I’ll never stop thanking Susan Scrupski for the tremendous work she’s carrying on with the 2.0 Adoption Council towards a systematic and mature understanding of the most controversial aspects of Enterprise 2.0.
After the recent A Framework for 2.0 Adoption in the Enterprise report, yesterday a new research titled Implementing Enterprise 2.0 Within the European Union. Transparency and Emergence vs Privacy and Compliance has been released to discuss the issue of privacy management in participatory initiatives spanning multiple countries.
What makes this debate so urgent? Here are some reasons:
- If the some of the crucial contributions Enterprise 2.0 brings are a stronger openness and transparency in order to increase information sharing and collaboration, security and privacy still need to be seriously considered especially in Europe to guarantee the rights of individuals
- The increase in transparency, interaction and persistence fostered by real-time communication and collaboration tools does not directly introduce new privacy risks but anyway makes it even more complicated to manage existing privacy issues also considering the typical Enterprise 2.0 approach, quite disrespectful of departmental and national boundaries
- On the other hand, completely closing down new collaborative approaches upfront is no longer an economically acceptable way due to the deep impacts this would have on competitive advantage, corporate knowledge sharing and the development of new business models
- The intensity with which privacy laws and regulations are impacting the deployment of Enterprise 2.0 platforms greatly varies depending on the specific culture and industry in which the company is operating
- Multinational companies are requested to face challenges not yet fully addressed by existing regulatory norms and, to make it even more complex, any prevalent organizational culture still needs to confront itself with variable regional (and local) behaviors
- The technology to manage and monitor the respect of privacy is not yet mature
To shed some light on this long list of drivers and issues, I invite you to go and read the full report (sponsored by NewsGator and produced by Information Architected) produced interviewing six companies (including CSC, Intel and Océ) of the 2.0 Adoption Council.
Here are some messages that I consider particularly significant:
- The importance of privacy in the use of Enterprise 2.0 tools varies widely depending on the organization’s culture, but cannot be in any case ignored
- None of the cases studied exposed a situation where privacy issues have led to the block of the initiative, but privacy can profoundly affect both the functionality available to users (tagging, bookmarking, social networking, voting most at risk from this point of view) and the governance model
- Privacy must not be confused (and therefore governed in the same way) with security and legal compliance of the information exchanged. On the contrary, a specific privacy policy that fits within the cultural context and the security settings already in place has to be developed
- Privacy laws in Europe are not universal. Policy must always consider and respect both the regional laws and the requests coming from local trade unions (with some potentially rather strange situations like different habits in different cities)
- In very simplistic terms, the ultimate aim of privacy laws is to protect users and their content from being used in wrong ways by their company. If with the web 2.0 the general approach has been to automatically associate content’s property to the platform hosting it, in the Enterprise 2.0 exactly the opposite is true and the content is seen as an asset of the employee that needs to explicitly approve any use by the company
- Given the inadequacies of European laws on privacy, especially when working across different countries, the wisest choice seems to be setting broad and flexible guidelines that can be interpreted on a case by case basis and refined when the regulatory framework improves
- The report introduces a quite interesting taxonomy of the organizational approaches to managing privacy based on the risk tolerance/propensity: S (privacy strictly respected), S / c (strict respect of privacy, but with a strong focus on collaboration), s / C (The collaboration comes first, but privacy is still important), C (collaboration is seen as a key driver and privacy tends to follow). Understanding the most suitable approach for your company’s culture enables more robust and aligned choices
- Within organizations, a little more open to experimentation and collaboration (C category), pilots are a great way to understand and correctly address privacy related aspects
- Technology (and especially Enterprise 2.0 platforms) are lagging behind on privacy, especially with regard to European legislation. This is partly due to local differences, but also the origin of many of the platforms, the United States, where attention to privacy is much less needed. Compensating for these limitations often requires very long and expensive customizations
- Asking the opt-in from users for the use of the uploaded content is a frequent option that anyway cannot fully solve all privacy connected issues/needs
- A good rule of thumb is discussing the privacy policy early at the beginning of the project, involving several business functions (Legal Office, Security, Human Resources) and to revise the guidelines iteratively and periodically depending on actual use and feedbacks from the users
- Even when tools or specific functionalities are made to reinforce privacy, they are often ignored by companies because the same reports sometimes introduce privacy concerns
What do you think? Is privacy a major concern with Enterprise 2.0 initiatives in Europe or is it still a very remote issue given the state of the market?
This post is also available in: Italian