Enterprise 2.0 – Regulatory and Compliance Concerns

I’m once again speaking at the Enterprise 2.0 Conference.

Social Media & Social Networking: Some Cautionary Tales (Location: Room 312)

Social media (Twitter, LinkedIn) and enterprise social networking solutions (profiles, activity streams, social analytics) can deliver compelling business value. However, benefits do not come without risks. This panel discussion with experts and practitioners will provide insight as to the policy, governance, and security issues warranted to mitigate risks.

Moderator – Mike Gotta, Senior Technical Solution Marketing Manager for Enterprise Social Software, Cisco
Panelist – Julie LeMoine, Enterprise Collaboration, Innovation Expert
Panelist – Doug Cornelius, Chief Compliance Officer, Beacon Capital Partners LLC
Panelist – Stew Sutton, Principal Scientist, Knowledge Management, The Aerospace Corporation
Panelist – Suzanne McGann, Social Media Program Manager, Global Interactive Strategy, Medtronic

The session is Tuesday afternoon, 2:30 to 3:30 in Room 312 at the Hynes Convention Center. Stop by if you can.

Legal Enterprise 2.0 Success Story

Penny Edwards of Headshift shares a Legal Enterprise 2.0 Success Story.

Matthew Arnold & Baldwin LLP, a regional firm in the United Kingdom, put the firm’s intranet, “The Cube”, up for the Law Society’s Excellence in Innovation Awards. The firm came away with a Shortlisted Award.

The Cube is Matthew Arnold & Baldwin LLP’s adoption of Enterprise 2.0 principles.

Heloïse Paull, the firm’s marketing director and the project’s sponsor, witnessed that as the firm grew, “People relied heavily on email communication, which created exclusivity on certain knowledge. Information and knowledge became diluted in information silos. Accurate CRM and cross selling suffered. There was a decline in the social aspect of the firm.”

Mark Weston, the partner responsible for the project, explains that email is not necessarily a bad thing: It works just fine when clients email instructions to the firm for new matters. But when those instructions and other matter related communication is drowned out by internal conversation in a way that makes it hard to share valuable insights then there is a clear need to move that conversation to a different platform.

Enterprise 2.0, Policies and Compliance

Mike Gotta asked me to join him on a panel about the policy and compliance issues at the Enterprise 2.0 Conference in Boston. This was my fifth Enterprise 2.0 conference: 2007, 2008, 2009, 2009 San Francisco.

That the audience was interested in compliance and regulatory issues is an indication of the industry maturing.

“Policy formation, governance and risk management programs are a critical requirement as organizations assess implications to the enterprise (e.g., identity assurance, data loss, compliance, e-Discovery, security), arising from internal and external use of social networking and social media. This panel of social media and Enterprise 2.0 practitioners will discuss real-life approaches that address management concerns.”

The panel consisted of:

  • Mike Gotta, Principal Analyst, Gartner
  • Bruce Galinsky, IT Director, Global Insurance Company
  • Abha Kumar, Principal, Information Technology, Vanguard
  • Doug Cornelius, Chief Compliance Officer, Beacon Capital Partners LLC
  • Alice Wang, Director, Gartner Inc.

I took the opportunity in my introduction to set the stage for the view of most compliance and in house lawyers:

“I’m the “NO” guy in your organization and most likely the person to bring your enterprise 2.0 or web 2.0 project to a grinding halt. People in my position do not want to hear about being social. I don’t care what you had for lunch or what your kids did last night. I don’t want to endanger the multi-million dollar value of this company so that you can play with Facebook inside the office. “Now get out of my office before I sic my flying monkeys on you.”

We were unsure when planning the session whether the audience would be interested in issues related to external or internal policies. Overwhelmingly, the audience voted for a focus on internal.

One of the initial questions was whether you even need a policy. We were largely in agreement that you may not need a new separate policy. However, I pointed out, your compliance/legal department is going to want one.

Largely, the risks with enterprise 2.0 are not new risks. The big difference is that the bad stuff is now findable. Most of evangelists proclaim the benefit of finding the good stuff you need to do your job better and to encourage innovation. The downside is exposing the bad stuff and opening the enterprise up to liability.

