It’s been a solid three weeks since Facebook last graced our blog, but just like the proverbial bad penny, it just can’t stop turning up in the news for all the wrong reasons. There is a worn adage that claims there is no such thing as bad PR, but in Facebook’s case, I’m betting they’d rather stay out of the spotlight for a little longer. During CEO Mark Zuckerberg’s grueling congressional testimony earlier this year, Mr. Zuckerberg assured senators that Facebook users had complete control over who sees their data as well as how you share it. In a recent interview with the NY Times, Facebook has now owned up to previously undisclosed data-sharing relationships with four Chinese manufacturers, including Huawei who is viewed by American intelligence officials as a national security “threat” due to its close ties with the Chinese government.
What this means for you
According to an agreement Facebook entered into with the Federal Trade Commission in 2011, Facebook is not allowed to override a user’s privacy settings without first getting explicit consent. As part of the partnership agreement with these manufacturers – Huawei, Lenovo, Oppo and TC – Facebook granted privileged access to these partners to data collected through Facebook apps installed on their devices, even to the point of overriding the user’s explicit denial of access. Facebook executives have argued that they had adhered to the letter of the 2011 consent decree because the data in question (your data, your friends’ data, and your friends’ friends’ data) never actually leaves the device, and is only used “locally” to power applications and social media platforms. I’m no lawyer, but that sounds like splitting hairs, and as has been amply demonstrated by the Cambridge Analytica debacle (not even 2 months old, mind you!) relying on a partner company to adhere to Facebook’s privacy policies is not guaranteed, nor apparently something they can even enforce, once again demonstrating a clear gap in trustworthiness. Should you continue to use Facebook? As long as you keep your eyes open to the fact that Facebook might not be as transparent as they promise, even in the face of Congressional scrutiny, and more importantly, the watchful eye of journalistic rigor.
You’ve done the hard work we outlined in the previous two parts of our series on the email beast, and now you are ready to tackle the summit of your email Everest. There are a variety of reasons to retain email, but they generally fall into two categories: “legal” or “industry/business best practice”.
Interestingly enough, there is no federal mandate (yet) directing US businesses on how much or how long email must be retained. However, if your industry is bound by legal or regulatory requirements to retain certain types of electronic documentation for a certain amount of time, you should consult with your lawyer about where this may intersect with documents and information stored in email. If your company establishes a retention policy, it’s incredibly important to adhere to that policy. Deviations or failures to enforce a formal company policy (“I have no idea where that email is, your Honor,”) are dealt with harshly in court, and will be costly. Relying on a manual process (such as Outlook’s “archiving” functionality) is fraught with failure, so any formal retention policy should be a centrally managed and maintained by an automation process rather than a human. Not all email providers include this capability, especially the consumer “free-mail” services like Gmail, Outlook.com, Yahoo, etc. Business-class service will typically offer retention capabilities as an add-on service, so make sure that if you need it, you can actually implement it on the server side.
Bottom line: If you have a formal retention policy, you must enforce it or you could face significant consequences in litigation.
If you fall into the broader, less compliance-bound audience that would like to keep track of the information that is contained in your vast email archives, consider a different way of retaining that data rather than relying on Outlook archives and your overstuffed email server hard drives. In most cases, people retain emails in order to track conversations with clients, customers, vendors, etc. If your business relies on this information, you should consider a tool that is built specifically for that purposes, and you’ve probably already realized that Outlook is not that tool. Before you despair, I do have good news for you: there are literally hundreds of Customer/Client Relationship Management (CRM) solutions that integrate very well with Outlook. Implementing a CRM solution for your company is not as easy as the sales videos would have you believe, but it may be very worthwhile in the long run.
The most crucial element in successfully implementing a CRM solution to funnel your customer/client emails into is follow-through and consistency. Everyone needs to be fully trained on how to use the system properly, and then they must use the system consistently. Most CRM implementations fail not because the software is bad, but because the company doesn’t get 100% buy-in from ones that need it the most: executives and the sales team. If everyone has sales responsiblities, then everyone has to use the CRM software.
