Entries Tagged 'Policies' ↓

A sensible approach to employees and social media — from a government agency, no less

From the Department of Justice in Victoria, Australia, comes this video to guide employees on the smart use of social media at work. According to Amber MacArthur, writing in The Globe and Mail, “It explains how to engage in smart commenting online and asks employees to be respectful about how they use these tools on the job. While an educational and informative social media policy, whether in online form or in video form, won’t stop everyone from abusing online access, it’s a good start.”

Companies most ready for social media don’t block, experience fewer and less damaging crises

There are great companies, and there are all the rest.

The great companies are places where people want to work, and hence make the list of the top 100 companies to work for. Great companies also tend to be forward-looking. At the Altimeter Group — the analyst firm founded by Groundswell co-author Charlene Li — “Advanced” companies are at far end of the spectrum of efforts to weave social media into their business structures and processes.

Of 144 businesses surveyed for Altimeter’s latest report — Social Business Readiness — only 18 qualified as “Advanced.” The criteria for these organizations include governance models for policies to ensure responsible engagement in social channels, enterprise-wide response processes to ensure timely interactions with customers and other stakeholders, ongoing education and best-practice sharing, and the adoption of a central hub as a part of the organizational structure, often called a “Center of Excellence.”

It’s also worth noting that, like the best companies to work for, companies Altimeter deems “Advanced” don’t block employee access to social media. Or, as the report puts it, “Of the 144 companies we surveyed, all 18 Advanced companies allow rank-and-file employees to use social media professionally.”

This openness isn’t undertaken lightly, though. These organizations also educate and provide guardrails so employees understand how to participate safely and consistently. Detailed results include the following:

  • All 18 Advanced companies have social media policies in place and encourage employees to participate in social media as brand representatives. Among the 18, five require formal approval, seven have pre-defined guidelines and six actively encourage participation among all staff. None discourage staff social media use.
  • Thirteen of the 18 Advanced companies have introduced baseline processes to reinforce and update the policy and to train newly hired staff. Among all companies, only 26% have such processes.
  • 72% of Advanced companies organize ongoing education opportunities for those employees engaged on behalf of the company in social channels. These include brown bag lunches, speaker series and internal conferences. Across the less (or non) Advanced companies, only 34% maintain ongoing education.
  • 72% of Advanced companies have processes that allow employees to share best practices, compared to 35% of all organizations.


One key result of these preparations is a dramatically reduced likelihood of getting caught up in a social media crisis (or limited impact if a crisis does occur). That’s ironic, since one reason the less advanced companies block employee access is fear that employees online will instigate crises.

Will the less advanced companies get the message and take the steps required to weave social media into their business processes? Some will — eventually — and others never will, but there are underlying reasons why they aren’t the best places to work or the most advanced organizations. With their competitors getting on board, you have to wonder how long the least advanced companies with the least desirable work environments will last long.

Note: I’ve posted a summary of the full report and another post highlighting the crisis dimensions of the report.

Is social media “stupid and vainglorious?”

In response to the last post, challenging Barclay Communications’ rationale for blocking employee access to social media, a blogger named Jeremy Probert, on the wordmonger’s blog (lower case is his, not mine), declared social media to be “stupid and vainglorious.” He wrote:

It’s been a long time, gentle readers, since I came across something that deserves an award for its icky, sticky, company hippy nature, its inherent stupidity and intellectual laziness and its truly horrible smug and self-satisfied tone. But today is the day – it chills my very soul to introduce this, the Stop Blocking website and it disheartens me even further to link to this, a piece entitled ‘Demolishing Barclays Communications’ Blocking Argument Point-by-Point’.

At first, I dismissed this as just another business pundit whose worldview hasn’t shifted since “The Organization Man.” But Jeremy does make points that are worth addressing debunking.

Most of Jeremy’s challenges are based on the fact that he read just this post, and didn’t bother with the rest of this blog where his arguments have been addressed repeatedly. Still, there’s nothing wrong with reiterating and reinforcing these points (which Jeremy generously calls “idiocies”):

Apparently, all workers, regardless of status or paygrade, put in extra hours and therefore compensate for any time that they may waste using social networks. Of course they do. In the same way that they all love the company that they work for, its senior management and its brands

We’re mostly talking about information and knowledge workers. And no, not every one of them put in extra hours. However, there is clear evidence from substantial, empirical, comprhensive research that Millennials do. As for those who don’t (and this point will re-emerge repeatedly), clearly communicated and enforced policies will deal with abuse.

