By Dan Morrill
Zeltzer and Villafranco have probably the most coherent list of Do's and
Don'ts when it comes to corporate blogging out there, its an absolute
The Law.com  has a great listing of Do's and Don'ts when it comes to
Corporate Blogging out there. Here are two don'ts that I have seen in a
lot of corporate blogs that defy the imagination for being out there.
DON'T employ consumer bloggers to say positive things about your
company's products or services without ensuring that they disclose
their affiliations with the company. Endorsements and testimonials by
word of mouth have always been a popular form of marketing, but the
blogging world has made them even more so, thereby making content that
crosses the line an attractive target for regulators. Source: The
When doing a Google search on companies to see what intellectual
property has been exposed, and how to do some form of recovery and
damage control. I usually run into company sponsored or company
employees saying how great the company is, and how wonderful and life
fulfilling those products are. The problem is when you get into the
comments section of the file, and see that not everyone agrees with the
wonderfulness of the product. The blog writer is then usually put into a
position to support/defend their entry, and many times the language
degenerates into finger pointing pain.
Alternatively, even better, it is a one off blog entry somewhere, with
many negative comments, but no response from the original blog writer to
support their statement or their position. All that ends up in Google,
meaning when searching for the company, the negative comments are seen,
and people have a way of getting their point across. A well-maintained
blog entry usually has both positive and negative comments, or all
negative or all positive depending on how the blog comments are being
shaped by the blog writer. (Blog writers do shape their comments, when
they have access to approve or disapprove of the comments being posted).
The other very important Don't
DON'T terminate employees for posting inappropriate content to
corporate blogs without considering the risk of wrongful termination
claims, especially where the company does not have a consistent
practice on how it treats employees who post content online. Employees
may claim that the employer authorized the posting, and is now
discriminating against them for exercising their right to organize.
Source: The Law
Managers and company HR folks should be paying close attention to this
don't. Too many people have been fired for blogging where there was no
coherent company policy on blogging. Regardless of what the person is
saying, if the company has not addressed the risk of blogging, and has
it established as policy, this can open up a company to a huge liability
issue that will cost time, money, and legal fees.
The best Do' however is:
DO train your employees on how to avoid posting content that is likely
to incite tort-based causes of action, such as defamation, trade
libel, product disparagement, negligent or fraudulent
misrepresentation and vicarious liability for an employee's posting.
While tort-based actions like these do not frequently arise against
individual bloggers, the prospect of deep pockets associated with a
corporate blog may invite various claims associated with postings
(usually negative postings). Source: The Law
This is very important as a "do" because even if the blog is not
directly associated with the company, if a person can prove that the
person worked for the company, and wrote negative articles about people
in the company, outside the company, where the claims can not be proved
(or a person had a private identity), this can open up not only the
blogger to liability, but the corporation that sponsored the blog as
well. Corporate sponsorship of blogs can be tricky at best, and having
an employee that is disparaging of co-workers, can not stay on script as
to what the blog is about, or otherwise becomes a huge management issue.
As well it can become an information security issue in the longer run if
trade secrets or internal information is posted to the web site.
Companies should read the Do's and Don'ts from the Law.com, its coherent
and applicable to how to manage and develop good policy around corporate
About the Author
Dan Morrill has been in the information security field for 18 years,
both civilian and military, and is currently working on his Doctor of
Management. Dan shares his insights on the important security issues of
today through his blog, Managing Intellectual Property & IT Security,
and is an active participant in the ITtoolbox blogging community.
Subscribe to the InfoSec News RSS Feed