We eventually got to the point in the discussion about if you let personal issue community to form internally. Should you allow an employee to set up a wiki or discussion forum on religious, race or political issues?  Generally it will take some action to create a new community on the enterprise 2.0 platform. Undoubtedly, there will be some need to control the creation of communities and therefore a need for a policy.

There was some discussion about content, control of the content and fixing mistakes. Personally, I have less concern about that. You need to encourage the team to keep the information current and correct. If someone is operating with the wrong information it is better you know about it and can fix the problem. The alternative is not knowing about the problem because it lives in an email silo, allowing the bad information to continue uncorrected.

When trying to draft a policy it is very useful to look to external policies for ideas and approaches. My social media policies database is a good place to start looking for precedents.  The public web 2.0 industry is well ahead of the slower enterprise 2.0 industry.

Some other issues:

  • FTC and the disclosure of “Material Connection”  (see FTC and Bloggers.)
  • EU Data Privacy
  • Records Management
  • Discovery and Law suits
  • First Amendment
  • Human Resources Issues
    • Labor relations
    • Recommendations
    • Overtime
    • Retiree and alumni involvement
  • Hiring Discrimination
  • Off-Duty activities
  • Company IP, logos and trademarks
  • Monitoring – if you have a policy you need to enforce it.

Each company has a different set of issues they are worried about. Each company also has a unique corporate culture. So there is no right way to drafting a policy. You really need to pick and chose finding the different elements that will work in your enterprise.

Snake Oil 2.0

From Hugh MacLeod of Gaping Void:

“Anyone who has spent a lot of time studying blogs and Web 2.0, will be fully aware of all the blethering hyperbole that comes with it. Every business model that ever came before is DEAD, to be replaced forever by community! YAY!

Well, some dinosaur business models may be more dead than others, however… life still goes on. People still need to make a buck. People are just as governed by the seven deadly sins as they ever were. Some things never change. All is still vanity.”

Like Hugh, I am a great believer in Web 2.0 and Enterprise 2.0. I just think there is too much hype and too many people trying to sell snake oil.

It’s not about making money and marketing yourself. It’s about sharing ideas, collecting information and connecting with people.

Just about everyone with a substantive blog ends up spending some posts on blogging itself. Even the great criminal defense lawyer and blogger Scott Greenfield will publish an occasional post about blogging.

I’m spending some of that self-reflective time next week at the Enterprise 2.0 conference. My session is on Wednesday afternoon when my panel will talk about policy formation, governance and risk management programs as a critical requirement for the internal and external use of social networking and social media.

Once again the hype comes face to face with the reality of legal requirements and risk. Beware of the snake oil.

Snake Oil 2.0 is by Hugh MacLeod

Enterprise 2.0 Conference in Boston

Next month, I’m attending the Enterprise 2.0 Conference happening June 14-17 at the Westin Boston Waterfront. This will be fifth Enterprise 2.0 conference: 2007, 2008, 2009, 2009 San Francisco.

I’ll be talking about social media policies with these folks:
  • Mike Gotta, Principal Analyst, Burton Group
  • Bruce Galinsky, IT Director, Global Insurance Company
  • Abha Kumar, Principal, Information Technology, Vanguard
  • Alice Wang, Senior Consultant, Burton Group

Social Media Policies: Practical Advice From The Trenches

Wednesday, June 16 1:00 PM–2:00 PM – (Location: Grand Ballroom D)
Policy formation, governance and risk management programs are a critical requirement as organizations assess implications to the enterprise (e.g., identity assurance, data loss, compliance, e-Discovery, security), arising from internal and external use of social networking and social media. This panel of social media and Enterprise 2.0 practitioners will discuss real-life approaches that address management concerns.

If you’re looking for a discount, PB Works is offering a discounted pass. You can get 30% off a conference pass or a free Expo pass. Register and use the priority code: CNRREB33.

While you’re there, visit PB Works in Booth 609.

(Disclaimer: I’m on an advisory board for PB works.)

