Trend number 5 is on the docket today as we move down our list of ethics and compliance trends to watch. Privacy issues have led the headlines for years but their intersection with ethics and compliance is coming to the forefront.
#5: Privacy Issues Come With Their OwnTop Ten List
When ethics and compliance officers are asked to list their biggest worries, “privacy” is always near the top of the list – and for good reason. The nature of privacy concerns and the perceptions of employees and others are changing so rapidly that it is hard to keep pace. And, the range of topics that fall under the general heading of “privacy” make up their own Top Ten list of issues to tackle in the coming year, which certainly includes the following:
I. Securing hotline/helpline and investigation data.
This is especially critical in jurisdictions including the E.U. that have imposed strict data privacy and security requirements.
II. Employee use of company technology for personal use.
Most companies have now shifted to a more realistic policy that allows employees to use company email and the internet for limited personal use. But while the policy has changed, knowing how to enforce it and establish limits is still a challenge.
Related: Workplace Privacy: What Every CCO Needs to Consider
III. Social media policies.
Many companies have added such policies in the last year or so (ours is in our Code of Conduct - see pages 31 and 32), but employees are still often unclear about their responsibilities if they see what they believe to be information about the company that is either wrong or damaging. Should they respond? To whom should they report the matter?
Related: Five Strategies For Addressing Social Media Risks (Without Breaking the Bank or Using Up Valuable Seat Time)
With social media technologies rapidly evolving, and with the line between work and personal life continuing to blur, employees are also often unclear where the boundaries lie between acceptable and unacceptable behavior. Policies need to be brought to life with compelling and contemporary training.
IV. Surveillance of employees.
Software, cameras and GPS tracking devices are all ways companies can monitor employee use of technology and their productivity, but at what point do the methods go too far and create an obtrusive, Big Brother work environment?
V. Maintaining secure and confidential company information.
Sharing passwords, using unauthorized storage devices and moving materials off-site create challenges for security experts and expose confidential company information to inadvertent loss, theft and hacking. Companies that have a bring-your-own-device policy as well as those using cloud technologies may have additional security issues. Safeguarding customer information may be the biggest potential privacy risk area, especially for retailers.
Related: Cybersecurity for Ethics & Compliance Pros: The New E&C Frontier
VI. Technology transfers.
Inappropriate transfers can be a serious compliance breach when it involves transmissions to recipients or countries that have not been adequately vetted. And, as the data privacy laws across the globe continue to mature and evolve, it will be critical for companies to stay abreast of competing mandates.
VII. Competitive technology.
The internet is full of low cost devices that can turn anyone into James Bond. Do your employees know how far they should go to gather competitive intelligence? And is your own organization secure against the prying eyes of others?
VIII. Recruitment and promotion ethics.
Is there a limit to how far a company should go in screening prospective employees? Is it appropriate for employers to use personal information that they gather from social media when making employment decisions? Should the latest photos you posted to Facebook limit your prospects for a promotion?
Related Resource: Access NAVEX Global's Code of Conduct for sample policies on Privacy & Personal Information, Social Responsibility and other key E&C topics.
IX. Personal information.
Does your company have a policy on what personal information it will and will not collect? If you conduct drug testing, is there any prohibition in place on collecting and storing samples or using the samples to conduct genetic screening?
X. Social responsibility.
Revelations of government eavesdropping drew intense criticism from activists and shareholders over companies’ level of cooperation. If you are in the high-tech or communications industry are you prepared to articulate your company’s position on privacy and government surveillance?