In today's technological environment, it is common for organizations such as business organizations, schools, charitable organizations and government organizations to deploy private computer networks—intranets—to securely share such organization's information or network operating system within that organization. The term “intranet” is used in contrast to “internet”, which is a network between and among individuals and organizations, the most common of which is the global, public Internet. That is, an intranet is a network within an organization which sometimes refers only to the organization's internal (private) website, but may be a more extensive part of the organization's information technology (IT) infrastructure. It may host multiple private websites and constitute an important component and focal point of internal communication with, and collaboration among, individual computer users associated/affiliated with the organization (e.g., students within a university, co-workers within a company, members of a governmental department or the like).
As individual computer users associated/affiliated with the organization perform various computer-based activities while logged into the organization's intranet, there are a constant stream of activities occurring such as navigating to URLs, opening and editing documents, writing, opening and reading email messages, and the like. Information about these activities can be very useful (e.g., augmenting documents with extra information, improving search results, creating automatic news feeds, sending social networking announcements, etc.). In addition to such data, other data may be obtained by inferring connections from activity data. For example, when two people communicate with the same third party, it may be inferred that they should communicate with each other. Data may be passively obtained by consulting organizational directories, committee membership lists and project management team member lists, if they exist. Yet other data may be passively obtained, for example, through an organization member database such as data available from a human resources department. Such data may comprise position descriptions for individuals and for organizational departments. Organizational departments may possess organization hierarchy charts showing adjacency of a member to peers, subordinates and supervisors. Human resource departments may possess charts that show organizational members farther removed hierarchically from those found in other organizational departments such as the president. Third party databases may provide data for a third party security person responsible for checking security on building entry. Normally, however, some information is not collected anywhere within an intranet and may be lost. Some useful data such as committee membership lists may be stored and thus accessible but difficult to locate. Yet, collecting, consolidating, storing and exposing organization hierarchy, distribution list and other social activity information while ensuring privacy requirements allows for a number of high-value services to be built and offered based on such information.
Should such information be collected, there is one concern that must be addressed—privacy. That is, protecting personal privacy is more complex in the information age. As more and more business is transacted “online,” the volume of personal information available on computer networks continues to grow. Thus, individuals using these computer networks are demanding greater control over how their personal information is stored, used and shared. Also, organizations are seeking better ways to manage and safeguard the sensitive personal data in their custody. In response, many governments on the national federal), state, and local level, have passed laws dealing with individuals' privacy—especially concerning Personally Identifiable Information (PII) which is any information that identifies or can be used to identify, contact, or locate the person to whom such information pertains, or from which identification or contact information of an individual person can be derived. More specifically, PII includes names, addresses, and phone numbers as the more obvious examples. Email addresses and IP addresses may also be included in this category. An emerging category of such information includes geo-location information that allows the sharing of the physical location of the user, a feature that is becoming popular location-based services and social networking scenarios.
Sensitive PII includes financial profiles, health profiles, national ID numbers, social security numbers, credit card information, and other information designated as such by legislation (e.g., race, ethnicity, political opinions, religious or philosophical beliefs, trade-union membership, sex life, etc.). Collecting sensitive PII data may bring enhanced exposure to legal, regulatory, and political risks and requires additional safeguards for data security, integrity and notice. On the other hand, organizational data such as organizational hierarchy data (organization charts), distribution lists, shared document access permissions and the like are typically restricted internally to an organization such as a business organization. On the other hand, some organizations such as a governmental organization may not restrict public access to such information. For example, a marketing department organization chart of a business organization shows peers, subordinates and supervisors but their social security numbers and other PII must be protected internally but the organization chart itself may be internally shared. Similarly, one may be a member of the public works committee of a local government and so a list of members may be accessible through the local government, but PII will be protected from access.
Collecting and then correlating information is a more subtle issue for identifying privacy issues because a single piece of information such as website usage would seem relatively benign and by itself would not be PII. However, data collected over time for online behavior such as search, web surfing, and social networking habits may eventually allow the user's identity to be discovered using data mining and correlation methods.
Privacy concerns are exacerbated in the context of private networks such as intranets. This is because use of these private networks requires users to log in with a “user id” and password assigned by the owner of the network (e.g., the user's employer). This destroys the anonymity provided by other networks such as the Internet.
One joining an organization may be overwhelmed with organization charts, committees, project teams, whose office is physically proximate to theirs and the like. It would be useful to calculate and generate a social graph scoring physically and organizationally close or important individuals within the organization that may be suggested to the organization joiner for meeting or exchanging communications. The social graph may display such organization members in order of their score. The social graph may comprise a user interface whereby the requester may select a suggested organization member such that further information about the requester's relationship to the organization member may be displayed or a communication with the suggested organization member initiated.
In the Internet, there exist more active social network development opportunities. A user may input likes, dislikes, hobbies, travel plans and the like so that a social graph may be developed in accordance with their activities within the Internet. These active social networking processed may be utilized internally to an organization to bolster the personal value to a user.
Given the foregoing, what are needed are systems, methods and computer program products for facilitating the collection of data within (and outside) a private computer network (especially an intranet) to allow for the provisioning of a social graph service while complying with applicable privacy laws and regulations, as well as individual organizations' business rules addressing intranet users' privacy.