About The Enterprise 2.0 Conference
The Enterprise 2.0 Conference explores the integration of Web 2.0 technologies in the enterprise, from both strategic and tactical perspectives. This annual conference and sponsor pavilion focuses on the tools and techniques that best leverage the technical, productive and social aspects of IT and workgroup environments to build a cohesive collaboration strategy and empower a connected workforce. For more information visit: www.e2conf.com.

Enterprise 2.0 Conference: Session Proposals

The Enterprise 2.0 Conference is coming back to Boston on June 14-17.  They are letting attendees vote on the sessions. This is a great way for the conference organizers to take advantage of 2.0 tools in organizing the conference.

I am part of two panels, if they get approved. If either of them interest you, go ahead and vote for them. You need to register on the voting site (not register for the conference) to vote.

Social Media Policies: Practical Advice From The Trenches

This will be similar to the panel I was on at the San Francisco Enterprise 2.0 event: Social Media: Policy Formation & Risk Management. Mike Gotta will repeat hie performance in moderating the panel.

What Enterprise 2.0 Can Learn from Knowledge Management

This panel will look to the lessons of knowledge management and how they can be applied to enterprise 2.0. The panel also features Jack Vinson, Carl Frappaolo and Patti Anklam.

With 466 submissions there are lots to choose from. Here are some others to think about.

Perception, Dilbert and a Magical Management Necklace

Are your assumptions correct?

You get a new tool to help manage your processes and everything starts working better. Is everything actually working better? Or is the data just being manipulated to look better?

As is often the case, the pointy-haired boss can show us the problem.

Often the compliance officer is like the pointy-haired boss. Everyone is on their best behavior when you are around. But what’s happening when you aren’t looking?

Its a matter of perception.

Enterprise 2.0 – The Book

Enterprise 2.0 by Andrew mcafee

At the Enterprise 2.0 Conference in San Francisco, Andrew McAfee handed out a few copies of this new book: Enterprise 2.0. I was one of the recipients of a shiny new copy with his autograph on the cover page.

If you have heard of Enterprise 2.0, they you have heard of McAfee. He coined the term in his 2006 paper in the MIT Sloan Management Review: Enterprise 2.0: The Dawn of Emergent Collaboration.

You will enjoy the book. It pulls together all of the bits and pieces that he has said about Enterprise 2.0. Because even if you are familiar with McAfee and Enterprise 2.0, you have not had it all put together nicely in one place. I learned some great new things and was able to see some old things in a new perspective. This is the first book that puts it all into one place.

If you are not familiar with Enterprise 2.0, then you should definitely read this book.

We are at at the tipping point for a new way to communicate. Email was revolutionary when it came out. We could communicate using the internet. It was cheap and easy.

Now we are able to communicate using webpages. This a very different way to communicate than the pure back-and-forth of email and the letters that preceded email. The shift is from channel communications to platform communications, moving from inherently private communication to inherently public communication.

One of the challenges is that the innovation and lessons are coming from the public space into the enterprise. In the past, the innovation in communication technology came from inside the enterprise out to the public space. It used to be hard to establish an email account. You needed big servers and IT support from a company or university. Now you can establish a new email account in seconds from Google using gmail.

With these 2.0 tools we are seeing a reverse in the flow of technology. The internet has gotten much more efficient at finding information than the tools inside our enterprise. Is it easier to find information on the internet using Google or to find information in your corporate intranet?

Those of you who are familiar with McAfee or his blog will find some familiar passages.

  • There is a discussion of his SLATES perspective on the elements of Enterprise 2.0: Search, Links, Authoring, Tags, Extensions, and Signals.
  • The story of Wikipedia
  • The power of weak ties and the expansion of the Dunbar’s number
  • The evolution from the channel communication to platform communication
  • The success of Intellipedia among the intelligence community

McAfee also delves into compliance aspects of enterprise 2.0. In a discussion with the CIO of Dresdner Kleinwort Wasserstein, JP Rangaswami, they discuss how the platform communications of enterprise 2.0 makes compliance easier. Our current mainstream communication tools of email and IM are inherently private. Being private, they are harder to monitor. It’s also harder to spot misinformation, negligent information and bad acts. The more open platform communication of enterprise 2.0 allow more people to be on the lookout for bad patterns, misinformation and compliance issues.