Monitoring and addressing productivity is a supervisor’s job, not a IT’s. The consequences of blocking everybody as a means of addressing problem workers is a great way to kill engagement and drop employee trust to zero. As American Express’s vice president of communications James Lynch said yesterday at the Ragan Social Media Summit here at SWIFT headquarters in Belgium, blocking access is not a smart risk-mitigation strategy.

By the way, I’m a believer in public execution. Reward and recognition are the only way to drive culture and behavior change in organization. Announcing to the entire organization that an employee was terminated for violating the company’s policy can do more to keep employees on the straight and narrow than blocking policies that employees can override as easily as pulling out their smart phones.

Productivity suffers if employees can’t connect to social networks at work (thanks, University of Melbourne!). Apparently use of social media ‘resets an employee’s concentration’. How DID we manage to concentrate before?

First, the University of Melbourne didn’t produce the only study to reach this conclusion. Independently, for example, MindLab International conducted research that arrived at the same results. Jeremy can sniff at these results all he likes, but until he can produce research results to the contrary, I’ll continue to point to these studies.

As for how we managed to concentrate before — we didn’t. A colleague of mine — who manages a team at a global consulting firm that produces technology solutions — told me he and his team are under intense pressure to produce a high number of billable hours. Yet after five or six hours of continuous work, concentration slides so badly that work produced after that needs to be redone, so the pressure to put in the hours becomes counterproductive. And he lauds his team as the cream of the coding crop. It’s just, he says, that at a certain point without breaks, concentration declines.

If anyone believes that the workers sitting in rows of desks begins supervised by stern overseers to make sure they didn’t waste time were more productive than today’s workers who do take breaks and visit their online communities is simply deluded.

Because the US Department of Defense has opened its networks to social media, does not mean that LargeCorp Industries LLC (in the business of profit, not homeland security) should – it’s not a question of risk from cyber-attack, it’s a question of perceived need and value. (In any case, I would ask whether the ‘private in the field in Afghanistan’ is free to change his status willy-nilly (‘Safe behind a wall’ to ‘In a ditch with blast concussion’) or to share any sort of geographic or temporal information)

Jeremy, I have to ask if you read Barclay Communications’ argument at all. The very point they made is that opening networks to social media puts networks at risk to cyber-attack. That was their entire point. That’s what I was responding to.

And no, Jeremy, of course not: The Department of Defense, once it decided that social media was a “field of maneuver” rather than a “fortress to be defended” implemented training to ensure soldiers kept both themselves and the unit safe. As DoD senior strategist Jack Holt put it, the military teaches soldiers to be safe in the desert, on the seas, in the skies; they can train them to be safe online. Should you be interested, Jeremy, you can listen to my interview with Jack here or his interview with Eric Schartzman here.

Clearly, I never suggested that companies should simply open their networks. They need to implement policies and guardrails so employees can protect both themselves and the company, and the organization can ensure that they reap the benefits of employees’ online activities while mitigating the risks.

(Doesn’t all of this just sound like common sense? Somehow this escaped Jeremy. Sadly, he’s not alone.)

Company ‘confidentiality can be violated anywhere, even an elevator’. True – but your average elevator holds 12 people and Facebook holds a potentially eavesdropping audience of 450 million. Go figure

I’m not aware of any Facebook account with 450 million friends. Are you? And a privacy violation is a privacy violation. The HIPAA fine won’t be any larger for violation on Facebook than it would be for a violation in an elevator.

The point is that closing off access to Facebook doesn’t solve the problem; educating staff about privacy does.

Of course, Jeremy ignores the rest of Beth Israel Deaconess Medical Center President and CEO’s larger point: blocking Facebook shuts down the ability for employees to build community, and it closes off the communication channel of preference among younger employees. Paul notes that he often gets useful suggestions and ideas from employees who don’t use email. (If you have children who are teens or in their twenties, you know this.)

