From a security standpoint, there are three different scenarios to be concerned about. The first involves sensitive corporate data being divulged on the blog. Although this may be unintentional, it's a good idea to have some kind of review cycle and/or approval process for content before it's published. This can be challenging, considering blog posts can't be reviewed in committee for weeks and are expected to provide timely, relevant information.
The second scenario involves the posting of inappropriate information by an employee. This occurs mostly on personal blogs, but employees' actions reflect on an organization whether they are on the clock or not. It's within reason to set behavior guidelines for employees . At a minimum, a disclaimer on an employee's personal blog saying that these views are personal should be required. The best practice to remedy this is to define an acceptable use policy (AUP) for blogging, both on corporate blogs and personal blogs. As with email and Web AUPs, it's important to manage expectations about behavior before you have problems.
Finally, be conscious of reader comments. Blogs are open by nature and they solicit passionate responses from increasingly anonymous respondents. Inevitably, someone will say something unflattering about your company and you need to be aware of that.
For more information:
This was first published in May 2007