored blogs can be a clever marketing device to spread the word about a firm’s products or recruitment needs. They are cheap to deploy and easy to use by employees at any level. Blogs get the highest search-engine optimization among sites like Google, so if you are blogging well, your company will quickly see the results in increased traffic to your blogs. So you may be benefiting from blogging without even knowing it.
But there is also a downside. Blogging was listed in IBM’s Global Business Security Index Report as one of the top security threats to businesses in 2006 because of the increased risk of leakage of confidential business data. There are already several lawsuits in the U.S. involving such claims, including an action by Apple Computer Inc. for proprietary company information it says was leaked on several blogs before one of its products was officially released.
What’s going on?
Blogs (journal-style diaries and commentaries, usually on one topic or family of topics, accessible over the Internet) are merely one form of Internet-based self-expression that began with Web sites and e-mail and has now morphed into the following and more:
• FOAF (friend of a friend) online networks that crunch together blogs, discussion groups and dating sites;
• Phoblogs (blogs shared among amateur photographers);
• Podcasts (one-person Internet radio stations);
• Vodcasts (one-person Internet TV broadcasts).
And then, of course, there are the search engines and RSS (really simple syndication) aggregators that allow millions of users to find, track and search content from all the above.
Other than sending gigabytes of electronic noise off into space, what is the significance of this explosion of self-expression to CIOs and other business executives?
To put it bluntly, businesses in Canada are unprepared for blogging’s impact. Most business managers — CIOs included — don’t realize that blogs can expose a company to significant legal and business risk, beyond leaks of proprietary information.
There is legitimately rising concern about the legal risks associated with employee posts to company-sponsored blogs, since, unlike other forms of employee communication, blog posts are available around the world in a matter of seconds through search engines and RSS feeds.
As the CIO, you need to consider some of the key legal risks associated with company-sponsored blogs and take some precautions to minimize those risks. The potential hazards include:
Defamatory statements: Employees may make defamatory statements (intentionally or unintentionally) on a company blog about a third party, exposing your company to liability.
Disclosure of trade secrets: Employees on company-sponsored blogs may inadvertently disclose or share company trade secrets or disclose the secrets of third parties in partnership with your company.
Dislcosure of business information: Business plans, marketing initiatives, financial information or other confidential information of your company may be posted by employees to a blog, possibly causing significant and irreparable damage.
Disclosure of personal information: Because company blogs are intended to be casual, informative and insightful, employees may inadvertently post private information about other employees or third parties. The company may be liable for failing to protect the privacy of the information.
Infringement of intellectual property: Blog posts often include links to other sites or blogs. Without realizing it, employees may infringe a trademark in a blog post or may upload material protected by copyright, exposing the company to liability for infringement.
Disclosure of public company information: Public companies face greater legal risks than private companies because of securities disclosure rules. Employees may make material misrepresentations on company blogs that could result in serious sanctions against the company by securities regulators or attract civil liability.
Here are some things you can do to avoid some of the above problems.
1. Establish a business blogging policy: If you haven’t already, you should prepare a written blog policy that sets out what can and cannot be included on company-sponsored blogs. The policy should make it clear that employees should refrain from posting inappropriate information to a blog or make defamatory, harassing or other derogatory comments about the company, its employees or others. For public companies, the policy should include examples of the type of information that should not be posted to a company blog. Employees should be required to review and sign the policy.
2. Provide blog training: Your company should provide education and training sessions to its employees on blog policy.
3. Monitor blogging activities: Without attempting to become Big Brother, you should monitor your company blogs regularly to ensure the content complies with the company blog policy and also to ensure compliance with privacy laws and securities regulations in the case of a public company. Companies need to find a balance between protecting themselves and encouraging employees to continue blogging.
4. Post blog disclaimers: Finally, you should ensure that company-sponsored blogs written by employees contain appropriate disclaimers that limit the company’s liability for statements made by the employee and other potential claims arising from posts to the blog.
Blogging isn’t likely to go away soon, nor probably should it. CIOs must resolve to work with this new form of communication, to tap its power while protecting the company’s interests.
–Christine Mingie is an Associate with the Vancouver law firm Lang Michener LLP.