‘Many employees carry smartphones – or they can (access social media) from home after work’ – again, true. But what they do on their own time is their own business – unless it contravenes company policy on how they may represent themselves as employees, or the laws of the land – in which case they get fired. In the workplace – well, the clue is in the name – ‘work’place. Not ‘fun’place or ‘do-your-own-thing’place

I am frequently accused (as Jeremy does) of being some kind of employee rights advocate. I’m not. I’m a business advocate. Understanding that Millenials (and, to a great degree, GenX) operate in what they call the “weisure” world — the cross-over of work and leisure — is vital. Work happens where it makes sense, whether it’s in an office or at the beach. Why? Because they have grown up as hyperconnected individuals where proximity is not required for work to be done. The idea that proximity is a requirement for knowledge/information workers is a relic of the era from which Jeremy has failed to move.

A study noted by American Express’s Lynch noted than39% of Millennial employees won’t work at companies that block Facebook — or will leave if a new block is implemented. That’s not because they want to have fun, but because Facebook is how they communicate and collaborate. Consider, for example, the results of the study, “The New Symbiosis of Professional Networks,” conducted by SAP in conjunction with the Society for New Communciation Research (SNCR). The study found that organizational decision-makers who have access to their social media peer groups make better and faster decisions. Where, primarily, do those professional peers reside, according to the study? Facebook, LinkedIn, and Twitter. Seventy-six percent of those professionals visit these networks once or more per day, where they…

  • Access thought leadership and information unavailable inside the walls of the company
  • Showcase the company (building brand recognition and supporting organizational goals from recruiting to sales)
  • Increase the speed of collaboration
  • Research business decisions

Another study showed that 40% of IT professionals use social networks to seek advice from peers on technology purchases. Clearly a stupid and vainglorious activity.

As for the whole “fun” thing, no, the workplace doesn’t need to be fun. But employees do need to be engaged (which means they make discretionary effort on the company’s behalf). Companies with large populations of highly engaged employees produce greater growth by far than others. It’s hard to imagine engaged employees in organizations where the first message they hear is, “We don’t trust any of you as far as we can throw you.” It’s also hard to imagine companies blocking access showing high levels of job satisfaction.

As for “do your own thing,” perhaps you’ve heard of a concept called “innovation.” Google practices it, with employees required to spend a certain amount of time innovating based on their own ideas. Have you checked Google’s valuation lately? I’d also point you to the book “Empowered,” by Forrester analysts Josh Bernoff and Ted Schadler, which promotes the idea that employees “own thing” ideas of how to use social media to better serve customers can produce a significant marketplace differentiation.

‘If normal use of bandwidth (this refers to employee use of social media) is slowing (your) network to a crawl, get more bandwidth.’ Just go to your finance guys and ask them to approve an increase in your budget, to purchase bandwidth to allow your employees to update their Facebook statii. That’s bound to work. Job done

Jeremy, please allow me to introduce you to the notion of “making a business case.” This concept involves demonstrating that the investment will produce results that exceed the cost.

All of this is hopelessly Utopian – the ideals of an imaginary world where everyone is nice, contented, loyal and trustworthy. Well, here’s the wake-up call. They’re not, and you need to bear that in mind when thinking about social media use in the workplace.

If your hiring practices result in bringing in employees who don’t embrace the preferred culture of the organization, that’s your fault. You can dismiss all this as “utopian” all you like, but companies like Cisco Systems and zappos.com seek culture fits above all else in their recruiting, and they reap the benefits. Hiring people you don’t trust is an archaic practice. If you engage in it, you have nobody but yourself to blame. To suggest that it’s simply not possible is nothing more than lazy.

Social media is wasteful and vainglorious.

First, this seems odd coming from somebody writing on his blog. But still…

This is the lynchpin statement that showcases the author’s stupendous ignorance. I hear it repeatedly from people who have not made the slightest effort to explore the research that proves precisely the opposite. General Motors is selling cars by allowing employees to talk about their driving experiences on Facebook from work. Sprint is solving customer problems it identifies through employee volunteers on Twitter. Best Buy is driving customers to its stores via 2,500 employees who answer consumer product questions posed on Twitter — from the floor store. Home Depot’s staff can produce videos or test results to respond to home improvement questions posed through social media channels. Through the employees’ social networks, companies are improving recruiting, identifying competitive intelligence, sourcing subject matter expertise, obtaining training…the list goes on.

