Keep Your Eyes on the Enterprise: Emails, Wikis, Blogs, and Corporate Risk

Page 3 of 3


Blogging for Better or Worse
Blogs started out as online diaries or journals, typically arranged in reverse chronological order, which invite reader comments and dialogue. Whereas the wiki is a many-to-many collaborative tool, the blog is usually more like a monologue, a one-to-many form of communication, where the audience can comment on, but not change, the basic content and philosophy of the site.

Generally, a corporate blog is used to forge closer relations between employees, customers, and partners. The unique journaling capability can serve as the corporate "memory." It also provides a forum for suggestion and comment between management and employees. The conversational marketing between customer and company not only engages the participants, but it also helps provide data for improvement in product development or customer service.

The benefits of corporate blogging are manifold. The rollout of new products can reach a global audience, negative perceptions or publicity about the company can be diluted or reversed, and a company’s profile may ascend in its market segment. 

GM’s blogs have received mixed reviews. Many assume that, since they are supported by a corporation, that they are little more than public-relations hype. However, the company reportedly finds it to be a direct link to customers. It has also provided a forum for company executives to respond to media criticism. Ultimately, the amount of buzz the company has received for its extensive foray into blogging may well be its own reward.

However, blogs may be written by employees but not vetted by the organization that employs them, which could expose a company to risk. Robert Scoble, for example, publishes the extremely popular Scobleizer blog, which came to prominence while he was employed as a technical evangelist at Microsoft. For three years, he wrote the blog while employed by Microsoft, in which he would alternately praise and condemn Microsoft, and even applaud its competitors, including Apple and Google. It was his candor and lack of public-relations-speak that contributed to the success of the blog, and brought Microsoft a fair amount of attention (albeit not always good). Scoble left the company to launch, and his Scobleizer blog remains highly popular.

Because blogging’s informal conversational style combines the spontaneity of email with the broad reach of the internet, there is speculation that blogging can sometimes lead down the slippery slope of premature disclosure of business activity, copyright or trademark infringement, plagiarism, or the inadvertent leaking of trade secrets or other confidential information. Even if the blogger is communicating in a personal (rather than a corporate) voice, the perceived "halo effect" of corporate influence might be seen as endorsement of the blog’s content. The result is that the company could be held liable for whatits employees blog, from professional, privileged information (like revealing client records—a violation of regulations or statutes) to the personal (like posting sexually, racially, or ethnically offensive jokes).

Jordan Frank, VP at Traction Software, a knowledge-management firm that integrates the power of blogs and wikis, feels that many overestimate the risk potential. He says, "That employees would use internally oriented blogs and wikis to divulge confidential information beyond the need-to-know audience or make defamatory or otherwise ‘unproductive’ dialog is a myth. This myth is based on a perception that internal use of blogs will mirror that of the soap-box blogs you see on the internet and on a statistically minute number of cases where an employee posted inappropriate information to a public blog." Not surprisingly, Frank is a true believer in the benefits of wikis and blogs outweighing the risk. He says, "The dominant use case for wikis and blogs in the enterprise is activity—not person-centered, where the content shared may be public to the organization or closed to the need-to-know. Rather than creating new channels and opportunities for employees to insult management or spout secrets, these technologies collectively replace or augment existing means of digital communication, such as bulletin boards, document management systems, portals, and email."

An Enterprise Risk Management Strategy
According to Frank, the technology underlying these platforms has evolved and is "built for supporting the freedoms of self-publishing and group editing, while also providing the security and risk controls desired by users and IT alike." User authentication, permission setting, integration with various IT structures, tagging and indexing, archiving protocols, and spam and stop-word filtering all work to minimize the risk while delivering the benefits. "As for any collaboration system," Frank suggests, "Ask what the business process is, and then use the right platform to solve that need."

How should the enterprise deal with worst-case scenarios associated with these technologies? Frank believes in developing a communication policy, regardless of platform. "In such and such a case, the rules are thus and so. Do not disclose information to the public that will get you in trouble with the SEC, whether it’s by phone, email, or bulletin board." Cheryl McKinnon, portfolio manager at Open Text, an enterprise content management provider agrees. She says, "Organizations need to pay less attention to format and more to the content and organizational parameters. Information that was once casual is now in the corporate mainstream."

Sidebar: Strategic Thinking
A number of best practices in communication have been proposed to manage the risks of corporate email, wiki, or blogging platforms. Here are several that are commonly cited: 
  • Develop a sound corporate policy that dictates how business data should be handled. Include the records management, financial, audit, IT, and legal departments in
    developing this policy.
  • Define what constitutes a business record (e.g., subject matter, business issue,
    customer data, predefined metatags)—broadly, any record that has ongoing historical,
    business, legal, or compliance significance. Define what content is to be saved and
    where to save it.
  • Set retention periods for business records. Destroy what is no longer useful.
  • Set guidelines for appropriate use of corporate resources and "voice," both
    internal and external to the company.
  • Educate employees on an ongoing basis about what kind of information should be kept,
    what kinds of legal or regulatory developments are relevant, and what constitutes
    copyright infringement, plagiarism, defamation, and other relevant concerns.
  • Teach employees to respect the company’s proprietary information and confidentiality.
  • Teach employees to respect co-workers, business partners, and the company.
  • Ensure that employees’ communication activities do not interfere with their work.
  • Monitor the system, preferably with technological means, and make employees aware
    of the nature of and necessity for this supervision.

Make copies of the guidelines available in print and online.

Companies Featured



Integrity Interactive

Open Text Corporation

Socialtext Incorporated 

Traction Software 

Page 3 of 3