Are your data policies jeopardizing your company's security and reputation?

Engaging in social media and online networking can mean anything from having a brand presence on Facebook to editors tweeting live from an event, commenting on blogs, or even brainstorming on a collaboration platform.

All this open kumbaya is exactly the kind of information sharing that makes some publishers skittish about engaging their brands in online networking platforms. But loss of control of content isn’t the only fear publishers have about the social Web—data breaches of company information or user data also are a serious concern.

Social problems

Nearly half of the attendees of a Ponemon Institute webinar on data security and online networking revealed that their companies did not have a policy plan in place to promote awareness of privacy risks associated with online networking. So what are the risks, exactly?

According to the Ponemon webinar, 71 percent of online networking websites state in their privacy policies that they reserve the right to share user data with third parties. The webinar also revealed that a fraction of a percent of users polled in a survey change their default settings to control who can view their profiles, and half of respondents don't know who can view their profiles. Apply this information to a brand profile, as well as individual employees that represent that brand, and it becomes clear why publishers are wary of engaging.

Consider this: One-third of survey respondents cited in the webinar include three or more pieces of personal information—including names, dates of birth and email addresses—in their online networking profiles that could lead to identity theft or a data breach. As the use of online networking and collaboration tools becomes more prevalent in media companies, these risks increase.

Liability and bad reputations

On the user/subscriber information side, data breaches can lead to liability issues.  Companies that accept credit card or Social Security information that becomes compromised are responsible for disclosing the breach, or they may face fines (the average cost for a data breach is $202 per record) or even incarceration, according to information security expert Philip Alexander, author of Information Security: A Manager's Guide to Thwarting Data Thieves and Hackers and Data Breach Disclosure Laws: A State by State Perspective.

Most publishers are only collecting registration data, however, which doesn't by law require disclosure if breached. But the danger of shaken customer confidence for not disclosing a breach can be equally damaging to a brand, according to Alexander.

Before any of these scenarios happen on your watch, prioritize implementing a policy plan to identify privacy risks associated with online networking and collaboration and how to avoid them. Also make sure your data security program, as well as a plan for dealing with possible violations, is up to date. Be sure to consider a plan of action in case your users / subscribers' data is jeopardized, keeping in mind possible reputational impact.

Alexander offers these additional tips: Only gather the information from users that you absolutely need, and don't use Social Security numbers as identifiers, in order to avoid greater liability risk.