The AIIM Blog - Overcoming Information Chaos

Poking at the Soft Underbelly of Social Media

Written by John Mancini | Jan 24, 2011 3:58:00 AM

Now in the spirit of true confession, let me admit that I am a social media zealot. I was an early member of Facebook (according to my daughter, perilously close to the creepy edge before it was mainstream). I've been blogging for years on the AIIM Blog. Ditto Twitter, pretty early on.

Together with Atle Skjekkeland, I launched an early content management social network (InformationZen) on a Ning platform over a weekend after our IT people told us it would be at least six months before they could get to it. Inside of AIIM, we were playing around with Yammer before IT even knew what was going on. My list of sins in the name of small business expediency is not insignificant.

All of this was on my mind this week for three reasons. 

Firstly, we released a white paper by noted futurist and change agent Geoffrey Moore on Systems of Engagement and the Future of Enterprise IT. The report posed some challenging questions about the world of Systems of Record. It reflected on the ground that we have all been tilling for the last 20 years and its connection (or some would speculate, lack thereof) to the new world of Systems of Engagement, aka Social Business aka Enterprise 2.0 (so as not to offend any of the legions of consultants who are currently battling over the right term).

Secondly, I spent a good deal of time with a reporter from a major business publication who was interested in the rumors that a major bank (speculation was Bank of America or J.P. Morgan or Citigroup) was the next Wikileaks target.  One of the issues we discussed was what this meant for the future of social media. Other than, of course, the obvious conclusion that one should be very suspect of anyone in your organization lip-synching to Lady Gaga, who has the largest Twitter following in the world right now at 7,829,385 followers.

Lastly, after thinking about both of the above, I started researching a couple of upcoming social media keynotes. I had touched on this topic in a number of previous presentations but thought that perhaps it was time for a bit more systematic look.

More specifically, I started thinking about the following:

  • A core purpose of social media is to make organizations more responsive.

  • A core purpose of social media is to make organizations smarter.

  • Social media creates a vast new pool of informal and adhoc content available in forms and on devices that were unimaginable only a few years ago.

  • This content is certainly not usually a record in the traditional sense. It's even more unstructured and informal than email.

Most of our approaches to records and information management are grounded in the old world of paper. We persistently keep trying to extend this paradigm further and further into the world of electronic information, but things are becoming increasingly strained in the process.

But all this social information and content is something that needs management and governance. I hate to even say this, for fear it may put me in the not cool part of the social crowd. Probably the adult version of the crowd I hung around in when I was an all-state bass clarinetist in high school.

Which brings me to the soft underbelly -- not my own, but that of social media.

According to Wikipedia, "underbelly" is "a term used to describe the side which is not normally seen. Figuratively it means a vulnerable or weak part, similar to the term Achilles Heel."

I started to look for best practices -- or even any delineated practice -- relative to how social content is managed. I'm not talking about how to roll out a system or how to encourage people to use it. I'm talking about how this content is managed and governed and retained.

Give it a try. Google a string of terms that are familiar to those of us who have been in the content management business for a while -- "governance" -- "retention" -- "management" -- or God forbid, "records" -- and link the search to "social content" or "social media."

What you come away with is a deafening silence.

Now I'm not one of those curmudgeons who throw up Chicken Little "The Sky is Falling" objections to each and every introduction of technology. As I noted in my intro, I like this stuff and use it a lot.

But sooner or later, we are going to have to getting serious about how we want to manage social content. Because the tension to keep it all (to improve the knowledge base of the organization) vs. the tension to get rid of it all as quickly as possible (to keep the lawyers at bay) is going to escalate quickly. This content is valuable to the business. This content is most likely not a record in the ARMA sense (although some might be). But it is electronically stored information in the FRCP (Federal Rules of Civil Procedure) sense. And for organizations that do "social" well, there will be a hell of a lot of it.

There seem to be two not terribly helpful extremes out there. It feels like the 60s.

