Banning social software in the workplace

I wrote about a security problem with Plaxo a couple of weeks ago. It’s since been fixed, but now I’m starting to hear that companies are barring their employees from using Plaxo, LinkedIn, and other social software. Why? Several reasons. The biggest seems to be that these services enable wholesale exporting of your contact database, which makes it easy for you to find out which of your existing contacts already use the service. This has two problems, though. First, it runs afoul of European Union data privacy laws; many multinational companies in the US have already been working hard to make their internal operations conform to EU regulations because they have EU operations and employees who live and work in the EU. Microsoft, AT&T, General Motors, and American Express come to mind. The other reason, of course, is that companies don’t like the idea of a third party getting unrestricted access to a significant portion of their internal contact data. Imagine the bonanza for a clever Sun salesman who managed to steal all of the contact data for an IBM sales rep, for example. This is precisely why very few companies expose even shadow copies of their master directories to the outside world: there’s too much risk in doing so, and the reward is fairly limited.
Will these bans work? Beats me. Services like LinkedIn and Plaxo have to reach a certain degree of critical mass before they become useful, but it’s difficult to see how such bans can be efficiently enforced. Interestingly, the one ban I’ve actually seen in written form doesn’t say anything about “personal” social software like Orkut and Friendster.