There are thousands upon thousands of case studies, and hundreds of research studies, that prove the stupidity of such throwaway statements as “social media is wasteful and vainglorious.” The simple fact is, supported by policies and processes, employee engagement in social media can drive growth and profitability.

What is stupid and vainglorious is leaders who dismiss social media despite the avalanche of quantifiable evidence to the contrary.

The illusion of security vs. building community

Pretty much everyone in the healthcare world is buzzing over a Los Angeles Times story from earlier this week that superficially made a strong case for blocking hospital employee access to Facebook.

The article, by Times reporter Molly Hennessy-Fiske, chronicled the case of 60-year-old William Wells, who died at St. Mary Medical Center in Long Beach, California, where he was brought after suffering severe knife wounds inflicted by a fellow resident of his nursing home.

Instead of focusing on treating him, an employee said, St. Mary nurses and other hospital staff did the unthinkable: They snapped photos of the dying man and posted them on Facebook.

The article chronciles a number of incidents at other hospitals involving staff violating patient privacy (and HIPAA) on Facebook, along with the fates of the nurses who posted the information (several were fired). The article has inspired conversation in the healthcare community about the need to block employee access to Facebook.

It’s a kneejerk reaction. After all, before social media, it was just as easy to share inappropriate, confidential information via email. (And, at one point in the early 1990s, organizations everywhere resisted the use of email for exactly that reason.)

Beth Israel Deaconess Medical Center President and CEO Paul Levy has written perhaps the best analysis of the St. Mary case and the resulting flurry of blocking commentary. Levy’s excellent post concludes:

If you block Facebook on the hospital server, will it nonetheless be used in the wrong way by misguided people? Yes. They will use their iPhones or some other such handheld devices.

I know this sounds like the pro-gun argument, “Guns don’t kill people. People do.” However you might feel about that issue, this one is different. By blocking this medium on your hospital server, you will remove a highly effective communications tool, all because you are fearful that a few misguided people will misuse it. You trade the illusion of security for a loss of community.

In an earlier post dating back to October 2009, Levy also noted that blocking Facebook creates “a generational gap, in that Facebook, in particular, is often the medium of choice for people of a certain age. I often get many useful suggestions from staff in their 20’s and 30’s who tend not to use email.”

I’m currently reading a book, “The 2020 Workplace,” which delves deeply into the work habits and expectations of the Millennial Generation (born between 1977 and 1997); indeed, email is viewed (correctly) as an inefficient means of communication given more effective tools. As your Millennial kids how much they use email.

Blaming Facebook (or MySpace or Twitter or what-have-you) for human behavior that can be practiced with email, Usenet news groups, the telephone or in the elevator is not only misguided; it turns a blind eye to the more effective channels for communication that can actually improve communication in your institution. If you remember policies banning email in your organization in the early 90s, it’s easy to see today’s blocking policies as a failure to learn from mistakes made a mere 20 years ago.

The entire post is worth a careful reading, especially if your organization is on the brink of blocking staff access with the deluded expectation that it’ll solve a problem the roots of which have nothing at all to do with Facebook.

Why can’t business behave more like the U.S. military?

I continue to be impressed with the way the US Department of Defense (DoDis handling staff use of social media. As most organizations continue to succumb to the FUD factor by blocking employee access, the DoD recognizes the importance of online engagement by staff at all levels — from Pentagon workers to soldiers in the field.

If ever an organization was security-conscious, it’s the DoD. Yet they’ve managed to address security concerns while trusting hundreds of thousands of members of the organization to represent the DoD well in social forums.

A Social Media Hub has been added to the DoD’s arsenal of social media tools — another approach from which mainstream business can learn. While the DoD hub is accessible to the general public, it would be equally easy to create something like this on a corporate intranet as a resource for employees.

The home page of the hub proclaims, “ocial media is an integral part of Department of Defense operations. This site is designed to help the DoD community use social media and other internet-based capabilities to share responsibly and effectively, both in official and unofficial capacities.”

The site offers three core categories of information:

  • Learning and Resources — “I’m concerned about social media and I need…” reads the introduction to this section, which leads to education and training resources, social media guides and examples.
  • Policies and Procedures — This section begins with “I manage an official DoD social media presence and I want to…” which directs visitors to policies, user agreements and a form to register a page with the DoD.
  • Collaborate and Connect — “I have questions about social media,” reads the introduction to this section, “and I want to…” Visitors can access discussion forums, FAQs and an Ask the Experts section (a contact form).

