Shirley R Cowcher
Is it necessary?
This is a topic we have presented previously, a long time ago, in 2004 but every so often it presents itself and leads me to think about morals and ethics, corporate culture, whistleblowing and information leaks. It seemed appropriate given the release of the Snowden movie and the raids made by the Australian Federal Police on Federal Parliament in August 2016. I feel that these are topics that should be in the forethought of any information manager. The reason being that information managers have a responsibility for the control and protection of corporate information. They need to work with IT, compliance and security personnel to ensure that access and control is appropriate to the needs of the organisation. Yet, what happens when an information manager or other personnel believe that the organisation they work for is guilty of illegal activities, corruption, mismanagement or some other wrongdoing?
The Governance Institute of Australia released the inaugural Australian Ethics Index in July 2016 and the findings where interesting, in that those surveyed perceived the media sector and large corporations were not very trustworthy nor did they have high ethical standards. State and Federal parliaments and politicians fared worst as they were seen to be unethical by every second person surveyed. Whilst the index provides the results of public perception I wonder whether we can accept that the perception is based on experience and therefore has an element of truth to it. Following this path then we must assume that if there are unethical practices occurring in both the public and private sectors then there are likely to be people who would want to expose such behaviour. (That is my innate belief in good overcoming evil). Does society and the organisations we work for allow for this?
There are protections but they may not be sufficient
In April 2016 the Senate Economics Reference Committee released an Issues Paper Corporate Whistleblowing in Australia: ending corporate Australia’s cultures of silence. The executive summary outlines the important role whistleblowers play in stopping misconduct and the need to ensure that they are protected from retribution. It also indicates that there are robust laws for the public sector but the laws the private sector are lacking. It concludes that:
This situation is unacceptable. No-one should be forced to decide between exposing corporate fraud and misconduct and protecting their careers and broader wellbeing. Australia’s whistleblower framework must encourage whistleblowers to come forward, and protect them when they do so. (p2).
Given the lack of protections it is essential that organisations develop internal policies and procedures to facilitate disclosure as well as protect and support the employees who report on wrongdoing. Australia Standard 8004-2003 Whistleblower Protection Programs for Entities provides some direction for the establishment of a whistleblower protection program.
The other side of the coin
The establishment of processes and procedures for the reporting of fraudulent, corrupt and unethical behaviour occurring within an organisation is the other side of the coin in terms of the control and protection of corporate information. I believe that an organisation that does not have policy and procedures for the protection of whistleblowers is more likely to suffer the consequences of information leaks. As such it may be an area of corporate policy that information managers explore. It may provide some insight into the corporate culture and internal risks associated with the management and control of information. The decision then needs to be made, if the company is found to be lacking, as to whether you need to step up and ask for a whistleblower protection program to be developed or whether you start work on putting more rigid controls in place to protect the corporate information.
Information management impacts all aspects of business and it is essential for information managers to understand that impact and get to know the culture and the operations of the company. Only then can they hope to become a valued team member.