Admittedly, much of the backlash isn't so much about Facebook having the information, or even in how that information is used or distributed. Many users are simply frustrated that the rules keep changing. Every time Facebook introduces a new feature, or unveils a new service or partnership, suddenly data is exposed in new ways that the user did not overtly consent to.

On that point, I refer back to my . I believe that Facebook should be much more open about its development lifecycle, and allow for more pubic beta testing and forewarning before springing new features on half a billion members. I also feel that Facebook should disclose the details of any changes, and make new features and services opt-in rather than automatically moving the line in the sand for existing members.

However, my main point in the open letter still stands, and brings me back to the mea culpa focus of this article. Ultimately, the vast majority of users won't read the disclosures, and won't use the security controls provided to them. They will opt-in to take advantage of cool features and they will .

IT administrators need to have clearly-defined policies in place regarding social networking using company computers or network resources. If social networking is allowed, even on a limited basis, user education is a key element of protecting data--informing users what to share and what not to share, and ensuring they are aware of the privacy and data security controls available.

McDonald's can't protect every clumsy customer that drives a car with a scalding hot cup of coffee between their legs, and Facebook can't be expected to be the guardian of every personal detail and sensitive fact shared willingly across its social network.