Brian Bowman, lawyer with Pitblado LLP, led the discussion at the IIMA’s Online Reputation Management seminar last night. A specialist in privacy and information law, Brian talked about the challenges that social networks such as Facebook and MySpace create in managing the reputation of individuals or organizations. Opening the session, he shared his own challenge in reputation management: there was another Brian Bowman, also a lawyer living in Winnipeg, who was disbarred. He is frequently faced with clarifying that he is still in good standing in his profession.
While studies show that Canadians are concerned about privacy, and have low faith that companies will adequately protect it, social networks are encouraging users to share more of their personal information online. Bowman warned that the biggest threat to your privacy is you. Users commonly agree to online terms of service without reading them, and may be consenting to overly broad uses of personal information. Be mindful of what you post online, and remember that privacy is not absolute; there may be laws that require release of data.
For organizations, investing in privacy compliance and data security is essential. This defence is far less expensive than the negative PR and legal action that can result from a leak of personal information. A recent example is the theft of 20M credit card numbers from TJX Cos., parent company of Winners and HomeSense . It made international news as one of the largest leaks of personal information ever, and prompted class-action lawsuits. At the same time, not all information leaks come from the outside. Employees may post sensitive information on social networks or blogs. Well defined company policies, and the blocking of select websites in the workplace can mitigate this risk.
Bowman related the difficulties of dealing with cases that involve emerging technology. Social networks have enabled the quick, viral spread of information, but the legal process is still slow. Legislation lags behind technology, and cases regarding online information may have no clear precedent. To further complicate matters, privacy and information laws differ between countries, provinces, and states. Bowman recommends a proactive approach of privacy compliance, as well as establishing your presence on blogs and social networks. Compliance with new and frequently changing laws is difficult, but users have high expectations that their personal information will be protected. An organization’s privacy compliance, marketed properly, can be a competitive advantage.