Information Privacy

Although it might seem obvious, you should spell out in your policies who actually owns content that is developed in your SharePoint Server 2007 systems and who owns the intellectual rights to that information. In most organizations, this has already been explained in a policy. But best practice is to include the SharePoint Server 2007 systems in that policy. If you have not done so, here are some topics to consider for inclusion in information privacy policies:

• Right of management to examine data on SharePoint Server 2007 systems

• Company ownership of all content developed on company-owned systems

• Right of company, without notification, to add system administrators to sites as administrators

• Permissible information to collect on employees when creating a contacts list

• Permissible information to disclose on self in the My Site area

• Expressions of personal views in My Site

• Prohibiting collection of information about children of employees

• Requirement of disclaimer when collecting information

• Existence of personnel records in SharePoint Server 2007 prohibited without proper security

• Disclosure of worker change of status notification

• Prohibiting marketing or promotion of employee-owned businesses on company systems