As blogging's popularity rises, some major companies, including Sun Microsystems and IBM, are encouraging employees to contribute to company-backed Websites. Some even let them rant — Microsoft's Robert Scoble, for example, a popular blogger who stepped down this past summer to work at video-blogging start-up PodTech.net. The one requirement: keep the company's confidential information confidential.
But some employees may be stepping over the line, according to a recent survey by Proofpoint, an E-mail-security-software provider. Nearly 1 in 10 companies has investigated the exposure of material financial information via a blog or message board in the past year, reports the study of 294 respondents. In one case, Google fired an employee just 11 days after he started a blog in which he cited the strong financial growth of the company.
Companies are mistaken if they think blogs don't risk the release of sensitive information, says Michael Weider, CTO of Watchfire, a Website-security firm based in Waltham, Mass. Instead, he says, the first line of defense should be a strongly worded policy for company blogs as well as for personal blogs that employees may write in their spare time.
IBM's blogging policy, for example, is extensive, including the caveat "You must not comment on confidential financial information such as IBM's future business performance, business plans, or prospects anywhere in the world." Such parameters help employees avoid being fired for dishing about their workplaces — cases of which have been reported at Wells Fargo and social-networking site Friendster in the past three years. In 2004, a Kmart employee was fired after his attempt to post positive information about the Thanksgiving shopping weekend revealed internal sales data.
It's not always employees whose online postings put companies in a tough spot: Earlier this year, the Securities and Exchange Commission settled a case against William A. Day, a business owner accused of insider trading. In 2002, Day allegedly posted a coded note online revealing that medical-device company Smith & Nephew planned to acquire all outstanding shares of Oratec Interventions. Subsequently, he bought and sold thousands of Oratec common shares in a three-day period. The acquisition was publicly announced about 24 hours after Day's posting.