As blogging makes its way into the business world, companies need to be aware of the risks as well as the rewards of the latest mass communication phenomenon.
“Blogs are a rapidly growing tool that especially younger employees really love, but they open up organizations to more risk than ever,” said Nancy Flynn, tech expert and director of the ePolicy Institute.
Flynn is the author of the popular “Rules” series, which include manuals on e-mail, instant messaging and her most recent publication, “Blog Rules.”
For lawyers or law firms interested in jumping into the blogosphere, or employment lawyers advising their clients, Flynn discussed some of her rules in more detail.
What is a “business blog”?
A business blog refers to either to an internal or external blog operated by an organization. Internally, the blog is used as a way for employees to share ideas and communicate quickly with each other; externally, it can be used a communication tool with clients or customers.
Why is blogging so dangerous?
The purpose of blogs is to express an opinion – more first person than a traditional website. That means that people are inclined to write posts that contain gossip, rumors or they might bad-mouth their employer. All the risks of instant messaging (IM) and e-mail are transferred to the blogosphere, only intensified. One example of how that’s possible is that bloggers can be held liable as publishers of the information posted on their sites. If someone comments on something but posts copyright-protected material, the blog owner could be liable for third-party copyright infringement with the potential for treble damages.
What are some of the specific risks involved in blogging?
There are certainly litigation risks. For example, copyright infringement, invasion of privacy, defamation, hostile work environment or sexual harassment claims, as well as potential discovery disasters, are all possibilities with blogs. Blogs also put organizations at tremendous risk for security breaches, with the potential loss of trade secrets, financial information or other confidential material. Any organization that is regulated by the SEC, HIPAA, Sarbanes-Oxley or Gramm-Leach-Bliley, or anything else, should realize the regs apply to their blogs as well.
Explain what you mean by “discovery disasters.”
As we’ve seen in the news recently, corporations already have problems managing their electronic business records, such as e-mail. Both blog posts and comments entered by readers can generate business records and be used as evidence in a case. The ePolicy Institute recently conducted its 2006 survey of workplace e-mail, instant messaging and blog use in conjunction with the American Management Association, and we learned that only 3 percent of businesses have a policy for dealing with blog record retention. So this is a huge problem – employees are creating business records, but the company isn’t bothering to retain them, which could be a huge liability risk. And permalinks make the situation even worse.
What’s the danger with permalinks?
One of the things that makes blogs so risky is that bloggers want to attract as many incoming and outgoing links as possible in order to get a high search engine ranking. So you want other websites’ permanent links, or permalinks, to your content. But it’s a double-edged sword: if someone posts a defamatory comment, for example, you can remove it from your blog. But even if you take it down, other blogs might have already linked to the comment, and it is now in the blogosphere forever. Blogs are the electronic equivalent of DNA evidence.
Are there also non-legal risks?
Absolutely. An organization could be the victim of a “blogstorm” – a situation created when bloggers unite to attack companies or individuals who they feel are behaving in some inappropriate way. Kryptonite Lock, for example, experienced an orchestrated attack in the blogosphere a few years ago and lost millions in just a few days. In addition, there is a concern about productivity. From surveys, we know that employees average two hours a day e-mailing and using IM. Now add blogging to that mix…
Of course! Blogs are an easy and inexpensive way to publish content and ideas, and facilitate communication about your organization, both internally and externally. If you are a law firm, you can post the details of a case after a big win, or if you are a company, you can deliver information to your customers quickly and get feedback from them equally quickly. One new trend is the “CEO blog,” where the organization’s CEO posts his or her thoughts for the company. Blogs are used by a lot of companies as a tool to build community, and if your organization wants to recruit a young work force, having a blog could help.
So how does it balance out?
The first thing I recommend before starting up a blog is to sit down and really give some thought about the goal of the blog: do we, as an organization, really have a reason to have a blog? You don’t want to use it as a sales or promotion tool, because you will be attacked by the blogosphere. Blogs are intended to have a lot of content, or express an opinion. If that fits with your organization, then the second issue is to make sure you have someone on staff who can write compelling copy and has the time to post new content frequently – new content should be posted at least on a weekly basis.
What other recommendations do you have?
This is a split from the majority of the blogosphere, but I recommend organizations that operate business blogs – particularly external blogs – assign a lawyer or another responsible party to review comments and posts before they are published online. The blogosphere emphasizes transparency, and being open and honest, and that’s a good thing. But given the risks, I think it’s a best practice for organizations to take a look at entries prior to posting. I also recommend that all companies, even those without a blog, use blog monitoring tools to find out what employees and competitors are saying about you in the blogosphere.
Should employers be concerned about employee blogs?
It is essential to have a policy in place that clearly expresses to employees what the blog rules are – not only for the organization’s blogs, but for their own personal blogs. Employees need to understand that they can be fired for blogging at home, on their own computer, on their own time. A problem is that a majority of bloggers believe that the First Amendment gives them the right to say whatever they want on their personal blogs, and employers really need to do a better job of educating employees about the true extent of their privacy rights.
I have to ask: do you have a blog?
I am in the middle of putting my blog together and testing it! As soon as it is ready to roll, there will be a link on our website, www.ePolicyInstitute.com, so everyone can check it out.
Questions or comments can be directed to the writer at: firstname.lastname@example.org