In one telling import during the late Congressional hearings on the Hewlett - Packard board outrage , ousted chairwoman Patricia Dunn offered the “ everybody does it ” defence .
Asked by one legislator about HP ’s hiring secret investigators who obtain phone records under sham make-believe , a pattern called pretexting , to identify who ’d leak confidential information , Dunn replied , “ I think these [ pretexting ] methods may be quite common at companies around the country . ”
If so , that is chilling to business sector ethician Kirk Hanson .
“ As an ethicist I ’m alarm that HP ’s managers swear on the statement that it was borderline , but effectual , and never asked whether it was honorable , ” allege Hanson , executive director of theMarkkula Center for Applied Ethicsat Santa Clara University , in Santa Clara , Calif.
If HP adopted what Hanson called “ black ops ” as standard investigatory pattern , he wonders how many other company have done it .
HP , some of its employees and companies it hired to investigate council chamber leaks to news media still face potential civil and criminal liability for their action . Other company find themselves in a dilemma over how to control information within the constabulary .
company may have a moral or legal obligation to respect people ’s privacy , but they also have a legal and fiducial responsibility to protect secret byplay information . And under the federalSarbanes - Oxley Actin effect the last four age , they have obligations to enquire sure leaks , Hanson says .
Companies have a right to look into their own employees if they ’re suspect of leaking information . employee should make bold no rightfulness to privacy in their usance of troupe computers , e - mail programs or telephones .
One commonly used tactic to probe security measures breaches does n’t even involve electronic snooping . Companies exclusively give suspect leakers on the face of it crucial but comparatively benignant information . If it reverse up in the media , the company has identify the leaker .
But Hanson sees a bright blood line secern how a company can investigate its own employee and how it can look into outsider .
The HP reaction to leaks to reporter contrasts with the recent exercise of Apple when proprietary information got out .
Although Apple is know for its veneration to secrecy , it go to court rather than to private optic when secret info leak in 2004 . Apple process in state court to wedge two Web web site to reveal sources for narrative they post about a possible fresh Apple product . A province appellant tribunal ruled May 26 that the writers on those WWW sites enjoy the same First Amendment rights as mainstream journalists and , thus , were protect by California ’s carapace law from having to reveal their beginning . Apple shed the character . It did not answer to a request for gossip on this tarradiddle .
The Sarbanes - Oxley Act expect ship’s company to develop a whistle - blowing reporting organization so employees can arouse progeny about improper behavior within the company , said Hanson . That has prompted companies to evolve an investigative capableness in the event improper or illegal bodily function is aver . “ So ( under SOX ) , company have developed much raise investigative capability , ” he pronounce .
Companies also have to keep confidential information dependable because revealing could be a condemnable turn or a breach of fiducial responsibility , suppose Rob Enderle , older psychoanalyst at Enderle Group , a technology market place inquiry house .
If Logos leaks that a control board is contemplating an acquisition , for instance , the company or people in it could be prosecute for insider trading if people used that cognition to make stock craft .
pass on the possible liabilities , embodied investigations of news leak are “ common , ” order Enderle . “ The stuff with the pretexting go to the extremum , but look at party phone records or due east - ring armour , that is very common . engage an outside contractile organ is also common . ”
In fact , leak investigation love broad support among corporate directors .
In a September telephone resume of 226 board appendage at publically traded party in the U.S. , 73 percent aver a party ’s chair should be empowered to use any legally available means to place a control board - level leaker , harmonize toPonemon Institute .
About 71 percent of the answerer said it would be all right for a board chairman to go over the tocopherol - post messages of other members , in gain to other character of confidential data stored on company computers . Fifty percent said that brush up telephone records of individuals find via pretexting is right as long as that overture has n’t been illegalize .
But HP ’s manoeuvre of tail reporters , seek to install a tracer on a newsperson ’s e - chain armor program , pretexting bit of people outside the company and even considering engraft spies in newsroom as janitors or clerical proletarian is “ bizarre ” to Rick Belluzzo .
“ The reaction by HP was totally out of symmetry with the situation , ” said Belluzzo , chairman and CEO ofQuantum , a meshwork storehouse equipment Divine . His résumé include president of Microsoft and a 23 - year Erolia minutilla at HP , where he arise to the position of executive vice chairman of its computer division .
While he understand the importance of stay fresh certain information confidential and build employees and manager sign confidentiality agreements , HP overreact to information leaks that are sometimes going to happen anyway .
“ It ’s an impossible task to master information flow . Some leaks are inevitable , ” Belluzzo said .