At the very end of this long climb up “Mount Email”, regardless of what solution you choose to retain, the final consideration should always be data backups. Whether it’s a formal retention platform, CRM solution, or simple PST files, make sure your platform of choice is supported by a solid backup strategy that includes at least 2 different backup mediums. Understand how often your data is backed up, where it’s stored, and how you retrieve it in the event that disaster strikes.
Image courtesy of bplanet at FreeDigitalPhotos.net
Last week we talked about our “growing” email problem. The average size of an individual email as well as the overall volume has increased substantially over the years, and some parts of the email technology platform have changed to accommodate that. In other critical areas it has only barely kept pace or fallen woefully behind. Though it’s changed its look over the years, Outlook still works essentially the same way it did nearly 20 years ago. And while we have more ways to read our email now with the proliferation of mobile devices and cellular data networks, I rarely come across a business professional who isn’t struggling to stay afloat in the growing email tide.
So how do we address this weighty issue?
First off, reduce the volume in any way you can:
- Better spam filters – the best ones work at the server level, and don’t rely on your local email client. If you are using a local spam filter on top of your provider’s “filter”, you need to adjust the settings on the server side so they never get delivered, or change providers. It’s a hassle, but a good spam filter will make it all worthwhile.
- Ditch the mailing lists – if you spend more time shuffling unread newsletters into the “later” folder, you should either look at subscribing to a less frequent digest, or unsubscribe altogether. Ironic advice coming from someone who sends a newsletter. Hopefully because you are reading this, our newsletter makes the cut.
- Separate business and personal – modern email clients and mobile devices allow you to stay on top of multiple email accounts, so there’s no good reason to keep everything in the same mailbox. Don’t go hog wild (5 separate mailboxes is just as bad as single overstuffed box), but if you are using your business mailbox for everything, you really need to move the personal stuff to a separate email account.
- Delete, don’t archive – once you get over the initial fear of throwing away an email permanently, you may find it amazingly liberating and a great way to reduce stress. Be mindful of your company’s retention policy and business practices, but delete anything that isn’t critical. Because it’s “virtual”, email becomes a convenient way for our “inner hoarder” to manifest itself. As with anything hoarded, the volume rapid overtakes any benefit gained from keeping the stuff around. Be merciless, even cruel, and give your delete key a solid workout.
A lot of you have heard this advice before (probably from me), but it always bears repeating. The only way to drink from a firehose is to reduce the pressure. Getting in front of your daily email workload will grant you time to focus on the next task: sorting, filing and putting to use the email you do decide to keep.
Make sure to stop in next week for the final part of our series on taming the email retention beast!
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
Unless you’ve been living under a rock for the past year, most will leap to the conclusion that I’m writing about the ongoing government snooping that seems to permeate the internet these days. Unfortunately, another of the tech industry’s dirty little secrets is being dragged out into the light of day, and it’s something you’ve probably known all along but didn’t want to acknowledge: Your email is not private. Microsoft recently underlined and highlighted this fact by releasing details on an investigation into an ex-employee’s attempt to sell confidential information. The individual in question was identify primarily through the contents of his Hotmail account, which Microsoft openly admits to reading. While this may seem to be a blatant and gross invasion of privacy (it is), it’s also well within Microsoft’s rights as outlined in the Terms of Service every single customer agrees to when creating and using the free webmail account.
What this means for you:
Before you think this is a Microsoft bashing party, Google and Yahoo have the same sort of Terms of Service, as does just about any other email provider out there. They can read your email any time they want to, and they don’t have to get a search warrant like law enforcement supposedly has to do. They own the equipment, software and data services that deliver your email, and they assert openly in the Terms of Service in one way or another that your email is not yours to keep private. You might also want to review your employer’s information security policy: it’s highly likely that they advise you that any email transmitted through their servers is company property, and is subject to review at any time. This is not something new – policies like this have been around since email first started being used in large organizations that could afford lawyers.