The page includes many of the elements more commonly seen on inidividuals’ social media channels, like retweet and Facebook share buttons. The site walks the talk in other ways, such as the embedding of SlideShare presentations in the Examples section.

Access to resources like this can reinforce policies and training and raise the confidence of employees who know they have somewhere to go where they can not only review the rules but ask questions, view case studies and have conversations with others in the organization.

Once again, I’m left wondering: Why can a command and control-centric organization like the US military take such a rational approach to social media while the average US corporation behaves more like we’d expect the military to behave?

(Cross-posted from a shel of my former self.)

Does blocking access to students make any more sense than blocking employees?

I’ve been intrigued, since launching this site, by the inordinate number of comments left by high school students. After all, the Stop Blocking initiative is aimed at business, not academia. But Voce Communications’ Doug Haslam pointed me to a notice that Newton North High School — close to Doug’s Boston home — is considering shutting down student access to Facebook.

According to the Newton North Library’s Learning Commons website:

This is being debated at SFA (Student Faculty Administration). Your input will help SFA decide. The next meeting is April 13th @ 7:00am in the library. It is open for all students and staff to attend. (Note: Facebook is currently blocked at all Newton Public Schools.)

A poll included with the item currently stands at 370 votes against blocking and 87 in favor. The cynic in me suspects it was mostly students casting the opposing votes and parents voting yes.

The comments left to the item on the Wicked Local blog that directed me to the Learning Commons site, however, got me thinking more about the issue. The impetus behind the ban is at least partly based on the worry that kids use Facebook to bully others. One comment, for example, reads…

I am a private tutor in Newton. Just this year, I have had 3 Newton students (2 from North, 1 from South) who have been involved with the Newton police due to cyberbullying via Facebook. I am not sure what the outcome was, but I know for a fact that there were threats and there was police involvement.

Bullying is a problem, to be sure. It was a problem when I was in school, and when my parents were in school. The recent case in South Hadley, Massachusetts — in which nine teens were indicted for their roles in relentlessly bullying a 15-year-old girl who was driven to kill herself — is another tragedy that points to a serious need for action.

But blaming the Internet or Facebook is a mistake. In fact, I don’t care for the term “cyberbullying.” Is bullying that takes place over the phone called “phonebullying?” The venue is irrelevant. The channel isn’t the problem. The problem is the attitude that some kids have that bullying is okay wherever they can engage in it.

The situation reminds me of hospital CEO Paul Levy’s reaction when he learned that another hospital in the area was blocking Facebook because some staff members had violated HIPAA — the regulation that protects patient privacy — on Facebook. Levy, of Beth Israel Deaconess Medical Center (also in Boston), wrote on his “Running a Hospital” blog:

Any form of communication (even conversations in the elevator!) can violate important privacy rules, but limiting people’s access to social media in the workplace will mainly inhibit the growth of community and discourage useful information sharing. It also creates a generational gap, in that Facebook, in particular, is often the medium of choice for people of a certain age. I often get many useful suggestions from staff in their 20’s and 30’s who tend not to use email. Finally, consider the cost of building and using tools that attempt to “track utilization and monitor content.” Not worth the effort, I say.

Interestingly, the use of Facebook under consideration at Newton North involves a portal for parents, where they could view information relevant to their childrens’ education, including homework and projects.

I see multiple problems, though, with blocking kids’ access. First, many of them — like their counterparts in the business world — don’t need the school’s computers to access Facebook; they can do that just fine on their mobile phones. Lack of access from school won’t stop cyberbullying, either; they’ll just do it when they get home to their own computers.

But what’s really at issue is starting to teach using the channels that kids are already using in a manner that reflects the way peopale will be working and learning with increasing frequency. Collaborating on team projects makes more sense on Facebook than a proprietary school system because Facebook is (for now) the network they’ll continue to use in college and then in the work world. (A recent study (PDF file) from the Society for New Communication Research (SNCR) determined that decision-makers in the business world are making faster and better decisions by tapping their Social Media Peer Groups (SMPGs) via Facebook and LinkedIn. Failing to guide students in the use of the resources they’ll be required to use just to get their jobs done by the time they graduate is a failure of the education system.

