Privacy and Legal Issues in Global Shareware Tools
by Murali Pasupulati
In a nod to an increasingly social media savvy workforce, businesses are aggressively leveraging social media style tools to promote collaboration, communication and connectivity amongst their employees. This is especially critical for global organizations that must harness the collective intelligence and cooperation of employee clusters scattered across countries and time zones.
Such technologies enable simultaneous and instantaneous communication. Interestingly, these productivity tools are equally relevant to both for-profit businesses and non-profit organizations. A recent joint study by Unisys and IDC predicts that, in corporations with more than 500 employees, the number of information workers using social networking platforms will almost double between 2009 and 2014.
While collaborative technologies are generally attributed to the advent of the Web 2.0 revolution, such technologies have been around for a while. Think of WebEx, Google Docs, Share Point and other automated collaborative workflow solutions that have already established a strong presence. The next generation of collaborative software, however, aims for more than seamless interconnectivity—it promises to merge business intelligence software with social networking and Web 2.0 technologies.
Such collaborative decision making (CDM) modules are bound to increase in importance as business interactions are predicted to grow four fold, from 3.5 trillion in 2010, to 12.7 trillion by 2013. These tools would enable businesses to perform truly effective analytics on the so called “Big Data” and help make sense of it all. After all, as the leading management guru, Peter Drucker, once remarked: “You can’t manage what you don’t measure.”
However, before adopting such collaboration tools, it is prudent for organizations to review the architecture of these systems for inherent legal risk exposure. While the following discussion is by no means comprehensive, this may be a good starting point of inquiry. The most obvious and notorious of these risks are those associated with data transfers across countries and the privacy issues implicated in such transfers. For instance, an organization must first identify how data flows within the enterprise and whether adequate compliance is or will be in place before the tool is “turned on.”
To simplify the discussion, consider an organization that is based in the United States with employees and substantial business operations in Europe. To leverage the collective cerebral output and collaborative potential of its US and European workforce, any CDM it deploys will involve data transfers between these two groups. However, it is important to first assess the health of the privacy and data security compliance regime of the organization.
Some of the pertinent questions would be whether any personal data from European Union residents would flow into the United States. If so, the organization must ensure that it has a Safe Harbor certification already in place to accommodate such transfers. It is also important to review whether its data protection registrations (if it has any) already cover the types of data likely to flow through the sharewares and collaborative platforms.
Other significant issues include how an organization is poised to handle the content generated within the CDM. It is important to understand the data retention laws of the various jurisdictions impacted by the user-generated content. Any content generated in the course of employment by its workers may constitute official records of the organization. Another factor to consider is how sensitive corporate information, trade secrets and other intellectual property assets created within the collaborative space are secured and owned by the organization. From a governance standpoint, it is important to have protocols for immediate take-down of any inappropriate content and an efficient escalation process.
Collaboration technologies are poised for exponential growth and lawyers must provide practical and effective business-oriented legal solutions that help organizations to harness the full promise of this technology.
Murali Pasupulati, CIPP (US), CIPP (IT) is an attorney who focuses on privacy, data security and intellectual property. He can be reached at firstname.lastname@example.org.