Personal Use of Sites

It would be nice if there was no need to mention this, but it is possible that users will create their own Web sites, give only themselves permission to the site, and then use that site for private purposes. There have been times when a company's servers were used to set up Internet-based businesses without the knowledge of or the consent of the company's owners. Creating policies that prohibit personal use of company systems will help prevent this problem. Few things irritate system administrators more than the misuse of company systems for personal gain at the expense of system performance, storage space, and additional administrative effort.

Because it will be very easy-especially for the site administrators-to set up personal Web sites (this is not a reference to the My Site feature, but rather to rogue Windows SharePoint Services sites) for personal gain (which is possible if you have enabled Self-Service Site creation or if the user is already a member of the Administrator site group in a site), a strict prohibition should be approved by your managers and then communicated to your users as part of their training on the 2007 Microsoft Office system.

The following issues should be addressed in this domain:

• Use of SharePoint Server 2007 sites for personal use is strictly prohibited.

• Personal use of computers is prohibited.

• Incidental personal use of business systems is permissible. (Consider this issue only if your users are allowed to use company systems for personal use.)

• Storage of personal data is prohibited on company systems.

You might have noticed that the third bullet point contradicts the others. This point is included to emphasize that in certain situations, some personal use of computers and SharePoint Server 2007 is permissible. Some nonprofit organizations allow their employees to host in-kind Web sites to the organization's mission after gaining approval. Again, this list is not meant to dictate what should and should not be in your policies, but rather to alert you to the issues that should be considered when writing these policies.

Be careful to fully consider the use of My Sites in your environment when crafting your personal use policies. My Sites are designed to be a one-to-many collaboration path, which will also include some personal information. For example, the default use profile in a Shared Services Provider includes a field into which the user can enter his/her home phone number. Is this considered "personal use"? In some organizations, your policies may need to become detailed enough that such input fields are explicitly allowed or denied.

In addition, several other profile fields might be considered "personal use," such as the fields to enter a user's birthday or the schools the user attended. Again, personal use policies need to be well defined so that if you choose to use the social networking features of SharePoint Server 2007 and Knowledge Network, then you've already thought through the potential issues that might arise from the use of these features.

Real World Using Employee Pictures in SharePoint

When I teach administrators about SharePoint, I find a wide divergence of opinions and ideas about the use of employee pictures in a production environment. Some legal departments in some companies prohibit the use of pictures except for badges; others are fine with allowing employee pictures on the intranet Web sites. Before you try to do pictures of employees in your SharePoint implementation, be sure to check with your legal department for their opinion.

If your legal department allows employee pictures in your SharePoint implementation, then be sure that you can obtain consistent-looking pictures. Nothing is worse that having pictures with different color depths, resolutions and file types in your deployment. Best practice is to ensure that you are using jpeg files, with the same color depth and palette resolution along with the same cropping across all pictures so that the head size in each picture appears similar to every other picture in your deployment.

You'll also need a common Web site to host the pictures along with a naming convention that makes it easy for the users to enter the URL to their picture without having to ask an IT person what the URL is. For example, you could host these pictures in a SharePoint site that is the root site of a Web application and place the pictures in a library called "Name" and then name each picture using the person's firstname.lastname syntax. If the root site resolved to "Pictures", then the URL would be http://pictures/name/<firstname.lastname>. Nearly everyone can remember this URL, which makes it easier for users to use their picture in SharePoint.

In summary, the best way to ensure that pictures are used correctly is to do two things:

1. Ensure that your pictures are consistent in terms of size, cropping, pixilation, color depth, palette resolution, and file type.

2. Place the pictures in a location where the URL is very easy to reference by the end users.

Finally, when it comes to pictures, be sure to discuss the secondary effects of individuals being able to match names and faces with other individuals they don't interact with even occasionally. For example, people may experience harassment from other employees who surf the intranet, matching names, cubicle locations, and pictures. Stalking and other potentially criminal activities may ensue more easily because the predator can use your intranet to learn about a person with whom they would otherwise have very little interaction or method of learning personal and/or corporate information. While this possibility is remote, this scenario and other scenarios like it should be discussed up front with your legal and human resource department before you release employee pictures into your SharePoint deployment.