This article is a good overview of the risks inherent in corporations incorporating social networking into their business workflow. One of the examples the article uses is a situation where a manufacturing company sets up a Facebook group that is open only to members of the team collaborating on a project involving the design of its manufacturing processes.
What about privacy settings?
While the group may believe they are protected from breach because invitation to the group has been locked down, this may not be the case if just one of the employees have open privacy settings which could facilitate the ability of outsiders to see the activities of the group.
What about email addresses?
Another area of concern is email addresses. One of the big issues regards disclosing information related to a data breach to comply with the governing laws and regulations. While a company may have well established rules about how to report email traffic based on the corporate email domain, what if employees involved in the breach signed up with a social media website using a personal email address? How does an entity find out about this email traffic and report on it if the traffic originates from non-company servers?