http://www.webpronews.com/blogtalk/2007/02/19/infosec-and-corporate-blogging By Dan Morrill 02/19/2007 Zeltzer and Villafranco have probably the most coherent list of Do's and Don'ts when it comes to corporate blogging out there, its an absolute must read. The Law.com [1] has a great listing of Do's and Don'ts when it comes to Corporate Blogging out there. Here are two don'ts that I have seen in a lot of corporate blogs that defy the imagination for being out there. DON'T employ consumer bloggers to say positive things about your company's products or services without ensuring that they disclose their affiliations with the company. Endorsements and testimonials by word of mouth have always been a popular form of marketing, but the blogging world has made them even more so, thereby making content that crosses the line an attractive target for regulators. Source: The Law.com When doing a Google search on companies to see what intellectual property has been exposed, and how to do some form of recovery and damage control. I usually run into company sponsored or company employees saying how great the company is, and how wonderful and life fulfilling those products are. The problem is when you get into the comments section of the file, and see that not everyone agrees with the wonderfulness of the product. The blog writer is then usually put into a position to support/defend their entry, and many times the language degenerates into finger pointing pain. Alternatively, even better, it is a one off blog entry somewhere, with many negative comments, but no response from the original blog writer to support their statement or their position. All that ends up in Google, meaning when searching for the company, the negative comments are seen, and people have a way of getting their point across. A well-maintained blog entry usually has both positive and negative comments, or all negative or all positive depending on how the blog comments are being shaped by the blog writer. (Blog writers do shape their comments, when they have access to approve or disapprove of the comments being posted). The other very important Don't DON'T terminate employees for posting inappropriate content to corporate blogs without considering the risk of wrongful termination claims, especially where the company does not have a consistent practice on how it treats employees who post content online. Employees may claim that the employer authorized the posting, and is now discriminating against them for exercising their right to organize. Source: The Law Managers and company HR folks should be paying close attention to this don't. Too many people have been fired for blogging where there was no coherent company policy on blogging. Regardless of what the person is saying, if the company has not addressed the risk of blogging, and has it established as policy, this can open up a company to a huge liability issue that will cost time, money, and legal fees. The best Do' however is: DO train your employees on how to avoid posting content that is likely to incite tort-based causes of action, such as defamation, trade libel, product disparagement, negligent or fraudulent misrepresentation and vicarious liability for an employee's posting. While tort-based actions like these do not frequently arise against individual bloggers, the prospect of deep pockets associated with a corporate blog may invite various claims associated with postings (usually negative postings). Source: The Law This is very important as a "do" because even if the blog is not directly associated with the company, if a person can prove that the person worked for the company, and wrote negative articles about people in the company, outside the company, where the claims can not be proved (or a person had a private identity), this can open up not only the blogger to liability, but the corporation that sponsored the blog as well. Corporate sponsorship of blogs can be tricky at best, and having an employee that is disparaging of co-workers, can not stay on script as to what the blog is about, or otherwise becomes a huge management issue. As well it can become an information security issue in the longer run if trade secrets or internal information is posted to the web site. Companies should read the Do's and Don'ts from the Law.com, its coherent and applicable to how to manage and develop good policy around corporate sponsored blogs. [1] http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1171620175568 -==- About the Author Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community. ______________________________________ Subscribe to the InfoSec News RSS Feed http://www.infosecnews.org/isn.rss
This archive was generated by hypermail 2.1.3 : Tue Feb 20 2007 - 22:47:59 PST