LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Student RIM Question
From:	Patrick Cunningham <[log in to unmask]>
Reply To:	Patrick Cunningham <[log in to unmask]>
Date:	Sun, 9 Dec 2012 16:48:27 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (43 lines)

I'm not aware of any regulations regarding this sort of thing, although it is asinine. I would expect that in most organizations, some level of business is being conducted using social networks and other non-traditional communications means. I know LinkedIn is used pretty extensively by sales personnel to mine for prospects. That said, transmitting sensitive personal information is certainly problematic. If that information includes credit card numbers, that could be a problem with regard to the CPI DSS, although that is not a governmental regulation. If you as an individual are sending sensitive personal information to a Facebook "friend" , you deserve whatever happens to your information. You have no way to authenticate the person at the other end of the wire and what they are going to do with that information.

In our organization, we have policies that prohibit this sort of thing. We're not a financial services company, but it is against policy to utilize unapproved communications channels to transmit sensitive business information. We monitor traffic leaving the company network, but I would expect that unless such information was in the clear, it would be very difficult to identify it. I would expect that most reputable financial services organizations have policies that address the use of social networks in the business. In some instances, you will find these online, although most companies do not post detailed policies. They may address this sort of issue in their privacy statements or security statements on their website. You should also look for the organization's Code of Conduct or similar statements of corporate responsibility on the website.

In terms of monitoring, it is difficult since many social network sites utilize SSL encryption. That said, there are DLP (data loss prevention) tools that can be used to monitor traffic to and from the Internet. In some instances, and after significant review by legal experts in your organizations, it is possible to "break" SSL to examine the contents of encrypted traffic. This is very challenging from a data privacy standpoint, although the technology isn't that difficult to implement with a well-managed network.


 
Patrick Cunningham, CRM, CIP, FAI
[log in to unmask]

"Perpetual optimism is a force multiplier." 
-- Colin Powell



________________________________
 From: Michelle Lee Gross <[log in to unmask]>
To: [log in to unmask] 
Sent: Sunday, December 9, 2012 1:14 PM
Subject: [RM] Student RIM Question
 
Hello all,

My name is Shelly Gross and I am a RIM student at Wayne State University.  I will be graduating this semester with my Graduate Certificate in Records and Information Management.  I already have my MLIS and currently work as a public librarian.  I have been a silent member of this list for the past year and have found much of the information to be enlightening.  Now I have a question and I'm hoping that some of you may be able to assist me.

I have been considering financial records management as an area I would be interested in, especially as I have worked in the banking world before.  I have come across a situation that has me a little puzzled.  Several loan officers have started asking "friends" on Facebook if they would be interested in applying for a loan, then gathering all the private information via Facebook.  These loan officers do not see this as an unsecure place to gather this information.  In this instance do any of you have Records Policies regarding Facebook, both the company page and the employees' private pages?  I know that many companies have policies regarding what employees may post about the company, but what about customer information they may gather via Facebook?  Also from an IT standpoint is there even a way to monitor this?

Thank you for any assistance you can give me.

Shelly Gross
WSU Graduate Student

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US