For the last several years, much of the focus surrounding compliance has been on e-mail. That only made sense given the volume of information moving through these systems. But in the last year, we've all taken note of the rising popularity of social networks. From Facebook to Twitter, more people are eschewing e-mail to share information on a social network.
That creates something of a quandary from a compliance perspective because most of the systems in place today are not designed to monitor social networks. Now, companies such as Palisade Systems have started including the ability to monitor Facebook and Twitter messages within their data loss prevention (DLP) services.
The problem, however, is that most of the people in charge of compliance have not really been paying enough attention to the rise of social networks as an alternative to e-mail for information sharing. This no doubt will change in 2010. But monitoring a single unified e-mail system is a whole lot easier from a process point of view than trying to contain information that can now flow through hundreds of social networks.
Clearly, employees need to be educated about the potential hazard. But obviously, what it really is going to take is the first big intellectual property theft that was partially enabled by a social network. Somewhere, this activity is already happening and it's only a matter of time before it becomes "big news."