I’m not talking about unrestricted Facebook use while students should be focused on schoolwork. But teachers need to begin figuring out how to incorporate social networking into their teaching plans in order for the coursework to be truly relevant. The idea that people work in isolation is fast becoming outdated, as the SNCR study reveals; teaching kids to do schoolwork in a vacuum is not preparing them for the processes they’ll need to understand when they go to college (where online collaboration is just the extension of the age-old study group) and then when they enter the world of work.

That is, teachers should be teaching the ways social neteworks can benefit their learning while actively discouraging bullying of any kind. The issues are, in fact, mutually exclusive.

Doug Haslam himself gets the final word, from a comment he left to the Wicked Local blog:

The thing is, people will form their own groups where they want regardless of what is “blocked.” It makes sense for schools to have some presence on Facebook — not to supervise or watch, but to participate as part of a community.

A proprietary network makes sense as far as assignments, but experimenting — as class groups, in the right circumstances — with Facebook and other social tools is a way to tap into how people are now working together in the real world.

That doesn’t mean students should be using Facebook during school hours to play Farmville, just as it shouldn’t in the workplace (where, for the most part, Facebook should not be blocked either. But, there are some applications. As someone astutely said (in an earlier comment), high school kids are on Facebook anyway. Maybe we should teach them how to use it to be better community citizens (online and off) rather than ignore it at our peril.

Blocking isn’t the only way to maintain security

Cross-posted from my primary blog, a shel of my former self

In a comment left recently to a post I wrote for Stop Blocking back in October 2007 about malware on Facebook, David Jones with CommerceMicro wrote:

Stupid, out dated information.

We have users that repeatedly get infected with viruses and spyware no matter what level or type of antivirus and antispyware software we install. It’s rather odd that ONLY THOSE particular users get re-infected day after day and that they all have MySpace accounts, FaceBook accounts, or whatever. Their employers have to continually pay us to come and clean these infections.

My reply was a bit terse. I asked Jones if he believed all the companies that don’t block access were lying about not encountering the problems he cited. (And no, I wasn’t snarky enough to point out that “outdated” is one word.)

The security issue does, however, appear to be supplanting productivity concerns as the main reason companies block access to Facebook and other social media sites. Among the dominant social networks, Facebook presents the biggest risk to company security, according to 60% of the respondents to a survey of 500 companies conducted by Sophos, an IT security organization. No other network comes close. MySpace ranks second, with 18% of companies identifying it as a concern, followed by Twitter (17%) and LinkedIn (4%).

The concerns are not illegitimate. The incidents of reported malware and spam attacks through social networks has jumped 70% since April of last year. Social networks have become common launching pads fore a couple of particularly nasty worms. The risk of infection, though, is not the only security issue that keeps IT staff up at night. Employees’ individual behavior represents a risk, particularly as web-unsavvy employees fall prey to phishing and other devious ploys. And then there’s the fear that employees will share information they shouldn’t.

Sarah Perez goes into considerable detail on the Sophos report in her post on ReadWriteWeb. Perez also notes that even Sophos isn’t advocating an outright block, despite the study’s findings:

Unfortunately for those in charge of enforcing corporate security, simply blocking Facebook and other social networks via URL is not a realistic solution anymore. The networks are often a large part of a company’s marketing and sales strategies, notes Sophos, meaning they cannot be blocked outright. Instead, companies are encouraged to use a unified approach for mitigating threats that combines data monitoring, malware protection and granular access for their employees.

A Financial Times article (free registration required) has the same advice, noting that organizations have too much to gain from employee interactions on social networks. The article, penned by the head of an information risk management and e-discovery firm, rightly notes that leetting employees access social networks from work gives them “the ability to locate the right people, information and expertise quickly, but they also greatly aid external networking, sales and marketing activities.”

The article (which I discovered on the Idea Peepshow blog, notes thyat 89% of businesses in the UK have no policies governing employee use of social networks and calls for companies to establish and enforce such policies.

As I’ve noted before, protecting the company is a matter of ensuring the proper network safeguards are in place (such as anti-malware/spyware software and the latest virus definitions) and that employees understand their responsibilities.

It works in a lot of companies that don’t block access. It can work in yours.