The only way to keep email truly private is to use end-to-end encryption, a process that most people find daunting to establish, and inconvenient to use. Until there is a radical change in how we communicate on the internet, the only way to truly keep things away from prying eyes is to not put them on the internet in the first place.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
If you’ve spent any time on the internet lately, you likely know that Google’s latest innovation, “Glass” is already in the hands of the media and developers, and will soon be available to the general public. While the concept of wearable computers is not new – the earliest prototypes appeared over 30 years ago – Google’s sleek device has been giving privacy advocates fits since it was announced. Now that Glass is actually appearing “in the wild” as developers and media put the device through its paces, it’s getting pre-emptively banned by businesses, and in some cases, entire states are seeking to regulate its use.
As you might imagine, a device that can (relatively) unobtrusively record video and audio of anything in sight of a Glass wearer, on top of being able to access the vast data stores of Google’s indexed information, has many people understandably concerned. Cameras and recording devices are already banned in places like Las Vegas casinos, and organizations like Caesers Entertainment have extended their policies to explicitly include Google Glass in anticipation of the device’s arrival, as have numerous bars and other businesses, some merely for the publicity, but many for serious privacy concerns for their patrons and businesses.
What this means for you:
Whether or not you ever intend to use Google Glass or something similar, you’ve already been through a social revolution, and you might not have realized it. Remember when cellphones first started appearing with cameras? Remember when laptops first started shipping with webcams built into the lid? Devices that can be used to record others without their knowledge have been used in modern society for decades. Google is not the first to open this particular Pandora’s Box – the cows have long since fled the barn. Google Glass is fairly easy to spot now, but the technology will only improve (read: get smaller and harder to spot) and we will soon have wearable computers that are completely indistinguishable from a regular pair of glasses or sunglasses. We will get to a point that we will not be able to tell whether someone is digitally augmented, and societal conventions will have to adopt to the new standard, just like they have with smartphone cameras.
With results that will probably surprise no one (and warming the hearts of black-hat hackers everywhere), the US Government Accountability Office has published its findings on a recent security audit of the Internal Revenue Service. The summary reads like the report card every good parent dreads, “Needs improvement.” Despite having a comprehensive security plan (the development of which was funded by your dollars!) the GAO has found that the IRS has failed to follow through in many areas of implementing and enforcing that plan in various parts of its operation, and these failures have severely compromised the overall security of the very important data the IRS collects on all American citizens.
What this means for you:
As you might expect, the 31-page GAO report is not the most exciting of page-turners. I’ll save you the dry read with the “moral” of the story: having a security policy is only as good as how well it is enforced and maintained. It does your company no good to say that “All employees must use strong passwords that are changed every 60 days” if no one is checking to see if they are actually adhering to the policy. It’s actually much worse for your company if you do have a security policy, experience a breach, and then discover that the breach was due to lack of enforcement.
Don’t get me wrong – I’m not recommending against having a security policy. You should have a security policy, especially if you handle sensitive data of any sort, and you should be making every effort to enforce, update and maintain that policy on a regular basis. A simple security breach could cause untold damage to your company’s reputation, and even more so if you have to admit that it happened because you failed to follow through on your own company’s policies.
Last week, Facebook opened up a vote on its usage and terms policies that included in the changes the removal of user pivilege of voting on future changes to said policy. In order for the user vote to be binding, 30% of Facebook’s user population (approximately 300 million users) needed to cast a vote in either direction. In the “Surprising No One” column, only 700,000 votes were cast (about .06% of the total population), and even though the vote was overwhelmingly against the changes, Facebook only needs to take that result under advisement, in other words, “Thanks for your opinion, we’ll do what we want.”
What this means for you: