One of the biggest challenges facing compliance officers is ignorance. Ignorance in the form of end users not familiar with the all the requirements of protecting data as demanded by compliance regulations.
A real culprit in such scenarios is email, in which users accidentally email protected information, violating some obscure regulation. There is no malicious intent — typically they’re just trying to solve a problem or grease the wheels of a transaction, but in so doing produce an auditable event.
Many times the data involved may have been a Social Security number, medical information or some esoteric piece of information. Most businesses solve the problem by incorporating data loss protection (DLP) solutions, which can scan email to ensure that protected information never leaves the building. This approach has worked relatively well.
But today we have a new challenge, one presented by sites such as Facebook, LinkedIn, Twitter and other social networking tools. These tools have made it far too easy to post protected information, putting a business at risk for violating any number of compliance regulations. But thanks to an alliance between Microsoft’s Bing and Facebook, the problem has become an even bigger threat.
Simply put, this alliance allows anyone to use a powerful search engine to find content on social networks, a trend that is only going to grow. While that may be great for users looking for movie reviews, it won’t be long before someone starts using this technology to search for proprietary information across the millions of Facebook posts.
The simple solution is to block access to Facebook and other social networking sites from the corporate network, but that may not be feasible. For instance, how do you handle a worker who goes home, uses their personal computer to update their Facebook account, and accidentally violates a compliance rule?
Obviously, there are no easy answers to that situation, but educating users on what data fits under the realm of compliance may be the best start to solving what may appear to be the unsolvable problem of properly protecting data.
How is your company dealing with the effect of social networking tools on compliance? I would love to hear about it.
Frank Ohlhorst is an award-winning technology journalist, professional speaker and IT business consultant with more than 25 years of experience in the technology arena. He has written for several leading technology publications, including Computerworld, TechTarget, PCWorld, ExtremeTech and Tom’s Hardware, and business publications including Entrepreneur and BNET. Ohlhorst was also executive technology editor at eWEEK and director of CRN Test Center.