The belief that simply because a website encourages collaboration as one of its purposes that it should not be blocked by governments or corporations is flawed. Sites such as facebook allow anyone to create a profile and upload any content they wish. I’m sure facebook has policies against pornographic material etc. however as evidenced on sites such as myspace & facebook, the policing of millions of profiles is not an easy task and inappropriate material will slip through the cracks. Any one who has worked in a Corporation or Government entity should be aware there are policies prohibiting accessing such content with company owned assets. Furthermore, there are legal implications for the Corporation of first knowing the site exists, and then allowing the site to remain accessible to your employees if you are aware it may contain offensive content. While your younger generation may want to use this site for “collaborative” purposes, you will be exposing your organization to legal risks from employees for not practicing due care/diligence. I am sure if an organization would like to open themselves up to more collaborative websites, there is a better way than simply relying on a site such as facebook.

Thanks for your comment. We always appreciate a discussion. However, I think the argument that the government should be policing everything that its employees do is flawed as well. And it is an impossible thing to do. Employees who choose to act in an inappropriate manner have many ways of doing so – email, phone, internal discussion boards etc. A social network, while being a more advanced collaboration tool, is not much different in terms of the “inappropriate” behavior it enables. The agreement (with its restrictions) that every government employee signs in their employment contract should be a sufficient safeguard against improper behavior. Once the person is hired, they should be treated as a professional until they are found to be underperforming or stepping outside the bounds of acceptable behavior. Blocking access to a potentially valuable tool because of the possibility that it will be used inappropriately demonstrates the government’s lack of trust in their own employees.

The assumption that all staff in a large organization are sufficiently technically knowledgable to be able to reliably conform to information security policies is also flawed. If the issue is one of inappropriately disclosing personally identifiable information, possibly leading to identity theft, post facto discipline or corrections are hardly any consolation for those whose privacy has been violated. The organization that needs to respect its duty of care has one of two options:

1. Implement role based access with controls on copying and transferring files identified as confidential. Retro-fitting an IT infrastructure with these capabilities is hugely expensive, disruptive, time consuming, and may not be completely reliable.

2. Mitigate the risk by reducing access to sites that are high risk, including sites that facilitate the uploading of files outside organizational controls, OR that that allow the bypassing of corporate firewalls.

It’s not clear that Facebook fits as a site that should be barred on this basis. If the issue is time wasting employees, then barring access to the site will only mask a problem that needs to be addressed as a management issue. If however there is evidence to suggest that inappropriate files have been transferred with this mechanism, then responsible information managers have little choice.