11 Replies Latest reply on Jun 7, 2011 5:54 PM by Ted Hopton

    What if they reveal the secret sauce?

    Andrew Kratz

      As we move forward with our pilot and prepare to launch our internal community, how do you convince managers that people will not accidentally publicly post confidential information?  We have groups looking to opt-out due to this fear.

        • Re: What if they reveal the secret sauce?
          shannon_marie

          The question I used (that resonated with some of our leadership here) is: Does your company use email? How do they know that people won't accidentally send an email that contains confidential information?

           

          An internal community is no more "dangerous" than a send-all email list.

           

          Hold employees accountable to the information they post, educate them about what and what not to post, and then trust them.

           

          Hope this helps!

            • Re: What if they reveal the secret sauce?

              Well said, shannon_marie. An important piece of education will be how to give access and permissions to only those people who need it. At the State of Oregon, we have many workgroups who create secret groups and private spaces, so that only their members can access the information*. There is a professional trust amongst colleagues that they will keep the information confidential. An employer needs to trust their employees to handle the level of security they have given them. If they trust their employees to send the information through e-mail, keep it in electronic and paper files, and not send it to the local paper, then they can trust them to handle information in an internal community the same way.

               

              *To provide clarity, we adhere to public information requests containing information on our instance. The information shared falls under the same rules all other information does.

               

              Roy also has a great point of discussion.

              • Re: What if they reveal the secret sauce?
                Andrew Kratz

                I use the email analogy a lot as well.  I do think there is a point to be made that it is easier to make a mistake in Jive and accidentally post something to a public group rather then the private group you meant to post into..versus accidentally sending to your full email distribution list.  Especially in the early going when email is second nature to your population where Jive is not.     But email as an analogy is useful...thanks.

                • Re: What if they reveal the secret sauce?
                  crossman

                  Agree with this tact. People are just as likely to "do the wrong thing" via email or over drinks at a bar than they would within an internal community.

                    • Re: What if they reveal the secret sauce?

                      To my colleague Andrew’s point earlier, the question is not about intent, or trust or what can be done in email today. The fact that employees CAN share the secret sauce with the entire population with relative ease is making some managers very uncomfortable. Although comments made at the bar, water cooler or lunch room can be spread without any record, posting a comment to a group of thousands is instant. How do we counter that argument? They know it’s possible in email. They know it’s unlikely in a social environment that’s much more transparent than email. They know we’ll be able to identify who said what. But it’s still possible to do and that’s the concern.

                        • Re: What if they reveal the secret sauce?
                          Ted Hopton

                          I think the fact that everyone is accountable by being identified for every action they take in Jive is an essential point. Accountability in the workplace is a great driver of compliance. People need to be taught the rules and, more important, the reasons behind them.

                           

                          Then you need to trust them.

                          1 person found this helpful
                          • Re: What if they reveal the secret sauce?
                            shannon_marie

                            I don't think "possible to do" should be the risk measure, but instead would encourage management to consider the likelihood of it actually happening.

                             

                            I manage an internal community of 25,000+ users. We recently conducted a security audit to answer just that question and discovered that ... people aren't posting content that they're not supposed to post.

                             

                            I'd be curious to hear from other internal community managers how frequently it happens in their instance that someone posts something that poses a genuine threat to the information security of the organization.

                             

                            In the meantime, I'd suggestion focusing on educating users and having a solid, well-oiled plan of action for what to do if something confidential is posted. Those two things should minimize the perceived risk to a digestible level.

                      • Re: What if they reveal the secret sauce?
                        rwilsker

                        We emphasize with all of our employees that the business collaboration system is another form of electronic communications, so the posting of information there is covered by the same rules as are involved with email, file shares, SharePoint, etc., and is also covered by our overall Guide to Employee Behavior.

                         

                        We also go over the range of options is Jive - from open to secret groups - and tie that training to a discussion of how to treat confidential information.

                         

                        When talking to managers, I make that point that if someone posts inappropriate information, there are mechanisms, such as the Report Abuse button, that enable users to notify administrators of such an issue and that we are likely to find and remove such information much more quickly in Jive than if the same information were emailed, since there is greater visibility in Jive (whereas an inappropriately emailed file may not show up until it appears years later in a court case.)

                         

                        We also emphasize that if information is truly extremely sensitive, then we have other, much more protected, places where limited collaboration can take place.

                        1 person found this helpful