Keep a Blog, Get Fired
Here’s an interesting statistic, in the light of Scoble’s departure from Microsoft (no direct connection, I promise, but it does raise issues about whether corporates really like blogging): 7.1% of companies have fired an employee for violating blog or message board policies.
According to email security company Proofpoint, whose survey you can download from here, decision-makers at large U.S. companies show growing concern over sensitive information leaving the enterprise through electronic channels such as email, blog pages and message boards: “In fact, 55.4% of these large companies (with 20,000 or more employees) have expressed their uneasiness that regulations guarding the firm’s privacy will be violated by members of the “e-communication” community. In an effort to reduce risk of exposure, 44% of larger companies employ staff to monitor outbound email, and nearly 1 in 5 companies (17.3%) has disciplined an employee for disobeying blog or message board policies.”
Proofpoint’s survey suggests they may be right: “more than a third (34.7%) of companies report their business was affected by the disclosure of sensitive material in the past year. Furthermore, more than 1 in 3 investigated a suspected email leak of confidential or proprietary information and 36.4% investigated a suspected violation of privacy or data protection regulations in the past year.” While a lot of this is email, “companies fear that financial data, healthcare information, or other private materials may be posted in blogs, sent through instant messaging, or transmitted by other means.”
Some other titbits:
- Nearly 1 in 3 companies (31.6%) has terminated an employee for violating email policies in the past 12 months. More than half (52.4%) of companies have disciplined an employee for violating email policies in the past year.
- More than 1 in 5 (21.1%) companies were hit by improper exposure or theft of customer information (whatever that means), while 15% were impacted by improper exposure or theft of intellectual property. (I think this means customer information or other sensitive data were stolen.)
- Companies estimate that more than 1 in 5 outgoing emails (22.8%) contains content that poses a legal, financial or regulatory risk. The most common form of non-compliant content is messages that contain confidential or proprietary business information.
- Here’s a funky one: 38% of companies with 1,000 or more employees hire staff to read or analyze outbound email. 44% of larger companies (those with more than 20,000 employees) employ staff for this purpose. I bet you didn’t know your company was hiring people to read your outgoing email.
- Nearly 1 in 5 companies (17.3%) has disciplined an employee for violating blog or message board policies in the last year. 7.1% of companies fired an employee for such infractions. Ouch. 10% of public companies investigated the exposure of material financial information via a blog or message board posting in the past year.
Of course, Proofpoint have a point to prove (thank you) here, but probably this information is sound. There’s definitely a sense out there that blogging is something that needs to be controlled, for better or for worse. Of course, the bigger point is that information is no longer something that can be kept within organisations. Once it became digital, and once employees could move that digital data out of the company easily (remember when company email was not Internet-based, and there was no gateway out of the company email system? I do) then the walls were already tumbling down. The question now for companies is: do we try to ring-fence as much as we can, or do we put more trust and faith in the hands of employees so they don’t feel the urge to vent outside the company gates?