Last Tuesday, the Wall Street Journal reported on the SEC’s ruling that Social Media sites such as Twitter and Facebook are appropriate and legal disclosure channels, as long as the company acknowledges which sites they will use for disclosure. Not only does the ruling reflect the profound impact Social Media has had on business communications, it has major implications in the realm of Identity Management as well.
The ruling was sparked by controversy over NetFlix CEO Reed Hastings bragging about a corporate milestone on his personal Facebook page. Because his facebook posting resulted in an increase in NetFlix’s stock price, the SEC felt he might have broken Fair Disclosure laws. While the SEC will not be taking action against Hastings, what the SEC’s ruling does is force companies to claim what digital identities are legally associated with their brand.
Where does a company’s corporate digital identity end and an end user’s individual digital identity begin?
This same question arose two months ago when HMV employee Poppy Rose live-tweeted a mass layoff, including her own, from HMV’s corporate Twitter account. As we mentioned in our blog, a company’s Digital identity – its online brand – is driven by the CMO, while enterprise IAM, managing who has access to what, has always been considered a back office, enterprise IT function, under the purview of the CIO.
Social Media is completely shifting the landscape, and Social Media platforms – even those that are free – are SaaS apps. Because these applications are not owned/managed by the enterprise, they are often overlooked. This creates all kinds of Governance, Risk and Compliance exposure, especially when the company has limited visibility and control over end user’s online activities, and no policies addressing what users can or cannot post about the company on their personal accounts.
According to the Wall Street Journal article…
To read the full article visit Identropy’s blog site
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.