In the world where it's not uncommon for bosses to ask to see their employees' Facebook profiles, when does seemingly innocent, or even beneficial "monitoring" turn into privacy-infringing "snooping"?
It's a question many more employees may be asking in the next three years, according to a new Gartner report which predicts that by 2015, 60 percent of corporations are expected to put formal programs in place for "monitoring external social media for security breaches."
Companies traditionally rely on analyzing internal computing infrastructure to detect vulnerabilities, Gartner said; by monitoring their employees' Facebook, Twitter, YouTube and LinkedIn feeds, these companies could take advantage of critical and potentially damaging information being put out into the social media world.
"In other words, the development of effective security intelligence and control depends on the ability to capture and analyze user actions that take place inside and outside of the enterprise IT environment," Andrew Walls, research vice president of Gartner, wrote in the report, "Conduct Digital Surveillance Ethically and Legally: 2012 Update."
Gartner says less than 10 percent of companies currently monitor employees' social media profiles as part of their security monitoring programs. It's a practice that can "both mitigate and create risk," Walls said.
The predicted spike in monitoring, even if it's ostensibly for security purposes, highlights the ethical gray area surrounding social networking privacy, especially between employers and their staff. In March, Facebook announced it would consider taking legal action against employers who demanded the usernames and passwords of potential job applicants. And the monitoring versus snooping debate is best (or worst) exemplified by Google's Street View cars, which, under the guise of collecting Wi-Fi access points, actually swiped far more personal information in the process.
Lisa Vaas from the security company Sophos agreed that social media does present security risks: "Employees on social media can give away trade secrets or simply act like unprofessional idiots and thereby embarrass their employers," she wrote. "They can also click on scams in Facebook," which could harm the company's internal networks.
Vaas has some advice for companies implementing the monitoring programs. "As we move toward workplaces with ever more pervasive surveillance, I'd suggest that organizations take the time to study the privacy laws," she said in a Sophos blog post. "Those laws continue to evolve. You might be within your rights today, but seen as a leering Big Brother tomorrow."