This is something of a follow-up to my post on Swivel.

We recently overhauled our very dated and paper-centric information classification hierarchy.

As part of this effort, we conducted an audit of our internal Content Management System (CMS) which contains many, many terabytes of corporate data and found that while 40% of it was classified as “need to know, access control required,” only about 20% of the sample met the burden for that level of classification. In principle, people err on the side of caution.

At the same time, we looked at information leakage, and what we found there was that people tend to err the opposite direction when it comes to using and sharing data. They would routinely send information labeled as confidential/controlled outside the company.

The risks I see from Swivel are the usual risks associated with granting a third party access to information, along with the risk that a clueless but well-intentioned person will put things they shouldn’t on the public site.