The book takes you through the next big steps of adoption and outlines factors for success, overcoming the knee-jerk reaction to be private, counter fears of abuse, and overcoming the 9X effect for adoption.

The book is worth the purchase price and the time to read it, regardless of whether you are an enterprise 2.0 veteran or a newbie.

In the interest of disclosure, Andy not only gave me a copy of his book, but also autographed it. I’m easily swayed to write about something when it is given to me. He also supplied me with copious amounts of alcohol at parties after the Enterprise 2.0 Conference in San Francisco and the Enterprise 2.0 Conference in Boston. (Another surefire way to get my attention.) I also earn a fee from Amazon if you buy the book through the links in this article. You can judge for yourself if I am easily swayed to say nice things about the book.

References:

Criticism and Praise

drunkards walk

Do criticism and praise work to affect performance?

Leonard Mlodinow briefly addressed this topic in The Drunkard’s Walk: How Randomness Rules Our Lives. He explores the studies of Daniel Kahneman who was lecturing the Israeli air force flight instructors on behavior modification. Kahneman was trying to make the point that rewarding positive behavior works, but punishing mistakes does not.

One of the students called him out. He had praised people warmly for beautifully executed maneuvers and the next time they do worse. He screamed at people for badly executed maneuvers and they improve the next time. The other flight instructors agreed. But Kahneman’s research demonstrated that rewards worked better than punishment.

So what was going on?

Regression toward the mean. In a random series of events, an extraordinary event is most likely to followed by an ordinary one. Due purely to chance, it’s hard to have two extraordinary events in a row.

The fighter pilots have a certain level of ability. An extraordinarily good performance is most likely to be followed by an ordinary performance. So the praise would seem to fail to maintain the extraordinarily good performance. Similarly, an extremely bad performance is most likely to be followed by an ordinary performance, which in this case would be better than the bad performance. So the screaming criticism would seem to cause an improvement in performance.

So it appears that the criticism does some good and the praise does no good. What is really happening is a misconception of uncertainty and probabilities. The connection between actions and results is not as direct as we might think.

In compliance, we eschew lots of data. It’s good to step back every now and then to think about the implications of the data and the underlying assumptions.

PBWorks and Real Time Collaboration

PBworks_LogoPBWorks has announced a “Real-time Collaboration Update”  which brings integrated Instant Messaging collaboration, Live Notifications (activity streams), Live Editing (rather than standard wiki asynchronous editing) and integrated Voice Collaboration with on-demand voice conferencing.

This is a big step up. Instead of being a  mere wiki, the platform now offers different ways to collaborate, but still captures the information in the platform. I assume that is one of the reasons they changed their name from PB Wiki to PB Works.

PB Wiki was the first wiki I ever used. A group used it to plan an international meeting of law firm knowledge management leaders. Now I regularly use the PB Works tools as part of GeekDad information management process.

While I was at the Enterprise 2.0 Conference in San Francisco, I spent a few minutes with a bunch of people from PB Works: Jim Groff, the CEO;  Chris Yeh, Vice President, Marketing ; Glen Hoffman, Sales Engineer; Greg lelli, Legal Sales Specialist; and Kristine Molnar, Community Evangelist.

One of the drawbacks of a wiki was the check-in/check-out process. Only one person could edit a wiki page at a time. Google Docs (and to a lesser extent Google Wave) showed us that you can have multiple people editing at the same time and speed up the collaboration process even more.

The PB Works team gave me a demo of the new tools and it was pretty cool. If you are editing a page and realize that you need input of other team members, you can summon them to the page using IM Collaboration, start a Live Editing session, and use Voice Collaboration to initiate an instant conference call. You can do this all in a fraction of the time it would take to set up a web conference, the call line, and communicate the details to everyone.

Since PBworks hosts the  information, you can be up and running in a few minutes.