On the one hand, we have the "Establishment" records and legal types, the folks that scare the hell out of management relative to social technologies in the workplace and result in the 45% of companies that just ban it. On the other, we have the free love Age of Aquarius types that insist that all the old Establishment types just don't get it when it comes to the social revolution and who the heck cares what a retention schedule is anyway. [Oh gosh, looking at the above paragraph I just realized that anyone under the age of 40 won't know what on earth I'm talking about.]

About the only thing that is passing for a policy and governance environment relative to social systems that I can find is what we first did with email -- we are advising employees on appropriate and inappropriate use, and outlining consequences for misdeeds. In the case of social systems, we are also educating our employees on how and why to use them.

But as we discovered with email, these employee education steps are necessary but not sufficient.

In the end analysis, with email we came to the conclusion that the content itself needed to be managed. We set up policies for email that created a default assumption of deletion within a specified time range, with exceptions for those emails with some specified business importance. In the best of cases, this was automated, but even in the manual case at least we created some policy frame of reference for the management of this content.

Here are some of the issues we need to start thinking about relative to social content in a business environment before the lawyers ambush us at the fork in the control/access road.

Firstly, even though the Wikileaks cable fiasco really had nothing to do with social technologies and had everything to do with the usual caution that the weakest link in our security systems are our people, it will inevitably give ammunition to those ill disposed toward social technologies in the first place. It will highlight the risks associated with adding even more informal and ad hoc conversational content to organizational servers. And this pressure will intensify when Wikileaks turns its attention to the private sector.

Secondly, the courts are increasingly including outside-the-firewall social information in discovery requests. Per The Modern Archivist, "Courts have also found that social media and e-discovery are made for each other.  For example:

  • In Monster Worldwide, Inc. v. HR Guru.biz, HR Guru issued counter-claims that allege Monster Worldwide created and maintained a FaceBook page and Twitter account that infringes trademarks and constitutes an unfair business practice;
  • In TEKsystems v. Brelyn Hammernik et al, Teksystems  alleges that three former employees breached their non-compete agreements by using LinkedIn to contact current employees;
  • In Bass v Miss Porter’s School, the court found that the content of Plaintiff’s Facebook usage was relevant to both the liability and damages phase of the lawsuit; and   
  • In Horizon Group Management v Amanda Bonnen, alleges that defendant tweeted about her “moldy apartment” which defamed apartment management."

Thirdly, many organizations have policies relative to the old era of systems of record that would seem difficult if not impossible to extend into the era of social technologies. But they are doing so anyway. Often the policy reads something like this (this particular one is for the state of Texas) -- "[Social content on external sites] will be archived and retained for the required period of time in accordance with the DIR Records Retention Schedule."

How exactly are organizations expected to do this with regards to their Facebook, Twitter, LinkedIn, YouTube presences? Whose job is it? Is this a realistic assumption? Do we really care? And yet these policies rooted back in the world of paper still exist. Somebody is going to get nailed at some point for failing to follow their own policies.

My last issue is perhaps the most troubling for me. Social technologies have the ability to transform organizations and make them smarter and more responsive. They can help organizations more quickly come up with answers to difficult questions. They create exponentially more and more varied and more informal information than our kludgy old email systems. The systems become smarter over time as the knowledge base builds. The business imperative of responsiveness and dexterity encourages us to retain this information.

This is all terrific until something occurs that unleashes the lawyers and the e-discovery requests. And then what? The approach of the courts hasn't been that social content is new and different and needs to be treated differently because of the unique benefits it brings to the business and society. Rather, it has been to expand all of the old definitions, created back in the era of very limited amounts of paper documents, into ever-expending (and ever more informal and uncontrollable) rings of discoverable electronic content.

So before this soft underbelly grabs us, why don't we start thinking more seriously about it? Let's get beyond simply providing do's and don'ts about individual appropriate use of social technologies in a business environment. Let's get beyond simply educating people about the benefits of social technology. Let's stop just being cheerleaders.

Let's start thinking systematically about how we should manage and govern and retain all of this ephemeral content. Let's start thinking about how our old system of records definitions need to change. Let's start thinking about a different paradigm for managing information other than just extending the old paper definitions further and further into the world of electronic information. Let's understand that there are risks in just winging it. Let's get on with implementing social technologies, but responsibly.