25 Feb 2008 in Corporate Culture, Information Integrity
The Ethisphere Institute (http://ethisphere.com/influential/ ) recently compiled a list of the 100 Most Influential People in Business Ethics ranking executives' “influence” based upon their involvement in government rulemaking, company practices, corporate responsibility and sustainability efforts and many other things. The final list, released last month, is notable primarily because it includes a number of privacy protection advocates including Ethisphere’s top honoree, Neelie Kroes, the European Commissioner For Competition
The Ethisphere Institute (http://ethisphere.com/influential/ ) recently compiled a list of the 100 Most Influential People in Business Ethics ranking executives “influence” based upon their involvement in government rulemaking, company practices, corporate responsibility and sustainability efforts among other things. The final list, released last month, is notable primarily because it includes a number of privacy protection advocates including Ethisphere’s top honoree, Neelie Kroes, the European Commissioner For Competition
The ranked list is instructive, because it suggests the growing importance of information management in general, and privacy protection in particular, to corporate integrity. Unfortunately, published follow-up interviews and commentaries reveal just how many organizations, executives and corporate lawyers with strong ethical reputations are trying to address the information integrity issue purely through technology and, at the most, minor policy tweaks.
Clearly, incorporating information integrity—security, accuracy and privacy protection—into your Code of Conduct is a step in the right direction, but only a first step. We know that for too many companies, ethics and privacy protection are unrelated items on a check-box compliance list (e.g., code of conduct, training, posters, hotline, privacy notice, etc.), rather than integrated parts of a strategic endeavor and everyday priority with direct impact on the bottom-line.
Risk managers know the negative impact of data breaches on stock prices and brand value—think ChoicePoint and TJMaxx—but they often focus heavily on using technological safeguards to protect proprietary and personal information. Too few appreciate that privacy and information integrity not only enhance their company's brand, but also cut to the very core of ethical conduct and corporate responsibility in the increasingly tech-centric global economy.
Both information and reputation are key corporate assets requiring more than check-box compliance and technological protections. In order to develop and maintain an ethical culture, privacy protection and information integrity issues must be promoted and understood by personnel at every level-from the boardroom to the shop floor—of your organization. Remember that full compliance with all legal requirements did not protect ChoicePoint’s stock value when a data breach occurred and no technology could detect the problem with The Boston Globe’s environmentally sound decision to wrap newspaper bundles in scrap paper—scrap paper unfortunately embellished with subscribers’ credit card numbers.
The difference between success and failure in terms of ethical business conduct and the proper maintenance of corporate information assets often comes down to just one single employee.
To be continued...