Boston hospital jerks its knee, blocks employee access

Abuse of an established company policy is a management issue. Even when it involves company systems, it is not an IT issue. The abdication of management responsibilities to IT may briefly create the perception that the problem has been solved. In fact, a larger problem has been created.

Consider the case of a Boston-area hospital which has blocked access for all of its employees to social networking sites. According to a memo issued to employees,

The decision is based on recent evidence that some employees have been using these sites to comment on Hospital business, which is a violation of the Hospital’s Electronic Communications policy and a potential HIPAA violation.

In other words, the actions of a few employees have led the hospital’s management to ban access to these resources for all employees, including those who have abided by the hospital’s Electronic Communications policy. The message this sends to the majority of employees who play by the rules:

Your good behavior is irrelevant. We have opted to trust none of you.

This message can only result in deterioration of employee commitment and engagement. It would have taken more effort for the hospital to identify those who absued the privilege and discipline them according to the established policy. It would also have required some effort to communicate to the rest of the workforce that the hospital regretfully had to enforce the policy, and will continue to enforce it.

But employee behaviors are managed through reward and recognition. Recognizing that consequences will befall employees who violate policies is a sure way to obtain compliance. Sadly, it is far easier to simply block everybody than to take the correct steps.

But this hospital goes one jaw-dropping step further, noting in the memo that…

The Executive Team will be working in the coming months to ensure that we have written policies in place that articulate the appropriate use of social networking sites while on duty at the Hospital. Once these written policies are in place, we have educated all employees about expectations and disciplinary action associated with violating the policies, and we have the appropriate IS tools in place to track utilization and monitor content, we will consider once again providing access to these sites. We expect this will take a period of about 6 months.

Six months?

Several hospital social media policies are in place and available online, including those of The Mayo Clinic, M.D. Anderson Cancer Center, Henry Ford Health, and The Cleveland Clinic. Why should even the most tangled of bureaucracies require six months to review the best practices and put a policy in place?

Finally, as I have noted before, most employees have cell phones and will be able to post exactly the same HIPAA violations to the same networks using their personal Internet-connected devices. Blocking access on hospital computers will prevent exactly nothing.

This is precisely the kind of brain-dead, mindless, knee-jerk reaction that is crippling organizations as they move ienvitably into a networked ecosystem. I learned about the situation on “Running a Hospital,” the blog by Paul Levy, CEO of another Boston-area hospital, Beth Israel Deaconess. Paul published the hospital memo in its entirety, but introduced it, in part, with these words:

you can guess my view of this: Any form of communication (even conversations in the elevator!) can violate important privacy rules, but limiting people’s access to social media in the workplace will mainly inhibit the growth of community and discourage useful information sharing. It also creates a generational gap, in that Facebook, in particular, is often the medium of choice for people of a certain age. I often get many useful suggestions from staff in their 20’s and 30’s who tend not to use email. Finally, consider the cost of building and using tools that attempt to “track utilization and monitor content.” Not worth the effort, I say.

There are voices of reason with an eye on the long-term view in the world of business. We need to spread those voices and offer the alternatives to mindless blocking of all content from all employees.

In this case, a clearly-communicated and enforced policy would have done the trick. Instead, this unnamed Boston-area hospital has taken proactive steps to disenfranchising its workforce while inhibiting the sharing of information and keeping virtually no employees from using these social sites.

Good move.

Personal wireless devices: How employees route around obstacles

I missed this USA Today report from October 17 on issues surrounding employees who view pornography in the workplace.  The article raises some intriguing issues, including a focus on lawsuits stemming from employees who felt harrassed by colleagues’ viewing of porn. On the other hand, the article points out that only 6% of men and 5% of women surveyed acknowledged that they deliberately looked at online porn at work. Doesn’t it seem excessive to block everybody based on the behavior of 5% of the population? What does that do to trust and engagement? Surely this can be handled as a management issue instead of taking the technology approach.

More interesting to me, however, is the fact that employees are easily accessing this content even when their companies have blocked access. They’re doing it over their cell phones and their wirelessly-connected laptops — personal gear brought to work over which the company has no control.

You knew this was inevitable, right? As the use of personal wireless devices at work increases (for uses other than porn), companies may just have to face up to the fact that technical solutions are the wrong approach and that training, communication, and a slavish commitment to following through on consequences for those who violate policies will have a much greater effect.