Where should a company draw the marker between information gathering for risk management and outright spying and subterfuge?
It’s clearly a fine line.
As Eric Dezenhall has argued, companies need defending just like anyone else, and are often targeted by those seeking personal advantage from alleged corporate malfeasance. He cites Toyota as an example.
Equally, companies have been accused, by authorised or unauthorised proxy, of crossing the ethical line in information gathering in recent lines. Dow Chemical and Sasol are in a spotlight they would rather was shone elsewhere as a result.
In messy and long-running cases, it becomes hard to work out who has behaved badly – or worst – in emotionally-charged campaigns and legal cases that can take on a life of their own. Take Chevron, campaigners and Ecuador as an example.
The WikiLeaks saga, and threat of its expansion further into the corporate world, have given many a corporate executive pause for thought. The article linked above this line has been the most popular on Ethicalcorp.com this year.
Just yesterday, to sit alongside the ongoing News of the World phone tapping scandal and police undercover operations against activists the Guardian has reported that UK energy companies E.ON, Scottish Resources Group and Scottish Power have been ‘spying’ on activists via a private security firm.
So where is the line between subterfuge you wouldn’t like to admit in public, or private, and a defensible position should anyone ask questions?
Clearly job one is to make sure agents are not breaking the law. Sounds simple, but who does due diligence on the anti-corruption controls of their PR or advisory firms?
Not many corporations, I would warrant.
I’ve long argued this is a good idea. Firms should have a really clear idea of what lobbying, security, communications and public relations firms are doing in their name. Many do not.
Most corporate corruption cases/prosecutions, at least historically, concern agents rather than direct executive involvement at the point of bribery.
Once legality is established, the corporate security chief might want to ask themself the following questions:
1) Is my security provider acting in a way my board will feel comfortable with? Does my head of public affairs understand my job and what it is that I am doing with regard to external critics and corporate foes?
2) When does monitoring become snooping? For example, reading public message boards or Facebook pages is acceptable. But pretending to be a bona-fide activist or concerned citizen and wangling your way into private forums is not.
3) Do I understand the background and motivations of my security consultants? Do they have an idealogical axe to grind? What are their values and do they have a code of conduct?
4) If they do have a code of conduct, how is this communicated and enforced?
5) Who else do they work for, and does that represent a reputational or legal risk to my company?
With the recent cases coming to light, or court, in the UK, France and US, (not to mention emerging economies in recent years), companies will increasingly need to know what their security chiefs, advisory firms and security services providers are doing effectively in their name.
Gone are the days when they could credibly claim “we didn’t know”.
What matters is whether you knew the questions to ask and had the systems in place to try and prevent illegal and/or unethical behaviour.