Develop a corporate blogging policy

There are few golden examples of corporate blogging policies that provide employees useful and necessary guidance on what they can blog about and how they should do it as it relates to company information.

Sun Microsystems logoSun Microsystems stands out as a company that actively encourages their employees to engage each other and the wider tech world in conversations about Sun’s products. They also lay their blogging policy out in clear, understandable language.

Common sense at work here; it’s perfectly OK to talk about your work and have a dialog with the community, but it’s not OK to publish the recipe for one of our secret sauces. There’s an official policy on protecting Sun’s proprietary and confidential information, but there are still going to be judgment calls. […] There are all sorts of laws about what we can and can’t say, business-wise. Talking about revenue, future product ship dates, roadmaps, or our share price is apt to get you, or the company, or both, into legal trouble.

I recommend reading the full policy. It’s not just a list of restrictions. Sun has also provided helpful tips to any employees interested in getting started blogging, but not really up to speed on the phenomenon.

IBM logoContrast Sun’s policy with IBM’s and Sun’s starts to look mighty folksy. IBM’s is much, much longer, less easily read and understood, and probably more difficult to follow for employees. If I were IBM, I would simplify. The best blogging is concise and to the point, and so should any policy governing it.

Some more examples:

The IBM policy is interesting though since IBM is now a consulting company and they handle client information as well as their own proprietary data, much like accounting firms.

Protect IBM’s clients, business partners and suppliers. Clients, partners or suppliers should not be cited or obviously referenced without their approval. On your blog, never identify a client, partner or supplier by name without permission and never discuss confidential details of a client engagement. It is acceptable to discuss general details about kinds of projects and to use non-identifying pseudonyms for a client (e.g., Client 123) so long as the information provided does not violate any non-disclosure agreements that may be in place with the client or make it easy for someone to identfy the client. Furthermore, your blog is not the place to “conduct business” with a client.

Accounting firms should be proactive about setting a blogging policy, and encourage their knowledge workers to embrace the medium.


FIN 48, auditor confidentiality, and increasing the minimum wage

Since the last one went so well, and since there have been many posts this week on my fellow accountant blogs that I’d like to highlight, here’s another quick round-up of three interesting nuggets:

Dan Meyer of Tick Marks talks about a new standard in the US called FIN 48, which requires companies making assumptions regarding tax-related policies to document and disclose those assumptions and provide a range of possible outcomes.

He asks the natural next question: “With IRS personnel theoretically able to look up these disclosures, will companies be less willing to take aggressive positions?” It’s a good question, and I think we know the answer! I wonder if the same type of standard will show up in Canadian GAAP before we converge with international standards. (Wonder how that convergence thing is going – haven’t heard much lately!)


Google spreadsheet app will not catch on

According to Om Malik, Google is rumored to be coming out with an online spreadsheet application tomorrow, but I don’t think it’s going to have much of an impact.

Why? Well, in my experience at least, everything I do in Excel is with data that I don’t want anyone, even Google (imagine that), to have a look at. 99% of the time I’m working with confidential client data, and the other 1% of the time I’m working with my own data that might as well be confidential!

I might be the exception, but I doubt it.

Why would a company like Google, who has in the past been so focused on the user, be ignoring spreadsheet users’ needs as it develops its spreadsheet product? Here’s CNET’s take on it as well: They seem to be psyched about the possibility of putting their confidential data in Google’s hands for some reason.

Maybe I’m missing something.


Auditor laptop stolen, confidential data included

The auditor for is Ernst & Young, and one of their staff working on the audit had their laptop stolen from their car, compromising the credit card data of approximately 243,000 customers.

These things will happen, but what I don’t understand is whether they’re just assuming whoever stole the laptop is going to be able to crack the password that is no doubt protecting it. I have to enter two different passwords just to get into my work laptop, one to boot up and one to log in.

Am I missing something here? Are passwords not enough to protect the data? Can you just rip the hard drive out of the laptop somehow and extract the data that way? Is any data truly safe, then?

EY has pledged to encrypt sensitive data such as this in the future, so maybe that holds the key to safeguarding the intangible assets of audit clients.