SharePoint 2010 - the long view

For the past six months I've been involved in upgrading Aviva's large and very complex global intranet from SharePoint 2007 to SharePoint 2010. The expected go-live date is in quarter 2, so we have allowed plenty of time for planning.

It's been a steep learning curve for me, as for the first time I have been working pretty much in a pure IT role, leading what we called the Business Readiness workstream - ensuring that the business is ready for the new software, and also ready to make the most of the opportunities it offers.

SharePoint 2010 has somewhat better networking features than its predecessor. In 2007 you got a profile, and a My Site which could hold not only your personal and shared files, but also your blog. In 2010, as well as all this, you can post your status (just like on Facebook) and leave a message on someone else's Noteboard (just like the wall on Facebook). In the wider SharePoint implementation you can also tag pages and documents with anything you find useful, and sometimes you can give a star rating.

From a corporate point of view this is scary territory. What happens if I post something nasty on someone else's Noteboard? Supposing I tag a page with a Bad Word? Unfortunately for technical reasons you can't have a real-time filter for Bad Words (one exists, see www.sharepointfilter.com, but it doesn't work in a way which Microsoft approves of). So the only option is "Report and take down" - if someone reports offensive content it will be assessed by a central team and if necessary removed, although it won't disappear from any news feeds or email alerts which have already picked up the item.

Report and take down has a number of issues. It takes time and resource to deal with each report. Depending on where the content was posted, it will still be visible in news feeds, as above. And if someone tags pages with rude words in Lithuanian or Turkish, it's going to be hard to manage for a central team who only speak English.

The key question for a risk-averse organisation is who is responsible for the content. If an employee is so deeply offended that they sue their employer, does the company have liability because they provided the system in the first place? Is it different from offending a colleague via your internal blog, internal email or a public system like Twitter?

The alternative is to tell the workforce that they have responsibility for what they post, and get them to believe it matters. In the end that has to be the primary approach, whatever else happens.

Aviva is not alone in worrying about this and it will be interesting to see what happens as SharePoint 2010 is adopted more widely. In my view, whatever the risks of people abusing an internal system, it is better than having your employees use Facebook for corporate communications - which is already quite a widespread practice.